Home | History | Annotate | Download | only in kern
History log of /src/sys/kern/subr_time.c
RevisionDateAuthorComments
 1.41  22-Dec-2024  riastradh kern: Move some purely arithmetic routines to subr_time_arith.c.

Preparation for testing and fixing:

PR kern/58922: itimer(9): arithmetic overflow
PR kern/58925: itimer(9) responds erratically to clock wound back
PR kern/58926: itimer(9) integer overflow in overrun counting
PR kern/58927: itimer(9): overrun accounting is broken
 1.40  22-Dec-2024  riastradh subr_time.c: Sort includes.

No functional change intended.

Preparation for factoring out arithmetic to test and fix:

PR kern/58922: itimer(9): arithmetic overflow
PR kern/58925: itimer(9) responds erratically to clock wound back
PR kern/58926: itimer(9) integer overflow in overrun counting
PR kern/58927: itimer(9): overrun accounting is broken
 1.39  10-Oct-2024  kre PR kern/58733 - avoid ts2timo() clobbering its arg

See the PR for the gory details - in the TIMER_ABSTIME case
ts2timo() should not (really *must* not) alter the timespec
it is passed (in that case it should be const - but for now
anyway, cannot be for the TIMER_RELTIME case, and there is
just one of them!)

XXX pullup -10
XXX pullup -9 (will need a patch).
 1.38  08-Jul-2023  riastradh clock_gettime(2): Fix CLOCK_PROCESS/THREAD_CPUTIME_ID.

Use same calculation as getrusage, not some ad-hoc arithmetic of
internal scheduler parameters that are periodically rewound.

PR kern/57512

XXX pullup-8
XXX pullup-9
XXX pullup-10
 1.37  29-Apr-2023  isaki White space fix.
 1.36  09-Apr-2023  riastradh kern: KASSERT(A && B) -> KASSERT(A); KASSERT(B)
 1.35  28-Jun-2022  riastradh branches: 1.35.4;
kern: Avoid arithmetic overflow in gettimeleft.

Sprinkle assertions in to verify we're monotonically counting the
time left down to zero.

Reported-by: syzbot+5f6a6329d139810dfe3c@syzkaller.appspotmail.com
 1.34  26-Jun-2022  riastradh kern: Use timespecsubok in ts2timo.

Should fix arithmetic overflow.

Reported-by: syzbot+4393a753a7c787abe6e2@syzkaller.appspotmail.com
 1.33  26-Jun-2022  riastradh kern: New functions timespecaddok, timespecsubok.

Return false if timespecadd or timespecsub with the same arguments
would overflow (possibly in an intermediate calculation), true if OK.

Typical usage:

sys_wotsit(...)
{
...
if (!timespecsubok(x, y))
return EINVAL;
timespecub(x, y, xydelta);
...
}
 1.32  13-Mar-2022  riastradh kern: Fix fencepost error in ts2timo overflow checks.

Triggered by

clock_settime({.tv_sec=0, .tv_nsec=0})
clock_nanosleep({.tv_sec=LLONG_MIN, .tv_nsec=0})

so that, by the time we enter ts2timo (after a few nanoseconds have
passed), we end up with

tsd = {.tv_sec=0, .tv_nsec=nonzero}
ts = {.tv_sec=LLONG_MIN, .tv_nsec=0}

and the subtraction ts - tsd leads to a borrow from tv_sec.

Reported-by: syzbot+14818113e9d0b45bca64@syzkaller.appspotmail.com
 1.31  21-Sep-2021  christos don't opencode kauth_cred_get()
 1.30  18-Mar-2021  nia restore flags-as-bitmask, just in case another function is passing its
flags here.
 1.29  18-Mar-2021  nia ts2timo(9): refactor TIMER_ABSTIME handling

- only use *start for output of the original time.
for clarity purposes, use the temporary variable for everything else.
- add a check for integer underflow

Reported-by: syzbot+17b5072d5ed262a966d3@syzkaller.appspotmail.com
 1.28  18-Mar-2021  nia revert previous
 1.27  18-Mar-2021  nia ts2timo(9): further deobfuscation.

we want to check against NULL, so use it, rather than some random value on
the stack
 1.26  18-Mar-2021  nia ts2timo(9): refactor for clarity

- 'flags' is not a boolean...
- actually, it is, but it should simply be named "absolute".
- convert tests for if (flags) to if (flags != TIMER_RELTIME)
- hoist function calls out of if expressions (requested by uwe)

still needs fixing:

- need to check for overflow before timespecsub.
 1.25  23-May-2020  ad branches: 1.25.2;
Move proc_lock into the data segment. It was dynamically allocated because
at the time we had mutex_obj_alloc() but not __cacheline_aligned.
 1.24  11-May-2020  riastradh Remove timedwaitclock.

