UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,226,784 Commits 5 Branches 24 Tags 3.2 GiB
C 97%
Assembly 1.4%
C++ 0.6%
Makefile 0.3%
Shell 0.3%
Other 0.3%
Go to file
Justin Stitt ae5848cb5b ntp: Safeguard against time_constant overflow 
commit 06c03c8edce333b9ad9c6b207d93d3a5ae7c10c0 upstream.

Using syzkaller with the recently reintroduced signed integer overflow
sanitizer produces this UBSAN report:

UBSAN: signed-integer-overflow in ../kernel/time/ntp.c:738:18
9223372036854775806 + 4 cannot be represented in type 'long'
Call Trace:
 handle_overflow+0x171/0x1b0
 __do_adjtimex+0x1236/0x1440
 do_adjtimex+0x2be/0x740

The user supplied time_constant value is incremented by four and then
clamped to the operating range.

Before commit eea83d896e ("ntp: NTP4 user space bits update") the user
supplied value was sanity checked to be in the operating range. That change
removed the sanity check and relied on clamping after incrementing which
does not work correctly when the user supplied value is in the overflow
zone of the '+ 4' operation.

The operation requires CAP_SYS_TIME and the side effect of the overflow is
NTP getting out of sync.

Similar to the fixups for time_maxerror and time_esterror, clamp the user
space supplied value to the operating range.

[ tglx: Switch to clamping ]

Fixes: eea83d896e ("ntp: NTP4 user space bits update")
Signed-off-by: Justin Stitt <justinstitt@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Miroslav Lichvar <mlichvar@redhat.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/20240517-b4-sio-ntp-c-v2-1-f3a80096f36f@google.com
Closes: https://github.com/KSPP/linux/issues/352
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-08-14 13:58:56 +02:00
Documentation clocksource: Scale the watchdog read retries automatically 2024-08-14 13:58:56 +02:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
arch arm64: errata: Expand speculative SSBS workaround (again) 2024-08-14 13:58:49 +02:00
block block: fix deadlock between sd_remove & sd_release 2024-08-03 08:54:24 +02:00
certs certs: Reference revocation list for all keyrings 2023-08-17 20:12:41 +00:00
crypto crypto: aead,cipher - zeroize key buffer after use 2024-07-11 12:49:04 +02:00
drivers driver core: Fix uevent_show() vs driver detach race 2024-08-14 13:58:56 +02:00
fs tracefs: Use generic inode RCU for synchronizing freeing 2024-08-14 13:58:56 +02:00
include tracefs: Use generic inode RCU for synchronizing freeing 2024-08-14 13:58:56 +02:00
init rust: SHADOW_CALL_STACK is incompatible with Rust 2024-08-11 12:47:24 +02:00
io_uring io_uring: fix io_match_task must_hold 2024-08-03 08:54:41 +02:00
ipc sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table) 2024-08-11 12:47:13 +02:00
kernel ntp: Safeguard against time_constant overflow 2024-08-14 13:58:56 +02:00
lib lib/build_OID_registry: don't mention the full path of the script in output 2024-08-03 08:54:32 +02:00
mm mm/page_alloc: fix pcp->count race between drain_pages_zone() vs __rmqueue_pcplist() 2024-08-11 12:47:16 +02:00
net net: drop bad gso csum_start and offset in virtio_net_hdr 2024-08-14 13:58:48 +02:00
rust rust: kernel: require `Send` for `Module` implementations 2024-05-17 12:01:56 +02:00
samples work around gcc bugs with 'asm goto' with outputs 2024-02-23 09:24:47 +01:00
scripts kbuild: avoid build error when single DTB is turned into composite DTB 2024-08-03 08:54:36 +02:00
security apparmor: Fix null pointer deref when receiving skb during sock creation 2024-08-03 08:54:38 +02:00
sound ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 2024-08-14 13:58:54 +02:00
tools clocksource: Scale the watchdog read retries automatically 2024-08-14 13:58:56 +02:00
usr initramfs: Encode dependency on KBUILD_BUILD_TIMESTAMP 2023-06-06 17:54:49 +09:00
virt KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() 2024-06-27 13:49:11 +02:00
.clang-format iommu: Add for_each_group_device() 2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: rpm-pkg: rename binkernel.spec to kernel.spec 2023-07-25 00:59:33 +09:00
.mailmap 20 hotfixes. 12 are cc:stable and the remainder address post-6.5 issues 2023-10-24 09:52:16 -10:00
.rustfmt.toml rust: add `.rustfmt.toml` 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS USB: Remove Wireless USB and UWB documentation 2023-08-09 14:17:32 +02:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS pwm: Rename pwm_apply_state() to pwm_apply_might_sleep() 2024-06-12 11:12:24 +02:00
Makefile Linux 6.6.45 2024-08-11 12:47:28 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.