poll/select: avoid arithmetic overflow in __estimate_accuracy()

__estimate_accuracy() was prone to integer overflow, for example if *tv == {2147, 483648000} on a 32 bit computer (or even for delays as small as {429, 500000000} if the task is niced). Because the result was already forced between 0 and 100ms, the effect of the overflow was not too problematic, but the use of the hrtimer range feature was not optimal in overflow cases. This patch ensures that there can not be an integer overflow in this function. Signed-off-by: Guillaume Knispel <gknispel@proformatique.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Arjan van de Ven <arjan@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

poll/select: avoid arithmetic overflow in __estimate_accuracy()
__estimate_accuracy() was prone to integer overflow, for example if *tv == {2147, 483648000} on a 32 bit computer (or even for delays as small as {429, 500000000} if the task is niced). Because the result was already forced between 0 and 100ms, the effect of the overflow was not too problematic, but the use of the hrtimer range feature was not optimal in overflow cases. This patch ensures that there can not be an integer overflow in this function. Signed-off-by: Guillaume Knispel <gknispel@proformatique.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Arjan van de Ven <arjan@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Guillaume Knispel · Linus Torvalds
1 parent f58f2fa928
Showing 1 changed file with 10 additions and 4 deletions Side-by-side Diff
fs/select.c
@@ -41,22 +41,28 @@
  * better solutions..
  */
  
+#define MAX_SLACK	(100 * NSEC_PER_MSEC)
+
 static long __estimate_accuracy(struct timespec *tv)
 {
 	long slack;
 	int divfactor = 1000;
  
+	if (tv->tv_sec < 0)
+		return 0;
+
 	if (task_nice(current) > 0)
 		divfactor = divfactor / 5;
  
+	if (tv->tv_sec > MAX_SLACK / (NSEC_PER_SEC/divfactor))
+		return MAX_SLACK;
+
 	slack = tv->tv_nsec / divfactor;
 	slack += tv->tv_sec * (NSEC_PER_SEC/divfactor);
  
-	if (slack > 100 * NSEC_PER_MSEC)
-		slack =  100 * NSEC_PER_MSEC;
+	if (slack > MAX_SLACK)
+		return MAX_SLACK;
  
-	if (slack < 0)
-		slack = 0;
 	return slack;
 }
...	...	@@ -41,22 +41,28 @@
41	41	* better solutions..
42	42	*/
43	43
	44	+#define MAX_SLACK (100 * NSEC_PER_MSEC)
	45	+
44	46	static long __estimate_accuracy(struct timespec *tv)
45	47	{
46	48	long slack;
47	49	int divfactor = 1000;
48	50
	51	+ if (tv->tv_sec < 0)
	52	+ return 0;
	53	+
49	54	if (task_nice(current) > 0)
50	55	divfactor = divfactor / 5;
51	56
	57	+ if (tv->tv_sec > MAX_SLACK / (NSEC_PER_SEC/divfactor))
	58	+ return MAX_SLACK;
	59	+
52	60	slack = tv->tv_nsec / divfactor;
53	61	slack += tv->tv_sec * (NSEC_PER_SEC/divfactor);
54	62
55		- if (slack > 100 * NSEC_PER_MSEC)
56		- slack = 100 * NSEC_PER_MSEC;
	63	+ if (slack > MAX_SLACK)
	64	+ return MAX_SLACK;
57	65
58		- if (slack < 0)
59		- slack = 0;
60	66	return slack;
61	67	}
62	68