From patchwork Wed Feb  4 00:38:38 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Stultz <john.stultz@linaro.org>
X-Patchwork-Id: 44321
Return-Path: <patchwork-forward+bncBCJ7RPMX4EMBBF6UYWTAKGQEWZJ3WWA@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-wi0-f200.google.com (mail-wi0-f200.google.com
 [209.85.212.200])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 7F6A82034D
 for <linaro@patches.linaro.org>; Wed,  4 Feb 2015 00:38:48 +0000 (UTC)
Received: by mail-wi0-f200.google.com with SMTP id fb4sf190119wid.3
 for <linaro@patches.linaro.org>; Tue, 03 Feb 2015 16:38:47 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject
 :date:message-id:in-reply-to:references:x-original-sender
 :x-original-authentication-results:precedence:mailing-list:list-id
 :list-post:list-help:list-archive:list-unsubscribe;
 bh=6EuvdfTbK8DL0c2wnUTjlbcsV1GNOmhBLzannXiSZNo=;
 b=JMKNagzD//Algsn0Tsu4dKIp7XHdGYyynQlwSdBzTIacdqrh9XvoRJywXKECAY3qLq
 K31naPGyjs2qlhF91oP36XPrUMJ6IhNI7/dY/55Cxt6klZ5rbJ4d1mkBt5dSwpSgeC/p
 wXHZr5SotrDBg7bB6OkXmHJuvm44jZ7bZBsxkvfeGVP4L7OhoGG+e2+HnaIYbC17ht2J
 OMGa0gcoqMF8x7U5krTmjuWbXyzjxrUKWCXVIc1EscsqU90boDdt0ciJJrLpoBYzi5fe
 yhjVU+ta1zq/IfwP0O9iGgXoai9N8ly00jO8CuRcsc1fFcL9wCHUced78E0LE9HXfdcP
 ESsQ==
X-Gm-Message-State: ALoCoQlRPw4iLyBWs6eqwSljyj2Aw/MZY5QuC1nD4LNX15dfTXgWk2VMn2MxNlr+Qk9TFN/c98aO
X-Received: by 10.180.94.134 with SMTP id dc6mr2327718wib.2.1423010327778;
 Tue, 03 Feb 2015 16:38:47 -0800 (PST)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.87.234 with SMTP id bb10ls810982lab.90.gmail; Tue, 03 Feb
 2015 16:38:47 -0800 (PST)
X-Received: by 10.112.35.165 with SMTP id i5mr27118212lbj.49.1423010327548; 
 Tue, 03 Feb 2015 16:38:47 -0800 (PST)
Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com.
 [209.85.217.182])
 by mx.google.com with ESMTPS id ld6si106382lab.40.2015.02.03.16.38.47
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 03 Feb 2015 16:38:47 -0800 (PST)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.182 as permitted sender) client-ip=209.85.217.182; 
Received: by mail-lb0-f182.google.com with SMTP id l4so41646483lbv.13
 for <patchwork-forward@linaro.org>;
 Tue, 03 Feb 2015 16:38:47 -0800 (PST)
X-Received: by 10.112.98.99 with SMTP id eh3mr27182335lbb.32.1423010327198; 
 Tue, 03 Feb 2015 16:38:47 -0800 (PST)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patches@linaro.org
Received: by 10.112.35.133 with SMTP id h5csp172558lbj;
 Tue, 3 Feb 2015 16:38:46 -0800 (PST)
X-Received: by 10.66.164.232 with SMTP id yt8mr41154607pab.128.1423010325374; 
 Tue, 03 Feb 2015 16:38:45 -0800 (PST)
Received: from mail-pa0-f51.google.com (mail-pa0-f51.google.com.
 [209.85.220.51]) by mx.google.com with ESMTPS id
 oi10si21515pab.163.2015.02.03.16.38.44 for <patches@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 03 Feb 2015 16:38:45 -0800 (PST)
Received-SPF: pass (google.com: domain of john.stultz@linaro.org designates
 209.85.220.51 as permitted sender) client-ip=209.85.220.51; 
Received: by mail-pa0-f51.google.com with SMTP id fb1so103136774pad.10
 for <patches@linaro.org>; Tue, 03 Feb 2015 16:38:44 -0800 (PST)
X-Received: by 10.68.90.4 with SMTP id bs4mr10755086pbb.151.1423010324051;
 Tue, 03 Feb 2015 16:38:44 -0800 (PST)
Received: from localhost.localdomain (c-67-170-153-23.hsd1.or.comcast.net.
 [67.170.153.23])
 by mx.google.com with ESMTPSA id jz5sm112702pbc.0.2015.02.03.16.38.42
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Tue, 03 Feb 2015 16:38:43 -0800 (PST)
From: John Stultz <john.stultz@linaro.org>
To: lkml <linux-kernel@vger.kernel.org>
Cc: John Stultz <john.stultz@linaro.org>,
 Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@kernel.org>,
 Sasha Levin <sasha.levin@oracle.com>,
 Richard Cochran <richardcochran@gmail.com>, stable@vger.kernel.org
Subject: [PATCH v2] ntp: Fixup adjtimex freq validation on 32bit systems
Date: Tue,  3 Feb 2015 16:38:38 -0800
Message-Id: <1423010318-13023-1-git-send-email-john.stultz@linaro.org>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <20150203194543.GA21745@localhost.localdomain>
References: <20150203194543.GA21745@localhost.localdomain>
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: john.stultz@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.182 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Precedence: list
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
List-ID: <patchwork-forward.linaro.org>
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>

