Patchwork [v4,3/3] y2038: linux: Provide __clock_settime64 implementation

login
register
mail settings
Submitter Lukasz Majewski
Date May 20, 2019, 10:27 a.m.
Message ID <20190520102723.5380-4-lukma@denx.de>
Download mbox | patch
Permalink /patch/32766/
State New
Headers show

Comments

Lukasz Majewski - May 20, 2019, 10:27 a.m.
This patch provides new __clock_settime64 explicit 64 bit function for
setting the time. Moreover, a 32 bit version - __clock_settime - has been
refactored to internally use __clock_settime64.

The __clock_settime is now supposed to be used on systems still supporting
32 bit time (__TIMESIZE != 64) - hence the necessary checks and conversion
to 64 bit struct timespec.
After this change it is intrinsically Y2038 safe.

The new clock_settime64 syscall available from Linux
5.1+ has been used, when applicable, on systems supporting ILP32 data
model.

The __ASSUME_TIME64_SYSCALLS flag indicates if the Linux kernel supports
64 bit version of clock_settime (i.e. clock_settime64).
For systems with __TIMESIZE != 64 as well as ones not supporting this call
(returning -ENOSYS) the fall back code, which supports 32 bit kernel
syscalls ABI (hence the check for __SYSCALL_WORDSIZE to exclude 'x32'), is
executed.

When working on 32 bit systems without Y2038 time support the clock_settime
returns error when one wants to set time with wrong (overflowed) tv_sec
value. Moreover, the correctness of tv_nsec is checked.

In this patch the internal padding (tv_pad) of struct __timespec64 is
left untouched (on 32 bit systems) as Linux kernel ignores upper 32 bits
of tv_nsec.

The execution path on 64 bit systems has not been changed or affected in
any way.

Tests:
- The code has been tested with x86_64/x86 (native compilation):
make PARALLELMFLAGS="-j8" && make xcheck PARALLELMFLAGS="-j8"

- Run specific tests on ARM/x86 32bit systems (qemu):
https://github.com/lmajewski/meta-y2038
and run tests:
https://github.com/lmajewski/y2038-tests/commits/master
on kernels with and without 64 bit time support.

No regressions were observed.

* include/time.h (__clock_settime64):
  Add __clock_settime alias according to __TIMESIZE define
* sysdeps/unix/sysv/linux/clock_settime.c (__clock_settime):
  Refactor this function to be used only on 32 bit machines as a wrapper
  on __clock_settime64.
* sysdeps/unix/sysv/linux/clock_settime.c (__clock_settime64): Add
* sysdeps/unix/sysv/linux/clock_settime.c (__clock_settime64):
  Use clock_settime64 kernel syscall (available from 5.1-rc1+ Linux) by
  32 bit Y2038 safe systems

---
Changes for v4:
- __ASSUME_TIME64_SYSCALLS for fall back path
- Use __SYSCALL_WORDSIZE to exclude 'x32' from execution path (so it will
  use x86_64 syscall
- Rewrite the commit message

Changes for v3:
- Rename __ASSUME_64BIT_TIME to __ASSUME_TIME64_SYSCALLS
- Refactor in-code comment (add information regarding Linux kernel ignorance
  of padding
- Do not use __TIMESIZE to select main execution path (for Y2038 systems
  __TIMESIZE would be changed from 32 to 64 bits at some point to indicate
  full Y2038 support

Changes for v2:
- Add support for __ASSUME_64BIT_TIME flag when Linux kernel provides syscalls
  supporting 64 bit time on 32 bit systems
- Provide fallback to 32 bit version of clock_settime when clock_settime64
  is not available
- Do not copy *tp to timespec - this seems like an overkill as in clock_settime()
  the 32 bit struct timespec is copied to internal 64 bit struct __timespec64
---
 include/time.h                          |  8 +++++++
 sysdeps/unix/sysv/linux/clock_settime.c | 38 ++++++++++++++++++++++++++++++---
 2 files changed, 43 insertions(+), 3 deletions(-)
Stepan Golosunov - May 23, 2019, 7:08 a.m.
20.05.2019 в 12:27:23 +0200 Lukasz Majewski написал:
>  /* Set CLOCK to value TP.  */
>  int
> -__clock_settime (clockid_t clock_id, const struct timespec *tp)
> +__clock_settime64 (clockid_t clock_id, const struct __timespec64 *tp)
>  {
>    /* Make sure the time cvalue is OK.  */
>    if (tp->tv_nsec < 0 || tp->tv_nsec >= 1000000000)
> @@ -32,6 +30,40 @@ __clock_settime (clockid_t clock_id, const struct timespec *tp)
>        return -1;
>      }
>  
> +#if __WORDSIZE == 32
> +# ifdef __NR_clock_settime64
> +  int ret = INLINE_SYSCALL_CALL (clock_settime64, clock_id, tp);
> +#  ifdef __ASSUME_TIME64_SYSCALLS
> +  return ret;
> +#  else
> +  if (ret == 0 || errno != ENOSYS)
> +    return ret;
> +#  endif
> +# endif
> +  /* Fall back to syscall supporting 32bit struct timespec.  */
> +# if (!defined __SYSCALL_WORDSIZE || __SYSCALL_WORDSIZE != 64)
> +  struct timespec ts32;
> +  valid_timespec64_to_timespec (tp, &ts32);
> +  return INLINE_SYSCALL_CALL (clock_settime, clock_id, &ts32);
> +# endif
> +#endif
>    return INLINE_SYSCALL_CALL (clock_settime, clock_id, tp);
>  }

