lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOcRiAFzN61FE=By1ANB3aK4PKVTBQAzrCcfoHfHwMX7Qn8wYA@mail.gmail.com>
Date: Sat, 9 Aug 2025 17:49:32 +0800
From: Wake Liu <wakel@...gle.com>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: Andy Lutomirski <luto@...nel.org>, Vincenzo Frascino <vincenzo.frascino@....com>, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] vdso: Define NSEC_PER_SEC as 64-bit to prevent overflow

Hi Thomas,

Here's the command I used in android.

```
/data/nativetest/vts_linux_kselftest_arm_32/set-timer-lat
```
And the strace message.
```
Setting timers for every 1 seconds
CLOCK_REALTIME         ABSTIME PERIODIC timer fired early:       1 : [FAILED]
CLOCK_REALTIME         ABSTIME PERIODIC max latency:     747886 ns : [OK]
CLOCK_REALTIME         RELTIME PERIODIC timer fired early:       0 : [OK]
CLOCK_REALTIME         RELTIME PERIODIC max latency: 4296109428 ns : [FAILED]
CLOCK_REALTIME         ABSTIME ONE-SHOT timer fired early:       0 : [OK]
CLOCK_REALTIME         ABSTIME ONE-SHOT max latency:     715292 ns : [OK]
CLOCK_REALTIME         ABSTIME ONE-SHOT count:                   1 : [OK]
CLOCK_REALTIME         RELTIME ONE-SHOT timer fired early:       0 : [OK]
CLOCK_REALTIME         RELTIME ONE-SHOT max latency:     628703 ns : [OK]
CLOCK_REALTIME         RELTIME ONE-SHOT count:                   1 : [OK]
CLOCK_MONOTONIC        ABSTIME PERIODIC timer fired early:       1 : [FAILED]
CLOCK_MONOTONIC        ABSTIME PERIODIC max latency:     738160 ns : [OK]
CLOCK_MONOTONIC        RELTIME PERIODIC timer fired early:       1 : [FAILED]
CLOCK_MONOTONIC        RELTIME PERIODIC max latency:     708172 ns : [OK]
CLOCK_MONOTONIC        ABSTIME ONE-SHOT timer fired early:       0 : [OK]
CLOCK_MONOTONIC        ABSTIME ONE-SHOT max latency:     586385 ns : [OK]
CLOCK_MONOTONIC        ABSTIME ONE-SHOT count:                   1 : [OK]
CLOCK_MONOTONIC        RELTIME ONE-SHOT timer fired early:       0 : [OK]
CLOCK_MONOTONIC        RELTIME ONE-SHOT max latency:     818237 ns : [OK]
CLOCK_MONOTONIC        RELTIME ONE-SHOT count:                   1 : [OK]
CLOCK_BOOTTIME         ABSTIME PERIODIC timer fired early:       1 : [FAILED]
CLOCK_BOOTTIME         ABSTIME PERIODIC max latency:     795249 ns : [OK]
CLOCK_BOOTTIME         RELTIME PERIODIC timer fired early:       0 : [OK]
CLOCK_BOOTTIME         RELTIME PERIODIC max latency: 4295613660 ns : [FAILED]
CLOCK_BOOTTIME         ABSTIME ONE-SHOT timer fired early:       0 : [OK]
CLOCK_BOOTTIME         ABSTIME ONE-SHOT max latency:     978516 ns : [OK]
CLOCK_BOOTTIME         ABSTIME ONE-SHOT count:                   1 : [OK]
CLOCK_BOOTTIME         RELTIME ONE-SHOT timer fired early:       0 : [OK]
CLOCK_BOOTTIME         RELTIME ONE-SHOT max latency:     628948 ns : [OK]
CLOCK_BOOTTIME         RELTIME ONE-SHOT count:                   1 : [OK]
CLOCK_REALTIME_ALARM   ABSTIME PERIODIC timer fired early:       1 : [FAILED]
CLOCK_REALTIME_ALARM   ABSTIME PERIODIC max latency:    1511436 ns : [OK]
CLOCK_REALTIME_ALARM   RELTIME PERIODIC timer fired early:       1 : [FAILED]
CLOCK_REALTIME_ALARM   RELTIME PERIODIC max latency:     758913 ns : [OK]
CLOCK_REALTIME_ALARM   ABSTIME ONE-SHOT timer fired early:       0 : [OK]
CLOCK_REALTIME_ALARM   ABSTIME ONE-SHOT max latency:     610881 ns : [OK]
CLOCK_REALTIME_ALARM   ABSTIME ONE-SHOT count:                   1 : [OK]
CLOCK_REALTIME_ALARM   RELTIME ONE-SHOT timer fired early:       0 : [OK]
CLOCK_REALTIME_ALARM   RELTIME ONE-SHOT max latency:     633708 ns : [OK]
CLOCK_REALTIME_ALARM   RELTIME ONE-SHOT count:                   1 : [OK]
CLOCK_BOOTTIME_ALARM   ABSTIME PERIODIC timer fired early:       0 : [OK]
CLOCK_BOOTTIME_ALARM   ABSTIME PERIODIC max latency: 4295683321 ns : [FAILED]
CLOCK_BOOTTIME_ALARM   RELTIME PERIODIC timer fired early:       0 : [OK]
CLOCK_BOOTTIME_ALARM   RELTIME PERIODIC max latency:     839520 ns : [OK]
CLOCK_BOOTTIME_ALARM   ABSTIME ONE-SHOT timer fired early:       0 : [OK]
CLOCK_BOOTTIME_ALARM   ABSTIME ONE-SHOT max latency:     601401 ns : [OK]
CLOCK_BOOTTIME_ALARM   ABSTIME ONE-SHOT count:                   1 : [OK]
CLOCK_BOOTTIME_ALARM   RELTIME ONE-SHOT timer fired early:       0 : [OK]
CLOCK_BOOTTIME_ALARM   RELTIME ONE-SHOT max latency:     628175 ns : [OK]
CLOCK_BOOTTIME_ALARM   RELTIME ONE-SHOT count:                   1 : [OK]
CLOCK_TAI              ABSTIME PERIODIC timer fired early:       0 : [OK]
CLOCK_TAI              ABSTIME PERIODIC max latency: 4295577120 ns : [FAILED]
CLOCK_TAI              RELTIME PERIODIC timer fired early:       0 : [OK]
CLOCK_TAI              RELTIME PERIODIC max latency:     921184 ns : [OK]
CLOCK_TAI              ABSTIME ONE-SHOT timer fired early:       0 : [OK]
CLOCK_TAI              ABSTIME ONE-SHOT max latency:     590048 ns : [OK]
CLOCK_TAI              ABSTIME ONE-SHOT count:                   1 : [OK]
CLOCK_TAI              RELTIME ONE-SHOT timer fired early:       0 : [OK]
CLOCK_TAI              RELTIME ONE-SHOT max latency:    1007202 ns : [OK]
CLOCK_TAI              RELTIME ONE-SHOT count:                   1 : [OK]
# Totals: pass:0 fail:0 xfail:0 xpass:0 skip:0 error:0
```