For tip/timers/urgent.

Additional validation of adjtimex freq values to avoid
potential multiplication overflows were added in commit
5e5aeb4367b (time: adjtimex: Validate the ADJ_FREQUENCY values)

Unfortunately the patch used LONG_MAX/MIN instead of
LLONG_MAX/MIN, which was fine on 64bit systems, but being
much smaller on 32bit systems caused false positives
resulting in most direct frequency adjustments to fail w/
EINVAL.

ntpd only does direct frequency adjustments at startup, so
the issue was not as easily observed there, but other time
sync applications like ptpd and chrony were more effected by
the bug.

See bugs:
https://bugzilla.kernel.org/show_bug.cgi?id=92481
https://bugzilla.redhat.com/show_bug.cgi?id=1188074

This patch changes the checks to use LLONG_MAX for
clarity, and additionally the checks are disabled
on 32bit systems since LLONG_MAX/PPM_SCALE is always
larger then the 32bit long freq value, so mult
overflows aren't possible there.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Richard Cochran <richardcochran@gmail.com>
Cc: stable@vger.kernel.org
Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
Reported-by: George Joseph <george.joseph@fairview5.com>
Tested-by: George Joseph <george.joseph@fairview5.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
---
v2: Included the BITS_PER_LONG check to disable
the check on 32bit systems, since it generates
build warnings in some settings.

 kernel/time/ntp.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
index 28bf91c..6824ef9 100644
--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
@@ -633,10 +633,14 @@ int ntp_validate_timex(struct timex *txc)
 	if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME)))
 		return -EPERM;
 
-	if (txc->modes & ADJ_FREQUENCY) {
-		if (LONG_MIN / PPM_SCALE > txc->freq)
+	/*
+	 * Check for potential mult overflows that can
+	 * only happen on 64bit systems.
+	 */
+	if ((txc->modes & ADJ_FREQUENCY) && (BITS_PER_LONG == 64)) {
+		if (LLONG_MIN / PPM_SCALE > txc->freq)
 			return -EINVAL;
-		if (LONG_MAX / PPM_SCALE < txc->freq)
+		if (LLONG_MAX / PPM_SCALE < txc->freq)
 			return -EINVAL;
 	}