git: 8f8e64da6be5 - stable/13 - Fix overflow errors in sbttous and sbttoms

From: Alan Somers <asomers_at_FreeBSD.org>
Date: Mon, 23 May 2022 19:11:52 UTC
The branch stable/13 has been updated by asomers:

URL: https://cgit.FreeBSD.org/src/commit/?id=8f8e64da6be55d3dfebf95f52162eeec90a55143

commit 8f8e64da6be55d3dfebf95f52162eeec90a55143
Author:     Alan Somers <asomers@FreeBSD.org>
AuthorDate: 2022-04-06 20:03:11 +0000
Commit:     Alan Somers <asomers@FreeBSD.org>
CommitDate: 2022-05-23 19:11:27 +0000

    Fix overflow errors in sbttous and sbttoms
    
    Both of these functions would overflow for very large inputs.  Add tests
    for them.  Also, add tests for the inverse functions, *stosbt, whose
    overflow errors were fixed by 4c30b9ecd47.
    
    PR:             263073
    Sponsored by:   Axcient
    Reviewed by:    imp
    Differential Revision: https://reviews.freebsd.org/D34809
    
    (cherry picked from commit 10f44229dcd93672583ad6b6e1193a9bc9e4f7c7)
---
 sys/sys/time.h            |  12 ++-
 tests/sys/sys/Makefile    |   3 +-
 tests/sys/sys/time_test.c | 224 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 235 insertions(+), 4 deletions(-)

diff --git a/sys/sys/time.h b/sys/sys/time.h
index f3a3bc99a0f2..dae42c18d10a 100644
--- a/sys/sys/time.h
+++ b/sys/sys/time.h
@@ -220,7 +220,11 @@ static __inline int64_t
 sbttous(sbintime_t _sbt)
 {
 
-	return ((1000000 * _sbt) >> 32);
+#ifdef KASSERT
+	KASSERT(_sbt >= 0, ("Negative values illegal for sbttous: %jx", _sbt));
+#endif
+	return ((_sbt >> 32) * 1000000 +
+		(1000000 * (_sbt & 0xffffffffu) >> 32));
 }
 
 static __inline sbintime_t
@@ -243,8 +247,10 @@ ustosbt(int64_t _us)
 static __inline int64_t
 sbttoms(sbintime_t _sbt)
 {
-
-	return ((1000 * _sbt) >> 32);
+#ifdef KASSERT
+	KASSERT(_sbt >= 0, ("Negative values illegal for sbttoms: %jx", _sbt));
+#endif
+	return ((_sbt >> 32) * 1000 + (1000 * (_sbt & 0xffffffffu) >> 32));
 }
 
 static __inline sbintime_t
diff --git a/tests/sys/sys/Makefile b/tests/sys/sys/Makefile
index f6c45971d93c..7b0cf7e92743 100644
--- a/tests/sys/sys/Makefile
+++ b/tests/sys/sys/Makefile
@@ -9,7 +9,8 @@ ATF_TESTS_C=	arb_test \
 		bitstring_test \
 		qmath_test \
 		rb_test \
-		splay_test
+		splay_test \
+		time_test
 
