kernel/time/ntp.c: Possible off-by-one error in TAI range check?

From: Ondrej Mosnacek
Date: Mon Apr 08 2019 - 04:47:55 EST

Next message: Sekhar Nori: "Re: [PATCH v2 1/4] ARM: davinci: fix cpufreq registration on da850-evm"
Previous message: Thomas-Mich Richter: "Re: WARN_ON_ONCE() hit at kernel/events/core.c:330"
Next in thread: Ondrej Mosnacek: "Re: kernel/time/ntp.c: Possible off-by-one error in TAI range check?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

while writing tests for clock adjustment auditing [1] [2], I stumbled
upon a strange behavior of adjtimex(2) when setting the TAI offset...

Commit 153b5d054ac2 ("ntp: support for TAI") added a possibility to
change the TAI offset from userspace via adjtimex(2). The code checks
if the input value (txc->constant) is greater than 0 and if it is not,
then it doesn't modify the value. Ignoring the fact that this check
should probably be in timekeeping_validate_timex() and cause -EINVAL
to be returned when false, I find it strange that the check doesn't
allow to set the value to 0, which seems to be the default value...

Was this behavior intended or should the code actually check for
txc->constant >= 0 instead of txc->constant > 0?

Thanks,

[1] https://github.com/linux-audit/audit-kernel/issues/10
[2] https://github.com/linux-audit/audit-kernel/wiki/RFE-More-detailed-auditing-of-changes-to-system-clock

--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.

Next message: Sekhar Nori: "Re: [PATCH v2 1/4] ARM: davinci: fix cpufreq registration on da850-evm"
Previous message: Thomas-Mich Richter: "Re: WARN_ON_ONCE() hit at kernel/events/core.c:330"
Next in thread: Ondrej Mosnacek: "Re: kernel/time/ntp.c: Possible off-by-one error in TAI range check?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]