linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] efi: cper: avoid using get_seconds()
@ 2018-06-18 14:17 Arnd Bergmann
  2018-06-18 15:47 ` Ard Biesheuvel
  0 siblings, 1 reply; 6+ messages in thread
From: Arnd Bergmann @ 2018-06-18 14:17 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: y2038, Arnd Bergmann, Tyler Baicar, Will Deacon, Ingo Molnar,
	Borislav Petkov, Yazen Ghannam, Andy Shevchenko, gengdongjiu,
	linux-efi, linux-kernel

get_seconds() is deprecated because of the 32-bit time overflow
in y2038/y2106 on 32-bit architectures. The way it is used in
cper_next_record_id() causes an overflow in 2106 when unsigned UTC
seconds overflow, even on 64-bit architectures.

This starts using ktime_get_real_seconds() to give us more than 32 bits
of timestamp on all architectures, and then changes the algorithm to use
39 bits for the timestamp after the y2038 wrap date, plus an always-1
bit at the top. This gives us another 127 epochs of 136 years, with
strictly monotonically increasing sequence numbers across boots.

This is almost certainly overkill, but seems better than just extending
the deadline from 2038 to 2106.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/firmware/efi/cper.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c
index 3bf0dca378a6..b73fc4cab083 100644
--- a/drivers/firmware/efi/cper.c
+++ b/drivers/firmware/efi/cper.c
@@ -48,8 +48,21 @@ u64 cper_next_record_id(void)
 {
 	static atomic64_t seq;
 
-	if (!atomic64_read(&seq))
-		atomic64_set(&seq, ((u64)get_seconds()) << 32);
+	if (!atomic64_read(&seq)) {
+		time64_t time = ktime_get_real_seconds();
+
+		/*
+		 * This code is unlikely to still be needed in year 2106,
+		 * but just in case, let's use a few more bits for timestamps
+		 * after y2038 to be sure they keep increasing monotonically
+		 * for the next few hundred years...
+		 */
+		if (time < 0x80000000)
+			atomic64_set(&seq, (ktime_get_real_seconds()) << 32);
+		else
+			atomic64_set(&seq, 0x8000000000000000ull |
+					   ktime_get_real_seconds() << 24);
+	}
 
 	return atomic64_inc_return(&seq);
 }
-- 
2.9.0


^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [PATCH] efi: cper: avoid using get_seconds()
  2018-06-18 14:17 [PATCH] efi: cper: avoid using get_seconds() Arnd Bergmann
@ 2018-06-18 15:47 ` Ard Biesheuvel
  2018-06-18 15:49   ` Arnd Bergmann
  0 siblings, 1 reply; 6+ messages in thread
From: Ard Biesheuvel @ 2018-06-18 15:47 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: y2038, Tyler Baicar, Will Deacon, Ingo Molnar, Borislav Petkov,
	Yazen Ghannam, Andy Shevchenko, gengdongjiu, linux-efi,
	Linux Kernel Mailing List

On 18 June 2018 at 16:17, Arnd Bergmann <arnd@arndb.de> wrote:
> get_seconds() is deprecated because of the 32-bit time overflow
> in y2038/y2106 on 32-bit architectures. The way it is used in
> cper_next_record_id() causes an overflow in 2106 when unsigned UTC
> seconds overflow, even on 64-bit architectures.
>
> This starts using ktime_get_real_seconds() to give us more than 32 bits
> of timestamp on all architectures, and then changes the algorithm to use
> 39 bits for the timestamp after the y2038 wrap date, plus an always-1
> bit at the top. This gives us another 127 epochs of 136 years, with
> strictly monotonically increasing sequence numbers across boots.
>
> This is almost certainly overkill, but seems better than just extending
> the deadline from 2038 to 2106.
>
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
>  drivers/firmware/efi/cper.c | 17 +++++++++++++++--
>  1 file changed, 15 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c
> index 3bf0dca378a6..b73fc4cab083 100644
> --- a/drivers/firmware/efi/cper.c
> +++ b/drivers/firmware/efi/cper.c
> @@ -48,8 +48,21 @@ u64 cper_next_record_id(void)
>  {
>         static atomic64_t seq;
>
> -       if (!atomic64_read(&seq))
> -               atomic64_set(&seq, ((u64)get_seconds()) << 32);
> +       if (!atomic64_read(&seq)) {
> +               time64_t time = ktime_get_real_seconds();
> +
> +               /*
> +                * This code is unlikely to still be needed in year 2106,
> +                * but just in case, let's use a few more bits for timestamps
> +                * after y2038 to be sure they keep increasing monotonically
> +                * for the next few hundred years...
> +                */
> +               if (time < 0x80000000)
> +                       atomic64_set(&seq, (ktime_get_real_seconds()) << 32);
> +               else
> +                       atomic64_set(&seq, 0x8000000000000000ull |
> +                                          ktime_get_real_seconds() << 24);
> +       }

Given that these values are never decoded and interpreted as
timestamps, can't we simply switch to the second flavour immediately?

