[Bug 211960] [PATCH] Page fault panic under settimeofday when tv_sec / SECDAY overflows signed 32 bit int

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Aug 18 09:34:02 UTC 2016


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211960

            Bug ID: 211960
           Summary: [PATCH] Page fault panic under settimeofday when
                    tv_sec / SECDAY overflows signed 32 bit int
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: justin.mcomie at gmail.com
          Keywords: patch

Created attachment 173816
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=173816&action=edit
Patch with variable type changes.

Repro on FreeBSD-12.0-CURRENT-amd64-20160809-r303880:
  Set the date to a value exceeding the number of seconds in a day multiplied
  by the capacity of a signed a 32 bit integer.

  Does not panic:
    date -f "%s" `bc -l -e '24*60*60 * 2^31 -1' -e quit`

  Panics:
    date -f "%s" `bc -l -e '24*60*60 * 2^31' -e quit`

Stack backtrace:
  #0 0xffffffff80aa8cd0 at witness_debugger+0x70
  #1 0xffffffff80aa9fb7 at witness_warn+0x3d7
  #2 0xffffffff80ebc427 at trap_pfault+0x57
  #3 0xffffffff80ebbab4 at trap+0x284
  #4 0xffffffff80e9c941 at calltrap+0x8
  #5 0xffffffff810030dc at atrtc_settime+0xc
  #6 0xffffffff80a934a8 at resettodr+0xd8
  #7 0xffffffff80a5d5f4 at settime+0x154
  #8 0xffffffff80a5daa0 at sys_settimeofday+0x90
  #9 0xffffffff80ebcb7b at amd64_syscall+0x2db
  #10 0xffffffff80e9cc2b at Xfast_syscall+0xfb


For a fix I change container variable types from int to time_t in
clock_ts_to_ct.

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-bugs mailing list