 .if ${COMPILER_TYPE} == "gcc"
 CFLAGS.bitstring_test=	-fno-strict-overflow
diff --git a/tests/sys/sys/time_test.c b/tests/sys/sys/time_test.c
new file mode 100644
index 000000000000..ef6e497458f0
--- /dev/null
+++ b/tests/sys/sys/time_test.c
@@ -0,0 +1,224 @@
+/*-
+ * Copyright (c) 2022 Axcient
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions, and the following disclaimer,
+ *    without modification.
+ * 2. Redistributions in binary form must reproduce at minimum a disclaimer
+ *    substantially similar to the "NO WARRANTY" disclaimer below
+ *    ("Disclaimer") and any redistribution must be conditioned upon
+ *    including a substantially similar Disclaimer requirement for further
+ *    binary redistribution.
+ *
+ * NO WARRANTY
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGES.
+ *
+ * $FreeBSD$
+ */
+#include <sys/types.h>
+#include <sys/time.h>
+
+#include <inttypes.h>
+#include <stdio.h>
+
+#include <atf-c.h>
+
+
+static void
+atf_check_nstosbt(sbintime_t expected, int64_t ns) {
+	sbintime_t actual = nstosbt(ns);
+
+	ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1,
+			"%"PRId64" != nstosbt(%"PRId64") (%"PRId64")",
+			expected, ns, actual);
+}
+
+ATF_TC_WITHOUT_HEAD(nstosbt);
+ATF_TC_BODY(nstosbt, tc)
+{
+	atf_check_nstosbt(0, 0);
+	atf_check_nstosbt(4, 1);
+	/* 1 second */
+	atf_check_nstosbt((1ll << 32) - 4, 999999999);
+	atf_check_nstosbt(1ll << 32, 1000000000);
+	/* 2 seconds https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263073 */
+	atf_check_nstosbt((1ll << 33) - 4, 1999999999);
+	atf_check_nstosbt(1ll << 33, 2000000000);
+	/* 4 seconds */
+	atf_check_nstosbt((1ll << 34) - 4, 3999999999);
+	atf_check_nstosbt((1ll << 34), 4000000000);
+	/* Max value */
+	atf_check_nstosbt(((1ll << 31) - 1) << 32,
+			  ((1ll << 31) - 1) * 1000000000);
+}
+
+static void
+atf_check_ustosbt(sbintime_t expected, int64_t us) {
+	sbintime_t actual = ustosbt(us);
+
+	ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1,
+			"%"PRId64" != ustosbt(%"PRId64") (%"PRId64")",
+			expected, us, actual);
+}
+
+ATF_TC_WITHOUT_HEAD(ustosbt);
+ATF_TC_BODY(ustosbt, tc)
+{
+	atf_check_ustosbt(0, 0);
+	atf_check_ustosbt(4295, 1);
+	/* 1 second */
+	atf_check_ustosbt((1ll << 32) - 4295, 999999);
+	atf_check_ustosbt(1ll << 32, 1000000);
+	/* 2 seconds https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263073 */
+	atf_check_ustosbt((1ll << 33) - 4295, 1999999);
+	atf_check_ustosbt(1ll << 33, 2000000);
+	/* 4 seconds */
+	atf_check_ustosbt((1ll << 34) - 4295, 3999999);
+	atf_check_ustosbt(1ll << 34, 4000000);
+	/* Max value */
+	atf_check_ustosbt(((1ull << 31) - 1) << 32,
+			  ((1ll << 31) - 1) * 1000000);
+}
+
+static void
+atf_check_mstosbt(sbintime_t expected, int64_t ms) {
+	sbintime_t actual = mstosbt(ms);
+
+	ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1,
+			"%"PRId64" != mstosbt(%"PRId64") (%"PRId64")",
+			expected, ms, actual);
+}
+
+ATF_TC_WITHOUT_HEAD(mstosbt);
+ATF_TC_BODY(mstosbt, tc)
+{
+	atf_check_mstosbt(0, 0);
+	atf_check_mstosbt(4294967, 1);
+	/* 1 second */
+	atf_check_mstosbt((1ll << 32) - 4294968, 999);
+	atf_check_mstosbt(1ll << 32, 1000);
+	/* 2 seconds https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263073 */
