On Mon, 2019-05-06 at 13:40 -0700, John Baldwin wrote: > On 5/6/19 11:45 AM, Mark Johnston wrote: > > On Mon, May 06, 2019 at 11:07:18AM -0700, John Baldwin wrote: > > > On 5/3/19 2:26 PM, Mark Johnston wrote: > > > > Author: markj > > > > Date: Fri May 3 21:26:44 2019 > > > > New Revision: 347063 > > > > URL: https://svnweb.freebsd.org/changeset/base/347063 > > > > > > > > Log: > > > > Disallow excessively small times of day in clock_settime(2). > > > > > > > > Reported by: syzkaller > > > > Reviewed by: cem, kib > > > > MFC after: 1 week > > > > Sponsored by: The FreeBSD Foundation > > > > Differential Revision: > > > > https://reviews.freebsd.org/D20151 > > > > > > > > Modified: > > > > head/sys/kern/kern_time.c > > > > > > > > Modified: head/sys/kern/kern_time.c > > > > =============================================================== > > > > =============== > > > > --- head/sys/kern/kern_time.c Fri May 3 21:13:09 2019 > > > > (r347062) > > > > +++ head/sys/kern/kern_time.c Fri May 3 21:26:44 2019 > > > > (r347063) > > > > @@ -412,7 +412,9 @@ kern_clock_settime(struct thread *td, > > > > clockid_t clock_ > > > > if (ats->tv_nsec < 0 || ats->tv_nsec >= 1000000000 || > > > > ats->tv_sec < 0) > > > > return (EINVAL); > > > > - if (!allow_insane_settime && ats->tv_sec > 8000ULL * > > > > 365 * 24 * 60 * 60) > > > > + if (!allow_insane_settime && > > > > + (ats->tv_sec > 8000ULL * 365 * 24 * 60 * 60 || > > > > + ats->tv_sec < utc_offset())) > > > > return (EINVAL); > > > > /* XXX Don't convert nsec->usec and back */ > > > > TIMESPEC_TO_TIMEVAL(&atv, ats); > > > > > > Pardon my ignorance, but I can't see why you are checking against > > > utc_offset() > > > vs some small constant? None of the discussion in the review > > > mentioned the > > > reason for using this particular value, and I didn't see any > > > comparisons > > > against utc_offset or kernadjtz in kern_clock_setttime() or > > > settime() that > > > would have underflowed or panicked. Can you give a bit more > > > detail on why > > > utc_offset() is the lower bound? Thanks. > > > > I chose it because we subtract utc_offset() from the time passed in > > to > > clock_settime(); see settime_task_func(). That subtraction caused > > the > > underflow that later caused the observed panics. > > Ok, thanks. A few things I didn't see anyone else note in the review > then: > > 1) This subtraction is actually not done for all rtc drivers, so it > seems > like we might block small times for RTC clocks that set > CLOCKF_GETTIME_NO_ADJ.
The RTC drivers that use the NO_ADJ flag do so because they're doing the same utc offset adjustment themselves (usually after sleeping and then obtaining a fresh time after waking up). -- Ian > 2) utc_offset can be negative for machines using local time in > timezones > "before" UTC. > > I suppose we don't think any FreeBSD machines actually need to set > the > running clock to 0 anyway so fixing it here rather than rejecting > invalid > values only for RTCs that can't handle it is probably ok, but the > connection doesn't feel obvious that we are rejecting times that > might > be non-representable in RTCs. > I don't think this is specific to RTCs at all, I remember (vaguely) a discussion _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
