Page MenuHomeFreeBSD

posix timers: Improve the overrun calculation
ClosedPublic

Authored by markj on Mar 5 2021, 4:43 PM.

Details

Summary

timer_settime(2) may be used to configure a timeout in the past. If
the timer is also periodic, we also try to compute the number of timer
overruns that occurred between the initial timeout and the time at which
the timer fired. This is done in a loop which iterates once per period
between the initial timeout and now. If the period is small and the
initial timeout was a long time ago, this loop can take forever to run,
so the system is effectively DOSed.

Replace the loop with a more direct calculation of
(now - initial timeout) / period to compute the number of overruns.

Reported by: syzkaller

Diff Detail

Repository
R10 FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

markj requested review of this revision.Mar 5 2021, 4:43 PM
sys/kern/kern_time.c
1639

but now - value can overflow if unchecked

1640

same for it_overrun + overruns

Both overflows are not UB but I think we want to avoid them nonetheless for correctness, since we check for other overflow there?

sys/kern/kern_time.c
1639

Which overflow do you mean exactly? We know that now >= value here.

sys/kern/kern_time.c
1639

Yes, this comment is nonsensical. But I still think it_overrun+overruns can overflow

Try to handle overflow when computing the 64-bit number of overruns.

This revision is now accepted and ready to land.Mar 7 2021, 3:38 PM