Date: Tue, 28 Feb 2017 17:16:02 -0600 From: Eric van Gyzen <vangyzen@FreeBSD.org> To: cem@freebsd.org Cc: Michael Gmelin <freebsd@grem.de>, "freebsd-current@freebsd.org" <freebsd-current@freebsd.org> Subject: Re: panic: invalid bcd xxx Message-ID: <b753effa-aa7f-ff20-d127-28e1e827f304@FreeBSD.org> In-Reply-To: <CAG6CVpXGQds1NYOOd1trYBTE8KNm=VYA3mq9yK3gjjVMt3NNpA@mail.gmail.com> References: <20170228224739.167f2273@bsd64.grem.de> <226a00fa-5d04-0aa7-e0cc-6078edde6639@FreeBSD.org> <CAG6CVpXGQds1NYOOd1trYBTE8KNm=VYA3mq9yK3gjjVMt3NNpA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02/28/2017 16:57, Conrad Meyer wrote:
> On Tue, Feb 28, 2017 at 2:31 PM, Eric van Gyzen <vangyzen@freebsd.org> wrote:
>> Your system's real-time clock is returning garbage. r312702 added some
>> input validation a few weeks ago. Previously, the kernel was reading beyond
>> the end of an array and either complaining about the clock or setting it to
>> the wrong time based on whatever was in the memory beyond the array.
>>
>> The added validation shouldn't be an assertion because it operates on data
>> beyond the kernel's control. Try this:
>>
>> --- sys/libkern.h (revision 314424)
>> +++ sys/libkern.h (working copy)
>> @@ -57,8 +57,10 @@
>> bcd2bin(int bcd)
>> {
>>
>> - KASSERT(bcd >= 0 && bcd < LIBKERN_LEN_BCD2BIN,
>> - ("invalid bcd %d", bcd));
>> + if (bcd < 0 || bcd >= LIBKERN_LEN_BCD2BIN) {
>> + printf("invalid bcd %d\n", bcd);
>> + return (0);
>> + }
>> return (bcd2bin_data[bcd]);
>> }
>
> I don't think removing this assertion and truncating to zero is the
> right thing to do. Adding an error return to this routine is a little
> much, though. I think probably the caller should perform input
> validation between the broken device and this routine.
Either of those would be a much better solution. This was just a quick
hack to get the memstick to boot.
Eric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b753effa-aa7f-ff20-d127-28e1e827f304>