Message ID | 1422877789-22645-1-git-send-email-luis.henriques@canonical.com |
---|---|
State | New |
Headers | show |
Might hold off on merging this one as we've gotten some problem reports against it w/ 3.18-stable. thanks -john On Mon, Feb 2, 2015 at 3:49 AM, Luis Henriques <luis.henriques@canonical.com> wrote: > This is a note to let you know that I have just added a patch titled > > time: adjtimex: Validate the ADJ_FREQUENCY values > > to the linux-3.16.y-queue branch of the 3.16.y-ckt extended stable tree > which can be found at: > > http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.16.y-queue > > This patch is scheduled to be released in version 3.16.7-ckt6. > > If you, or anyone else, feels it should not be added to this tree, please > reply to this email. > > For more information about the 3.16.y-ckt tree, see > https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable > > Thanks. > -Luis > > ------ > > From e18034cee3c5aaf021dedb9f7b3fbf280daf50ef Mon Sep 17 00:00:00 2001 > From: Sasha Levin <sasha.levin@oracle.com> > Date: Wed, 3 Dec 2014 19:25:05 -0500 > Subject: time: adjtimex: Validate the ADJ_FREQUENCY values > > commit 5e5aeb4367b450a28f447f6d5ab57d8f2ab16a5f upstream. > > Verify that the frequency value from userspace is valid and makes sense. > > Unverified values can cause overflows later on. > > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Ingo Molnar <mingo@kernel.org> > Signed-off-by: Sasha Levin <sasha.levin@oracle.com> > [jstultz: Fix up bug for negative values and drop redunent cap check] > Signed-off-by: John Stultz <john.stultz@linaro.org> > Signed-off-by: Luis Henriques <luis.henriques@canonical.com> > --- > kernel/time/ntp.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c > index 33db43a39515..3fca3fdd7c82 100644 > --- a/kernel/time/ntp.c > +++ b/kernel/time/ntp.c > @@ -632,6 +632,13 @@ int ntp_validate_timex(struct timex *txc) > if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME))) > return -EPERM; > > + if (txc->modes & ADJ_FREQUENCY) { > + if (LONG_MIN / PPM_SCALE > txc->freq) > + return -EINVAL; > + if (LONG_MAX / PPM_SCALE < txc->freq) > + return -EINVAL; > + } > + > return 0; > } > > -- > 2.1.4 >
On Mon, Feb 02, 2015 at 10:09:09AM -0800, John Stultz wrote: > Might hold off on merging this one as we've gotten some problem > reports against it w/ 3.18-stable. > Thank you for the heads up, John. I'll hold this patch for now and eventually drop. I've seen Josh Boyer's report in the stable mailing-list, but couldn't find any other report. Is there a BZ bug report or lkml thread on this issue that I could follow? Cheers, -- Luís > thanks > -john > > On Mon, Feb 2, 2015 at 3:49 AM, Luis Henriques > <luis.henriques@canonical.com> wrote: > > This is a note to let you know that I have just added a patch titled > > > > time: adjtimex: Validate the ADJ_FREQUENCY values > > > > to the linux-3.16.y-queue branch of the 3.16.y-ckt extended stable tree > > which can be found at: > > > > http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.16.y-queue > > > > This patch is scheduled to be released in version 3.16.7-ckt6. > > > > If you, or anyone else, feels it should not be added to this tree, please > > reply to this email. > > > > For more information about the 3.16.y-ckt tree, see > > https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable > > > > Thanks. > > -Luis > > > > ------ > > > > From e18034cee3c5aaf021dedb9f7b3fbf280daf50ef Mon Sep 17 00:00:00 2001 > > From: Sasha Levin <sasha.levin@oracle.com> > > Date: Wed, 3 Dec 2014 19:25:05 -0500 > > Subject: time: adjtimex: Validate the ADJ_FREQUENCY values > > > > commit 5e5aeb4367b450a28f447f6d5ab57d8f2ab16a5f upstream. > > > > Verify that the frequency value from userspace is valid and makes sense. > > > > Unverified values can cause overflows later on. > > > > Cc: Thomas Gleixner <tglx@linutronix.de> > > Cc: Ingo Molnar <mingo@kernel.org> > > Signed-off-by: Sasha Levin <sasha.levin@oracle.com> > > [jstultz: Fix up bug for negative values and drop redunent cap check] > > Signed-off-by: John Stultz <john.stultz@linaro.org> > > Signed-off-by: Luis Henriques <luis.henriques@canonical.com> > > --- > > kernel/time/ntp.c | 7 +++++++ > > 1 file changed, 7 insertions(+) > > > > diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c > > index 33db43a39515..3fca3fdd7c82 100644 > > --- a/kernel/time/ntp.c > > +++ b/kernel/time/ntp.c > > @@ -632,6 +632,13 @@ int ntp_validate_timex(struct timex *txc) > > if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME))) > > return -EPERM; > > > > + if (txc->modes & ADJ_FREQUENCY) { > > + if (LONG_MIN / PPM_SCALE > txc->freq) > > + return -EINVAL; > > + if (LONG_MAX / PPM_SCALE < txc->freq) > > + return -EINVAL; > > + } > > + > > return 0; > > } > > > > -- > > 2.1.4 > >
On Mon, Feb 2, 2015 at 11:26 AM, Luis Henriques <luis.henriques@canonical.com> wrote: > On Mon, Feb 02, 2015 at 10:09:09AM -0800, John Stultz wrote: >> Might hold off on merging this one as we've gotten some problem >> reports against it w/ 3.18-stable. >> > > Thank you for the heads up, John. I'll hold this patch for now and > eventually drop. I've seen Josh Boyer's report in the stable > mailing-list, but couldn't find any other report. Is there a BZ bug > report or lkml thread on this issue that I could follow? https://bugzilla.redhat.com/show_bug.cgi?id=1188074 https://bugzilla.kernel.org/show_bug.cgi?id=92481 I've got a fix (attached in the bugs) that is doing well in testing, but I'm waiting to hear back just a bit more before sending it wider. thanks -john
On Mon, Feb 02, 2015 at 11:33:34AM -0800, John Stultz wrote: > On Mon, Feb 2, 2015 at 11:26 AM, Luis Henriques > <luis.henriques@canonical.com> wrote: > > On Mon, Feb 02, 2015 at 10:09:09AM -0800, John Stultz wrote: > >> Might hold off on merging this one as we've gotten some problem > >> reports against it w/ 3.18-stable. > >> > > > > Thank you for the heads up, John. I'll hold this patch for now and > > eventually drop. I've seen Josh Boyer's report in the stable > > mailing-list, but couldn't find any other report. Is there a BZ bug > > report or lkml thread on this issue that I could follow? > > https://bugzilla.redhat.com/show_bug.cgi?id=1188074 > https://bugzilla.kernel.org/show_bug.cgi?id=92481 > > I've got a fix (attached in the bugs) that is doing well in testing, > but I'm waiting to hear back just a bit more before sending it wider. > > thanks > -john Awesome! Thanks a lot for the links. I'll keep an eye on these bugs. Cheers, -- Luís
diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c index 33db43a39515..3fca3fdd7c82 100644 --- a/kernel/time/ntp.c +++ b/kernel/time/ntp.c @@ -632,6 +632,13 @@ int ntp_validate_timex(struct timex *txc) if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME))) return -EPERM; + if (txc->modes & ADJ_FREQUENCY) { + if (LONG_MIN / PPM_SCALE > txc->freq) + return -EINVAL; + if (LONG_MAX / PPM_SCALE < txc->freq) + return -EINVAL; + } + return 0; }