For e.g. HZ=100, timer being 430 jiffies in the future, and 32 bit
unsigned int, there is an overflow on unsigned int right-hand side
of the expression which results with wrong values being returned.
Problem was observed on tickless core and with following applied:
sched/nohz: add debugfs control over sched_tick_max_deferment
https://lkml.org/lkml/2013/9/16/499
Signed-off-by: Matija Glavinic Pecotic <[email protected]>
---
kernel/time/timer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/time/timer.c b/kernel/time/timer.c
index 71ce3f4..8f5d1bf 100644
--- a/kernel/time/timer.c
+++ b/kernel/time/timer.c
@@ -1495,7 +1495,7 @@ u64 get_next_timer_interrupt(unsigned long basej, u64 basem)
base->is_idle = false;
} else {
if (!is_max_delta)
- expires = basem + (nextevt - basej) * TICK_NSEC;
+ expires = basem + (u64)(nextevt - basej) * TICK_NSEC;
/*
* If we expect to sleep more than a tick, mark the base idle:
*/
--
2.1.4
On 01/08/17 09:11, Matija Glavinic Pecotic wrote:
> For e.g. HZ=100, timer being 430 jiffies in the future, and 32 bit
> unsigned int, there is an overflow on unsigned int right-hand side
> of the expression which results with wrong values being returned.
>
> Problem was observed on tickless core and with following applied:
>
> sched/nohz: add debugfs control over sched_tick_max_deferment
> https://lkml.org/lkml/2013/9/16/499
>
> Signed-off-by: Matija Glavinic Pecotic <[email protected]>
Reviewed-by: Alexander Sverdlin <[email protected]>
> ---
> kernel/time/timer.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/time/timer.c b/kernel/time/timer.c
> index 71ce3f4..8f5d1bf 100644
> --- a/kernel/time/timer.c
> +++ b/kernel/time/timer.c
> @@ -1495,7 +1495,7 @@ u64 get_next_timer_interrupt(unsigned long basej, u64 basem)
> base->is_idle = false;
> } else {
> if (!is_max_delta)
> - expires = basem + (nextevt - basej) * TICK_NSEC;
> + expires = basem + (u64)(nextevt - basej) * TICK_NSEC;
> /*
> * If we expect to sleep more than a tick, mark the base idle:
> */
--
Best regards,
Alexander Sverdlin.
Commit-ID: 34f41c0316ed52b0b44542491d89278efdaa70e4
Gitweb: http://git.kernel.org/tip/34f41c0316ed52b0b44542491d89278efdaa70e4
Author: Matija Glavinic Pecotic <[email protected]>
AuthorDate: Tue, 1 Aug 2017 09:11:52 +0200
Committer: Thomas Gleixner <[email protected]>
CommitDate: Tue, 1 Aug 2017 14:20:53 +0200
timers: Fix overflow in get_next_timer_interrupt
For e.g. HZ=100, timer being 430 jiffies in the future, and 32 bit
unsigned int, there is an overflow on unsigned int right-hand side
of the expression which results with wrong values being returned.
Type cast the multiplier to 64bit to avoid that issue.
Fixes: 46c8f0b077a8 ("timers: Fix get_next_timer_interrupt() computation")
Signed-off-by: Matija Glavinic Pecotic <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Reviewed-by: Alexander Sverdlin <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Link: http://lkml.kernel.org/r/[email protected]
---
kernel/time/timer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/time/timer.c b/kernel/time/timer.c
index 71ce3f4..8f5d1bf 100644
--- a/kernel/time/timer.c
+++ b/kernel/time/timer.c
@@ -1495,7 +1495,7 @@ u64 get_next_timer_interrupt(unsigned long basej, u64 basem)
base->is_idle = false;
} else {
if (!is_max_delta)
- expires = basem + (nextevt - basej) * TICK_NSEC;
+ expires = basem + (u64)(nextevt - basej) * TICK_NSEC;
/*
* If we expect to sleep more than a tick, mark the base idle:
*/