diff mbox series

[-next,v4,1/2] posix-clock: Check timespec64 before call clock_settime()

Message ID 20240914100625.414013-2-ruanjinjie@huawei.com (mailing list archive)
State Deferred
Headers show
Series posix-clock: Check timespec64 for PTP clock | expand

Checks

Context Check Description
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 16 this patch: 16
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 5 of 5 maintainers
netdev/build_clang success Errors and warnings before: 16 this patch: 16
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 16 this patch: 16
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 9 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest fail net-next-2024-09-14--12-00 (tests: 753)

Commit Message

Jinjie Ruan Sept. 14, 2024, 10:06 a.m. UTC 
As Andrew pointed out, it will make sense that the PTP core
checked timespec64 struct's tv_sec and tv_nsec range before calling
ptp->info->settime64().

As the man mannul of clock_settime() said, if tp.tv_sec is negative or
tp.tv_nsec is outside the range [0..999,999,999], it shuld return EINVAL,
which include Dynamic clocks which handles PTP clock, and the condition is
consistent with timespec64_valid(). So check it ahead using
timespec64_valid() in pc_clock_settime() and return -EINVAL if not valid.

There are some drivers that use tp->tv_sec and tp->tv_nsec directly to
write registers without validity checks and assume that the higher layer
has checked it, which is dangerous and will benefit from this, such as
hclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(),
and some drivers can remove the checks of itself.

Suggested-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
---
v4:
- Check it in pc_clock_settime().
- Update the commit message.
v3:
- Adjust to check in more higher layer clock_settime().
- Remove the NULL check.
- Update the commit message and subject.
v2:
- Adjust to check in ptp_clock_settime().
---
 kernel/time/posix-clock.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Simon Horman Sept. 14, 2024, 3:23 p.m. UTC | #1 
On Sat, Sep 14, 2024 at 06:06:24PM +0800, Jinjie Ruan wrote:
> As Andrew pointed out, it will make sense that the PTP core
> checked timespec64 struct's tv_sec and tv_nsec range before calling
> ptp->info->settime64().
> 
> As the man mannul of clock_settime() said, if tp.tv_sec is negative or
> tp.tv_nsec is outside the range [0..999,999,999], it shuld return EINVAL,

nit: should

Flagged by checkpatch.pl --codespell

...
Thomas Gleixner Oct. 2, 2024, 3:18 p.m. UTC | #2 
On Sat, Sep 14 2024 at 16:23, Simon Horman wrote:
> On Sat, Sep 14, 2024 at 06:06:24PM +0800, Jinjie Ruan wrote:
>> As Andrew pointed out, it will make sense that the PTP core
>> checked timespec64 struct's tv_sec and tv_nsec range before calling
>> ptp->info->settime64().
>> 
>> As the man mannul of clock_settime() said, if tp.tv_sec is negative or
>> tp.tv_nsec is outside the range [0..999,999,999], it shuld return EINVAL,
>
> nit: should
>
> Flagged by checkpatch.pl --codespell

...  man mannul

Flagged by my taste sensors.
Thomas Gleixner Oct. 2, 2024, 3:22 p.m. UTC | #3 
On Sat, Sep 14 2024 at 18:06, Jinjie Ruan wrote:
> As Andrew pointed out, it will make sense that the PTP core
> checked timespec64 struct's tv_sec and tv_nsec range before calling
> ptp->info->settime64().
>
> As the man mannul of clock_settime() said, if tp.tv_sec is negative or
> tp.tv_nsec is outside the range [0..999,999,999], it shuld return EINVAL,
> which include Dynamic clocks which handles PTP clock, and the condition is
> consistent with timespec64_valid(). So check it ahead using
> timespec64_valid() in pc_clock_settime() and return -EINVAL if not valid.
>
> There are some drivers that use tp->tv_sec and tp->tv_nsec directly to
> write registers without validity checks and assume that the higher layer
> has checked it, which is dangerous and will benefit from this, such as
> hclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(),
> and some drivers can remove the checks of itself.
  
> +	if (!timespec64_valid(ts))
> +		return -EINVAL;

This just makes sure, that the timespec is valid. But it does not ensure
that the time is in a valid range.

This should at least use timespec64_valid_strict() if not
timespec64_valid_gettod().

Thanks,

        tglx
diff mbox series

Patch

diff --git a/kernel/time/posix-clock.c b/kernel/time/posix-clock.c
index 4782edcbe7b9..89e39f9bd7ae 100644
--- a/kernel/time/posix-clock.c
+++ b/kernel/time/posix-clock.c
@@ -319,6 +319,9 @@  static int pc_clock_settime(clockid_t id, const struct timespec64 *ts)
 		goto out;
 	}
 
+	if (!timespec64_valid(ts))
+		return -EINVAL;
+
 	if (cd.clk->ops.clock_settime)
 		err = cd.clk->ops.clock_settime(cd.clk, ts);
 	else