ntp: Limit TAI-UTC offset [Linux 4.4.187]

This Linux kernel change "ntp: Limit TAI-UTC offset" is included in the Linux 4.4.187 release. This change is authored by Miroslav Lichvar <mlichvar [at] redhat.com> on Tue Jun 18 17:47:13 2019 +0200. The commit for this change in Linux stable tree is 41164dd (patch) which is from upstream commit d897a4a. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream d897a4a.

ntp: Limit TAI-UTC offset

[ Upstream commit d897a4ab11dc8a9fda50d2eccc081a96a6385998 ]

Don't allow the TAI-UTC offset of the system clock to be set by adjtimex()
to a value larger than 100000 seconds.

This prevents an overflow in the conversion to int, prevents the CLOCK_TAI
clock from getting too far ahead of the CLOCK_REALTIME clock, and it is
still large enough to allow leap seconds to be inserted at the maximum rate
currently supported by the kernel (once per day) for the next ~270 years,
however unlikely it is that someone can survive a catastrophic event which
slowed down the rotation of the Earth so much.

Reported-by: Weikang shi <[email protected]>
Signed-off-by: Miroslav Lichvar <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: John Stultz <[email protected]>
Cc: Prarit Bhargava <[email protected]>
Cc: Richard Cochran <[email protected]>
Cc: Stephen Boyd <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Sasha Levin <[email protected]>

There are 4 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 kernel/time/ntp.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
index 0e0dc5d..bbe767b 100644
--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
@@ -39,6 +39,7 @@
 #define MAX_TICKADJ        500LL       /* usecs */
+#define MAX_TAI_OFFSET     100000

  * phase-lock loop variables
@@ -633,7 +634,8 @@ static inline void process_adjtimex_modes(struct timex *txc,
        time_constant = max(time_constant, 0l);

-   if (txc->modes & ADJ_TAI && txc->constant >= 0)
+   if (txc->modes & ADJ_TAI &&
+           txc->constant >= 0 && txc->constant <= MAX_TAI_OFFSET)
        *time_tai = txc->constant;

    if (txc->modes & ADJ_OFFSET)

Leave a Reply

Your email address will not be published. Required fields are marked *