Re: [PATCH] Fix chance of sign extension to nsec after its msb is set during calculation.

From: Thomas Gleixner
Date: Fri Sep 02 2016 - 04:52:16 EST


On Thu, 1 Sep 2016, Liav Rehana wrote:
> From: Liav Rehana <liavr@xxxxxxxxxxxx>
>
> During the calculation of the nsec variable, "delta * tkr->mult" may cause
> overflow to the msb, if the suspended time is too long.
> In that case, we need to guarantee that the variable will not go through a
> sign extension during its shift, and thus it will result in a much higher
> value - close to the larget value of 64 bits.
> The following commit fixes this problem, which causes the following bug:
> Trying to connect through ftp to the os after a long enough suspended time
> will cause the nsec variable to get a much higher value after its shift
> because of sign extension, and thus the loop that follows some instructions
> afterwards, implemented in the inline function __iter_div_u64_rem, will
> take too long.
>
> Signed-off-by: Liav Rehana <liavr@xxxxxxxxxxxx>
> ---
> kernel/time/timekeeping.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
> index 479d25c..ddf56a5 100644
> --- a/kernel/time/timekeeping.c
> +++ b/kernel/time/timekeeping.c
> @@ -305,7 +305,7 @@ static inline s64 timekeeping_delta_to_ns(struct tk_read_base *tkr,
> s64 nsec;
>
> nsec = delta * tkr->mult + tkr->xtime_nsec;
> - nsec >>= tkr->shift;
> + nsec = ((u64) nsec) >> tkr->shift;

This typecast is just a baindaid. What happens if you double the suspend time?
The multiplication will simply overflow. So the proper fix is to sanity check
delta and do multiple conversions if delta is big enough. Preferrably this
happens somewhere at the call site and not in this hotpath function.

Thanks,

tglx