• Thomas Gleixner's avatar
    hrtimers: avoid overflow for large relative timeouts (CVE-2007-5966) · ee6abc25
    Thomas Gleixner authored
    patch 62f0f61e in mainline
    
    Relative hrtimers with a large timeout value might end up as negative
    timer values, when the current time is added in hrtimer_start().
    
    This in turn is causing the clockevents_set_next() function to set an
    huge timeout and sleep for quite a long time when we have a clock
    source which is capable of long sleeps like HPET. With PIT this almost
    goes unnoticed as the maximum delta is ~27ms. The non-hrt/nohz code
    sorts this out in the next timer interrupt, so we never noticed that
    problem which has been there since the first day of hrtimers.
    
    This bug became more apparent in 2.6.24 which activates HPET on more
    hardware.
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
    ee6abc25
hrtimer.c 35.5 KB