[rh8] ve/time: Limit values to write in ve::clock_[monotonic|bootbased]

Submitted by Konstantin Khorenko on Oct. 15, 2020, 11:10 a.m.

Details

Message ID 20201015111022.1828622-1-khorenko@virtuozzo.com
State New
Series "ve/time: Limit values to write in ve::clock_[monotonic|bootbased]"
Headers show

Commit Message

Konstantin Khorenko Oct. 15, 2020, 11:10 a.m.
What do we mean when write a valie XXX into, say, ve::ve.clock_bootbased?
We mean that "up to now the CT worked for XXX secs/usecs already".
And we store the delta between Node "now" and XXX into ve->start_time_real.

If the CT worked less than the current Node, ve->start_time_real will
contain positive value and we'll substitute it from Node's "now" each
time when we need to get the time since the CT start.

If the CT worked longer than the current CT (say, CT has been migrated
from another HN), the stored delta will be negative and thus we'll "add"
more time for Node's "now".

So then what do we want to limit?
1. Negative values written to ve::clock_[monotonic|bootbased].
   Indeed we can hardly imagine that the CT has been started, but the
   time since it's start is negative.

2. A big positive value, so some time later when we read from
   ve::clock_[monotonic|bootbased] we get an overflowed value.

Both these checks are performed by timespec_valid_strict().

Fixes: 25cab3041305 ("ve: Add interface for
ve::clock_[monotonic|bootbased] adjustment")

Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
 kernel/ve/ve.c | 2 ++
 1 file changed, 2 insertions(+)

Patch hide | download patch | download mbox

diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index cc26d3b2fa9b..43e37b27e887 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -965,6 +965,8 @@  static ssize_t ve_ts_write(struct kernfs_open_file *of, char *buf,
 
 	if (sscanf(buf, "%ld %ld", &delta.tv_sec, &delta.tv_nsec) != 2)
 		return -EINVAL;
+	if (!timespec_valid_strict(&delta))
+		return -EINVAL;
 	delta_ns = timespec_to_ns(&delta);
 
 	switch (of_cft(of)->private) {

Comments

Kirill Tkhai Oct. 19, 2020, 8:09 a.m.
On 15.10.2020 14:10, Konstantin Khorenko wrote:
> What do we mean when write a valie XXX into, say, ve::ve.clock_bootbased?
> We mean that "up to now the CT worked for XXX secs/usecs already".
> And we store the delta between Node "now" and XXX into ve->start_time_real.
> 
> If the CT worked less than the current Node, ve->start_time_real will
> contain positive value and we'll substitute it from Node's "now" each
> time when we need to get the time since the CT start.
> 
> If the CT worked longer than the current CT (say, CT has been migrated
> from another HN), the stored delta will be negative and thus we'll "add"
> more time for Node's "now".
> 
> So then what do we want to limit?
> 1. Negative values written to ve::clock_[monotonic|bootbased].
>    Indeed we can hardly imagine that the CT has been started, but the
>    time since it's start is negative.
> 
> 2. A big positive value, so some time later when we read from
>    ve::clock_[monotonic|bootbased] we get an overflowed value.
> 
> Both these checks are performed by timespec_valid_strict().
> 
> Fixes: 25cab3041305 ("ve: Add interface for
> ve::clock_[monotonic|bootbased] adjustment")
> 
> Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>

Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>

> ---
>  kernel/ve/ve.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
> index cc26d3b2fa9b..43e37b27e887 100644
> --- a/kernel/ve/ve.c
> +++ b/kernel/ve/ve.c
> @@ -965,6 +965,8 @@ static ssize_t ve_ts_write(struct kernfs_open_file *of, char *buf,
>  
>  	if (sscanf(buf, "%ld %ld", &delta.tv_sec, &delta.tv_nsec) != 2)
>  		return -EINVAL;
> +	if (!timespec_valid_strict(&delta))
> +		return -EINVAL;
>  	delta_ns = timespec_to_ns(&delta);
>  
>  	switch (of_cft(of)->private) {
>