+	atf_check_mstosbt((1ll << 33) - 4294968, 1999);
+	atf_check_mstosbt(1ll << 33, 2000);
+	/* 4 seconds */
+	atf_check_mstosbt((1ll << 34) - 4294968, 3999);
+	atf_check_mstosbt(1ll << 34, 4000);
+	/* Max value */
+	atf_check_mstosbt(((1ll << 31) - 1) << 32, ((1ll << 31) - 1) * 1000);
+}
+
+static void
+atf_check_sbttons(int64_t expected, sbintime_t sbt) {
+	int64_t actual = sbttons(sbt);
+
+	ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1,
+			"%"PRId64" != sbttons(%"PRId64") (%"PRId64")",
+			expected, sbt, actual);
+}
+
+ATF_TC_WITHOUT_HEAD(sbttons);
+ATF_TC_BODY(sbttons, tc)
+{
+	atf_check_sbttons(0, 0);
+	atf_check_sbttons(0, 1);
+	atf_check_sbttons(1, (1ll << 32) / 1000000000);
+	/* 1 second */
+	atf_check_sbttons(1000000000, 1ll << 32);
+	atf_check_sbttons(1999999999, (1ll << 33) - 1);
+	/* 2 seconds */
+	atf_check_sbttons(1999999999, (1ll << 33) - 1);
+	atf_check_sbttons(2000000000, 1ll << 33);
+	/* 4 seconds */
+	atf_check_sbttons(3999999999, (1ll << 34) - 1);
+	atf_check_sbttons(4000000000, 1ll << 34);
+	/* edge cases */
+	atf_check_sbttons(999999999, (1ll << 32) - 1);
+	atf_check_sbttons((1ll << 31) * 1000000000, (1ull << 63) - 1);
+}
+
+static void
+atf_check_sbttous(int64_t expected, sbintime_t sbt) {
+	int64_t actual = sbttous(sbt);
+
+	ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1,
+			"%"PRId64" != sbttous(%"PRId64") (%"PRId64")",
+			expected, sbt, actual);
+}
+
+ATF_TC_WITHOUT_HEAD(sbttous);
+ATF_TC_BODY(sbttous, tc)
+{
+	atf_check_sbttous(0, 0);
+	atf_check_sbttous(0, 1);
+	atf_check_sbttous(1, (1ll << 32) / 1000000);
+	/* 1 second */
+	atf_check_sbttous(1000000, 1ll << 32);
+	atf_check_sbttous(1999999, (1ll << 33) - 1);
+	/* 2 seconds */
+	atf_check_sbttous(1999999, (1ll << 33) - 1);
+	atf_check_sbttous(2000000, 1ll << 33);
+	/* 4 seconds */
+	atf_check_sbttous(3999999, (1ll << 34) -1);
+	atf_check_sbttous(4000000, 1ll << 34);
+	/* Overflows (bug 263073) */
+	atf_check_sbttous(1ll << 31, (1ull << 63) / 1000000);
+	atf_check_sbttous(1ll << 31, (1ull << 63) / 1000000 + 1);
+	atf_check_sbttous((1ll << 31) * 1000000, (1ull << 63) - 1);
+}
+
+static void
+atf_check_sbttoms(int64_t expected, sbintime_t sbt) {
+	int64_t actual = sbttoms(sbt);
+
+	ATF_CHECK_MSG((expected) - 1 <= (actual) && actual <= (expected) + 1,
+			"%"PRId64" != sbttoms(%"PRId64") (%"PRId64")",
+			expected, sbt, actual);
+}
+
+ATF_TC_WITHOUT_HEAD(sbttoms);
+ATF_TC_BODY(sbttoms, tc)
+{
+	atf_check_sbttoms(0, 0);
+	atf_check_sbttoms(0, 1);
+	atf_check_sbttoms(1, (1ll << 32) / 1000);
+	/* 1 second */
+	atf_check_sbttoms(999, (1ll << 32) - 1);
+	atf_check_sbttoms(1000, 1ll << 32);
+	/* 2 seconds */
+	atf_check_sbttoms(1999, (1ll << 33) - 1);
+	atf_check_sbttoms(2000, 1ll << 33);
+	/* 4 seconds */
+	atf_check_sbttoms(3999, (1ll << 34) - 1);
+	atf_check_sbttoms(4000, 1ll << 34);
+	/* Overflows (bug 263073) */
+	atf_check_sbttoms(1ll << 31, (1ull << 63) / 1000);
+	atf_check_sbttoms(1ll << 31, (1ull << 63) / 1000 + 1);
+	atf_check_sbttoms((1ll << 31) * 1000, (1ull << 63) - 1);
+}
+
+ATF_TP_ADD_TCS(tp)
+{
+
+	ATF_TP_ADD_TC(tp, nstosbt);
+	ATF_TP_ADD_TC(tp, ustosbt);
+	ATF_TP_ADD_TC(tp, mstosbt);
+	ATF_TP_ADD_TC(tp, sbttons);
+	ATF_TP_ADD_TC(tp, sbttous);
+	ATF_TP_ADD_TC(tp, sbttoms);
+
+	return (atf_no_error());
+}