From nobody Sat Aug 20 02:26:25 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M8jDL1Q1dz4YvV6; Sat, 20 Aug 2022 02:26:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M8jDL0ydMz3LFl; Sat, 20 Aug 2022 02:26:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660962386; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OMamPOf4/MjnnsNZifcoP64620uSNjXX3XheLetVN+o=; b=Z4LFXmAw0ktPXLC7vyVao2HrM1Xn/eO1Uq+40QAdGAllmQ3xmJoqoXfxhPNfxVU3zxFhBy XXcxOm94znAtHZ8mVZvG0uMSu8t/ZfqZiQpCLKCJ6/6wJBJM7l4Nx6JmHlW9nEXYIAiCti PJYLcteKBgtI3bO4uZ+ovVdGwWYufP0vX2QjD1ybVd0dsWvHAEIx9cud1e3kdw7ftr1t9h u/mSnOIyOA2bDM28Mqdz6BU4jojB7DnvizqmhAkrbv+SPu9HqOQMC0sD83PaS3Sw3pwKzY mBakVw2LBMJAtIPphHKBFo8rRH+n2whcbgmnUwY6V8Y2ExI3DraO5T3kGqf8iw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M8jDL027qzG2n; Sat, 20 Aug 2022 02:26:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 27K2QPil008234; Sat, 20 Aug 2022 02:26:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 27K2QPKa008233; Sat, 20 Aug 2022 02:26:25 GMT (envelope-from git) Date: Sat, 20 Aug 2022 02:26:25 GMT Message-Id: <202208200226.27K2QPKa008233@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Alan Somers Subject: git: e04d75193865 - stable/12 - fix integer overflow bugs in *stosbt List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: asomers X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: e04d75193865985f64e450931b51c6c2042f913d Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660962386; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OMamPOf4/MjnnsNZifcoP64620uSNjXX3XheLetVN+o=; b=dujSAIuuoRJmaBpVTYNsQDPtJy6e/RYiJTnK1YQI3EJ3vYqgd7kYQEoGonxpmmiwLAYSWh sJBRAnMsh3SGiKJFj267za6Ud9nb4joQWmbmDDan4rMxoin/umkFpzv+b9TQxf4W8X6rEv f0sJ4nkX7zWo20w1rQKuRi52UV32OL4s6TUZVbL9lGJhlWS9AqdxDxMiUNNR1J/cHUnMj5 o1jf6yItfboztKVsQTeXx4vCNAxapit6oBgABl0R4I3W/lgq7RhDMGvw1DSgxHvswyRBeP c8GgFjne78j2FOZtcuc10mfZB1TwjgZ7Q9iQ58UUE2xcx61iA6upWSgQsD+9Gg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1660962386; a=rsa-sha256; cv=none; b=kv7X54RtkEflilEB/E7fWs1x1mRDbYOV6B8LtroTBX5C8qO4hYumcSfTztrKh3PwFDgalK ytleIlKOXUiQXFFiEORNNn5gxAfG+VBWPEPEk7C2wcsNzFszOHTVRzeCQtDYp7SFaQwQUM hOS8w4jsnQQGLiLvYG+kjfJgIq1HRcFd8ktO2Hcu2IyxSBdqRZ9Wf3bsCx4c/7aD/Yy/dj s/aN0aOLD3zP2L2FSTFiPn51NhmuRtNn4+ANr8Zl61610iUIghHWwpZRNf/hrpdgOp4KXP /AD8OgT38cnHVwyL4nROBk9Kcxgbfpapy66BvAQyXqmJx9uVRtG5Q+GCVHUJiA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=e04d75193865985f64e450931b51c6c2042f913d commit e04d75193865985f64e450931b51c6c2042f913d Author: Alan Somers AuthorDate: 2022-04-06 20:03:11 +0000 Commit: Alan Somers CommitDate: 2022-08-20 02:24:58 +0000 fix integer overflow bugs in *stosbt 68f57679d660 Fixed another class of integer overflows, but introduced a boundary condition for 2-4s in ns conversion, 2-~4000s in us conversions and 2-~4,000,000s in ms conversions. This was because we bogusly used SBT_1S for the notion of 1 second, instead of the appropriate power of 10. To fix, just use the appropriate