[PATCH openEuler-1.0-LTS] time: Handle negative seconds correctly in timespec64_to_ns() - Kernel

11 Jan 2024

From: Lukas Hannen lukas.hannen@opensource.tttech-industrial.com
mainline inclusion
form mainline-v5.15-rc1
commit 39ff83f2f6cc5cc1458dfcea9697f96338210beb
category: bugfix
https://gitee.com/openeuler/kernel/issues/I8MCB5
CVE: NA
----------------------------------
timespec64_ns() prevents multiplication overflows by comparing the seconds
value of the timespec to KTIME_SEC_MAX. If the value is greater or equal it
returns KTIME_MAX.
But that check casts the signed seconds value to unsigned which makes the
comparision true for all negative values and therefore return wrongly
KTIME_MAX.
Negative second values are perfectly valid and required in some places,
e.g. ptp_clock_adjtime().
Remove the cast and add a check for the negative boundary which is required
to prevent undefined behaviour due to multiplication underflow.
Fixes: cb47755725da ("time: Prevent undefined behaviour in timespec64_to_ns()")'
Signed-off-by: Lukas Hannen lukas.hannen@opensource.tttech-industrial.com
Signed-off-by: Thomas Gleixner tglx@linutronix.de
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/AM6PR01MB541637BD6F336B8FFB72AF80EEC69@AM6PR01MB54...
Signed-off-by: liwei liwei728@huawei.com
---
 include/linux/time64.h | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/include/linux/time64.h b/include/linux/time64.h
index e58f59674ad6..681c2e34034a 100644
--- a/include/linux/time64.h
+++ b/include/linux/time64.h
@@ -39,7 +39,9 @@ struct itimerspec64 {
 /* Located here for timespec[64]_valid_strict */
 #define TIME64_MAX			((s64)~((u64)1 << 63))
 #define KTIME_MAX			((s64)~((u64)1 << 63))
+#define KTIME_MIN			(-KTIME_MAX - 1)
 #define KTIME_SEC_MAX			(KTIME_MAX / NSEC_PER_SEC)
+#define KTIME_SEC_MIN			(KTIME_MIN / NSEC_PER_SEC)
/*
  * Limits for settimeofday():
@@ -140,10 +142,13 @@ static inline bool timespec64_valid_settod(const struct timespec64 *ts)
  */
 static inline s64 timespec64_to_ns(const struct timespec64 *ts)
 {
-	/* Prevent multiplication overflow */
-	if ((unsigned long long)ts->tv_sec >= KTIME_SEC_MAX)
+	/* Prevent multiplication overflow / underflow */
+	if (ts->tv_sec >= KTIME_SEC_MAX)
    	return KTIME_MAX;
+	if (ts->tv_sec <= KTIME_SEC_MIN)
+		return KTIME_MIN;
+
    return ((s64) ts->tv_sec * NSEC_PER_SEC) + ts->tv_nsec;
 }
-- 
2.25.1


    