Piteball
/
android_kernel_samsung_msm8226
mirror of https://github.com/S3NEO/android_kernel_samsung_msm8226.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
android_kernel_samsung_msm8226/kernel
History
Thomas Gleixner 20f62cf9ff alarmtimer: Prevent overflow for relative nanosleep 
commit 5f936e19cc0ef97dbe3a56e9498922ad5ba1edef upstream.

Air Icy reported:

  UBSAN: Undefined behaviour in kernel/time/alarmtimer.c:811:7
  signed integer overflow:
  1529859276030040771 + 9223372036854775807 cannot be represented in type 'long long int'
  Call Trace:
   alarm_timer_nsleep+0x44c/0x510 kernel/time/alarmtimer.c:811
   __do_sys_clock_nanosleep kernel/time/posix-timers.c:1235 [inline]
   __se_sys_clock_nanosleep kernel/time/posix-timers.c:1213 [inline]
   __x64_sys_clock_nanosleep+0x326/0x4e0 kernel/time/posix-timers.c:1213
   do_syscall_64+0xb8/0x3a0 arch/x86/entry/common.c:290

alarm_timer_nsleep() uses ktime_add() to add the current time and the
relative expiry value. ktime_add() has no sanity checks so the addition
can overflow when the relative timeout is large enough.

Use ktime_add_safe() which has the necessary sanity checks in place and
limits the result to the valid range.

