[v1] time: Fix off-by-one in settimeofday() usec validation

[PATCH] time: Fix off-by-one in settimeofday() usec validation

Posted by Naveen Kumar Chaudhary 1 week ago

The validation check uses '>' instead of '>=' when comparing tv_usec
against USEC_PER_SEC, allowing the value 1000000 through. After
conversion to nanoseconds (*= 1000), this produces tv_nsec ==
NSEC_PER_SEC, violating the timespec invariant that tv_nsec must be
less than NSEC_PER_SEC.

Use '>=' to reject tv_usec values that are not in the valid range of
0 to 999999.

Signed-off-by: Naveen Kumar Chaudhary <naveen.osdev@gmail.com>
---
 kernel/time/time.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/time/time.c b/kernel/time/time.c
index 0d832317d576..771cef87ad3b 100644
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -207,7 +207,7 @@ SYSCALL_DEFINE2(settimeofday, struct __kernel_old_timeval __user *, tv,
 		    get_user(new_ts.tv_nsec, &tv->tv_usec))
 			return -EFAULT;
 
-		if (new_ts.tv_nsec > USEC_PER_SEC || new_ts.tv_nsec < 0)
+		if (new_ts.tv_nsec >= USEC_PER_SEC || new_ts.tv_nsec < 0)
 			return -EINVAL;
 
 		new_ts.tv_nsec *= NSEC_PER_USEC;
-- 
2.43.0

Re: [PATCH] time: Fix off-by-one in settimeofday() usec validation

Posted by John Stultz 6 days, 8 hours ago

On Sun, May 31, 2026 at 9:35 PM Naveen Kumar Chaudhary
<naveen.osdev@gmail.com> wrote:
>
> The validation check uses '>' instead of '>=' when comparing tv_usec
> against USEC_PER_SEC, allowing the value 1000000 through. After
> conversion to nanoseconds (*= 1000), this produces tv_nsec ==
> NSEC_PER_SEC, violating the timespec invariant that tv_nsec must be
> less than NSEC_PER_SEC.
>
> Use '>=' to reject tv_usec values that are not in the valid range of
> 0 to 999999.
>
> Signed-off-by: Naveen Kumar Chaudhary <naveen.osdev@gmail.com>

Probably needs a Fixes: tag. Likely: 5e0fb1b57bea ("y2038: time: avoid
timespec usage in settimeofday()")

Otherwise looks reasonable,
Acked-by: John Stultz <jstultz@google.com>

thanks
-john

[PATCH v2] time: Fix off-by-one in settimeofday() usec validation

Posted by Naveen Kumar Chaudhary 5 days, 12 hours ago

The validation check uses '>' instead of '>=' when comparing tv_usec
against USEC_PER_SEC, allowing the value 1000000 through. After
conversion to nanoseconds (*= 1000), this produces tv_nsec ==
NSEC_PER_SEC, violating the timespec invariant that tv_nsec must be
less than NSEC_PER_SEC.

Use '>=' to reject tv_usec values that are not in the valid range of
0 to 999999.

Fixes: 5e0fb1b57bea ("y2038: time: avoid timespec usage in settimeofday()")
Signed-off-by: Naveen Kumar Chaudhary <naveen.osdev@gmail.com>
---

v1 -> v2:
  - Added missing 'Fixes:' tag pointing to the breaking commit 5e0fb1b57bea
    as requested during review.

 kernel/time/time.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/time/time.c b/kernel/time/time.c
index 0d832317d576..771cef87ad3b 100644
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -207,7 +207,7 @@ SYSCALL_DEFINE2(settimeofday, struct __kernel_old_timeval __user *, tv,
 		    get_user(new_ts.tv_nsec, &tv->tv_usec))
 			return -EFAULT;
 
-		if (new_ts.tv_nsec > USEC_PER_SEC || new_ts.tv_nsec < 0)
+		if (new_ts.tv_nsec >= USEC_PER_SEC || new_ts.tv_nsec < 0)
 			return -EINVAL;
 
 		new_ts.tv_nsec *= NSEC_PER_USEC;
-- 
2.43.0

Re: [PATCH v2] time: Fix off-by-one in settimeofday() usec validation

Posted by John Stultz 5 days, 11 hours ago

On Tue, Jun 2, 2026 at 11:07 AM Naveen Kumar Chaudhary
<naveen.osdev@gmail.com> wrote:
>
> The validation check uses '>' instead of '>=' when comparing tv_usec
> against USEC_PER_SEC, allowing the value 1000000 through. After
> conversion to nanoseconds (*= 1000), this produces tv_nsec ==
> NSEC_PER_SEC, violating the timespec invariant that tv_nsec must be
> less than NSEC_PER_SEC.
>
> Use '>=' to reject tv_usec values that are not in the valid range of
> 0 to 999999.
>
> Fixes: 5e0fb1b57bea ("y2038: time: avoid timespec usage in settimeofday()")
> Signed-off-by: Naveen Kumar Chaudhary <naveen.osdev@gmail.com>


Acked-by: John Stultz <jstultz@google.com>

[tip: timers/urgent] time: Fix off-by-one in settimeofday() usec validation

Posted by tip-bot2 for Naveen Kumar Chaudhary 5 days, 11 hours ago

The following commit has been merged into the timers/urgent branch of tip:

Commit-ID:     ce4abda5e12622f33450159e76c8f56d28d7f03d
Gitweb:        https://git.kernel.org/tip/ce4abda5e12622f33450159e76c8f56d28d7f03d
Author:        Naveen Kumar Chaudhary <naveen.osdev@gmail.com>
AuthorDate:    Tue, 02 Jun 2026 23:37:37 +05:30
Committer:     Thomas Gleixner <tglx@kernel.org>
CommitterDate: Tue, 02 Jun 2026 21:07:55 +02:00

time: Fix off-by-one in settimeofday() usec validation

The validation check uses '>' instead of '>=' when comparing tv_usec
against USEC_PER_SEC, allowing the value 1000000 through. After
conversion to nanoseconds (*= 1000), this produces tv_nsec ==
NSEC_PER_SEC, violating the timespec invariant that tv_nsec must be
less than NSEC_PER_SEC.

Use '>=' to reject tv_usec values that are not in the valid range of
0 to 999999.

Fixes: 5e0fb1b57bea ("y2038: time: avoid timespec usage in settimeofday()")
Signed-off-by: Naveen Kumar Chaudhary <naveen.osdev@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Acked-by: John Stultz <jstultz@google.com>
Link: https://patch.msgid.link/4rikk44zew3s6577dugmx4jyblz7o5c57niuap6ct3td5yfm6w@gh7pcumg7qor
---
 kernel/time/time.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/time/time.c b/kernel/time/time.c
index 0d83231..771cef8 100644
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -207,7 +207,7 @@ SYSCALL_DEFINE2(settimeofday, struct __kernel_old_timeval __user *, tv,
 		    get_user(new_ts.tv_nsec, &tv->tv_usec))
 			return -EFAULT;
 
-		if (new_ts.tv_nsec > USEC_PER_SEC || new_ts.tv_nsec < 0)
+		if (new_ts.tv_nsec >= USEC_PER_SEC || new_ts.tv_nsec < 0)
 			return -EINVAL;
 
 		new_ts.tv_nsec *= NSEC_PER_USEC;