This still uses __NR_clock_settime even if __ASSUME_TIME64_SYSCALLS is
defined.  This won't even compile on newer 32-bit architectures where
__NR_clock_settime is not defined.  valid_timespec64_to_timespec
won't exist in these cases too.

And in_time_t_range check is missing for the fallback case.

>  weak_alias (__clock_settime, clock_settime)
> +
> +#if __TIMESIZE != 64
> +int
> +__clock_settime (clockid_t clock_id, const struct timespec *tp)
> +{
> +  struct __timespec64 ts64;
> +
> +  if (! in_time_t_range (tp->tv_sec))
> +    {
> +      __set_errno (EOVERFLOW);
> +      return -1;
> +    }

What is this if (false) { … } statement doing here?

> +
> +  valid_timespec_to_timespec64 (tp, &ts64);
> +  return __clock_settime64 (clock_id, &ts64);
> +}
> +#endif
Lukasz Majewski - May 23, 2019, 9:28 a.m.
Hi Stepan,

First of all - thank you for your reply.

> 20.05.2019 в 12:27:23 +0200 Lukasz Majewski написал:
> >  /* Set CLOCK to value TP.  */
> >  int
> > -__clock_settime (clockid_t clock_id, const struct timespec *tp)
> > +__clock_settime64 (clockid_t clock_id, const struct __timespec64
> > *tp) {
> >    /* Make sure the time cvalue is OK.  */
> >    if (tp->tv_nsec < 0 || tp->tv_nsec >= 1000000000)
> > @@ -32,6 +30,40 @@ __clock_settime (clockid_t clock_id, const
> > struct timespec *tp) return -1;
> >      }
> >  
> > +#if __WORDSIZE == 32
> > +# ifdef __NR_clock_settime64
> > +  int ret = INLINE_SYSCALL_CALL (clock_settime64, clock_id, tp);
> > +#  ifdef __ASSUME_TIME64_SYSCALLS
> > +  return ret;
> > +#  else
> > +  if (ret == 0 || errno != ENOSYS)
> > +    return ret;
> > +#  endif
> > +# endif
> > +  /* Fall back to syscall supporting 32bit struct timespec.  */
> > +# if (!defined __SYSCALL_WORDSIZE || __SYSCALL_WORDSIZE != 64)
> > +  struct timespec ts32;
> > +  valid_timespec64_to_timespec (tp, &ts32);
> > +  return INLINE_SYSCALL_CALL (clock_settime, clock_id, &ts32);
> > +# endif
> > +#endif
> >    return INLINE_SYSCALL_CALL (clock_settime, clock_id, tp);
              ^^^^^ - [1]

> >  }  
> 
> This still uses __NR_clock_settime even if __ASSUME_TIME64_SYSCALLS is
> defined.  This won't even compile on newer 32-bit architectures where
> __NR_clock_settime is not defined.  valid_timespec64_to_timespec
> won't exist in these cases too.

Ach... I see your point. The issue would be when we switch to
__TIMESIZE == 64 for 32 bit systems. For that reason the "conversion
functions" from patch [2] shall be compiled always (no matter if we
have __TIMESIZE == 64 or == 32).

And some explanation - the
if (!defined __SYSCALL_WORDSIZE || __SYSCALL_WORDSIZE != 64) is to
prevent running the fallback on 'x32' - it shall execute on [1]
execution path.


> 
> And in_time_t_range check is missing for the fallback case.

