d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add inline functions to convert between sbintime_t and decimal time units.

Browse Source 
Use them in some existing code that is vulnerable to roundoff errors.

The existing constant SBT_1NS is a honeypot, luring unsuspecting folks into
writing code such as long_timeout_ns*SBT_1NS to generate the argument for a
sleep call.  The actual value of 1ns in sbt units is ~4.3, leading to a
large roundoff error giving a shorter sleep than expected when multiplying
by the trucated value of 4 in SBT_1NS.  (The evil honeypot aspect becomes
clear after you waste a whole day figuring out why your sleeps return early.)
This commit is contained in:
Ian Lepore 2017-07-29 17:00:23 +00:00
parent 088c1ddd56
commit d35f6548e6
4 changed files with 57 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/arm/arm/mpcore_timer.c
View File

@ -351,7 +351,7 @@ attach_et(struct arm_tmr_softc *sc)
sc->et.et_flags = ET_FLAGS_PERIODIC | ET_FLAGS_ONESHOT | ET_FLAGS_PERCPU; sc->et.et_flags = ET_FLAGS_PERIODIC | ET_FLAGS_ONESHOT | ET_FLAGS_PERCPU;
sc->et.et_quality = 1000; sc->et.et_quality = 1000;
sc->et.et_frequency = sc->clkfreq; sc->et.et_frequency = sc->clkfreq;
sc->et.et_min_period = 20 * SBT_1NS; sc->et.et_min_period = nstosbt(20);
sc->et.et_max_period = 2 * SBT_1S; sc->et.et_max_period = 2 * SBT_1S;
sc->et.et_start = arm_tmr_start; sc->et.et_start = arm_tmr_start;
sc->et.et_stop = arm_tmr_stop; sc->et.et_stop = arm_tmr_stop;

4
sys/compat/linuxkpi/common/src/linux_hrtimer.c
View File

@ -101,8 +101,8 @@ linux_hrtimer_start_range_ns(struct hrtimer *hrtimer, ktime_t time, int64_t nsec
{ {
mtx_lock(&hrtimer->mtx); mtx_lock(&hrtimer->mtx);
callout_reset_sbt(&hrtimer->callout, time.tv64 * SBT_1NS, callout_reset_sbt(&hrtimer->callout, nstosbt(time.tv64), nstosbt(nsec),
nsec * SBT_1NS, hrtimer_call_handler, hrtimer, 0); hrtimer_call_handler, hrtimer, 0);
hrtimer->flags |= HRTIMER_ACTIVE; hrtimer->flags |= HRTIMER_ACTIVE;
mtx_unlock(&hrtimer->mtx); mtx_unlock(&hrtimer->mtx);
} }

4
sys/dev/ow/owc_gpiobus.c
View File

@ -295,10 +295,10 @@ owc_gpiobus_read_data(device_t dev, struct ow_timing *t, int *bit)
do { do {
now = sbinuptime(); now = sbinuptime();
GETPIN(sc, &sample); GETPIN(sc, &sample);
} while ((now - then) / SBT_1US < t->t_rdv + 2 && sample == 0); } while (sbttous(now - then) < t->t_rdv + 2 && sample == 0);
critical_exit(); critical_exit();
if ((now - then) / SBT_1NS < t->t_rdv * 1000) if (sbttons(now - then) < t->t_rdv * 1000)
*bit = 1; *bit = 1;
else else
*bit = 0; *bit = 0;

59
sys/sys/time.h
View File

@ -128,7 +128,7 @@ bintime_shift(struct bintime *_bt, int _exp)
#define SBT_1M (SBT_1S * 60) #define SBT_1M (SBT_1S * 60)
#define SBT_1MS (SBT_1S / 1000) #define SBT_1MS (SBT_1S / 1000)
#define SBT_1US (SBT_1S / 1000000) #define SBT_1US (SBT_1S / 1000000)
#define SBT_1NS (SBT_1S / 1000000000) #define SBT_1NS (SBT_1S / 1000000000) /* beware rounding, see nstosbt() */
#define SBT_MAX 0x7fffffffffffffffLL #define SBT_MAX 0x7fffffffffffffffLL
static __inline int static __inline int
@ -155,6 +155,53 @@ sbttobt(sbintime_t _sbt)
return (_bt); return (_bt);
} }
/*
* Decimal<->sbt conversions. Multiplying or dividing by SBT_1NS results in
* large roundoff errors which sbttons() and nstosbt() avoid. Millisecond and
* microsecond functions are also provided for completeness.
*/
static __inline int64_t
sbttons(sbintime_t _sbt)
{
return ((1000000000 * _sbt) >> 32);
}
static __inline sbintime_t
nstosbt(int64_t _ns)
{
return ((_ns * (((uint64_t)1 << 63) / 500000000) >> 32));
}
static __inline int64_t
sbttous(sbintime_t _sbt)
{
return ((1000000 * _sbt) >> 32);
}
static __inline sbintime_t
ustosbt(int64_t _us)
{
return ((_us * (((uint64_t)1 << 63) / 500000) >> 32));
}
static __inline int64_t
sbttoms(sbintime_t _sbt)
{
return ((1000 * _sbt) >> 32);
}
static __inline sbintime_t
mstosbt(int64_t _ms)
{
return ((_ms * (((uint64_t)1 << 63) / 500) >> 32));
}
/*- /*-
* Background information: * Background information:
* *
@ -210,7 +257,7 @@ sbttots(sbintime_t _sbt)
struct timespec _ts; struct timespec _ts;
_ts.tv_sec = _sbt >> 32; _ts.tv_sec = _sbt >> 32;
_ts.tv_nsec = ((uint64_t)1000000000 * (uint32_t)_sbt) >> 32; _ts.tv_nsec = sbttons((uint32_t)_sbt);
return (_ts); return (_ts);
} }
@ -218,8 +265,7 @@ static __inline sbintime_t
tstosbt(struct timespec _ts) tstosbt(struct timespec _ts)
{ {
return (((sbintime_t)_ts.tv_sec << 32) + return (((sbintime_t)_ts.tv_sec << 32) + nstosbt(_ts.tv_nsec));
(_ts.tv_nsec * (((uint64_t)1 << 63) / 500000000) >> 32));
} }
static __inline struct timeval static __inline struct timeval
@ -228,7 +274,7 @@ sbttotv(sbintime_t _sbt)
struct timeval _tv; struct timeval _tv;
_tv.tv_sec = _sbt >> 32; _tv.tv_sec = _sbt >> 32;
_tv.tv_usec = ((uint64_t)1000000 * (uint32_t)_sbt) >> 32; _tv.tv_usec = sbttous((uint32_t)_sbt);
return (_tv); return (_tv);
} }
@ -236,8 +282,7 @@ static __inline sbintime_t
tvtosbt(struct timeval _tv) tvtosbt(struct timeval _tv)
{ {
return (((sbintime_t)_tv.tv_sec << 32) + return (((sbintime_t)_tv.tv_sec << 32) + ustosbt(_tv.tv_usec));
(_tv.tv_usec * (((uint64_t)1 << 63) / 500000) >> 32));
} }
#endif /* __BSD_VISIBLE */ #endif /* __BSD_VISIBLE */