hrtimer: prevent overrun DoS in hrtimer_forward()

hrtimer_forward() does not check for the possible overflow of timer->expires. This can happen on 64 bit machines with large interval values and results currently in an endless loop in the softirq because the expiry value becomes negative and therefor the timer is expired all the time. Check for this condition and set the expiry value to the max. expiry time in the future. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Adrian Bunk <bunk@stusta.de>
author: Thomas Gleixner <tglx@linutronix.de> 2007-04-09 01:04:23 +0200
committer: Adrian Bunk <bunk@stusta.de> 2007-04-09 01:04:23 +0200
commit: 75da4e64268ffdbd56143b4642d340b9bf3ee350 (patch)
tree: 9eaa46984d6cc0fb0a24cbb5d05c49ebc1cdb5c8
parent: 19b5054d01f856a189659a59b24c8497b038cb43 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
index 14bc9cfa6399..a29ceb04c257 100644
--- a/kernel/hrtimer.c
+++ b/kernel/hrtimer.c
@@ -316,6 +316,12 @@ hrtimer_forward(struct hrtimer *timer, ktime_t interval)
 		orun++;
 	}
 	timer->expires = ktime_add(timer->expires, interval);
+	/*
+	 * Make sure, that the result did not wrap with a very large
+	 * interval.
+	 */
+	if (timer->expires.tv64 < 0)
+		timer->expires = ktime_set(KTIME_SEC_MAX, 0);
 
 	return orun;
 }
author	Thomas Gleixner <tglx@linutronix.de>	2007-04-09 01:04:23 +0200
committer	Adrian Bunk <bunk@stusta.de>	2007-04-09 01:04:23 +0200
commit	75da4e64268ffdbd56143b4642d340b9bf3ee350 (patch)
tree	9eaa46984d6cc0fb0a24cbb5d05c49ebc1cdb5c8
parent	19b5054d01f856a189659a59b24c8497b038cb43 (diff)