Yes - I shall move the in_time_t_range() check from __clock_settime to
the fallback.

Last but not least - the [1] shall be executed only when __WORDSIZE !=
64 - the #else is missing

> 
> >  weak_alias (__clock_settime, clock_settime)
> > +
> > +#if __TIMESIZE != 64
> > +int
> > +__clock_settime (clockid_t clock_id, const struct timespec *tp)
> > +{
> > +  struct __timespec64 ts64;
> > +
> > +  if (! in_time_t_range (tp->tv_sec))
> > +    {
> > +      __set_errno (EOVERFLOW);
> > +      return -1;
> > +    }  
> 
> What is this if (false) { … } statement doing here?

Ok, the __clock_settime would receive as an argument the timespec with
32 bit tv_nsec, and tv_sec - hence this check shall be moved from there
to the fallback of __clock_settime64.


Considering the above changes - the code starts to look too much
convoluted. Hence, I would opt for the approach presented in the
__ASSUME_TIME64_SYSCALLS patch reply.


> 
> > +
> > +  valid_timespec_to_timespec64 (tp, &ts64);
> > +  return __clock_settime64 (clock_id, &ts64);
> > +}
> > +#endif  


Note:

[2] - [PATCH v4 2/3] y2038: Provide conversion helpers for struct
__timespec64




Best regards,

Lukasz Majewski

--

DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-59 Fax: (+49)-8142-66989-80 Email: lukma@denx.de

Patch

diff --git a/include/time.h b/include/time.h
index 6ca4911235..88413d8031 100644
--- a/include/time.h
+++ b/include/time.h
@@ -127,6 +127,14 @@  extern __time64_t __timegm64 (struct tm *__tp) __THROW;
 libc_hidden_proto (__timegm64)
 #endif
 
+#if __TIMESIZE == 64
+# define __clock_settime64 __clock_settime
+#else
+extern int __clock_settime64 (clockid_t clock_id,
+                              const struct __timespec64 *tp);
+libc_hidden_proto (__clock_settime64)
+#endif
+
 /* Compute the `struct tm' representation of T,
    offset OFFSET seconds east of UTC,
    and store year, yday, mon, mday, wday, hour, min, sec into *TP.
diff --git a/sysdeps/unix/sysv/linux/clock_settime.c b/sysdeps/unix/sysv/linux/clock_settime.c
index d837e3019c..19559d1e76 100644
--- a/sysdeps/unix/sysv/linux/clock_settime.c
+++ b/sysdeps/unix/sysv/linux/clock_settime.c
@@ -19,11 +19,9 @@ 
 #include <sysdep.h>
 #include <time.h>
 
-#include "kernel-posix-cpu-timers.h"
-
 /* Set CLOCK to value TP.  */
 int
-__clock_settime (clockid_t clock_id, const struct timespec *tp)
+__clock_settime64 (clockid_t clock_id, const struct __timespec64 *tp)
 {
   /* Make sure the time cvalue is OK.  */
   if (tp->tv_nsec < 0 || tp->tv_nsec >= 1000000000)
@@ -32,6 +30,40 @@  __clock_settime (clockid_t clock_id, const struct timespec *tp)
       return -1;
     }
 
+#if __WORDSIZE == 32
+# ifdef __NR_clock_settime64
+  int ret = INLINE_SYSCALL_CALL (clock_settime64, clock_id, tp);
+#  ifdef __ASSUME_TIME64_SYSCALLS
+  return ret;
+#  else
+  if (ret == 0 || errno != ENOSYS)
+    return ret;
+#  endif
+# endif
+  /* Fall back to syscall supporting 32bit struct timespec.  */
+# if (!defined __SYSCALL_WORDSIZE || __SYSCALL_WORDSIZE != 64)
+  struct timespec ts32;
+  valid_timespec64_to_timespec (tp, &ts32);
+  return INLINE_SYSCALL_CALL (clock_settime, clock_id, &ts32);
+# endif
+#endif
   return INLINE_SYSCALL_CALL (clock_settime, clock_id, tp);
 }
 weak_alias (__clock_settime, clock_settime)
+
+#if __TIMESIZE != 64
+int
+__clock_settime (clockid_t clock_id, const struct timespec *tp)
+{
+  struct __timespec64 ts64;
+
+  if (! in_time_t_range (tp->tv_sec))
+    {
+      __set_errno (EOVERFLOW);
+      return -1;
+    }
+
+  valid_timespec_to_timespec64 (tp, &ts64);
+  return __clock_settime64 (clock_id, &ts64);
+}
+#endif