diff mbox

[1/2] time: settimeofday: Validate the values of tv from user

Message ID 1420654340-3009-2-git-send-email-john.stultz@linaro.org
State Accepted
Commit 6ada1fc0e1c4775de0e043e1bd3ae9d065491aa5
Headers show

Commit Message

John Stultz Jan. 7, 2015, 6:12 p.m. UTC 
From: Sasha Levin <sasha.levin@oracle.com>

An unvalidated user input is multiplied by a constant, which can result in
an undefined behaviour for large values. While this is validated later,
we should avoid triggering undefined behaviour.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: stable <stable@vger.kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[jstultz: include trivial milisecond->microsecond correction noticed
by Andy]
Signed-off-by: John Stultz <john.stultz@linaro.org>
---
 include/linux/time.h | 13 +++++++++++++
 kernel/time/time.c   |  4 ++++
 2 files changed, 17 insertions(+)

Comments

John Stultz Jan. 7, 2015, 7:02 p.m. UTC | #1 
On Wed, Jan 7, 2015 at 10:28 AM, Greg KH <greg@kroah.com> wrote:
> On Wed, Jan 07, 2015 at 10:12:19AM -0800, John Stultz wrote:
>> From: Sasha Levin <sasha.levin@oracle.com>
>>
>> An unvalidated user input is multiplied by a constant, which can result in
>> an undefined behaviour for large values. While this is validated later,
>> we should avoid triggering undefined behaviour.
>>
>> Cc: Thomas Gleixner <tglx@linutronix.de>
>> Cc: Ingo Molnar <mingo@kernel.org>
>> Cc: stable <stable@vger.kernel.org>
>> Cc: Andy Lutomirski <luto@amacapital.net>
>> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
>> [jstultz: include trivial milisecond->microsecond correction noticed
>> by Andy]
>> Signed-off-by: John Stultz <john.stultz@linaro.org>
>> ---
>>  include/linux/time.h | 13 +++++++++++++
>>  kernel/time/time.c   |  4 ++++
>>  2 files changed, 17 insertions(+)
>
> <formletter>
>
> This is not the correct way to submit patches for inclusion in the
> stable kernel tree.  Please read Documentation/stable_kernel_rules.txt
> for how to do this properly.
>
> </formletter>

Hrm. I'm not quite sure which rule I'm running afoul here.

Does this seem too much like a theoretical issue and not like enough
of a "oh, that's not good" issue?

thanks
-john
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/include/linux/time.h b/include/linux/time.h
index 8c42cf8..5989b0e 100644
--- a/include/linux/time.h
+++ b/include/linux/time.h
@@ -99,6 +99,19 @@  static inline bool timespec_valid_strict(const struct timespec *ts)
 	return true;
 }
 
+static inline bool timeval_valid(const struct timeval *tv)
+{
+	/* Dates before 1970 are bogus */
+	if (tv->tv_sec < 0)
+		return false;
+
+	/* Can't have more microseconds then a second */
+	if (tv->tv_usec < 0 || tv->tv_usec >= USEC_PER_SEC)
+		return false;
+
+	return true;
+}
+
 extern struct timespec timespec_trunc(struct timespec t, unsigned gran);
 
 #define CURRENT_TIME		(current_kernel_time())
diff --git a/kernel/time/time.c b/kernel/time/time.c
index a9ae20f..22d5d3b 100644
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -196,6 +196,10 @@  SYSCALL_DEFINE2(settimeofday, struct timeval __user *, tv,
 	if (tv) {
 		if (copy_from_user(&user_tv, tv, sizeof(*tv)))
 			return -EFAULT;
+
+		if (!timeval_valid(&user_tv))
+			return -EINVAL;
+
 		new_ts.tv_sec = user_tv.tv_sec;
 		new_ts.tv_nsec = user_tv.tv_usec * NSEC_PER_USEC;
 	}