Fixup adjtimex freq validation on 32bit systems (rhbz 1188074)

2 files changed, 56 insertions, 1 deletions

diff --git a/0001-ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch b/0001-ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch
new file mode 100644
index 00000000..3d65d372
--- /dev/null
+++ b/0001-ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch
@@ -0,0 +1,46 @@
+From 1079a4c2288cf33c13d2c6ca3e07d4039b1f39f0 Mon Sep 17 00:00:00 2001
+From: John Stultz <john.stultz@linaro.org>
+Date: Mon, 2 Feb 2015 10:57:56 -0800
+Subject: [PATCH] ntp: Fixup adjtimex freq validation on 32bit systems
+
+Additional validation of adjtimex freq values to avoid
+potential multiplication overflows were added in commit
+5e5aeb4367b (time: adjtimex: Validate the ADJ_FREQUENCY values)
+
+Unfortunately the patch used LONG_MAX/MIN instead of
+LLONG_MAX/MIN, which was fine on 64bit systems, but caused
+false positives on 32bit systems resulting in most direct
+frequency adjustments to fail w/ EINVAL.
+
+ntpd only does driect frequency adjustments at startup,
+so the issue was not easily observed there, but other sync
+applications like ptpd and chrony were more effected by
+the bug.
+
+Cc: Sasha Levin <sasha.levin@oracle.com>
+Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
+Reported-by: George Joseph <george.joseph@fairview5.com>
+Signed-off-by: John Stultz <john.stultz@linaro.org>
+---
+ kernel/time/ntp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
+index 28bf91c..242774d 100644
+--- a/kernel/time/ntp.c
++++ b/kernel/time/ntp.c
+@@ -634,9 +634,9 @@ int ntp_validate_timex(struct timex *txc)
+ 		return -EPERM;
+ 
+ 	if (txc->modes & ADJ_FREQUENCY) {
+-		if (LONG_MIN / PPM_SCALE > txc->freq)
++		if (LLONG_MIN / PPM_SCALE > txc->freq)
+ 			return -EINVAL;
+-		if (LONG_MAX / PPM_SCALE < txc->freq)
++		if (LLONG_MAX / PPM_SCALE < txc->freq)
+ 			return -EINVAL;
+ 	}
+ 
+-- 
+1.9.1
+
diff --git a/kernel.spec b/kernel.spec
index 75f420c3..3f4cdaa0 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -42,7 +42,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 200
+%global baserelease 201
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -636,6 +636,9 @@ Patch30001: mpssd-x86-only.patch
 # rhbz 1183744 1188347
 Patch30002: ipv4-try-to-cache-dst_entries-which-would-cause-a-re.patch
 
+#rhbz 1188074
+Patch30003: 0001-ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1377,6 +1380,9 @@ ApplyPatch mpssd-x86-only.patch
 # rhbz 1183744 1188347
 ApplyPatch ipv4-try-to-cache-dst_entries-which-would-cause-a-re.patch
 
+#rhbz 1188074
+ApplyPatch 0001-ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch
+
 %if 0%{?aarch64patches}
 ApplyPatch kernel-arm64.patch
 %ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does.
@@ -2247,6 +2253,9 @@ fi
 #                                    ||----w |
 #                                    ||     ||
 %changelog
+* Mon Feb 02 2015 Justin M. Forbes <jforbes@fedoraproject.org> - 3.18.5-201
+- Fixup adjtimex freq validation on 32bit systems (rhbz 1188074)
+
 * Mon Feb 02 2015 Josh Boyer <jwboyer@fedoraproject.org>
 - CVE-XXXX-XXX DoS due to routing packets to too many different dsts/too fast (rhbz 1183744 1188347)