This did not fix the bug I hoped it would fix in futex, and needs
more design thought. Might redo it somewhat differently later.
 1.23  04-May-2020  riastradh New timedwaitclock_setup.

C99 initializers would have been nice, but part of the struct is
explicit parameters and part of the struct is implicit state, and
-Wmissing-field-initializers can't discriminate between them
(although for some reason it doesn't always fire!).

Instead, just do:

struct timedwaitclock T;

timedwaitclock_setup(&T, timeout, clockid, flags, epsilon);
while (...) {
error = timedwaitclock_begin(&T, &timo);
if (error)
...
error = waitwhatever(timo);
timedwaitclock_end(&T);
...
}
 1.22  03-May-2020  thorpej Move timedwaitclock_begin() and timedwaitclock_end() to subr_time.c
so they can be used by other things.
 1.21  04-Oct-2019  kamil Avoid signed integer overflow in ts2timo() for ts->tv_nsec

The condition would be rechecked later again after subtracting start time
and most invalid inputs rejected. In corner cases the current code can
accept certain invalid inputs that will pass checks later and behave like
valid ones (due to signed integer overflow).

Reported-by: syzbot+3a4a07b62558bbbd3baa@syzkaller.appspotmail.com
 1.20  08-Dec-2017  christos branches: 1.20.4; 1.20.8;
make _lwp_park return the remaining time to sleep in the "ts" argument
if it is a relative timestamp, as discussed in tech-kern.
XXX: pullup-8
 1.19  05-Jan-2017  pgoyette Use the new magic BINTIME_SCALE_* macros instead of magic numbers.

No functional change.
 1.18  23-Apr-2016  christos branches: 1.18.2;
Add clock_getcpuclockid2(2) as well as CLOCK_{PROCESS,THREAD}_CPUTIME_ID.
 1.17  22-May-2013  christos branches: 1.17.10;
Make ts2timo(9) always return the absolute start time if the start argument
is present, and handle the TIMER_ABSTIME case in nanosleep1(9).
 1.16  21-May-2013  bouyer ts2timo(): if TIMER_ABSTIME is set and start is not NULL, initialize
it to 0. Some callers (e.g. nanosleep1()) expect *start to always be
initialized and would use random values from stack otherwise.
While there, remove an always-true conditionnal.
 1.15  01-Apr-2013  christos undo previous and move the test to the timeout function since 0,0 means
disable timer/interval.
 1.14  01-Apr-2013  christos do the timeout test centrally.
 1.13  01-Apr-2013  martin ts2timo: return ETIMEDOUT instead of failing an assertion when the
calculated difference to the target time is zero.
 1.12  31-Mar-2013  christos instead of doing the tests twice fix the *fix() routines to return ETIMEDOUT
if seconds are negative. Accorting to TOG, this is not an error as linux
claims. Also make an assert stricter.
 1.11  29-Mar-2013  martin Move clock_gettime1() to subr_time.c (which is included in rump kernels)
 1.10  29-Mar-2013  christos Centralize the computation of struct timespec to the int timo.
Make lwp_park take the regular arguments for specifying what kind
of timeout we supply like clock_nanosleep(), namely clockid_t and flags.
 1.9  18-Dec-2011  christos branches: 1.9.6;
Fix monotonic interval timers.
 1.8  26-Jan-2011  drochner branches: 1.8.4; 1.8.8;
fix and cleanup for tvtohz():
-assume (KASSERT) that the timeval given is normalized, and remove
some partial fixup which I don't see what it is good for
(I'm ready to back that out if someone tells a reason)
-catch overflows due to conversion of time_t (from tv_sec) to
integer -- this function doesn't do 64-bit arithmetics (which makes
sense because relative times which don't fit into 32 bits can be
considered nonsense here), and before a huge tv_sec could lead to
a zero hz result, violating the caller's assumptions (in particular
trigger a diagnostic panic in abstimeout2timo())
 1.7  26-Apr-2010  rmind branches: 1.7.2; 1.7.4;
Revert rev1.6, it shall return ETIMEDOUT for pthread calls.
 1.6  23-Apr-2010  rmind mq_timed{send,receive}: as required by POSIX, return EINVAL on invalid
timeout and thread would have blocked, instead of ETIMEDOUT. Change is
to abstimeout2timo(), thus also affects _lwp_park(2).

