Page MenuHomeFreeBSD

posix timers: Check for overflow when converting to ns
ClosedPublic

Authored by markj on May 12 2021, 4:48 PM.

Details

Summary

Disallow a time or timer period value when the conversion to nanoseconds
would overflow. Otherwise it is possible to trigger a divison by zero
in realtime_expire_l(), where we compute the number of overruns by
dividing by the interval.

Fixes: 7995dae9 ("posix timers: Improve the overrun calculation")
Reported by: syzbot+5ab360bd3d3e3c5a6e0e@syzkaller.appspotmail.com
Reported by: syzbot+157b74ff493140d86eac@syzkaller.appspotmail.com
MFC after: 1 week

Diff Detail

Repository
rG FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

markj requested review of this revision.May 12 2021, 4:48 PM

I think we want some symbol like ONE_SEC_NS, so that reader can be freed from counting zeroes in the constant.

This revision is now accepted and ready to land.May 12 2021, 7:13 PM

Add NSEC_PER_SEC, use it throughout kern_time.c.

This revision now requires review to proceed.May 12 2021, 8:59 PM
kib added inline comments.
sys/kern/kern_time.c
74

The 'L' suffix is not needed, I believe.

This revision is now accepted and ready to land.May 12 2021, 10:29 PM