git: e04d75193865 - stable/12 - fix integer overflow bugs in *stosbt
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 20 Aug 2022 02:26:25 UTC
The branch stable/12 has been updated by asomers:
URL: https://cgit.FreeBSD.org/src/commit/?id=e04d75193865985f64e450931b51c6c2042f913d
commit e04d75193865985f64e450931b51c6c2042f913d
Author: Alan Somers <asomers@FreeBSD.org>
AuthorDate: 2022-04-06 20:03:11 +0000
Commit: Alan Somers <asomers@FreeBSD.org>
CommitDate: 2022-08-20 02:24:58 +0000
fix integer overflow bugs in *stosbt
68f57679d660 Fixed another class of integer overflows, but introduced a
boundary condition for 2-4s in ns conversion, 2-~4000s in us conversions
and 2-~4,000,000s in ms conversions. This was because we bogusly used
SBT_1S for the notion of 1 second, instead of the appropriate power of
10. To fix, just use the appropriate power of 10, which avoids these
overflows.
This caused some sleeps in ZFS to be on the order of an hour.
MFC: 1 day
PR: 263073
Sponsored by: Netflix
Reviewed by: asomers
Differential Revision: https://reviews.freebsd.org/D34790
Fix overflow errors in sbttous and sbttoms
Both of these functions would overflow for very large inputs. Add tests
for them. Also, add tests for the inverse functions, *stosbt, whose
overflow errors were fixed by 4c30b9ecd47.
PR: 263073
Sponsored by: Axcient
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D34809
(cherry picked from commit 4c30b9ecd47a2d92565731082a6a4f2bd1e6e051)
(cherry picked from commit 10f44229dcd93672583ad6b6e1193a9bc9e4f7c7)
---
sys/sys/time.h | 18 ++--
tests/sys/sys/Makefile | 3 +-
tests/sys/sys/time_test.c | 224 ++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 238 insertions(+), 7 deletions(-)
diff --git a/sys/sys/time.h b/sys/sys/time.h
index fb55bfefd85e..61b04ecf16bf 100644
--- a/sys/sys/time.h
+++ b/sys/sys/time.h
@@ -206,7 +206,7 @@ nstosbt(int64_t _ns)
#ifdef KASSERT
KASSERT(_ns >= 0, ("Negative values illegal for nstosbt: %jd", _ns));
#endif
- if (_ns >= SBT_1S) {
+ if (_ns >= 1000000000) {
sb = (_ns / 1000000000) * SBT_1S;
_ns = _ns % 1000000000;
}
@@ -219,7 +219,11 @@ static __inline int64_t
sbttous(sbintime_t _sbt)
{
- return ((1000000 * _sbt) >> 32);
+#ifdef KASSERT
+ KASSERT(_sbt >= 0, ("Negative values illegal for sbttous: %jx", _sbt));
+#endif
+ return ((_sbt >> 32) * 1000000 +
+ (1000000 * (_sbt & 0xffffffffu) >> 32));
}
static __inline sbintime_t
@@ -230,7 +234,7 @@ ustosbt(int64_t _us)
#ifdef KASSERT
KASSERT(_us >= 0, ("Negative values illegal for ustosbt: %jd", _us));
#endif
- if (_us >= SBT_1S) {
+ if (_us >= 1000000) {
sb = (_us / 1000000) * SBT_1S;
_us = _us % 1000000;
}
@@ -242,8 +246,10 @@ ustosbt(int64_t _us)
static __inline int64_t
sbttoms(sbintime_t _sbt)
{
-
- return ((1000 * _sbt) >> 32);
+#ifdef KASSERT
+ KASSERT(_sbt >= 0, ("Negative values illegal for sbttoms: %jx", _sbt));
+#endif
+ return ((_sbt >> 32) * 1000 + (1000 * (_sbt & 0xffffffffu) >> 32));
}
static __inline sbintime_t
@@ -254,7 +260,7 @@ mstosbt(int64_t _ms)
#ifdef KASSERT
KASSERT(_ms >= 0, ("Negative values illegal for mstosbt: %jd", _ms));
#endif
- if (_ms >= SBT_1S) {
+ if (_ms >= 1000) {
sb = (_ms / 1000) * SBT_1S;
_ms = _ms % 1000;
}
diff --git a/tests/sys/sys/Makefile b/tests/sys/sys/Makefile
index b0c531525596..600d69b700ca 100644
--- a/tests/sys/sys/Makefile
+++ b/tests/sys/sys/Makefile
@@ -4,7 +4,8 @@
TESTSDIR= ${TESTSBASE}/sys/sys
-ATF_TESTS_C= bitstring_test
+ATF_TESTS_C= bitstring_test \
+ time_test
WARNS?= 5
diff --git a/tests/sys/sys/time_test.c b/tests/sys/sys/time_test.c
new file mode 100644
index 000000000000..ef6e497458f0
--- /dev/null
+++ b/tests/sys/sys/time_test.c
@@ -0,0 +1,224 @@
+/*-
+ * Copyright (c) 2022 Axcient
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions, and the following disclaimer,
+ * without modification.