Reported by Stathis Kamperis some months ago.
 1.5  01-Nov-2009  rmind branches: 1.5.4;
- Move inittimeleft() and gettimeleft() to subr_time.c, where they belong.
- Move abstimeout2timo() there too and export. Use it in lwp_park().
 1.4  15-Jul-2008  christos Use more timespecs internally. From Alexander Shishkin and me.
Welcome to 4.99.70, 30 more to go for 100.
 1.3  22-Dec-2007  yamt branches: 1.3.6; 1.3.10; 1.3.12; 1.3.14; 1.3.16;
reduce #ifdef __HAVE_TIMECOUNTER.
 1.2  29-Nov-2007  ad branches: 1.2.2; 1.2.6;
Pull in sys/intr.h
 1.1  09-Aug-2007  pooka branches: 1.1.2; 1.1.4; 1.1.6; 1.1.8; 1.1.10; 1.1.16;
Shuffle routines which just roll values around from kern_clock.c
and kern_time.c to subr_time.c.
 1.1.16.2  27-Dec-2007  mjf Sync with HEAD.
 1.1.16.1  08-Dec-2007  mjf Sync with HEAD.
 1.1.10.4  21-Jan-2008  yamt sync with head
 1.1.10.3  07-Dec-2007  yamt sync with head
 1.1.10.2  03-Sep-2007  yamt sync with head.
 1.1.10.1  09-Aug-2007  yamt file subr_time.c was added on branch yamt-lazymbuf on 2007-09-03 14:41:06 +0000
 1.1.8.1  09-Jan-2008  matt sync with HEAD
 1.1.6.2  20-Aug-2007  ad Sync with HEAD.
 1.1.6.1  09-Aug-2007  ad file subr_time.c was added on branch vmlocking on 2007-08-20 22:07:07 +0000
 1.1.4.3  03-Dec-2007  joerg Sync with HEAD.
 1.1.4.2  16-Aug-2007  jmcneill Sync with HEAD.
 1.1.4.1  09-Aug-2007  jmcneill file subr_time.c was added on branch jmcneill-pm on 2007-08-16 11:03:37 +0000
 1.1.2.2  15-Aug-2007  skrll Sync with HEAD.
 1.1.2.1  09-Aug-2007  skrll file subr_time.c was added on branch nick-csl-alignment on 2007-08-15 13:49:14 +0000
 1.2.6.1  02-Jan-2008  bouyer Sync with HEAD
 1.2.2.1  26-Dec-2007  ad Sync with head.
 1.3.16.1  19-Oct-2008  haad Sync with HEAD.
 1.3.14.1  18-Jul-2008  simonb Sync with head.
 1.3.12.1  18-Sep-2008  wrstuden Sync with wrstuden-revivesa-base-2.
 1.3.10.2  11-Mar-2010  yamt sync with head
 1.3.10.1  04-May-2009  yamt sync with head.
 1.3.6.1  28-Sep-2008  mjf Sync with HEAD.
 1.5.4.1  05-Mar-2011  rmind sync with head
 1.7.4.1  08-Feb-2011  bouyer Sync with HEAD
 1.7.2.1  06-Jun-2011  jruoho Sync with HEAD.
 1.8.8.1  18-Feb-2012  mrg merge to -current.
 1.8.4.2  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.8.4.1  17-Apr-2012  yamt sync with head
 1.9.6.2  03-Dec-2017  jdolecek update from HEAD
 1.9.6.1  23-Jun-2013  tls resync from head
 1.17.10.2  05-Feb-2017  skrll Sync with HEAD
 1.17.10.1  29-May-2016  skrll Sync with HEAD
 1.18.2.1  07-Jan-2017  pgoyette Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
 1.20.8.2  13-Oct-2024  martin Pull up following revision(s) (requested by kre in ticket #1909):

