From owner-svn-src-head@freebsd.org Mon May 6 21:07:19 2019 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 305FE15960A0 for ; Mon, 6 May 2019 21:07:19 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from outbound1.eu.mailhop.org (outbound1.eu.mailhop.org [52.28.251.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9CF6F8A6DB for ; Mon, 6 May 2019 21:07:18 +0000 (UTC) (envelope-from ian@freebsd.org) ARC-Seal: i=1; a=rsa-sha256; t=1557175864; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=GHMGLqoof15J7yTNmLVL50iKvJ+02wq7w59ecZp7kkEzRGChtmTBMsvXmz4sIFd2wjE5mBLQBijEe +s2beYs8MugzllZRrgp02+7XvXYMXP8Zr9T79BbNC8qaQbsyv2ZeOAP4n/k2T23ER2ma49/DR8PC/0 0oZQKbFN6hOoOII7I14WksdkZo5EzZOBPMwQnCixgxdJdmYL3aSXlxG1WKa80Hsr7R9RwNKRJct+1q FVMGwQKdH571ZCjT4prOOlK0Czf47OTX9ava5L5gwu+aWHk6trPfywe0wGeWm1TEeSK0qRGOD34fdM 6dRSpmC3gvq7LMCGCD33zD7iJ18ARpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:cc:to:from:subject:message-id:dkim-signature:from; bh=T2Pwja/1ULORC07zerU2Cp4LZZcNglmzFZidomVt12g=; b=FoQiRZ9sYCHgYSCuwtVa0gPmUVv1cKduE23zgDbqxkpm4SFHvDFPNblez4bpgRAAAATsI31Y6yLSp PLWG4BZgsG3DwoOXqN/FEIWq9wIHjVe5CBSCUX7L7DO33EeDq4ol6taFCChmZz6xFipkbX4fInpOM6 YZynA6C1MDw0L6d6daBals5SCnU1XyyZ7IQ8B2SWb+ukw+W1LI8f34HCtGkZ9I/OJULseXnNHPKZCr lSiv99IgRP1EZUeIUBg9SadfBkPIZDOmI+QJlsIlz1yK+HBrUQ1voZ8P8vS5PtydMWCACMXBilrMzH VT1FKfBJN9aAE8+H5DnPE36aoEnJQIQ== ARC-Authentication-Results: i=1; outbound3.eu.mailhop.org; spf=softfail smtp.mailfrom=freebsd.org smtp.remote-ip=67.177.211.60; dmarc=none header.from=freebsd.org; arc=none header.oldest-pass=0; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:cc:to:from:subject:message-id:from; bh=T2Pwja/1ULORC07zerU2Cp4LZZcNglmzFZidomVt12g=; b=TA/P9Sqz+4yEH6fCj4I2DdLcWXC8m1wbtItu41CzkM+5tiw/XqkngkLCJFvIqQPaagFyEiJenOfRB kiNESSHU5VIZJ0YmZ/QwxoD3hRiQC1YjB0wWkZ3J8yuoF3+HsnI7HM/3MUOyVE5MenLRQ0PYZwe0pA WrFP0fJq5RIHTuIuWrRevoTOC5WiTjxTdsic79DVO5Mek/omZnmhItvfvhUcLe/tZTlE5fWBmt2cBN Mo39t7nMPEN/45K0lo1pxoM9wkVFfO/O+QtFPNFlu/H7YB2zHvMCjYP9cA79rDswmcaLdCLDDp7awB AcdiFbEmmPxCsfNgHMiB5FMmC8d4xrw== X-MHO-RoutePath: aGlwcGll X-MHO-User: a7c1bf39-7040-11e9-908b-352056dbf2de X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 67.177.211.60 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [67.177.211.60]) by outbound3.eu.mailhop.org (Halon) with ESMTPSA id a7c1bf39-7040-11e9-908b-352056dbf2de; Mon, 06 May 2019 20:51:02 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id x46Kp01N034062; Mon, 6 May 2019 14:51:00 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: <2f2db4195cc199afd56d2089feed60d8ddbc75b3.camel@freebsd.org> Subject: Re: svn commit: r347063 - head/sys/kern From: Ian Lepore To: John Baldwin , Mark Johnston Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Date: Mon, 06 May 2019 14:51:00 -0600 In-Reply-To: <52484f6b-fdae-565b-6c03-37a63d56ad30@FreeBSD.org> References: <201905032126.x43LQilu092655@repo.freebsd.org> <335d828e-ac61-bc59-bac3-f80f27b951c7@FreeBSD.org> <20190506184502.GA35464@raichu> <52484f6b-fdae-565b-6c03-37a63d56ad30@FreeBSD.