git: c48048ebdbed - releng/13.1 - kevent: Fix an off-by-one in filt_timerexpire_l()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 09 Aug 2022 20:01:21 UTC
The branch releng/13.1 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=c48048ebdbed0901dacf1632af3b3db600533e64
commit c48048ebdbed0901dacf1632af3b3db600533e64
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-05-25 00:14:33 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-07-25 21:01:16 +0000
kevent: Fix an off-by-one in filt_timerexpire_l()
Suppose a periodic kevent timer fires close to its deadline, so that
now - kc->next is small. Then delta ends up being 1, and the next timer
deadline is set to (delta + 1) * kc->to, where kc->to is the timer
period. This means that the timer fires at half of the requested rate,
and the value returned in kn_data is similarly inaccurate.
Approved by: so
Security: FreeBSD-EN-22:16.kqueue
PR: 264131
Fixes: 7cb40543e964 ("filt_timerexpire: do not iterate over the interval")
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 524dadf7a8725dea144571843e611dbdbd59d668)
(cherry picked from commit 129112f80d2bfe6091ebb8656912fb55d6192e1f)
---
sys/kern/kern_event.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c
index 2e9773ab5701..e40d4b192dce 100644
--- a/sys/kern/kern_event.c
+++ b/sys/kern/kern_event.c
@@ -739,7 +739,7 @@ filt_timerexpire_l(struct knote *kn, bool proc_locked)
if (delta == 0)
delta = 1;
kn->kn_data += delta;
- kc->next += (delta + 1) * kc->to;
+ kc->next += delta * kc->to;
if (now >= kc->next) /* overflow */
kc->next = now + kc->to;
KNOTE_ACTIVATE(kn, 0); /* XXX - handle locking */