diff options
author | Thomas Gleixner <tglx@linutronix.de> | 2014-10-20 13:07:50 +0200 |
---|---|---|
committer | Thomas Gleixner <tglx@linutronix.de> | 2014-10-25 10:43:15 +0200 |
commit | 10632008b9e18b76cbff0ffc69c15e948aa548e0 (patch) | |
tree | 4694d20120da394c2d501ef7eb4b9f7d5dd8ec90 /kernel/time | |
parent | posix-timers: Fix stack info leak in timer_create() (diff) | |
download | linux-10632008b9e18b76cbff0ffc69c15e948aa548e0.tar.xz linux-10632008b9e18b76cbff0ffc69c15e948aa548e0.zip |
clockevents: Prevent shift out of bounds
Andrey reported that on a kernel with UBSan enabled he found:
UBSan: Undefined behaviour in ../kernel/time/clockevents.c:75:34
I guess it should be 1ULL here instead of 1U:
(!ismax || evt->mult <= (1U << evt->shift)))
That's indeed the correct solution because shift might be 32.
Reported-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Diffstat (limited to 'kernel/time')
-rw-r--r-- | kernel/time/clockevents.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/time/clockevents.c b/kernel/time/clockevents.c index 9c94c19f1305..55449909f114 100644 --- a/kernel/time/clockevents.c +++ b/kernel/time/clockevents.c @@ -72,7 +72,7 @@ static u64 cev_delta2ns(unsigned long latch, struct clock_event_device *evt, * Also omit the add if it would overflow the u64 boundary. */ if ((~0ULL - clc > rnd) && - (!ismax || evt->mult <= (1U << evt->shift))) + (!ismax || evt->mult <= (1ULL << evt->shift))) clc += rnd; do_div(clc, evt->mult); |