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5 FreeBSD GNOME Team Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 9CF6F8A6DB X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.99)[-0.991,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 May 2019 21:07:19 -0000 On Mon, 2019-05-06 at 13:40 -0700, John Baldwin wrote: > On 5/6/19 11:45 AM, Mark Johnston wrote: > > On Mon, May 06, 2019 at 11:07:18AM -0700, John Baldwin wrote: > > > On 5/3/19 2:26 PM, Mark Johnston wrote: > > > > Author: markj > > > > Date: Fri May 3 21:26:44 2019 > > > > New Revision: 347063 > > > > URL: https://svnweb.freebsd.org/changeset/base/347063 > > > > > > > > Log: > > > > Disallow excessively small times of day in clock_settime(2). > > > > > > > > Reported by: syzkaller > > > > Reviewed by: cem, kib > > > > MFC after: 1 week > > > > Sponsored by: The FreeBSD Foundation > > > > Differential Revision: > > > > https://reviews.freebsd.org/D20151 > > > > > > > > Modified: > > > > head/sys/kern/kern_time.c > > > > > > > > Modified: head/sys/kern/kern_time.c > > > > =============================================================== > > > > =============== > > > > --- head/sys/kern/kern_time.c Fri May 3 21:13:09 2019 > > > > (r347062) > > > > +++ head/sys/kern/kern_time.c Fri May 3 21:26:44 2019 > > > > (r347063) > > > > @@ -412,7 +412,9 @@ kern_clock_settime(struct thread *td, > > > > clockid_t clock_ > > > > if (ats->tv_nsec < 0 || ats->tv_nsec >= 1000000000 || > > > > ats->tv_sec < 0) > > > > return (EINVAL); > > > > - if (!allow_insane_settime && ats->tv_sec > 8000ULL * > > > > 365 * 24 * 60 * 60) > > > > + if (!allow_insane_settime && > > > > + (ats->tv_sec > 8000ULL * 365 * 24 * 60 * 60 || > > > > + ats->tv_sec < utc_offset())) > > > > return (EINVAL); > > > > /* XXX Don't convert nsec->usec and back */ > > > > TIMESPEC_TO_TIMEVAL(&atv, ats); > > > > > > Pardon my ignorance, but I can't see why you are checking against > > > utc_offset() > > > vs some small constant? None of the discussion in the review > > > mentioned the > > > reason for using this particular value, and I didn't see any > > > comparisons > > > against utc_offset or kernadjtz in kern_clock_setttime() or > > > settime() that > > > would have underflowed or panicked. Can you give a bit more > > > detail on why > > > utc_offset() is the lower bound? Thanks. > > > > I chose it because we subtract utc_offset() from the time passed in > > to > > clock_settime(); see settime_task_func(). That subtraction caused > > the > > underflow that later caused the observed panics. > > Ok, thanks. A few things I didn't see anyone else note in the review > then: > > 1) This subtraction is actually not done for all rtc drivers, so it > seems > like we might block small times for RTC clocks that set > CLOCKF_GETTIME_NO_ADJ. The RTC drivers that use the NO_ADJ flag do so because they're doing the same utc offset adjustment themselves (usually after sleeping and then obtaining a fresh time after waking up). -- Ian > 2) utc_offset can be negative for machines using local time in > timezones > "before" UTC. > > I suppose we don't think any FreeBSD machines actually need to set > the > running clock to 0 anyway so fixing it here rather than rejecting > invalid > values only for RTCs that can't handle it is probably ok, but the > connection doesn't feel obvious that we are rejecting times that > might > be non-representable in RTCs. > I don't think this is specific to RTCs at all, I remember (vaguely) a discussion