power of 10, which avoids these overflows. This caused some sleeps in ZFS to be on the order of an hour. MFC: 1 day PR: 263073 Sponsored by: Netflix Reviewed by: asomers Differential Revision: https://reviews.freebsd.org/D34790 Fix overflow errors in sbttous and sbttoms Both of these functions would overflow for very large inputs. Add tests for them. Also, add tests for the inverse functions, *stosbt, whose overflow errors were fixed by 4c30b9ecd47. PR: 263073 Sponsored by: Axcient Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D34809 (cherry picked from commit 4c30b9ecd47a2d92565731082a6a4f2bd1e6e051) (cherry picked from commit 10f44229dcd93672583ad6b6e1193a9bc9e4f7c7) --- sys/sys/time.h | 18 ++-- tests/sys/sys/Makefile | 3 +- tests/sys/sys/time_test.c | 224 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 238 insertions(+), 7 deletions(-) diff --git a/sys/sys/time.h b/sys/sys/time.h index fb55bfefd85e..61b04ecf16bf 100644 --- a/sys/sys/time.h +++ b/sys/sys/time.h @@ -206,7 +206,7 @@ nstosbt(int64_t _ns) #ifdef KASSERT KASSERT(_ns >= 0, ("Negative values illegal for nstosbt: %jd", _ns)); #endif - if (_ns >= SBT_1S) { + if (_ns >= 1000000000) { sb = (_ns / 1000000000) * SBT_1S; _ns = _ns % 1000000000; } @@ -219,7 +219,11 @@ static __inline int64_t sbttous(sbintime_t _sbt) { - return ((1000000 * _sbt) >> 32); +#ifdef KASSERT + KASSERT(_sbt >= 0, ("Negative values illegal for sbttous: %jx", _sbt)); +#endif + return ((_sbt >> 32) * 1000000 + + (1000000 * (_sbt & 0xffffffffu) >> 32)); } static __inline sbintime_t @@ -230,7 +234,7 @@ ustosbt(int64_t _us) #ifdef KASSERT KASSERT(_us >= 0, ("Negative values illegal for ustosbt: %jd", _us)); #endif - if (_us >= SBT_1S) { + if (_us >= 1000000) { sb = (_us / 1000000) * SBT_1S; _us = _us % 1000000; } @@ -242,8 +246,10 @@ ustosbt(int64_t _us) static __inline int64_t sbttoms(sbintime_t _sbt) { - - return ((1000 * _sbt) >> 32); +#ifdef KASSERT + KASSERT(_sbt >= 0, ("Negative values illegal for sbttoms: %jx", _sbt)); +#endif + return ((_sbt >> 32) * 1000 + (1000 * (_sbt & 0xffffffffu) >> 32)); } static __inline sbintime_t @@ -254,7 +260,7 @@ mstosbt(int64_t _ms) #ifdef KASSERT KASSERT(_ms >= 0, ("Negative values illegal for mstosbt: %jd", _ms)); #endif - if (_ms >= SBT_1S) { + if (_ms >= 1000) { sb = (_ms / 1000) * SBT_1S; _ms = _ms % 1000; } diff --git a/tests/sys/sys/Makefile b/tests/sys/sys/Makefile index b0c531525596..600d69b700ca 100644 --- a/tests/sys/sys/Makefile +++ b/tests/sys/sys/Makefile @@ -4,7 +4,8 @@ TESTSDIR= ${TESTSBASE}/sys/sys -ATF_TESTS_C= bitstring_test +ATF_TESTS_C= bitstring_test \ + time_test WARNS?