diff options
| author | Willem de Bruijn <willemb@google.com> | 2026-06-04 22:41:03 +0300 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2026-06-09 02:00:05 +0300 |
| commit | 73f1a618b064884410e7f772467a5f515d6751af (patch) | |
| tree | 980adc48af413dffb196a169d648ac9270081754 /include/linux/stackprotector.h | |
| parent | 1bf20cc62a54f95db32529871534751fb6b1b73c (diff) | |
| download | linux-73f1a618b064884410e7f772467a5f515d6751af.tar.xz | |
net: ensure SCM_TXTIME delivery time is no older than system boot
Limit input to sane values to avoid having to add tests later in the
kernel hot path, e.g., in FQ.
SCM_TXTIME timestamps are converted to signed ktime_t when assigned to
skb->tstamp. Avoid having negative values overflow into large positive
ones when again used as u64, e.g., in FQ time_to_send.
For CLOCK_MONOTONIC, only allow positive values.
For CLOCK_REALTIME and CLOCK_TAI, allow equivalent values, i.e., no
older than the boot of the machine.
skb->tstamp zero is a special case signaling feature off. This is not
converted between clockids.
Handle the special case where the realtime clock is set so small that
real - mono is negative, however unlikely in practice.
Ideally we would also set a sane upper bound, but that would require
reading the clock, which is an expensive operation. Continue to defer
that validation to users of the data. FQ already does this.
Bound rather than return error on older timestamps. This is the
existing policy e.g., in FQ.
Signed-off-by: Willem de Bruijn <willemb@google.com>
----
Changes
v1 -> v2
- remove spurious semicolon at end of switch
- remove Fixes tag
Link: https://patch.msgid.link/20260604194221.3319080-2-willemdebruijn.kernel@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'include/linux/stackprotector.h')
0 files changed, 0 insertions, 0 deletions