Fixes: 9a7adcf5c6 ("timers: Posix interface for alarm-timers")
Reported-by: Team OWL337 <icytxw@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: John Stultz <john.stultz@linaro.org>
Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1807020926360.1595@nanos.tec.linutronix.de
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Change-Id: I00ed8e38ea6298a086849e2fc9fee46f3e6bd5d1
CVE-2018-13053
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
 		2020-01-06 08:40:43 +01:00
..
debug Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
events perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race 2019-08-06 12:26:31 +02:00
gcov
irq Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
power Merge remote-tracking branch 'google-common/deprecated/android-3.4' into lineage-16.0 2019-08-06 11:41:21 +02:00
sched Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
time alarmtimer: Prevent overflow for relative nanosleep 2020-01-06 08:40:43 +01:00
trace UPSTREAM: ring-buffer: Prevent overflow of size in ring_buffer_resize() 2019-08-06 12:24:25 +02:00
.gitignore
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
Makefile brlocks/lglocks: turn into functions 2019-08-06 10:41:58 +02:00
acct.c
async.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
audit.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
audit.h
audit_tree.c VFS: Make clone_mnt()/copy_tree()/collect_mounts() return errors 2019-08-06 10:44:11 +02:00
audit_watch.c get rid of kern_path_parent() 2019-08-06 10:44:16 +02:00
auditfilter.c
auditsc.c seccomp: remove duplicated failure logging 2019-08-05 14:22:29 +02:00
backtracetest.c
bounds.c
capability.c
cgroup.c Merge remote-tracking branch 'google-common/deprecated/android-3.4' into lineage-16.0 2019-08-06 11:41:21 +02:00
cgroup_freezer.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
compat.c
configs.c
cpu.c CPU hotplug: Provide lockless versions of callback registration functions 2019-08-05 14:22:43 +02:00
cpu_pm.c
cpuset.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
crash_dump.c
cred.c
delayacct.c
dma.c
elfcore.c
exec_domain.c Merge remote-tracking branch 'google-common/deprecated/android-3.4' into lineage-16.0 2019-08-06 11:41:21 +02:00
exit.c Merge remote-tracking branch 'google-common/deprecated/android-3.4' into lineage-16.0 2019-08-06 11:41:21 +02:00
extable.c
fork.c Revert "proc: smaps: Allow smaps access for CAP_SYS_RESOURCE" 2019-08-06 12:26:28 +02:00
freezer.c Merge remote-tracking branch 'google-common/deprecated/android-3.4' into lineage-16.0 2019-08-06 11:41:21 +02:00
futex.c futex: Remove unnecessary warning from get_futex_key 2020-01-06 08:40:28 +01:00
futex_compat.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
groups.c misc: Import SM-G900H kernel source code 2019-08-02 15:14:10 +02:00
hrtimer.c time: Remove CONFIG_TIMER_STATS 2019-08-06 12:26:30 +02:00
hung_task.c
irq_work.c
itimer.c
jump_label.c
kallsyms.c
kexec.c
kfifo.c misc: Import SM-G900H kernel source code 2019-08-02 15:14:10 +02:00
kmod.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
kprobes.c
ksysfs.c rcu: Add a module parameter to force use of expedited RCU primitives 2014-05-05 15:49:18 -07:00
kthread.c
latencytop.c
lglock.c brlocks/lglocks: turn into functions 2019-08-06 10:41:58 +02:00
lockdep.c Merge remote-tracking branch 'google-common/deprecated/android-3.4' into lineage-16.0 2019-08-06 11:41:21 +02:00
lockdep_internals.h
lockdep_proc.c
lockdep_states.h
module.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
mutex-debug.c
mutex-debug.h
mutex.c misc: Import SM-G900H kernel source code 2019-08-02 15:14:10 +02:00
mutex.h
notifier.c
nsproxy.c userns: make each net (net_ns) belong to a user_ns 2019-08-08 15:08:49 +02:00
padata.c
panic.c misc: Allow kernel to be compiled with SEC_DEBUG disabled 2020-01-06 08:40:35 +01:00
params.c
pid.c misc: Import SM-G900H kernel source code 2019-08-02 15:14:10 +02:00
pid_namespace.c proc: Usable inode numbers for the namespace file descriptors. 2015-09-11 14:44:24 +05:30
posix-cpu-timers.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
posix-timers.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
printk.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
profile.c
ptrace.c __ptrace_may_access() should not deny sub-threads 2019-08-06 08:48:40 +02:00
range.c
rcu.h rcu: Add a module parameter to force use of expedited RCU primitives 2014-05-05 15:49:18 -07:00
rcupdate.c rcu: Make exit_rcu() more precise and consolidate 2014-07-21 21:31:55 +05:30
rcutiny.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
rcutiny_plugin.h rcu: Make exit_rcu() more precise and consolidate 2014-07-21 21:31:55 +05:30
rcutorture.c
rcutree.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
rcutree.h Revert "rcu: Move PREEMPT_RCU preemption to switch_to() invocation" 2014-07-21 21:46:54 +05:30
rcutree_plugin.h Revert "rcu: Move PREEMPT_RCU preemption to switch_to() invocation" 2014-07-21 21:46:54 +05:30
rcutree_trace.c rcu: Make rcu_barrier() less disruptive 2014-07-21 21:37:29 +05:30
relay.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
res_counter.c
resource.c /proc/iomem: only expose physical resource addresses to privileged users 2020-01-06 08:40:43 +01:00
rtmutex-debug.c
rtmutex-debug.h Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
rtmutex-tester.c
rtmutex.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
rtmutex.h Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
rtmutex_common.h
rwsem.c
seccomp.c seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock 2019-08-05 14:22:42 +02:00
semaphore.c
signal.c Merge remote-tracking branch 'google-common/deprecated/android-3.4' into lineage-16.0 2019-08-06 11:41:21 +02:00
smp.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
softirq.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
spinlock.c
srcu.c
stacktrace.c
stop_machine.c
sys.c userns: Add kuid_t and kgid_t and associated infrastructure in uidgid.h 2019-08-08 15:08:48 +02:00
sys_ni.c seccomp: add "seccomp" syscall 2019-08-05 14:22:38 +02:00
sysctl.c add toggle for disabling newly added USB devices 2020-01-06 08:40:43 +01:00
sysctl_binary.c kernel/sysctl_binary.c: check name array length in deprecated_sysctl_warning() 2019-08-08 12:09:29 +02:00
taskstats.c
test_kprobes.c
time.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
timeconst.bc kernel: Replace timeconst.pl with a bc script 2019-08-05 09:09:45 +02:00
timeconst.pl Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
timer.c time: Remove CONFIG_TIMER_STATS 2019-08-06 12:26:30 +02:00
tracepoint.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
tsacct.c
uid16.c
up.c
user-return-notifier.c
user.c proc: Usable inode numbers for the namespace file descriptors. 2015-09-11 14:44:24 +05:30
user_namespace.c proc: fix build broken by proc inode per namespace patch 2019-08-05 09:13:23 +02:00
utsname.c proc: Usable inode numbers for the namespace file descriptors. 2015-09-11 14:44:24 +05:30
utsname_sysctl.c
wait.c
watchdog.c Merge remote-tracking branch 'google-common/deprecated/android-3.4' into lineage-16.0 2019-08-06 11:41:21 +02:00
workqueue.c time: Remove CONFIG_TIMER_STATS 2019-08-06 12:26:30 +02:00
workqueue_sched.h