Re: [PATCH] Re: itimer oddness in 2.6.12

From: George Anzinger
Date: Tue Jul 26 2005 - 09:39:32 EST

Andrew Morton wrote:
George Anzinger <george@xxxxxxxxxx> wrote:

+ while (time_before_eq(p->signal->real_timer.expires, jiffies))
+ p->signal->real_timer.expires += inc;

It gives me the creeps when I see timer code doing this, and it seems to be
done relatively frequently.

Surely it can be calculated arithmetically? If not, are you really sure
that it is not exploitable by malicious code?

Hm.. the system only falls into a loop here if the system is loaded to the point where we are a jiffie or more late. The prior code just did the "+=" and called add_timer, possibly with a time in the past. I suspect that way of doing this would never catch up if the user asked for a one jiffie repeat time. Also, this is faster than the div, mpy if you are not late (or even if you are several jiffies late).

A possible alternative might be:
p->signal->real_timer.expires += inc;
if (time_before_eq(p->signal->real_timer.expires, jiffies))
p->signal->real_timer.expires += ((jiffies - p->signal->real_timer.expires + inc -1) / inc) * inc;

Both a div and a mpy in there. I really think the "while" is ok, but if you prefer...

The last time you questioned this sort of thing was in the code to correct an absolute timer. In that case we were adjusting after a clock set and, yes, it was possibly exploitable (assuming you could set the clock). Here we don't have that possibility, i.e. we only get into the loop if the system is late.
George Anzinger george@xxxxxxxxxx
HRT (High-res-timers):
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at