git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit

author	Thomas Gleixner <tglx@linutronix.de>
	Tue, 30 May 2017 21:15:34 +0000 (23:15 +0200)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Wed, 19 Jul 2017 07:58:23 +0000 (09:58 +0200)
commit	a08af26d0a431e5d49ad10415483a5fb055a95dd
tree	eadc1333e3a9c6f2004c64718790768ec46b2e99	tree
parent	18cce48ce918d9a8c01c3c7411e1be1afdb5df56	commit \| diff

alarmtimer: Prevent overflow of relative timers

BugLink: http://bugs.launchpad.net/bugs/1702104
commit f4781e76f90df7aec400635d73ea4c35ee1d4765 upstream.

Andrey reported a alartimer related RCU stall while fuzzing the kernel with
syzkaller.

The reason for this is an overflow in ktime_add() which brings the
resulting time into negative space and causes immediate expiry of the
timer. The following rearm with a small interval does not bring the timer
back into positive space due to the same issue.

This results in a permanent firing alarmtimer which hogs the CPU.

Use ktime_add_safe() instead which detects the overflow and clamps the
result to KTIME_SEC_MAX.

Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Kostya Serebryany <kcc@google.com>
Cc: syzkaller <syzkaller@googlegroups.com>
Cc: John Stultz <john.stultz@linaro.org>
Cc: Dmitry Vyukov <dvyukov@google.com>
Link: http://lkml.kernel.org/r/20170530211655.802921648@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>