So there is some odd stuff going on in how the time comparisons are
done of 32 bit builds.

Looks like there is some integer overflow on 32 bit builds in the
timespec_sub function:

long long timespec_sub(struct timespec a, struct timespec b)
{
long long ret = NSEC_PER_SEC * b.tv_sec + b.tv_nsec;

ret -= NSEC_PER_SEC * a.tv_sec + a.tv_nsec;
return ret;
}

on 32 bit builds NSEC_PER_SEC and b.tv_sec are only 32 bit values
which I'm guessing is causing the overflow.

NSEC_PER_SEC is defined as 1000000000L but if we change this to
1000000000LL then the test starts passing.



Thomas Gleixner <tglx@...utronix.de> 於 2025年8月6日 週三 下午4:55寫道:
>
> On Wed, Aug 06 2025 at 00:21, Wake Liu wrote:
> > The constant NSEC_PER_SEC (1,000,000,000) is defined as a long literal.
> > On 32-bit systems like arm32, where long is 32 bits, this value can
> > overflow when used in 64-bit calculations.
>
> How so? Where is the overflow exactly?
>
> The only usage of NSEC_PER_SEC in the VDSO is:
>
> # git grep NSEC_PER_SEC lib/vdso/
> lib/vdso/gettimeofday.c:        ts->tv_sec = sec + __iter_div_u64_rem(ns, NSEC_PER_SEC, &ns);
>
> and __iter_div_u64_rem() is an inline:
>
> static __always_inline u32
> __iter_div_u64_rem(u64 dividend, u32 divisor, u64 *remainder)
>
> So how exactly is this causing an overflow?
>
> Also by your description this would be a problem throughout the kernel.
>
> Thanks,
>
>         tglx
>
>


-- 
Best Regards,
Wake Liu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