time: Fix off-by-one in compat settimeofday() usec validation

The compat version of settimeofday() uses '>' instead of '>=' when
validating tv_usec against USEC_PER_SEC, allowing the value 1000000 to pass
the check. After the subsequent conversion to nanoseconds (tv_nsec *=
NSEC_PER_USEC), this results in tv_nsec == NSEC_PER_SEC, which violates the
timespec invariant that tv_nsec must be strictly less than NSEC_PER_SEC.

The native settimeofday() was already fixed in commit ce4abda5e126 ("time:
Fix off-by-one in settimeofday() usec validation"), but the compat
counterpart was missed.

Fix it by using '>=' to reject tv_usec values outside the valid range [0,
USEC_PER_SEC - 1].

Fixes: 5e0fb1b57bea ("y2038: time: avoid timespec usage in settimeofday()")
Signed-off-by: Wang Yan <wangyan01@kylinos.cn>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Cc: stable@vger.kernel.org
Link: https://patch.msgid.link/20260622103348.120255-1-wangyan01@kylinos.cn

diff --git a/kernel/time/time.c b/kernel/time/time.c
index 771cef87ad3b0a38b81ef12b2da0f1e04c23c0ca..0dd63a91e7c5805073e3e8b51e31b9ea5d6e7828 100644 (file)
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -251,7 +251,7 @@ COMPAT_SYSCALL_DEFINE2(settimeofday, struct old_timeval32 __user *, tv,
                    get_user(new_ts.tv_nsec, &tv->tv_usec))
                        return -EFAULT;
 
-               if (new_ts.tv_nsec > USEC_PER_SEC || new_ts.tv_nsec < 0)
+               if (new_ts.tv_nsec >= USEC_PER_SEC || new_ts.tv_nsec < 0)
                        return -EINVAL;
 
                new_ts.tv_nsec *= NSEC_PER_USEC;