From owner-svn-src-all@freebsd.org Mon May 6 20:40:22 2019 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 828CB15953F8; Mon, 6 May 2019 20:40:22 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 266E888E21; Mon, 6 May 2019 20:40:22 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from John-Baldwins-MacBook-Pro-3.local (ralph.baldwin.cx [66.234.199.215]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: jhb) by smtp.freebsd.org (Postfix) with ESMTPSA id 786DC171A0; Mon, 6 May 2019 20:40:21 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Subject: Re: svn commit: r347063 - head/sys/kern To: Mark Johnston Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <201905032126.x43LQilu092655@repo.freebsd.org> <335d828e-ac61-bc59-bac3-f80f27b951c7@FreeBSD.org> <20190506184502.GA35464@raichu> From: John Baldwin Openpgp: preference=signencrypt Autocrypt: addr=jhb@FreeBSD.org; keydata= mQGiBETQ+XcRBADMFybiq69u+fJRy/0wzqTNS8jFfWaBTs5/OfcV7wWezVmf9sgwn8TW0Dk0 c9MBl0pz+H01dA2ZSGZ5fXlmFIsee1WEzqeJzpiwd/pejPgSzXB9ijbLHZ2/E0jhGBcVy5Yo /Tw5+U/+laeYKu2xb0XPvM0zMNls1ah5OnP9a6Ql6wCgupaoMySb7DXm2LHD1Z9jTsHcAQMD /1jzh2BoHriy/Q2s4KzzjVp/mQO5DSm2z14BvbQRcXU48oAosHA1u3Wrov6LfPY+0U1tG47X 1BGfnQH+rNAaH0livoSBQ0IPI/8WfIW7ub4qV6HYwWKVqkDkqwcpmGNDbz3gfaDht6nsie5Z pcuCcul4M9CW7Md6zzyvktjnbz61BADGDCopfZC4of0Z3Ka0u8Wik6UJOuqShBt1WcFS8ya1 oB4rc4tXfSHyMF63aPUBMxHR5DXeH+EO2edoSwViDMqWk1jTnYza51rbGY+pebLQOVOxAY7k do5Ordl3wklBPMVEPWoZ61SdbcjhHVwaC5zfiskcxj5wwXd2E9qYlBqRg7QeSm9obiBCYWxk d2luIDxqaGJARnJlZUJTRC5vcmc+iGAEExECACAFAkTQ+awCGwMGCwkIBwMCBBUCCAMEFgID AQIeAQIXgAAKCRBy3lIGd+N/BI6RAJ9S97fvbME+3hxzE3JUyUZ6vTewDACdE1stFuSfqMvM jomvZdYxIYyTUpC5Ag0ERND5ghAIAPwsO0B7BL+bz8sLlLoQktGxXwXQfS5cInvL17Dsgnr3 1AKa94j9EnXQyPEj7u0d+LmEe6CGEGDh1OcGFTMVrof2ZzkSy4+FkZwMKJpTiqeaShMh+Goj XlwIMDxyADYvBIg3eN5YdFKaPQpfgSqhT+7El7w+wSZZD8pPQuLAnie5iz9C8iKy4/cMSOrH YUK/tO+Nhw8Jjlw94Ik0T80iEhI2t+XBVjwdfjbq3HrJ0ehqdBwukyeJRYKmbn298KOFQVHO EVbHA4rF/37jzaMadK43FgJ0SAhPPF5l4l89z5oPu0b/+5e2inA3b8J3iGZxywjM+Csq1tqz hltEc7Q+E08AAwUIAL+15XH8bPbjNJdVyg2CMl10JNW2wWg2Q6qdljeaRqeR6zFus7EZTwtX sNzs5bP8y51PSUDJbeiy2RNCNKWFMndM22TZnk3GNG45nQd4OwYK0RZVrikalmJY5Q6m7Z16 4yrZgIXFdKj2t8F+x613/SJW1lIr9/bDp4U9tw0V1g3l2dFtD3p3ZrQ3hpoDtoK70ioIAjjH aIXIAcm3FGZFXy503DOA0KaTWwvOVdYCFLm3zWuSOmrX/GsEc7ovasOWwjPn878qVjbUKWwx Q4QkF4OhUV9zPtf9tDSAZ3x7QSwoKbCoRCZ/xbyTUPyQ1VvNy/mYrBcYlzHodsaqUDjHuW+I SQQYEQIACQUCRND5ggIbDAAKCRBy3lIGd+N/BCO8AJ9j1dWVQWxw/YdTbEyrRKOY8YZNwwCf afMAg8QvmOWnHx3wl8WslCaXaE8= Message-ID: <52484f6b-fdae-565b-6c03-37a63d56ad30@FreeBSD.org> Date: Mon, 6 May 2019 13:40:19 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <20190506184502.GA35464@raichu> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 266E888E21 