>
>         return atomic64_inc_return(&seq);
>  }
> --
> 2.9.0
>

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] efi: cper: avoid using get_seconds()
  2018-06-18 15:47 ` Ard Biesheuvel
@ 2018-06-18 15:49   ` Arnd Bergmann
  2018-06-18 15:50     ` Ard Biesheuvel
  0 siblings, 1 reply; 6+ messages in thread
From: Arnd Bergmann @ 2018-06-18 15:49 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: y2038 Mailman List, Tyler Baicar, Will Deacon, Ingo Molnar,
	Borislav Petkov, Yazen Ghannam, Andy Shevchenko, gengdongjiu,
	linux-efi, Linux Kernel Mailing List

On Mon, Jun 18, 2018 at 5:47 PM, Ard Biesheuvel
<ard.biesheuvel@linaro.org> wrote:
> On 18 June 2018 at 16:17, Arnd Bergmann <arnd@arndb.de> wrote:

>> -               atomic64_set(&seq, ((u64)get_seconds()) << 32);
>> +       if (!atomic64_read(&seq)) {
>> +               time64_t time = ktime_get_real_seconds();
>> +
>> +               /*
>> +                * This code is unlikely to still be needed in year 2106,
>> +                * but just in case, let's use a few more bits for timestamps
>> +                * after y2038 to be sure they keep increasing monotonically
>> +                * for the next few hundred years...
>> +                */
>> +               if (time < 0x80000000)
>> +                       atomic64_set(&seq, (ktime_get_real_seconds()) << 32);
>> +               else
>> +                       atomic64_set(&seq, 0x8000000000000000ull |
>> +                                          ktime_get_real_seconds() << 24);
>> +       }
>
> Given that these values are never decoded and interpreted as
> timestamps, can't we simply switch to the second flavour immediately?

I considered that, but the downside would be that all future filenames would
come before all past file names. I don't know if the order is important at
all, but the current implementation at least looks like it's intended to keep
all file names strictly sorted across boots.

         Arnd

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] efi: cper: avoid using get_seconds()
  2018-06-18 15:49   ` Arnd Bergmann
@ 2018-06-18 15:50     ` Ard Biesheuvel
  2018-06-18 15:54       ` Arnd Bergmann
  0 siblings, 1 reply; 6+ messages in thread
From: Ard Biesheuvel @ 2018-06-18 15:50 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: y2038 Mailman List, Tyler Baicar, Will Deacon, Ingo Molnar,
	Borislav Petkov, Yazen Ghannam, Andy Shevchenko, gengdongjiu,
	linux-efi, Linux Kernel Mailing List

On 18 June 2018 at 17:49, Arnd Bergmann <arnd@arndb.de> wrote:
> On Mon, Jun 18, 2018 at 5:47 PM, Ard Biesheuvel
> <ard.biesheuvel@linaro.org> wrote:
>> On 18 June 2018 at 16:17, Arnd Bergmann <arnd@arndb.de> wrote:
>
>>> -               atomic64_set(&seq, ((u64)get_seconds()) << 32);
>>> +       if (!atomic64_read(&seq)) {
>>> +               time64_t time = ktime_get_real_seconds();
>>> +
>>> +               /*
>>> +                * This code is unlikely to still be needed in year 2106,
>>> +                * but just in case, let's use a few more bits for timestamps
>>> +                * after y2038 to be sure they keep increasing monotonically
>>> +                * for the next few hundred years...
>>> +                */
>>> +               if (time < 0x80000000)
>>> +                       atomic64_set(&seq, (ktime_get_real_seconds()) << 32);
>>> +               else
>>> +                       atomic64_set(&seq, 0x8000000000000000ull |
>>> +                                          ktime_get_real_seconds() << 24);
>>> +       }
>>
>> Given that these values are never decoded and interpreted as
>> timestamps, can't we simply switch to the second flavour immediately?
>
> I considered that, but the downside would be that all future filenames would
> come before all past file names.

Won't we have that same problem in 2038?

