[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <8734q19glf.ffs@tglx>
Date: Wed, 29 May 2024 10:18:04 +0200
From: Thomas Gleixner <tglx@...utronix.de>
To: Miroslav Lichvar <mlichvar@...hat.com>
Cc: Justin Stitt <justinstitt@...gle.com>, John Stultz <jstultz@...gle.com>,
Stephen Boyd <sboyd@...nel.org>, Nathan Chancellor <nathan@...nel.org>,
Bill Wendling <morbo@...gle.com>, Nick Desaulniers
<ndesaulniers@...gle.com>, linux-kernel@...r.kernel.org,
llvm@...ts.linux.dev, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] ntp: remove accidental integer wrap-around
On Mon, May 27 2024 at 10:26, Miroslav Lichvar wrote:
> On Fri, May 24, 2024 at 02:44:19PM +0200, Thomas Gleixner wrote:
>> On Fri, May 24 2024 at 14:09, Thomas Gleixner wrote:
>> > So instead of turning the clock back, we might be better off to actually
>> > put the normalization in place at the assignment:
>> >
>> > time_maxerror = min(max(0, txc->maxerror), NTP_PHASE_LIMIT);
>> >
>> > or something like that.
>
> Yes, I think that's a better approach. Failing the system call could
> break existing applications, e.g. ntpd can be configured to accept a
> large root distance and it doesn't clamp the maxerror value, while
> updating the PLL offset in the same adjtimex() call.
Thanks for confirming. I suspected that, but the original change logs
are pretty useless in that regard.
>> So that commit also removed the sanity check for time_esterror, but
>> that's not doing anything in the kernel other than being reset in
>> clear_ntp() and being handed back to user space. No idea what this is
>> actually used for.
>
> It's a lower-bound estimate of the clock error, which applications can
> check if it's acceptable for them. I think it should be clamped too.
> It doesn't make much sense for it to be larger than the maximum error.
Ok.
> Another possible improvement of adjtimex() would be to set the UNSYNC
> flag immediately in the call if maxerror >= 16s to avoid the delay of
> up to 1 second for applications which check only that flag instead of
> the maxerror value.
That needs to be a seperate change.
Thanks,
tglx
Powered by blists - more mailing lists