[PATCH] time: Fix off-by-one in settimeofday() usec validation

Next message: Google: "Re: [PATCH] selftests/ftrace: Drop invalid top-level local in test_ownership"
Previous message: Imran Shaik: "[PATCH v3 4/4] clk: qcom: Add Global clock controller support on Qualcomm Shikra SoC"
Next in thread: John Stultz: "Re: [PATCH] time: Fix off-by-one in settimeofday() usec validation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Naveen Kumar Chaudhary

Date: Mon Jun 01 2026 - 00:35:09 EST

The validation check uses '>' instead of '>=' when comparing tv_usec
against USEC_PER_SEC, allowing the value 1000000 through. After
conversion to nanoseconds (*= 1000), this produces tv_nsec ==
NSEC_PER_SEC, violating the timespec invariant that tv_nsec must be
less than NSEC_PER_SEC.

Use '>=' to reject tv_usec values that are not in the valid range of
0 to 999999.

Signed-off-by: Naveen Kumar Chaudhary <naveen.osdev@xxxxxxxxx>
---
kernel/time/time.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/time/time.c b/kernel/time/time.c
index 0d832317d576..771cef87ad3b 100644
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -207,7 +207,7 @@ SYSCALL_DEFINE2(settimeofday, struct __kernel_old_timeval __user *, tv,
get_user(new_ts.tv_nsec, &tv->tv_usec))
return -EFAULT;

- if (new_ts.tv_nsec > USEC_PER_SEC || new_ts.tv_nsec < 0)
+ if (new_ts.tv_nsec >= USEC_PER_SEC || new_ts.tv_nsec < 0)
return -EINVAL;

new_ts.tv_nsec *= NSEC_PER_USEC;
--
2.43.0