Received: by 2002:a89:288:0:b0:1f7:eeee:6653 with SMTP id j8csp319132lqh; Mon, 6 May 2024 23:02:39 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUGtpkdmronxJMNYmFVll3acVFfgJpqruJhv9gJ5HBU8REBPRCqUosNPHRwv93kDvwqORBA1X5Jd1MwbrshiFpr/lJng2itUV+PTMYRvw== X-Google-Smtp-Source: AGHT+IHoF6mFcg5Lqn0QWpY69E/tyseKBrIzwqZnDeIP8LoG+aFKOSxT6G83cY8MuUdvxw/Jl1FA X-Received: by 2002:a50:a41e:0:b0:56e:2f39:c5d2 with SMTP id u30-20020a50a41e000000b0056e2f39c5d2mr8253770edb.7.1715061758854; Mon, 06 May 2024 23:02:38 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715061758; cv=pass; d=google.com; s=arc-20160816; b=F8iqAHZ6A1EttfgtF+17LGqwHrMMrnKBhTCr9+x0mqwZn/BWagqLL9lD8r9dK350+q e1RXPH+9Il3u8n2JscjK/7/ohaAVVvWsGbfJaWiZbQljx5opfv2kZ49AhyVyMPUY0m2H BI4ns+WIRzo05tRodsvdW8oxXl7VB2flXQQIKp0p70k7jhOIS3BJaSZygB6uLnU3DyES njSpV+LPZCEXqcwaqGcu+f8PE4Kgdz7Zu60myFaRvoUu8jTkcNEPmd3oUZTUo3Y8r6d/ hfMiz5VHlvR/07kUowmCkUZQey5olGWUS7/4qn6wZ1eowaxW+ZgeT/+ejXQc5iEpaXKI OKUA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=r27a+5j0jPbKzuSHQx0I4ZiLeBi7lavOITwf6ioG1UA=; fh=oEsOwLu1OEmxOdyU9BdDZzpd/7E4jeW2RFR5CttWDeE=; b=IMVC+jFF6GLIjadlhD53LkeBjAjZfF5u3l1IVu1vky9DykXdUk5h6zg30FooZctXtF w9/v55EL0VELo9Fwyhy+diHoOAG1hYoEpj7XGSKRcyp19WeNS71tb/YqG5Pgv6bRNOU9 gMBQ3VyKP15qMu4iyZHBGBenMdgjwOaUiTLKsaeQG7k9ExznbcXP6drd2ILGNQaqS6JB kk1qZJpdTJ/FBi0FSIa3eDCfsPWjhW1kXH7JzYMl7lG7YZFFLz8qMATD+L2TnHhVUYY3 n3A3kWPvuohNCWuRwsG48abhZJ8zrdqxTTuGEjX/gnJd6ikY3ukZ2xLawN0das63j11/ 7F7A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=u+G50kEC; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-170720-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-170720-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id b24-20020a50ccd8000000b0056e5c7059f7si5965705edj.590.2024.05.06.23.02.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 May 2024 23:02:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-170720-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=u+G50kEC; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-170720-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-170720-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 923F61F21BE7 for ; Tue, 7 May 2024 06:02:38 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id EF2FE6BFA6; Tue, 7 May 2024 06:02:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="u+G50kEC" Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 950506D1BA for ; Tue, 7 May 2024 06:02:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.41 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715061752; cv=none; b=m78ZKVd5ZdBcFjSQQ2yOea7v1TNXIhZFEPc15t9NQdlZF3/f3pqvsmnAQUyj6cfHewW/F6q+5wqpmHh/y74tZSDLXVjZgup1Ao6wDQPNSIN+ZbuaMVm3leE5WHknm/Y3ZH4oE/Fi+QhVW0CUyLUIoh3uO0QlAj7g1r1Ljc622Yw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715061752; c=relaxed/simple; bh=6eEciy/4SiqwVexa3/ji17TY6bxHxOC7vE5JCvobeHc=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=VLP8E/p/Sulo5ZOdUiLRT/acPEcGPbtT/v5k1HsYlW06eR9zv/ovfgzyqTDn4Gt6buURMkeODRqJN2lN08qvu/iRp73E7ZDeq0oHKWeDj+V9WPTBlOdG/OLMZqFWobHHkoY5FdPlFJL0G/QL9BAf8Tiv67Neq8zs0jITE6WX5ZE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=u+G50kEC; arc=none smtp.client-ip=209.85.128.