share/man/man9/ts2timo.9: revision 1.4
share/man/man9/ts2timo.9: revision 1.5
sys/kern/subr_time.c: revision 1.39 (patch)

ts2timo() uses struct timespec, those don't have a tv_usec
field, they have tv_nsec instead. EINVAL will happen if the
tv_nsec field is invalid, not the non-existant tv_usec field.
PR kern/58733 - avoid ts2timo() clobbering its arg

See the PR for the gory details - in the TIMER_ABSTIME case
ts2timo() should not (really *must* not) alter the timespec
it is passed (in that case it should be const - but for now
anyway, cannot be for the TIMER_RELTIME case, and there is
just one of them!).
 1.20.8.1  11-Oct-2024  martin Pull up following revision(s) (requested by riastradh in ticket #1896):

sys/sys/resourcevar.h: revision 1.58
sys/kern/subr_time.c: revision 1.36
sys/kern/subr_time.c: revision 1.37
sys/kern/subr_time.c: revision 1.38
sys/kern/kern_resource.c: revision 1.190
sys/kern/kern_resource.c: revision 1.191
tests/lib/libc/sys/t_clock_gettime.c: revision 1.4
tests/lib/libc/sys/t_clock_gettime.c: revision 1.5
tests/lib/libc/sys/t_clock_gettime.c: revision 1.6
(all via patch)

kern: KASSERT(A && B) -> KASSERT(A); KASSERT(B)
White space fix.

kern_resource.c: Fix brace placement.
No functional change intended.

t_clock_gettime: Add test for PR kern/57512.

clock_gettime(2): Fix CLOCK_PROCESS/THREAD_CPUTIME_ID.
Use same calculation as getrusage, not some ad-hoc arithmetic of
internal scheduler parameters that are periodically rewound.
PR kern/57512

t_clock_gettime: Avoid signed/unsigned comparison.
 1.20.4.1  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.25.2.1  03-Apr-2021  thorpej Sync with HEAD.
 1.35.4.2  11-Oct-2024  martin Pull up following revision(s) (requested by riastradh in ticket #943):
sys/sys/resourcevar.h: revision 1.58
sys/kern/subr_time.c: revision 1.36
sys/kern/subr_time.c: revision 1.37
sys/kern/subr_time.c: revision 1.38
sys/kern/kern_resource.c: revision 1.190
sys/kern/kern_resource.c: revision 1.191
tests/lib/libc/sys/t_clock_gettime.c: revision 1.4
tests/lib/libc/sys/t_clock_gettime.c: revision 1.5
tests/lib/libc/sys/t_clock_gettime.c: revision 1.6
kern: KASSERT(A && B) -> KASSERT(A); KASSERT(B)
White space fix.
kern_resource.c: Fix brace placement.
No functional change intended.
t_clock_gettime: Add test for PR kern/57512.
clock_gettime(2): Fix CLOCK_PROCESS/THREAD_CPUTIME_ID.
Use same calculation as getrusage, not some ad-hoc arithmetic of
internal scheduler parameters that are periodically rewound.
PR kern/57512
XXX pullup-8
XXX pullup-9
XXX pullup-10
t_clock_gettime: Avoid signed/unsigned comparison.
 1.35.4.1  11-Oct-2024  martin Pull up following revision(s) (requested by kre in ticket #942):

share/man/man9/ts2timo.9: revision 1.4
share/man/man9/ts2timo.9: revision 1.5
sys/kern/subr_time.c: revision 1.39

ts2timo() uses struct timespec, those don't have a tv_usec
field, they have tv_nsec instead. EINVAL will happen if the
tv_nsec field is invalid, not the non-existant tv_usec field.

PR kern/58733 - avoid ts2timo() clobbering its arg

See the PR for the gory details - in the TIMER_ABSTIME case
ts2timo() should not (really *must* not) alter the timespec
it is passed (in that case it should be const - but for now
anyway, cannot be for the TIMER_RELTIME case, and there is
just one of them!).

RSS XML Feed