Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 May 2019 14:45:02 -0400
From:      Mark Johnston <markj@freebsd.org>
To:        John Baldwin <jhb@freebsd.org>
Cc:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r347063 - head/sys/kern
Message-ID:  <20190506184502.GA35464@raichu>
In-Reply-To: <335d828e-ac61-bc59-bac3-f80f27b951c7@FreeBSD.org>
References:  <201905032126.x43LQilu092655@repo.freebsd.org> <335d828e-ac61-bc59-bac3-f80f27b951c7@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, May 06, 2019 at 11:07:18AM -0700, John Baldwin wrote:
> On 5/3/19 2:26 PM, Mark Johnston wrote:
> > Author: markj
> > Date: Fri May  3 21:26:44 2019
> > New Revision: 347063
> > URL: https://svnweb.freebsd.org/changeset/base/347063
> > 
> > Log:
> >   Disallow excessively small times of day in clock_settime(2).
> >   
> >   Reported by:	syzkaller
> >   Reviewed by:	cem, kib
> >   MFC after:	1 week
> >   Sponsored by:	The FreeBSD Foundation
> >   Differential Revision:	https://reviews.freebsd.org/D20151
> > 
> > Modified:
> >   head/sys/kern/kern_time.c
> > 
> > Modified: head/sys/kern/kern_time.c
> > ==============================================================================
> > --- head/sys/kern/kern_time.c	Fri May  3 21:13:09 2019	(r347062)
> > +++ head/sys/kern/kern_time.c	Fri May  3 21:26:44 2019	(r347063)
> > @@ -412,7 +412,9 @@ kern_clock_settime(struct thread *td, clockid_t clock_
> >  	if (ats->tv_nsec < 0 || ats->tv_nsec >= 1000000000 ||
> >  	    ats->tv_sec < 0)
> >  		return (EINVAL);
> > -	if (!allow_insane_settime && ats->tv_sec > 8000ULL * 365 * 24 * 60 * 60)
> > +	if (!allow_insane_settime &&
> > +	    (ats->tv_sec > 8000ULL * 365 * 24 * 60 * 60 ||
> > +	    ats->tv_sec < utc_offset()))
> >  		return (EINVAL);
> >  	/* XXX Don't convert nsec->usec and back */
> >  	TIMESPEC_TO_TIMEVAL(&atv, ats);
> 
> Pardon my ignorance, but I can't see why you are checking against utc_offset()
> vs some small constant?  None of the discussion in the review mentioned the
> reason for using this particular value, and I didn't see any comparisons
> against utc_offset or kernadjtz in kern_clock_setttime() or settime() that
> would have underflowed or panicked.  Can you give a bit more detail on why
> utc_offset() is the lower bound?  Thanks.

I chose it because we subtract utc_offset() from the time passed in to
clock_settime(); see settime_task_func().  That subtraction caused the
underflow that later caused the observed panics.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190506184502.GA35464>