+ * 2. Redistributions in binary form must reproduce at minimum a disclaimer
+ * substantially similar to the "NO WARRANTY" disclaimer below
+ * ("Disclaimer") and any redistribution must be conditioned upon
+ * including a substantially similar Disclaimer requirement for further
+ * binary redistribution.
+ *
+ * NO WARRANTY
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGES.
+ *
+ * $FreeBSD$
+ */
+#include <sys/types.h>
+#include <sys/time.h>
+
+#include <inttypes.h>
+#include <stdio.h>
+
+#include <atf-c.h>
+
+
+static void
+atf_check_nstosbt(sbintime_t expected, int64_t ns) {
+ sbintime_t actual = nstosbt(ns);
+
+ ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1,
+ "%"PRId64" != nstosbt(%"PRId64") (%"PRId64")",
+ expected, ns, actual);
+}
+
+ATF_TC_WITHOUT_HEAD(nstosbt);
+ATF_TC_BODY(nstosbt, tc)
+{
+ atf_check_nstosbt(0, 0);
+ atf_check_nstosbt(4, 1);
+ /* 1 second */
+ atf_check_nstosbt((1ll << 32) - 4, 999999999);
+ atf_check_nstosbt(1ll << 32, 1000000000);
+ /* 2 seconds https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263073 */
+ atf_check_nstosbt((1ll << 33) - 4, 1999999999);
+ atf_check_nstosbt(1ll << 33, 2000000000);
+ /* 4 seconds */
+ atf_check_nstosbt((1ll << 34) - 4, 3999999999);
+ atf_check_nstosbt((1ll << 34), 4000000000);
+ /* Max value */
+ atf_check_nstosbt(((1ll << 31) - 1) << 32,
+ ((1ll << 31) - 1) * 1000000000);
+}
+
+static void
+atf_check_ustosbt(sbintime_t expected, int64_t us) {
+ sbintime_t actual = ustosbt(us);
+
+ ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1,
+ "%"PRId64" != ustosbt(%"PRId64") (%"PRId64")",
+ expected, us, actual);
+}
+
+ATF_TC_WITHOUT_HEAD(ustosbt);
+ATF_TC_BODY(ustosbt, tc)
+{
+ atf_check_ustosbt(0, 0);
+ atf_check_ustosbt(4295, 1);
+ /* 1 second */
+ atf_check_ustosbt((1ll << 32) - 4295, 999999);
+ atf_check_ustosbt(1ll << 32, 1000000);
+ /* 2 seconds https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263073 */
+ atf_check_ustosbt((1ll << 33) - 4295, 1999999);
+ atf_check_ustosbt(1ll << 33, 2000000);
+ /* 4 seconds */
+ atf_check_ustosbt((1ll << 34) - 4295, 3999999);
+ atf_check_ustosbt(1ll << 34, 4000000);
+ /* Max value */
+ atf_check_ustosbt(((1ull << 31) - 1) << 32,
+ ((1ll << 31) - 1) * 1000000);
+}
+
+static void
+atf_check_mstosbt(sbintime_t expected, int64_t ms) {
+ sbintime_t actual = mstosbt(ms);
+
+ ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1,
+ "%"PRId64" != mstosbt(%"PRId64") (%"PRId64")",
+ expected, ms, actual);
+}
+
+ATF_TC_WITHOUT_HEAD(mstosbt);
+ATF_TC_BODY(mstosbt, tc)
+{
+ atf_check_mstosbt(0, 0);
+ atf_check_mstosbt(4294967, 1);
+ /* 1 second */
+ atf_check_mstosbt((1ll << 32) - 4294968, 999);
+ atf_check_mstosbt(1ll << 32, 1000);
+ /* 2 seconds https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263073 */
+ atf_check_mstosbt((1ll << 33) - 4294968, 1999);
+ atf_check_mstosbt(1ll << 33, 2000);
+ /* 4 seconds */
+ atf_check_mstosbt((1ll << 34) - 4294968, 3999);
+ atf_check_mstosbt(1ll << 34, 4000);
+ /* Max value */
