# HG changeset patch
# Parent e0361d2401bbfc454794ad477c4848e6134c5c31
common/timers: Prevent guests timeouts which would overflow timer calculations

None of these have security implications, but will cause the timers to
expire instantly, rather than a long time into the future.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

diff -r e0361d2401bb xen/common/domain.c
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -896,6 +896,9 @@ long do_vcpu_op(int cmd, int vcpuid, XEN
         if ( copy_from_guest(&set, arg, 1) )
             return -EFAULT;
 
+        if ( set.timeout_abs_ns > STIME_MAX )
+            return -EINVAL;
+
         if ( (set.flags & VCPU_SSHOTTMR_future) &&
              (set.timeout_abs_ns < NOW()) )
             return -ETIME;
diff -r e0361d2401bb xen/common/schedule.c
--- a/xen/common/schedule.c
+++ b/xen/common/schedule.c
@@ -739,6 +739,9 @@ static long do_poll(struct sched_poll *s
     if ( sched_poll->nr_ports > 128 )
         return -EINVAL;
 
+    if ( sched_poll->timeout > STIME_MAX )
+        return -EINVAL;
+
     if ( !guest_handle_okay(sched_poll->ports, sched_poll->nr_ports) )
         return -EFAULT;
 
@@ -829,6 +832,9 @@ static long domain_watchdog(struct domai
     if ( id > NR_DOMAIN_WATCHDOG_TIMERS )
         return -EINVAL;
 
+    if ( SECONDS(timeout) > STIME_DELTA_MAX )
+        return -EINVAL;
+
     spin_lock(&d->watchdog_lock);
 
     if ( id == 0 )