> I don't know if the order is important at
> all, but the current implementation at least looks like it's intended to keep
> all file names strictly sorted across boots.
>
>          Arnd

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] efi: cper: avoid using get_seconds()
  2018-06-18 15:50     ` Ard Biesheuvel
@ 2018-06-18 15:54       ` Arnd Bergmann
  2018-06-18 15:56         ` Ard Biesheuvel
  0 siblings, 1 reply; 6+ messages in thread
From: Arnd Bergmann @ 2018-06-18 15:54 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: y2038 Mailman List, Tyler Baicar, Will Deacon, Ingo Molnar,
	Borislav Petkov, Yazen Ghannam, Andy Shevchenko, gengdongjiu,
	linux-efi, Linux Kernel Mailing List

On Mon, Jun 18, 2018 at 5:50 PM, Ard Biesheuvel
<ard.biesheuvel@linaro.org> wrote:
> On 18 June 2018 at 17:49, Arnd Bergmann <arnd@arndb.de> wrote:
>> On Mon, Jun 18, 2018 at 5:47 PM, Ard Biesheuvel
>> <ard.biesheuvel@linaro.org> wrote:
>>> On 18 June 2018 at 16:17, Arnd Bergmann <arnd@arndb.de> wrote:
>>
>>>> -               atomic64_set(&seq, ((u64)get_seconds()) << 32);
>>>> +       if (!atomic64_read(&seq)) {
>>>> +               time64_t time = ktime_get_real_seconds();
>>>> +
>>>> +               /*
>>>> +                * This code is unlikely to still be needed in year 2106,
>>>> +                * but just in case, let's use a few more bits for timestamps
>>>> +                * after y2038 to be sure they keep increasing monotonically
>>>> +                * for the next few hundred years...
>>>> +                */
>>>> +               if (time < 0x80000000)
>>>> +                       atomic64_set(&seq, (ktime_get_real_seconds()) << 32);
>>>> +               else
>>>> +                       atomic64_set(&seq, 0x8000000000000000ull |
>>>> +                                          ktime_get_real_seconds() << 24);
>>>> +       }
>>>
>>> Given that these values are never decoded and interpreted as
>>> timestamps, can't we simply switch to the second flavour immediately?
>>
>> I considered that, but the downside would be that all future filenames would
>> come before all past file names.
>
> Won't we have that same problem in 2038?

No, it goes from 0x7fffffff00000000 to 0x8000000000000000, followed
by 0x8000000001000000.

       Arnd

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] efi: cper: avoid using get_seconds()
  2018-06-18 15:54       ` Arnd Bergmann
@ 2018-06-18 15:56         ` Ard Biesheuvel
  0 siblings, 0 replies; 6+ messages in thread
From: Ard Biesheuvel @ 2018-06-18 15:56 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: y2038 Mailman List, Tyler Baicar, Will Deacon, Ingo Molnar,
	Borislav Petkov, Yazen Ghannam, Andy Shevchenko, gengdongjiu,
	linux-efi, Linux Kernel Mailing List

On 18 June 2018 at 17:54, Arnd Bergmann <arnd@arndb.de> wrote:
> On Mon, Jun 18, 2018 at 5:50 PM, Ard Biesheuvel
> <ard.biesheuvel@linaro.org> wrote:
>> On 18 June 2018 at 17:49, Arnd Bergmann <arnd@arndb.de> wrote:
>>> On Mon, Jun 18, 2018 at 5:47 PM, Ard Biesheuvel
>>> <ard.biesheuvel@linaro.org> wrote:
>>>> On 18 June 2018 at 16:17, Arnd Bergmann <arnd@arndb.de> wrote:
>>>
>>>>> -               atomic64_set(&seq, ((u64)get_seconds()) << 32);
>>>>> +       if (!atomic64_read(&seq)) {
>>>>> +               time64_t time = ktime_get_real_seconds();
>>>>> +
>>>>> +               /*
>>>>> +                * This code is unlikely to still be needed in year 2106,
>>>>> +                * but just in case, let's use a few more bits for timestamps
>>>>> +                * after y2038 to be sure they keep increasing monotonically
>>>>> +                * for the next few hundred years...
>>>>> +                */
>>>>> +               if (time < 0x80000000)
>>>>> +                       atomic64_set(&seq, (ktime_get_real_seconds()) << 32);
>>>>> +               else
>>>>> +                       atomic64_set(&seq, 0x8000000000000000ull |
>>>>> +                                          ktime_get_real_seconds() << 24);
>>>>> +       }
>>>>
>>>> Given that these values are never decoded and interpreted as
>>>> timestamps, can't we simply switch to the second flavour immediately?
>>>
>>> I considered that, but the downside would be that all future filenames would
>>> come before all past file names.
>>
>> Won't we have that same problem in 2038?
>
> No, it goes from 0x7fffffff00000000 to 0x8000000000000000, followed
> by 0x8000000001000000.
>

Ah, right. I'm with you now :-)

I'll queue this in the efi tree.

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-06-18 15:56 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-18 14:17 [PATCH] efi: cper: avoid using get_seconds() Arnd Bergmann
2018-06-18 15:47 ` Ard Biesheuvel
2018-06-18 15:49   ` Arnd Bergmann
2018-06-18 15:50     ` Ard Biesheuvel
2018-06-18 15:54       ` Arnd Bergmann
2018-06-18 15:56         ` Ard Biesheuvel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).