+ atf_check_mstosbt(((1ll << 31) - 1) << 32, ((1ll << 31) - 1) * 1000);
+}
+
+static void
+atf_check_sbttons(int64_t expected, sbintime_t sbt) {
+ int64_t actual = sbttons(sbt);
+
+ ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1,
+ "%"PRId64" != sbttons(%"PRId64") (%"PRId64")",
+ expected, sbt, actual);
+}
+
+ATF_TC_WITHOUT_HEAD(sbttons);
+ATF_TC_BODY(sbttons, tc)
+{
+ atf_check_sbttons(0, 0);
+ atf_check_sbttons(0, 1);
+ atf_check_sbttons(1, (1ll << 32) / 1000000000);
+ /* 1 second */
+ atf_check_sbttons(1000000000, 1ll << 32);
+ atf_check_sbttons(1999999999, (1ll << 33) - 1);
+ /* 2 seconds */
+ atf_check_sbttons(1999999999, (1ll << 33) - 1);
+ atf_check_sbttons(2000000000, 1ll << 33);
+ /* 4 seconds */
+ atf_check_sbttons(3999999999, (1ll << 34) - 1);
+ atf_check_sbttons(4000000000, 1ll << 34);
+ /* edge cases */
+ atf_check_sbttons(999999999, (1ll << 32) - 1);
+ atf_check_sbttons((1ll << 31) * 1000000000, (1ull << 63) - 1);
+}
+
+static void
+atf_check_sbttous(int64_t expected, sbintime_t sbt) {
+ int64_t actual = sbttous(sbt);
+
+ ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1,
+ "%"PRId64" != sbttous(%"PRId64") (%"PRId64")",
+ expected, sbt, actual);
+}
+
+ATF_TC_WITHOUT_HEAD(sbttous);
+ATF_TC_BODY(sbttous, tc)
+{
+ atf_check_sbttous(0, 0);
+ atf_check_sbttous(0, 1);
+ atf_check_sbttous(1, (1ll << 32) / 1000000);
+ /* 1 second */
+ atf_check_sbttous(1000000, 1ll << 32);
+ atf_check_sbttous(1999999, (1ll << 33) - 1);
+ /* 2 seconds */
+ atf_check_sbttous(1999999, (1ll << 33) - 1);
+ atf_check_sbttous(2000000, 1ll << 33);
+ /* 4 seconds */
+ atf_check_sbttous(3999999, (1ll << 34) -1);
+ atf_check_sbttous(4000000, 1ll << 34);
+ /* Overflows (bug 263073) */
+ atf_check_sbttous(1ll << 31, (1ull << 63) / 1000000);
+ atf_check_sbttous(1ll << 31, (1ull << 63) / 1000000 + 1);
+ atf_check_sbttous((1ll << 31) * 1000000, (1ull << 63) - 1);
+}
+
+static void
+atf_check_sbttoms(int64_t expected, sbintime_t sbt) {
+ int64_t actual = sbttoms(sbt);
+
+ ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1,
+ "%"PRId64" != sbttoms(%"PRId64") (%"PRId64")",
+ expected, sbt, actual);
+}
+
+ATF_TC_WITHOUT_HEAD(sbttoms);
+ATF_TC_BODY(sbttoms, tc)
+{
+ atf_check_sbttoms(0, 0);
+ atf_check_sbttoms(0, 1);
+ atf_check_sbttoms(1, (1ll << 32) / 1000);
+ /* 1 second */
+ atf_check_sbttoms(999, (1ll << 32) - 1);
+ atf_check_sbttoms(1000, 1ll << 32);
+ /* 2 seconds */
+ atf_check_sbttoms(1999, (1ll << 33) - 1);
+ atf_check_sbttoms(2000, 1ll << 33);
+ /* 4 seconds */
+ atf_check_sbttoms(3999, (1ll << 34) - 1);
+ atf_check_sbttoms(4000, 1ll << 34);
+ /* Overflows (bug 263073) */
+ atf_check_sbttoms(1ll << 31, (1ull << 63) / 1000);
+ atf_check_sbttoms(1ll << 31, (1ull << 63) / 1000 + 1);
+ atf_check_sbttoms((1ll << 31) * 1000, (1ull << 63) - 1);
+}
+
+ATF_TP_ADD_TCS(tp)
+{
+
+ ATF_TP_ADD_TC(tp, nstosbt);
+ ATF_TP_ADD_TC(tp, ustosbt);
+ ATF_TP_ADD_TC(tp, mstosbt);
+ ATF_TP_ADD_TC(tp, sbttons);
+ ATF_TP_ADD_TC(tp, sbttous);
+ ATF_TP_ADD_TC(tp, sbttoms);
+
+ return (atf_no_error());
+}