TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
TWx Linux Repository
1,294,818 Commits 16 Branches 5,273 Tags 5.6 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
87d571d6fb
Go to file
Justin Stitt 87d571d6fb ntp: Clamp maxerror and esterror to operating range 
Using syzkaller alongside the newly reintroduced signed integer overflow
sanitizer spits out this report:

UBSAN: signed-integer-overflow in ../kernel/time/ntp.c:461:16
9223372036854775807 + 500 cannot be represented in type 'long'
Call Trace:
 handle_overflow+0x171/0x1b0
 second_overflow+0x2d6/0x500
 accumulate_nsecs_to_secs+0x60/0x160
 timekeeping_advance+0x1fe/0x890
 update_wall_time+0x10/0x30

time_maxerror is unconditionally incremented and the result is checked
against NTP_PHASE_LIMIT, but the increment itself can overflow, resulting
in wrap-around to negative space.

Before commit eea83d896e31 ("ntp: NTP4 user space bits update") the user
supplied value was sanity checked to be in the operating range. That change
removed the sanity check and relied on clamping in handle_overflow() which
does not work correctly when the user supplied value is in the overflow
zone of the '+ 500' operation.

The operation requires CAP_SYS_TIME and the side effect of the overflow is
NTP getting out of sync.

Miroslav confirmed that the input value should be clamped to the operating
range and the same applies to time_esterror. The latter is not used by the
kernel, but the value still should be in the operating range as it was
before the sanity check got removed.

Clamp them to the operating range.

[ tglx: Changed it to clamping and included time_esterror ] 

Fixes: eea83d896e31 ("ntp: NTP4 user space bits update")
Signed-off-by: Justin Stitt <justinstitt@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Miroslav Lichvar <mlichvar@redhat.com>
Link: https://lore.kernel.org/all/20240517-b4-sio-ntp-usec-v2-1-d539180f2b79@google.com
Closes: https://github.com/KSPP/linux/issues/354
2024-08-05 16:14:14 +02:00
arch X86 fixes: 2024-08-04 08:57:08 -07:00
block block: fix deadlock between sd_remove & sd_release 2024-07-24 09:51:21 -06:00
certs kbuild: use $(src) instead of $(srctree)/$(src) for source directory 2024-05-10 04:34:52 +09:00
crypto crypto: testmgr - generate power-of-2 lengths more often 2024-07-13 11:50:28 +12:00
Documentation profiling: remove profile=sleep support 2024-08-04 13:36:28 -07:00
drivers A couple of fixes for interrupt chip drivers: 2024-08-04 08:36:57 -07:00
fs 'smb3 client fixes 2024-08-04 08:18:40 -07:00
include profiling: remove profile=sleep support 2024-08-04 13:36:28 -07:00
init rust: SHADOW_CALL_STACK is incompatible with Rust 2024-08-01 16:15:03 +01:00
io_uring io_uring: remove unused local list heads in NAPI functions 2024-07-30 06:20:20 -06:00
ipc sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
kernel ntp: Clamp maxerror and esterror to operating range 2024-08-05 16:14:14 +02:00
lib minmax: don't use max() in situations that want a C constant expression 2024-07-28 20:23:27 -07:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm minmax: make generic MIN() and MAX() macros available everywhere 2024-07-28 15:49:18 -07:00
net Including fixes from wireless, bleutooth, BPF and netfilter. 2024-08-01 09:42:09 -07:00
rust Rust changes for v6.11 2024-07-27 13:44:54 -07:00
samples Driver core changes for 6.11-rc1 2024-07-25 10:42:22 -07:00
scripts syscalls: fix syscall macros for newfstat/newfstatat 2024-08-02 15:20:47 +02:00
security apparmor-pr-2024-07-24 PR 2024-07-25 2024-07-27 13:28:39 -07:00
sound sound fixes for 6.11-rc2 2024-08-02 09:04:57 -07:00
tools * fix latent bug in how usage of large pages is determined for 2024-08-02 10:17:49 -07:00
usr initramfs: shorten cmd_initfs in usr/Makefile 2024-07-16 01:07:52 +09:00
virt KVM: guest_memfd: abstract how prepared folios are recorded 2024-07-26 14:46:15 -04:00
.clang-format Docs: Move clang-format from process/ to dev-tools/ 2024-06-26 16:36:00 -06:00
.cocciconfig
.editorconfig .editorconfig: remove trim_trailing_whitespace option 2024-06-13 16:47:52 +02:00
.get_maintainer.ignore Add Jeff Kirsher to .get_maintainer.ignore 2024-03-08 11:36:54 +00:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: add script and target to generate pacman package 2024-07-22 01:24:22 +09:00
.mailmap MAINTAINERS: mailmap: update James Clark's email address 2024-07-26 14:32:35 -07:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING
CREDITS tracing: Update of MAINTAINERS and CREDITS file 2024-07-18 14:08:42 -07:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig
MAINTAINERS Including fixes from wireless, bleutooth, BPF and netfilter. 2024-08-01 09:42:09 -07:00
Makefile Linux 6.11-rc2 2024-08-04 13:50:53 -07:00
README README: Fix spelling 2024-03-18 03:36:32 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.