[3.16.y-ckt,stable] Patch "time: adjtimex: Validate the ADJ_FREQUENCY values" has been added to staging queue

This is a note to let you know that I have just added a patch titled

    time: adjtimex: Validate the ADJ_FREQUENCY values

to the linux-3.16.y-queue branch of the 3.16.y-ckt extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.16.y-queue

This patch is scheduled to be released in version 3.16.7-ckt6.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.16.y-ckt tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

From e18034cee3c5aaf021dedb9f7b3fbf280daf50ef Mon Sep 17 00:00:00 2001
From: Sasha Levin <sasha.levin@oracle.com>
Date: Wed, 3 Dec 2014 19:25:05 -0500
Subject: time: adjtimex: Validate the ADJ_FREQUENCY values

commit 5e5aeb4367b450a28f447f6d5ab57d8f2ab16a5f upstream.

Verify that the frequency value from userspace is valid and makes sense.

Unverified values can cause overflows later on.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[jstultz: Fix up bug for negative values and drop redunent cap check]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---
 kernel/time/ntp.c | 7 +++++++
 1 file changed, 7 insertions(+)

--
2.1.4

Might hold off on merging this one as we've gotten some problem
reports against it w/ 3.18-stable.

thanks
-john

On Mon, Feb 2, 2015 at 3:49 AM, Luis Henriques
<luis.henriques@canonical.com> wrote:
> This is a note to let you know that I have just added a patch titled
>
>     time: adjtimex: Validate the ADJ_FREQUENCY values
>
> to the linux-3.16.y-queue branch of the 3.16.y-ckt extended stable tree
> which can be found at:
>
>  http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.16.y-queue
>
> This patch is scheduled to be released in version 3.16.7-ckt6.
>
> If you, or anyone else, feels it should not be added to this tree, please
> reply to this email.
>
> For more information about the 3.16.y-ckt tree, see
> https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
>
> Thanks.
> -Luis
>
> ------
>
> From e18034cee3c5aaf021dedb9f7b3fbf280daf50ef Mon Sep 17 00:00:00 2001
> From: Sasha Levin <sasha.levin@oracle.com>
> Date: Wed, 3 Dec 2014 19:25:05 -0500
> Subject: time: adjtimex: Validate the ADJ_FREQUENCY values
>
> commit 5e5aeb4367b450a28f447f6d5ab57d8f2ab16a5f upstream.
>
> Verify that the frequency value from userspace is valid and makes sense.
>
> Unverified values can cause overflows later on.
>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Ingo Molnar <mingo@kernel.org>
> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
> [jstultz: Fix up bug for negative values and drop redunent cap check]
> Signed-off-by: John Stultz <john.stultz@linaro.org>
> Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
> ---
>  kernel/time/ntp.c | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
> index 33db43a39515..3fca3fdd7c82 100644
> --- a/kernel/time/ntp.c
> +++ b/kernel/time/ntp.c
> @@ -632,6 +632,13 @@ int ntp_validate_timex(struct timex *txc)
>         if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME)))
>                 return -EPERM;
>
> +       if (txc->modes & ADJ_FREQUENCY) {
> +               if (LONG_MIN / PPM_SCALE > txc->freq)
> +                       return -EINVAL;
> +               if (LONG_MAX / PPM_SCALE < txc->freq)
> +                       return -EINVAL;
> +       }
> +
>         return 0;
>  }
>
> --
> 2.1.4
>

On Mon, Feb 02, 2015 at 10:09:09AM -0800, John Stultz wrote:
> Might hold off on merging this one as we've gotten some problem
> reports against it w/ 3.18-stable.
>

Thank you for the heads up, John.  I'll hold this patch for now and
eventually drop.  I've seen Josh Boyer's report in the stable
mailing-list, but couldn't find any other report.  Is there a BZ bug
report or lkml thread on this issue that I could follow?

