On Mon, 25 Feb 2019, Yao HongBo wrote:
> On 2/25/2019 12:53 PM, Deepa Dinamani wrote:
> > On Sun, Feb 24, 2019 at 7:13 PM Hongbo Yao <[email protected]> wrote:
> >> I ran into this:
> >> UBSAN: Undefined behaviour in ./include/linux/time64.h:70:2
> >> signed integer overflow:
> >> 1551059291 + 9223372036854775807 cannot be represented in type
> >> 'long
> >> long int'
> >> CPU: 5 PID: 20064 Comm: syz-executor.2 Not tainted 4.19.24 #4
> >> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> >> 1.10.2-1ubuntu1 04/01/2014
> >> Call Trace:
> >> __dump_stack lib/dump_stack.c:77 [inline]
> >> dump_stack+0xca/0x13e lib/dump_stack.c:113
> >> ubsan_epilogue+0xe/0x81 lib/ubsan.c:159
> >> handle_overflow+0x193/0x1e2 lib/ubsan.c:190
> >> timespec64_add include/linux/time64.h:70 [inline]
> >> timekeeping_inject_offset+0x3ed/0x4e0
> >> kernel/time/timekeeping.c:1301
> >> do_adjtimex+0x1e5/0x6c0 kernel/time/timekeeping.c:2360
> >> __do_sys_clock_adjtime+0x122/0x200 kernel/time/posix-timers.c:1086
>
> > You seem to be adding INT64_MAX here. Maybe the right thing to do is
> > to add a check at the syscall interface rather than here.
>
> Thanks for this suggestion. Looks like that is a better way.
> I will try it.
Yes, the input to sys_clock_adjtime() needs to be sanity checked.
Thanks,
tglx
