diff options
author | Thomas Gleixner <tglx@linutronix.de> | 2007-04-09 01:04:23 +0200 |
---|---|---|
committer | Adrian Bunk <bunk@stusta.de> | 2007-04-09 01:04:23 +0200 |
commit | 75da4e64268ffdbd56143b4642d340b9bf3ee350 (patch) | |
tree | 9eaa46984d6cc0fb0a24cbb5d05c49ebc1cdb5c8 | |
parent | 19b5054d01f856a189659a59b24c8497b038cb43 (diff) | |
download | lwn-75da4e64268ffdbd56143b4642d340b9bf3ee350.tar.gz lwn-75da4e64268ffdbd56143b4642d340b9bf3ee350.zip |
hrtimer: prevent overrun DoS in hrtimer_forward()
hrtimer_forward() does not check for the possible overflow of
timer->expires. This can happen on 64 bit machines with large interval
values and results currently in an endless loop in the softirq because
the expiry value becomes negative and therefor the timer is expired all
the time.
Check for this condition and set the expiry value to the max. expiry
time in the future.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
-rw-r--r-- | kernel/hrtimer.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c index 14bc9cfa6399..a29ceb04c257 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c @@ -316,6 +316,12 @@ hrtimer_forward(struct hrtimer *timer, ktime_t interval) orun++; } timer->expires = ktime_add(timer->expires, interval); + /* + * Make sure, that the result did not wrap with a very large + * interval. + */ + if (timer->expires.tv64 < 0) + timer->expires = ktime_set(KTIME_SEC_MAX, 0); return orun; } |