Cheers,
--
Luís

> thanks
> -john
> 
> On Mon, Feb 2, 2015 at 3:49 AM, Luis Henriques
> <luis.henriques@canonical.com> wrote:
> > This is a note to let you know that I have just added a patch titled
> >
> >     time: adjtimex: Validate the ADJ_FREQUENCY values
> >
> > to the linux-3.16.y-queue branch of the 3.16.y-ckt extended stable tree
> > which can be found at:
> >
> >  http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.16.y-queue
> >
> > This patch is scheduled to be released in version 3.16.7-ckt6.
> >
> > If you, or anyone else, feels it should not be added to this tree, please
> > reply to this email.
> >
> > For more information about the 3.16.y-ckt tree, see
> > https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
> >
> > Thanks.
> > -Luis
> >
> > ------
> >
> > From e18034cee3c5aaf021dedb9f7b3fbf280daf50ef Mon Sep 17 00:00:00 2001
> > From: Sasha Levin <sasha.levin@oracle.com>
> > Date: Wed, 3 Dec 2014 19:25:05 -0500
> > Subject: time: adjtimex: Validate the ADJ_FREQUENCY values
> >
> > commit 5e5aeb4367b450a28f447f6d5ab57d8f2ab16a5f upstream.
> >
> > Verify that the frequency value from userspace is valid and makes sense.
> >
> > Unverified values can cause overflows later on.
> >
> > Cc: Thomas Gleixner <tglx@linutronix.de>
> > Cc: Ingo Molnar <mingo@kernel.org>
> > Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
> > [jstultz: Fix up bug for negative values and drop redunent cap check]
> > Signed-off-by: John Stultz <john.stultz@linaro.org>
> > Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
> > ---
> >  kernel/time/ntp.c | 7 +++++++
> >  1 file changed, 7 insertions(+)
> >
> > diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
> > index 33db43a39515..3fca3fdd7c82 100644
> > --- a/kernel/time/ntp.c
> > +++ b/kernel/time/ntp.c
> > @@ -632,6 +632,13 @@ int ntp_validate_timex(struct timex *txc)
> >         if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME)))
> >                 return -EPERM;
> >
> > +       if (txc->modes & ADJ_FREQUENCY) {
> > +               if (LONG_MIN / PPM_SCALE > txc->freq)
> > +                       return -EINVAL;
> > +               if (LONG_MAX / PPM_SCALE < txc->freq)
> > +                       return -EINVAL;
> > +       }
> > +
> >         return 0;
> >  }
> >
> > --
> > 2.1.4
> >

On Mon, Feb 2, 2015 at 11:26 AM, Luis Henriques
<luis.henriques@canonical.com> wrote:
> On Mon, Feb 02, 2015 at 10:09:09AM -0800, John Stultz wrote:
>> Might hold off on merging this one as we've gotten some problem
>> reports against it w/ 3.18-stable.
>>
>
> Thank you for the heads up, John.  I'll hold this patch for now and
> eventually drop.  I've seen Josh Boyer's report in the stable
> mailing-list, but couldn't find any other report.  Is there a BZ bug
> report or lkml thread on this issue that I could follow?

https://bugzilla.redhat.com/show_bug.cgi?id=1188074
https://bugzilla.kernel.org/show_bug.cgi?id=92481

I've got a fix (attached in the bugs) that is doing well in testing,
but I'm waiting to hear back just a bit more before sending it wider.

thanks
-john

On Mon, Feb 02, 2015 at 11:33:34AM -0800, John Stultz wrote:
> On Mon, Feb 2, 2015 at 11:26 AM, Luis Henriques
> <luis.henriques@canonical.com> wrote:
> > On Mon, Feb 02, 2015 at 10:09:09AM -0800, John Stultz wrote:
> >> Might hold off on merging this one as we've gotten some problem
> >> reports against it w/ 3.18-stable.
> >>
> >
> > Thank you for the heads up, John.  I'll hold this patch for now and
> > eventually drop.  I've seen Josh Boyer's report in the stable
> > mailing-list, but couldn't find any other report.  Is there a BZ bug
> > report or lkml thread on this issue that I could follow?
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1188074
> https://bugzilla.kernel.org/show_bug.cgi?id=92481
> 
> I've got a fix (attached in the bugs) that is doing well in testing,
> but I'm waiting to hear back just a bit more before sending it wider.
> 
> thanks
> -john

Awesome!  Thanks a lot for the links.  I'll keep an eye on these bugs.

Cheers,
--
Luís