NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/45634: hardclock_ticks corner cases in vflushnext() et al



>Number:         45634
>Category:       kern
>Synopsis:       hardclock_ticks corner cases in vflushnext() et al
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Nov 19 21:00:00 +0000 2011
>Originator:     Christian Biere
>Release:        
>Organization:
>Environment:
>Description:
File: sys/kern/vfs_mount.c
Function: vflushnext()

1. The comparision "hardclock_ticks > *when" apparently assumes perfect 
integers whilst "hardclock_ticks" will actually wrap around (at least that's 
the hope) after some time. Therefore this comparision is insufficient to verify 
has advanced one or more ticks. If *when is initialized just before a wrap 
around (e.g. to INT_MAX) and hardclock_ticks wraps around to INT_MIN, the 
comparision will unintentionally fail. [*]

2. The expression "hardclock_ticks + hz / 10" may result in an integer overflow 
and hence cause undefined behavior.

File: sys/kern/kern_clock.c
Function: hardclock()

3. As "hardclock_ticks" is of type signed int an integer overflow occures after 
some defined run-time depending on the value of "hz". [*]
While changing its type to unsigned int would fix this issue allowing a 
well-defined wrap around, this would require further changes in code using this 
variable. Therefore, side effects can be avoid by the following:

 hardclock_ticks = (unsigned int) hardclock_ticks + 1;

However, it might actually be worthwhile to check the uses of "hardclock_ticks" 
elsewhere anyways. For example, it seems the wrap around is not taken into 
account in lacp_sm_tx() in net/agr/ieee8023ad_lacp_sm_tx.c as well as other 
files.

[*] Assuming hz is set to 100, the apparent compile-time default, these 
circumstances may arise about every 249 days. Thus, a higher value of hz will 
increase the likeliness in proportion (e.g. 25 days at 1000 hz). 

>How-To-Repeat:

>Fix:



Home | Main Index | Thread Index | Old Index