time: Fix off-by-one in settimeofday() usec validation

The validation check uses '>' instead of '>=' when comparing tv_usec
against USEC_PER_SEC, allowing the value 1000000 through. After
conversion to nanoseconds (*= 1000), this produces tv_nsec ==
NSEC_PER_SEC, violating the timespec invariant that tv_nsec must be
less than NSEC_PER_SEC.

Use '>=' to reject tv_usec values that are not in the valid range of
0 to 999999.

Fixes: 5e0fb1b57bea ("y2038: time: avoid timespec usage in settimeofday()")
Signed-off-by: Naveen Kumar Chaudhary <naveen.osdev@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Acked-by: John Stultz <jstultz@google.com>
Link: https://patch.msgid.link/4rikk44zew3s6577dugmx4jyblz7o5c57niuap6ct3td5yfm6w@gh7pcumg7qor

diff --git a/kernel/time/time.c b/kernel/time/time.c
index 0d832317d5766ab504026a71776335e160191264..771cef87ad3b0a38b81ef12b2da0f1e04c23c0ca 100644 (file)
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -207,7 +207,7 @@ SYSCALL_DEFINE2(settimeofday, struct __kernel_old_timeval __user *, tv,
                    get_user(new_ts.tv_nsec, &tv->tv_usec))
                        return -EFAULT;
 
-               if (new_ts.tv_nsec > USEC_PER_SEC || new_ts.tv_nsec < 0)
+               if (new_ts.tv_nsec >= USEC_PER_SEC || new_ts.tv_nsec < 0)
                        return -EINVAL;
 
                new_ts.tv_nsec *= NSEC_PER_USEC;