summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Gleixner <tglx@linutronix.de>2007-04-09 01:04:23 +0200
committerAdrian Bunk <bunk@stusta.de>2007-04-09 01:04:23 +0200
commit75da4e64268ffdbd56143b4642d340b9bf3ee350 (patch)
tree9eaa46984d6cc0fb0a24cbb5d05c49ebc1cdb5c8
parent19b5054d01f856a189659a59b24c8497b038cb43 (diff)
downloadlwn-75da4e64268ffdbd56143b4642d340b9bf3ee350.tar.gz
lwn-75da4e64268ffdbd56143b4642d340b9bf3ee350.zip
hrtimer: prevent overrun DoS in hrtimer_forward()
hrtimer_forward() does not check for the possible overflow of timer->expires. This can happen on 64 bit machines with large interval values and results currently in an endless loop in the softirq because the expiry value becomes negative and therefor the timer is expired all the time. Check for this condition and set the expiry value to the max. expiry time in the future. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Adrian Bunk <bunk@stusta.de>
-rw-r--r--kernel/hrtimer.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
index 14bc9cfa6399..a29ceb04c257 100644
--- a/kernel/hrtimer.c
+++ b/kernel/hrtimer.c
@@ -316,6 +316,12 @@ hrtimer_forward(struct hrtimer *timer, ktime_t interval)
orun++;
}
timer->expires = ktime_add(timer->expires, interval);
+ /*
+ * Make sure, that the result did not wrap with a very large
+ * interval.
+ */
+ if (timer->expires.tv64 < 0)
+ timer->expires = ktime_set(KTIME_SEC_MAX, 0);
return orun;
}