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-418820e6effso31125e9.0 for ; Mon, 06 May 2024 23:02:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715061749; x=1715666549; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=r27a+5j0jPbKzuSHQx0I4ZiLeBi7lavOITwf6ioG1UA=; b=u+G50kECrRoGAKy3SwCuIidjqEgQ2pXzcsVn5sXvwrrZECN4Km3varsI/HlAOzuikn 8cB5GPUdZecebkCwOzqaTtWAe1AmV6CWd6QQoRXKp2wR0ySiIQoVyTXYLQIV7U0hShYy pk/9SE6ccuX1G3XDzd1AwiYeY6iX24ybvAWDz2MkHDxcJuXW4NQdJERj8R6LIgZtPfVi djVVqVWr2SG2v84R7Hp1qT5GL2qOwbSEWpNN00YWY/9s/jzBGvDiyNudKIgwdhpX5lzV mbobtVc7O70GveXBVdXT44AzHvu5EizxB8DwrrFj2U+WpdWnQcnNXAguNPQdMI4YQtVh 93Cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715061749; x=1715666549; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=r27a+5j0jPbKzuSHQx0I4ZiLeBi7lavOITwf6ioG1UA=; b=NItv+i1QqEVOqgI1vfX5iQ/MVh7BV4A60hSV3BYLC8JL/hhtT7V9y7ky6Tqoevak/P 43HU2o5tBKvk6RSSeUj8abccbqj3HtdYqqWD2mCXjjwCkOFAtkxb6XGrTNW5v/BNcriQ eJdc/Q29c9kTFP5phQ1FLGnatfonu7XTBfAGyAKjSi/7Ef465edkE8PBNt+7xekshAky T6MaU+1cpqnVFjXGf9Ephs6pY9CLLbVXszzIr8843EJxv96c/uk4zoAOvRkXeKMH1ZcH oDWcgH9hoBrql1SrRWul4eBNfcexFGiB0ZAlGzAel/wlBwTdag+7N34r8ayPpBApsBwn afSQ== X-Forwarded-Encrypted: i=1; AJvYcCUxSvQcP/LcvF0xQrHu9QvhmanqEl1P1bYaqN2/MklNFV27R4mV8AboSCHgJffYdIHP22YqK6pfTsWnD3GA4mEpIlLqfpVYHUTPaAYT X-Gm-Message-State: AOJu0YwzBVe/n3XkC16vnxCs1o4zC0Ttj26w8o6k7lUSt4Df/dG1ynVI gG+6riEMuKi2HV+NYG6XIok/UuPpYqHPMv9xYxRq98Ek8zW9TcCfEw0IsHoDUTm7s4KtZvaxL+t vHmq1N83LMyPpAakp7DdJHeJVdSwBp8faKcpsOWKJAA6GGnPa X-Received: by 2002:a05:600c:511f:b0:41b:4c6a:de6d with SMTP id 5b1f17b1804b1-41f3bed8783mr780285e9.5.1715061748872; Mon, 06 May 2024 23:02:28 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240506-b4-sio-ntp-c-v1-1-a01281aa01ba@google.com> In-Reply-To: <20240506-b4-sio-ntp-c-v1-1-a01281aa01ba@google.com> From: John Stultz Date: Mon, 6 May 2024 23:02:17 -0700 Message-ID: Subject: Re: [PATCH] ntp: safeguard against time_constant overflow case To: Justin Stitt Cc: Thomas Gleixner , Stephen Boyd , Nathan Chancellor , Bill Wendling , linux-kernel@vger.kernel.org, llvm@lists.linux.dev Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, May 6, 2024 at 3:01=E2=80=AFPM Justin Stitt wrote: > > Nonetheless, let's slightly rework the logic surrounding time_constant > and how it is incremented such that we avoid unintentional wrap-around > (even though it is extremely unlikely to be hit in non-fuzzing scenarios)= . > > [1]: https://github.com/llvm/llvm-project/pull/82432 > > Signed-off-by: Justin Stitt > --- > kernel/time/ntp.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c > index 406dccb79c2b..a9f039601968 100644 > --- a/kernel/time/ntp.c > +++ b/kernel/time/ntp.c > @@ -65,6 +65,9 @@ static s64 time_offset; > /* pll time constant: *= / > static long time_constant =3D 2; > > +/* pll time constant increment: = */ > +static long time_constant_inc =3D 4; > + I'd probably use a `#define TIME_CONSTANT_INC 4` for this. > /* maximum error (usecs): *= / > static long time_maxerror =3D NTP_PHASE_LIMIT; > > @@ -734,10 +737,10 @@ static inline void process_adjtimex_modes(const str= uct __kernel_timex *txc, > > if (txc->modes & ADJ_TIMECONST) { > time_constant =3D txc->constant; > - if (!(time_status & STA_NANO)) > - time_constant +=3D 4; > - time_constant =3D min(time_constant, (long)MAXTC); > - time_constant =3D max(time_constant, 0l); > + if (!(time_status & STA_NANO) && > + unlikely(LONG_MAX - time_constant_inc >=3D time_const= ant)) > + time_constant +=3D time_constant_inc; > + time_constant =3D clamp_t(long, time_constant, 0, MAXTC); > } Overall, this looks fine. Though the time_status conditional is now a little unwieldy. I wonder if some sort of a helper like: time_constant =3D safe_add(time_constant, TIME_CONSTANT_INC, LONG_MAX= ); Might make this a little easier to read? thanks -john