review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Oliver Hartkopp <socketcan@hartkopp.net>
	Sun, 13 Jan 2019 18:31:43 +0000 (19:31 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 31 Jan 2019 07:13:46 +0000 (08:13 +0100)
commit	e7126858fc71ccee69220e06e2f97190de85db67
tree	b1837ab057eaef67c4216ce1d255611db8c4a8fb	tree \| snapshot
parent	8849347d9cdacbd845ff0a5add3203f4eb599433	commit \| diff

can: bcm: check timer values before ktime conversion

commit 93171ba6f1deffd82f381d36cb13177872d023f6 upstream.

Kyungtae Kim detected a potential integer overflow in bcm_[rx|tx]_setup()
when the conversion into ktime multiplies the given value with NSEC_PER_USEC
(1000).

Reference: https://marc.info/?l=linux-can&m=154732118819828&w=2

Add a check for the given tv_usec, so that the value stays below one second.
Additionally limit the tv_sec value to a reasonable value for CAN related
use-cases of 400 days and ensure all values to be positive.

Reported-by: Kyungtae Kim <kt0755@gmail.com>
Tested-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Cc: linux-stable <stable@vger.kernel.org> # >= 2.6.26
Tested-by: Kyungtae Kim <kt0755@gmail.com>
Acked-by: Andre Naujoks <nautsch2@gmail.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>