svn commit: r347063 - head/sys/kern
Ian Lepore
ian at freebsd.org
Mon May 6 21:07:19 UTC 2019
On Mon, 2019-05-06 at 13:40 -0700, John Baldwin wrote:
> On 5/6/19 11:45 AM, Mark Johnston wrote:
> > On Mon, May 06, 2019 at 11:07:18AM -0700, John Baldwin wrote:
> > > On 5/3/19 2:26 PM, Mark Johnston wrote:
> > > > Author: markj
> > > > Date: Fri May 3 21:26:44 2019
> > > > New Revision: 347063
> > > > URL: https://svnweb.freebsd.org/changeset/base/347063
> > > >
> > > > Log:
> > > > Disallow excessively small times of day in clock_settime(2).
> > > >
> > > > Reported by: syzkaller
> > > > Reviewed by: cem, kib
> > > > MFC after: 1 week
> > > > Sponsored by: The FreeBSD Foundation
> > > > Differential Revision:
> > > > https://reviews.freebsd.org/D20151
> > > >
> > > > Modified:
> > > > head/sys/kern/kern_time.c
> > > >
> > > > Modified: head/sys/kern/kern_time.c
> > > > ===============================================================
> > > > ===============
> > > > --- head/sys/kern/kern_time.c Fri May 3 21:13:09 2019
> > > > (r347062)
> > > > +++ head/sys/kern/kern_time.c Fri May 3 21:26:44 2019
> > > > (r347063)
> > > > @@ -412,7 +412,9 @@ kern_clock_settime(struct thread *td,
> > > > clockid_t clock_
> > > > if (ats->tv_nsec < 0 || ats->tv_nsec >= 1000000000 ||
> > > > ats->tv_sec < 0)
> > > > return (EINVAL);
> > > > - if (!allow_insane_settime && ats->tv_sec > 8000ULL *
> > > > 365 * 24 * 60 * 60)
> > > > + if (!allow_insane_settime &&
> > > > + (ats->tv_sec > 8000ULL * 365 * 24 * 60 * 60 ||
> > > > + ats->tv_sec < utc_offset()))
> > > > return (EINVAL);
> > > > /* XXX Don't convert nsec->usec and back */
> > > > TIMESPEC_TO_TIMEVAL(&atv, ats);
> > >
> > > Pardon my ignorance, but I can't see why you are checking against
> > > utc_offset()
> > > vs some small constant? None of the discussion in the review
> > > mentioned the
> > > reason for using this particular value, and I didn't see any
> > > comparisons
> > > against utc_offset or kernadjtz in kern_clock_setttime() or
> > > settime() that
> > > would have underflowed or panicked. Can you give a bit more
> > > detail on why
> > > utc_offset() is the lower bound? Thanks.
> >
> > I chose it because we subtract utc_offset() from the time passed in
> > to
> > clock_settime(); see settime_task_func(). That subtraction caused
> > the
> > underflow that later caused the observed panics.
>
> Ok, thanks. A few things I didn't see anyone else note in the review
> then:
>
> 1) This subtraction is actually not done for all rtc drivers, so it
> seems
> like we might block small times for RTC clocks that set
> CLOCKF_GETTIME_NO_ADJ.
The RTC drivers that use the NO_ADJ flag do so because they're doing
the same utc offset adjustment themselves (usually after sleeping and
then obtaining a fresh time after waking up).
-- Ian
> 2) utc_offset can be negative for machines using local time in
> timezones
> "before" UTC.
>
> I suppose we don't think any FreeBSD machines actually need to set
> the
> running clock to 0 anyway so fixing it here rather than rejecting
> invalid
> values only for RTCs that can't handle it is probably ok, but the
> connection doesn't feel obvious that we are rejecting times that
> might
> be non-representable in RTCs.
>
I don't think this is specific to RTCs at all, I remember (vaguely) a
discussion
More information about the svn-src-all
mailing list