[3.16.y-ckt stable] Patch "time: adjtimex: Validate the ADJ_FREQUENCY values" has been added to staging queue

Mon Feb 2 19:26:16 UTC 2015

On Mon, Feb 02, 2015 at 10:09:09AM -0800, John Stultz wrote:
> Might hold off on merging this one as we've gotten some problem
> reports against it w/ 3.18-stable.
>

Thank you for the heads up, John.  I'll hold this patch for now and
eventually drop.  I've seen Josh Boyer's report in the stable
mailing-list, but couldn't find any other report.  Is there a BZ bug
report or lkml thread on this issue that I could follow?

Cheers,
--
Luís

> thanks
> -john
> 
> On Mon, Feb 2, 2015 at 3:49 AM, Luis Henriques
> <luis.henriques at canonical.com> wrote:
> > This is a note to let you know that I have just added a patch titled
> >
> >     time: adjtimex: Validate the ADJ_FREQUENCY values
> >
> > to the linux-3.16.y-queue branch of the 3.16.y-ckt extended stable tree
> > which can be found at:
> >
> >  http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.16.y-queue
> >
> > This patch is scheduled to be released in version 3.16.7-ckt6.
> >
> > If you, or anyone else, feels it should not be added to this tree, please
> > reply to this email.
> >
> > For more information about the 3.16.y-ckt tree, see
> > https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
> >
> > Thanks.
> > -Luis
> >
> > ------
> >
> > From e18034cee3c5aaf021dedb9f7b3fbf280daf50ef Mon Sep 17 00:00:00 2001
> > From: Sasha Levin <sasha.levin at oracle.com>
> > Date: Wed, 3 Dec 2014 19:25:05 -0500
> > Subject: time: adjtimex: Validate the ADJ_FREQUENCY values
> >
> > commit 5e5aeb4367b450a28f447f6d5ab57d8f2ab16a5f upstream.
> >
> > Verify that the frequency value from userspace is valid and makes sense.
> >
> > Unverified values can cause overflows later on.
> >
> > Cc: Thomas Gleixner <tglx at linutronix.de>
> > Cc: Ingo Molnar <mingo at kernel.org>
> > Signed-off-by: Sasha Levin <sasha.levin at oracle.com>
> > [jstultz: Fix up bug for negative values and drop redunent cap check]
> > Signed-off-by: John Stultz <john.stultz at linaro.org>
> > Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
> > ---
> >  kernel/time/ntp.c | 7 +++++++
> >  1 file changed, 7 insertions(+)
> >
> > diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
> > index 33db43a39515..3fca3fdd7c82 100644
> > --- a/kernel/time/ntp.c
> > +++ b/kernel/time/ntp.c
> > @@ -632,6 +632,13 @@ int ntp_validate_timex(struct timex *txc)
> >         if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME)))
> >                 return -EPERM;
> >
> > +       if (txc->modes & ADJ_FREQUENCY) {
> > +               if (LONG_MIN / PPM_SCALE > txc->freq)
> > +                       return -EINVAL;
> > +               if (LONG_MAX / PPM_SCALE < txc->freq)
> > +                       return -EINVAL;
> > +       }
> > +
> >         return 0;
> >  }
> >
> > --
> > 2.1.4
> >