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.99)[-0.990,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 May 2019 20:40:22 -0000 On 5/6/19 11:45 AM, Mark Johnston wrote: > On Mon, May 06, 2019 at 11:07:18AM -0700, John Baldwin wrote: >> On 5/3/19 2:26 PM, Mark Johnston wrote: >>> Author: markj >>> Date: Fri May 3 21:26:44 2019 >>> New Revision: 347063 >>> URL: https://svnweb.freebsd.org/changeset/base/347063 >>> >>> Log: >>> Disallow excessively small times of day in clock_settime(2). >>> >>> Reported by: syzkaller >>> Reviewed by: cem, kib >>> MFC after: 1 week >>> Sponsored by: The FreeBSD Foundation >>> Differential Revision: https://reviews.freebsd.org/D20151 >>> >>> Modified: >>> head/sys/kern/kern_time.c >>> >>> Modified: head/sys/kern/kern_time.c >>> ============================================================================== >>> --- head/sys/kern/kern_time.c Fri May 3 21:13:09 2019 (r347062) >>> +++ head/sys/kern/kern_time.c Fri May 3 21:26:44 2019 (r347063) >>> @@ -412,7 +412,9 @@ kern_clock_settime(struct thread *td, clockid_t clock_ >>> if (ats->tv_nsec < 0 || ats->tv_nsec >= 1000000000 || >>> ats->tv_sec < 0) >>> return (EINVAL); >>> - if (!allow_insane_settime && ats->tv_sec > 8000ULL * 365 * 24 * 60 * 60) >>> + if (!allow_insane_settime && >>> + (ats->tv_sec > 8000ULL * 365 * 24 * 60 * 60 || >>> + ats->tv_sec < utc_offset())) >>> return (EINVAL); >>> /* XXX Don't convert nsec->usec and back */ >>> TIMESPEC_TO_TIMEVAL(&atv, ats); >> >> Pardon my ignorance, but I can't see why you are checking against utc_offset() >> vs some small constant? None of the discussion in the review mentioned the >> reason for using this particular value, and I didn't see any comparisons >> against utc_offset or kernadjtz in kern_clock_setttime() or settime() that >> would have underflowed or panicked. Can you give a bit more detail on why >> utc_offset() is the lower bound? Thanks. > > I chose it because we subtract utc_offset() from the time passed in to > clock_settime(); see settime_task_func(). That subtraction caused the > underflow that later caused the observed panics. Ok, thanks. A few things I didn't see anyone else note in the review then: 1) This subtraction is actually not done for all rtc drivers, so it seems like we might block small times for RTC clocks that set CLOCKF_GETTIME_NO_ADJ. 2) utc_offset can be negative for machines using local time in timezones "before" UTC. I suppose we don't think any FreeBSD machines actually need to set the running clock to 0 anyway so fixing it here rather than rejecting invalid values only for RTCs that can't handle it is probably ok, but the connection doesn't feel obvious that we are rejecting times that might be non-representable in RTCs. -- John Baldwin