[Bug 261781] VDSO time calculation integer overflow

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 07 Feb 2022 18:04:22 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261781

            Bug ID: 261781
           Summary: VDSO time calculation integer overflow
           Product: Base System
           Version: CURRENT
          Hardware: arm
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: jarek@jpelczar.com

I have been tinkering with clock subsystem for more or less tickless based
approach. I am not sure whether calculation in
"lib/libc/sys/__vdso_gettimeofday.c" for "binuptime" function is correct.
Currently the code looks like this:



                scale = th->th_scale;
#ifdef _LP64
                scale_bits = ffsl(scale);
#else
                scale_bits = ffsll(scale);
#endif
                if (__predict_false(scale_bits + fls(delta) > 63)) {
                        x = (scale >> 32) * delta;
                        scale &= 0xffffffff;
                        bt->sec += x >> 32;
                        bintime_addx(bt, x << 32);
                }


Example outputs from two time points (time is measured by ARM Generic Timer,
but that's just 64bit counter masked to 32bits):


th->th_boottime = 1640852968.ff886104742783f9 
timecounter delta = 29015463 
th->th_scale = 295147905178 
th->th_offset_count = 539967626 
bintime_addx(bt, scale * delta = 0x76D8EB0A9A877676) => 9.4522dbb32c111955


th->th_boottime = 1640852968.ff886104742783f9 
timecounter delta = 64100295 
th->th_scale = 295147905178 
th->th_offset_count = 539967626 
bintime_addx(bt, scale * delta) => 8.d4d7f89392515095


Multiplication of scale and delta will overflow 64 bits. 

I am not sure whether the scale_bits should rather be calculated by flsl/flsll
to detect the overflow.

-- 
You are receiving this mail because:
You are the assignee for the bug.