Date: Mon, 07 Feb 2022 18:04:22 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 261781] VDSO time calculation integer overflow Message-ID: <bug-261781-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D261781 Bug ID: 261781 Summary: VDSO time calculation integer overflow Product: Base System Version: CURRENT Hardware: arm OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: jarek@jpelczar.com I have been tinkering with clock subsystem for more or less tickless based approach. I am not sure whether calculation in "lib/libc/sys/__vdso_gettimeofday.c" for "binuptime" function is correct. Currently the code looks like this: scale =3D th->th_scale; #ifdef _LP64 scale_bits =3D ffsl(scale); #else scale_bits =3D ffsll(scale); #endif if (__predict_false(scale_bits + fls(delta) > 63)) { x =3D (scale >> 32) * delta; scale &=3D 0xffffffff; bt->sec +=3D x >> 32; bintime_addx(bt, x << 32); } Example outputs from two time points (time is measured by ARM Generic Timer, but that's just 64bit counter masked to 32bits): th->th_boottime =3D 1640852968.ff886104742783f9=20 timecounter delta =3D 29015463=20 th->th_scale =3D 295147905178=20 th->th_offset_count =3D 539967626=20 bintime_addx(bt, scale * delta =3D 0x76D8EB0A9A877676) =3D> 9.4522dbb32c111= 955 th->th_boottime =3D 1640852968.ff886104742783f9=20 timecounter delta =3D 64100295=20 th->th_scale =3D 295147905178=20 th->th_offset_count =3D 539967626=20 bintime_addx(bt, scale * delta) =3D> 8.d4d7f89392515095 Multiplication of scale and delta will overflow 64 bits.=20 I am not sure whether the scale_bits should rather be calculated by flsl/fl= sll to detect the overflow. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-261781-227>