6543/linux_kernel
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
linux_kernel/drivers/rtc/lib.c
Xuefeng Wang 73f28f714a rtc: lib: check whether tm->tm_year in int32 range 
When setting rtc alarm (RTC_WKALM_SET), the tm_year is not checked if it
is in suiteable range. Use INT_MAX - 1900 to check it.

UBSAN: Undefined behaviour in drivers/rtc/rtc-lib.c:119:30
signed integer overflow:
2147483647 + 1900 cannot be represented in type 'int'
CPU: 1 PID: 20994 Comm: syz-executor0 Not tainted 4.19.18-514.55.6.9.x86_64
+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1
04/01/2014
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xca/0x13e lib/dump_stack.c:113
 ubsan_epilogue+0xe/0x81 lib/ubsan.c:159
 handle_overflow+0x193/0x1e2 lib/ubsan.c:190
 rtc_tm_to_time64+0x267/0x280 drivers/rtc/rtc-lib.c:119
 rtc_tm_to_ktime+0x16/0x70 drivers/rtc/rtc-lib.c:129
 rtc_set_alarm+0x1a9/0x2d0 drivers/rtc/interface.c:466
 rtc_dev_ioctl+0x6db/0x810 drivers/rtc/rtc-dev.c:380
 vfs_ioctl fs/ioctl.c:46 [inline]
 do_vfs_ioctl+0x1a5/0x10b0 fs/ioctl.c:690
 ksys_ioctl+0x89/0xa0 fs/ioctl.c:705
 __do_sys_ioctl fs/ioctl.c:712 [inline]
 __se_sys_ioctl fs/ioctl.c:710 [inline]
 __x64_sys_ioctl+0x74/0xb0 fs/ioctl.c:710
 do_syscall_64+0xc8/0x580 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x462589
Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89
f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08
0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8
64 89 01 48
RSP: 002b:00007f5348896c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000072bf00 RCX: 0000000000462589
RDX: 0000000020000000 RSI: 000000004028700f RDI: 0000000000000003
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53488976bc
R13: 00000000004bf67e R14: 00000000006f96e0 R15: 00000000ffffffff

==========================================================================

Signed-off-by: Xuefeng Wang <wxf.wang@hisilicon.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2019-04-06 15:05:31 +02:00

147 lines
3.3 KiB
C
Raw Permalink Blame History

// SPDX-License-Identifier: GPL-2.0
/*
* rtc and date/time utility functions
*
* Copyright (C) 2005-06 Tower Technologies
* Author: Alessandro Zummo <a.zummo@towertech.it>
*
* based on arch/arm/common/rtctime.c and other bits
*/
#include <linux/export.h>
#include <linux/rtc.h>
static const unsigned char rtc_days_in_month[] = {
31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
};
static const unsigned short rtc_ydays[2][13] = {
/* Normal years */
{ 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 365 },
/* Leap years */
{ 0, 31, 60, 91, 121, 152, 182, 213, 244, 274, 305, 335, 366 }
};
#define LEAPS_THRU_END_OF(y) ((y) / 4 - (y) / 100 + (y) / 400)
/*
* The number of days in the month.
*/
int rtc_month_days(unsigned int month, unsigned int year)
{
return rtc_days_in_month[month] + (is_leap_year(year) && month == 1);
}
EXPORT_SYMBOL(rtc_month_days);
/*
* The number of days since January 1. (0 to 365)
*/
int rtc_year_days(unsigned int day, unsigned int month, unsigned int year)
{
return rtc_ydays[is_leap_year(year)][month] + day - 1;
}
EXPORT_SYMBOL(rtc_year_days);
/*
* rtc_time64_to_tm - Converts time64_t to rtc_time.
* Convert seconds since 01-01-1970 00:00:00 to Gregorian date.
*/
void rtc_time64_to_tm(time64_t time, struct rtc_time *tm)
{
unsigned int month, year, secs;
int days;
/* time must be positive */
days = div_s64_rem(time, 86400, &secs);
/* day of the week, 1970-01-01 was a Thursday */
tm->tm_wday = (days + 4) % 7;
year = 1970 + days / 365;
days -= (year - 1970) * 365
+ LEAPS_THRU_END_OF(year - 1)
- LEAPS_THRU_END_OF(1970 - 1);
while (days < 0) {
year -= 1;
days += 365 + is_leap_year(year);
}
tm->tm_year = year - 1900;
tm->tm_yday = days + 1;
for (month = 0; month < 11; month++) {
int newdays;
newdays = days - rtc_month_days(month, year);
if (newdays < 0)
break;
days = newdays;
}
tm->tm_mon = month;
tm->tm_mday = days + 1;
tm->tm_hour = secs / 3600;
secs -= tm->tm_hour * 3600;
tm->tm_min = secs / 60;
tm->tm_sec = secs - tm->tm_min * 60;
tm->tm_isdst = 0;
}
EXPORT_SYMBOL(rtc_time64_to_tm);
/*
* Does the rtc_time represent a valid date/time?
*/
int rtc_valid_tm(struct rtc_time *tm)
{
if (tm->tm_year < 70 ||
tm->tm_year > (INT_MAX - 1900) ||
((unsigned int)tm->tm_mon) >= 12 ||
tm->tm_mday < 1 ||
tm->tm_mday > rtc_month_days(tm->tm_mon,
((unsigned int)tm->tm_year + 1900)) ||
((unsigned int)tm->tm_hour) >= 24 ||
((unsigned int)tm->tm_min) >= 60 ||
((unsigned int)tm->tm_sec) >= 60)
return -EINVAL;
return 0;
}
EXPORT_SYMBOL(rtc_valid_tm);
/*
* rtc_tm_to_time64 - Converts rtc_time to time64_t.
* Convert Gregorian date to seconds since 01-01-1970 00:00:00.
*/
time64_t rtc_tm_to_time64(struct rtc_time *tm)
{
return mktime64(((unsigned int)tm->tm_year + 1900), tm->tm_mon + 1,
tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec);
}
EXPORT_SYMBOL(rtc_tm_to_time64);
/*
* Convert rtc_time to ktime
*/
ktime_t rtc_tm_to_ktime(struct rtc_time tm)
{
return ktime_set(rtc_tm_to_time64(&tm), 0);
}
EXPORT_SYMBOL_GPL(rtc_tm_to_ktime);
/*
* Convert ktime to rtc_time
*/
struct rtc_time rtc_ktime_to_tm(ktime_t kt)
{
struct timespec64 ts;
struct rtc_time ret;
ts = ktime_to_timespec64(kt);
/* Round up any ns */
if (ts.tv_nsec)
ts.tv_sec++;
rtc_time64_to_tm(ts.tv_sec, &ret);
return ret;
}
EXPORT_SYMBOL_GPL(rtc_ktime_to_tm);
Reference in New Issue View Git Blame Copy Permalink