= 5 diff --git a/tests/sys/sys/time_test.c b/tests/sys/sys/time_test.c new file mode 100644 index 000000000000..ef6e497458f0 --- /dev/null +++ b/tests/sys/sys/time_test.c @@ -0,0 +1,224 @@ +/*- + * Copyright (c) 2022 Axcient + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions, and the following disclaimer, + * without modification. + * 2. Redistributions in binary form must reproduce at minimum a disclaimer + * substantially similar to the "NO WARRANTY" disclaimer below + * ("Disclaimer") and any redistribution must be conditioned upon + * including a substantially similar Disclaimer requirement for further + * binary redistribution. + * + * NO WARRANTY + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGES. + * + * $FreeBSD$ + */ +#include +#include + +#include +#include + +#include + + +static void +atf_check_nstosbt(sbintime_t expected, int64_t ns) { + sbintime_t actual = nstosbt(ns); + + ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1, + "%"PRId64" != nstosbt(%"PRId64") (%"PRId64")", + expected, ns, actual); +} + +ATF_TC_WITHOUT_HEAD(nstosbt); +ATF_TC_BODY(nstosbt, tc) +{ + atf_check_nstosbt(0, 0); + atf_check_nstosbt(4, 1); + /* 1 second */ + atf_check_nstosbt((1ll << 32) - 4, 999999999); + atf_check_nstosbt(1ll << 32, 1000000000); + /* 2 seconds https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263073 */ + atf_check_nstosbt((1ll << 33) - 4, 1999999999); + atf_check_nstosbt(1ll << 33, 2000000000); + /* 4 seconds */ + atf_check_nstosbt((1ll << 34) - 4, 3999999999); + atf_check_nstosbt((1ll << 34), 4000000000); + /* Max value */ + atf_check_nstosbt(((1ll << 31) - 1) << 32, + ((1ll << 31) - 1) * 1000000000); +} + +static void +atf_check_ustosbt(sbintime_t expected, int64_t us) { + sbintime_t actual = ustosbt(us); + + ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1, + "%"PRId64" != ustosbt(%"PRId64") (%"PRId64")", + expected, us, actual); +} + +ATF_TC_WITHOUT_HEAD(ustosbt); +ATF_TC_BODY(ustosbt, tc) +{ + atf_check_ustosbt(0, 0); + atf_check_ustosbt(4295, 1); + /* 1 second */ + atf_check_ustosbt((1ll << 32) - 4295, 999999); + atf_check_ustosbt(1ll << 32, 1000000); + /* 2 seconds https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263073 */ + atf_check_ustosbt((1ll << 33) - 4295, 1999999); + atf_check_ustosbt(1ll << 33, 2000000); + /* 4 seconds */ + atf_check_ustosbt((1ll << 34) - 4295, 3999999); + atf_check_ustosbt(1ll << 34, 4000000); + /* Max value */ + atf_check_ustosbt(((1ull << 31) - 1) << 32, + ((1ll << 31) - 1) * 1000000); +} + +static void +atf_check_mstosbt(sbintime_t expected, int64_t ms) { + sbintime_t actual = mstosbt(ms); + + ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1, + "%"PRId64" != mstosbt(%"PRId64") (%"PRId64")", + expected, ms, actual); +} + +ATF_TC_WITHOUT_HEAD(mstosbt); +ATF_TC_BODY(mstosbt, tc) +{ + atf_check_mstosbt(0, 0); + atf_check_mstosbt(4294967, 1); + /* 1 second */ + atf_check_mstosbt((1ll << 32) - 4294968, 999); + atf_check_mstosbt(1ll << 32, 1000); + /* 2 seconds https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263073 */ + atf_check_mstosbt((1ll << 33) - 4294968, 1999); + atf_check_mstosbt(1ll << 33, 2000); + /* 4 seconds */ + atf_check_mstosbt((1ll << 34) - 4294968, 3999); + atf_check_mstosbt(1ll << 34, 4000); + /* Max value */ + atf_check_mstosbt(((1ll << 31) - 1) << 32, ((1ll << 31) - 1) * 1000); +} + +static void +atf_check_sbttons(int64_t expected, sbintime_t sbt) { + int64_t actual = sbttons(sbt); + + ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1, + "%"PRId64" != sbttons(%"PRId64") (%"PRId64")", + expected, sbt, actual); +} + +ATF_TC_WITHOUT_HEAD(sbttons); +ATF_TC_BODY(sbttons, tc) +{ + atf_check_sbttons(0, 0); + atf_check_sbttons(0, 1); + atf_check_sbttons(1, (1ll << 32) / 1000000000); + /* 1 second */ + atf_check_sbttons(1000000000, 1ll << 32); + atf_check_sbttons(1999999999, (1ll << 33) - 1); + /* 2 seconds */ + atf_check_sbttons(1999999999, (1ll << 33) - 1); + atf_check_sbttons(2000000000, 1ll << 33); + /* 4 seconds */ + atf_check_sbttons(3999999999, (1ll << 34) - 1); + atf_check_sbttons(4000000000, 1ll << 34); + /* edge cases */ + atf_check_sbttons(999999999, (1ll << 32) - 1); + atf_check_sbttons((1ll << 31) * 1000000000, (1ull << 63) - 1); +} + +static void +atf_check_sbttous(int64_t expected, sbintime_t sbt) { + int64_t actual = sbttous(sbt); + + ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1, + "%"PRId64" != sbttous(%"PRId64") (%"PRId64")", + expected, sbt, actual); +} + +ATF_TC_WITHOUT_HEAD(sbttous); +ATF_TC_BODY(sbttous, tc) +{ + atf_check_sbttous(0, 0); + atf_check_sbttous(0, 1); + atf_check_sbttous(1, (1ll << 32) / 1000000); + /* 1 second */ + atf_check_sbttous(1000000, 1ll << 32); + atf_check_sbttous(1999999, (1ll << 33) - 1); + /* 2 seconds */ + atf_check_sbttous(1999999, (1ll << 33) - 1); + atf_check_sbttous(2000000, 1ll << 33); + /* 4 seconds */ + atf_check_sbttous(3999999, (1ll << 34) -1); + atf_check_sbttous(4000000, 1ll << 34); + /* Overflows (bug 263073) */ + atf_check_sbttous(1ll << 31, (1ull << 63) / 1000000); + atf_check_sbttous(1ll << 31, (1ull << 63) / 1000000 + 1); + atf_check_sbttous((1ll << 31) * 1000000, (1ull << 63) - 1); +} + +static void +atf_check_sbttoms(int64_t expected, sbintime_t sbt) { + int64_t actual = sbttoms(sbt); + + ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1, + "%"PRId64" != sbttoms(%"PRId64") (%"PRId64")", + expected, sbt, actual); +} + +ATF_TC_WITHOUT_HEAD(sbttoms); +ATF_TC_BODY(sbttoms, tc) +{ + atf_check_sbttoms(0, 0); + atf_check_sbttoms(0, 1); + atf_check_sbttoms(1, (1ll << 32) / 1000); + /* 1 second */ + atf_check_sbttoms(999, (1ll << 32) - 1); + atf_check_sbttoms(1000, 1ll << 32); + /* 2 seconds */ + atf_check_sbttoms(1999, (1ll << 33) - 1); + atf_check_sbttoms(2000, 1ll << 33); + /* 4 seconds */ + atf_check_sbttoms(3999, (1ll << 34) - 1); + atf_check_sbttoms(4000, 1ll << 34); + /* Overflows (bug 263073) */ + atf_check_sbttoms(1ll << 31, (1ull << 63) / 1000); + atf_check_sbttoms(1ll << 31, (1ull << 63) / 1000 + 1); + atf_check_sbttoms((1ll << 31) * 1000, (1ull << 63) - 1); +} + +ATF_TP_ADD_TCS(tp) +{ + + ATF_TP_ADD_TC(tp, nstosbt); + ATF_TP_ADD_TC(tp, ustosbt); + ATF_TP_ADD_TC(tp, mstosbt); + ATF_TP_ADD_TC(tp, sbttons); + ATF_TP_ADD_TC(tp, sbttous); + ATF_TP_ADD_TC(tp, sbttoms); + + return (atf_no_error()); +}