Re: [PATCH] hrtimer: prevent overrun DoS in hrtimer_forward()
From: Adrian Bunk
Date: Wed Apr 04 2007 - 17:12:31 EST
On Wed, Mar 14, 2007 at 11:00:12AM +0100, Thomas Gleixner wrote:
> hrtimer_forward() does not check for the possible overflow of
> timer->expires. This can happen on 64 bit machines with large interval
> values and results currently in an endless loop in the softirq because
> the expiry value becomes negative and therefor the timer is expired all
> the time.
>
> Check for this condition and set the expiry value to the max. expiry
> time in the future.
>
> The fix should be applied to stable kernel series as well.
Is this relevant for 2.6.16?
I'm asking since KTIME_SEC_MAX is not used in 2.6.16, and therefore the
check in ktime_set() is also missing.
> Signed-off-by: Thomas Gleixner <tglx@linutronix,de>
>
> diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
> index ec4cb9f..5e7122d 100644
> --- a/kernel/hrtimer.c
> +++ b/kernel/hrtimer.c
> @@ -644,6 +644,12 @@ hrtimer_forward(struct hrtimer *timer, k
> orun++;
> }
> timer->expires = ktime_add(timer->expires, interval);
> + /*
> + * Make sure, that the result did not wrap with a very large
> + * interval.
> + */
> + if (timer->expires.tv64 < 0)
> + timer->expires = ktime_set(KTIME_SEC_MAX, 0);
>
> return orun;
> }
>
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/