Re: [PATCH] time: avoid undefined behaviour in ktime_add_safe()
From: John Stultz
Date: Wed Aug 17 2016 - 16:19:30 EST
On Fri, Aug 12, 2016 at 4:37 PM, Vegard Nossum <vegard.nossum@xxxxxxxxxx> wrote:
> I ran into this:
>
> ================================================================================
> UBSAN: Undefined behaviour in kernel/time/hrtimer.c:310:16
> signed integer overflow:
> 9223372036854775807 + 50000 cannot be represented in type 'long long int'
> CPU: 2 PID: 4798 Comm: trinity-c2 Not tainted 4.8.0-rc1+ #91
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
> 0000000000000000 ffff88010ce6fb88 ffffffff82344740 0000000041b58ab3
> ffffffff84f97a20 ffffffff82344694 ffff88010ce6fbb0 ffff88010ce6fb60
> 000000000000c350 ffff88010ce6f968 dffffc0000000000 ffffffff857bc320
> Call Trace:
> [<ffffffff82344740>] dump_stack+0xac/0xfc
> [<ffffffff82344694>] ? _atomic_dec_and_lock+0xc4/0xc4
> [<ffffffff8242df78>] ubsan_epilogue+0xd/0x8a
> [<ffffffff8242e6b4>] handle_overflow+0x202/0x23d
> [<ffffffff8242e4b2>] ? val_to_string.constprop.6+0x11e/0x11e
> [<ffffffff8236df71>] ? timerqueue_add+0x151/0x410
> [<ffffffff81485c48>] ? hrtimer_start_range_ns+0x3b8/0x1380
> [<ffffffff81795631>] ? memset+0x31/0x40
> [<ffffffff8242e6fd>] __ubsan_handle_add_overflow+0xe/0x10
> [<ffffffff81488ac9>] hrtimer_nanosleep+0x5d9/0x790
> [<ffffffff814884f0>] ? hrtimer_init_sleeper+0x80/0x80
> [<ffffffff813a9ffb>] ? __might_sleep+0x5b/0x260
> [<ffffffff8148be10>] common_nsleep+0x20/0x30
> [<ffffffff814906c7>] SyS_clock_nanosleep+0x197/0x210
> [<ffffffff81490530>] ? SyS_clock_getres+0x150/0x150
> [<ffffffff823c7113>] ? __this_cpu_preempt_check+0x13/0x20
> [<ffffffff8162ef60>] ? __context_tracking_exit.part.3+0x30/0x1b0
> [<ffffffff81490530>] ? SyS_clock_getres+0x150/0x150
> [<ffffffff81007bd3>] do_syscall_64+0x1b3/0x4b0
> [<ffffffff845f85aa>] entry_SYSCALL64_slow_path+0x25/0x25
> ================================================================================
>
> Add a new ktime_add_unsafe() helper which doesn't check for overflow, but
> doesn't throw a UBSAN warning when it does overflow either.
>
> Signed-off-by: Vegard Nossum <vegard.nossum@xxxxxxxxxx>
Queued for testing, targeting 4.9.
thanks
-john