hrtimer: prevent overrun DoS in hrtimer_forward()

hrtimer_forward() does not check for the possible overflow of timer->expires. This can happen on 64 bit machines with large interval values and results currently in an endless loop in the softirq because the expiry value becomes negative and therefor the timer is expired all the time. Check for this condition and set the expiry value to the max. expiry time in the future. The fix should be applied to stable kernel series as well. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Thomas Gleixner <tglx@linutronix.de> 2007-03-16 13:38:20 -0800
committer: Greg Kroah-Hartman <gregkh@suse.de> 2007-03-23 12:49:23 -0700
commit: 2a0347b709ffe54b6dd0a465922842d0b5b04b0a (patch)
tree: 68fe84bb293dce50e436900615b75c8d7a6a8f15 /kernel
parent: cfbebe59ac6a56c1705388b127c5798197afc205 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
index d0ba190dfeb6..859640952b00 100644
--- a/kernel/hrtimer.c
+++ b/kernel/hrtimer.c
@@ -332,6 +332,12 @@ hrtimer_forward(struct hrtimer *timer, ktime_t now, ktime_t interval)
 		orun++;
 	}
 	timer->expires = ktime_add(timer->expires, interval);
+	/*
+	 * Make sure, that the result did not wrap with a very large
+	 * interval.
+	 */
+	if (timer->expires.tv64 < 0)
+		timer->expires = ktime_set(KTIME_SEC_MAX, 0);
 
 	return orun;
 }
author	Thomas Gleixner <tglx@linutronix.de>	2007-03-16 13:38:20 -0800
committer	Greg Kroah-Hartman <gregkh@suse.de>	2007-03-23 12:49:23 -0700
commit	2a0347b709ffe54b6dd0a465922842d0b5b04b0a (patch)
tree	68fe84bb293dce50e436900615b75c8d7a6a8f15 /kernel
parent	cfbebe59ac6a56c1705388b127c5798197afc205 (diff)