Date: Tue, 28 Feb 2017 14:57:04 -0800 From: Conrad Meyer <cem@freebsd.org> To: Eric van Gyzen <vangyzen@freebsd.org> Cc: Michael Gmelin <freebsd@grem.de>, "freebsd-current@freebsd.org" <freebsd-current@freebsd.org> Subject: Re: panic: invalid bcd xxx Message-ID: <CAG6CVpXGQds1NYOOd1trYBTE8KNm=VYA3mq9yK3gjjVMt3NNpA@mail.gmail.com> In-Reply-To: <226a00fa-5d04-0aa7-e0cc-6078edde6639@FreeBSD.org> References: <20170228224739.167f2273@bsd64.grem.de> <226a00fa-5d04-0aa7-e0cc-6078edde6639@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 28, 2017 at 2:31 PM, Eric van Gyzen <vangyzen@freebsd.org> wrote:
> Your system's real-time clock is returning garbage. r312702 added some
> input validation a few weeks ago. Previously, the kernel was reading beyond
> the end of an array and either complaining about the clock or setting it to
> the wrong time based on whatever was in the memory beyond the array.
>
> The added validation shouldn't be an assertion because it operates on data
> beyond the kernel's control. Try this:
>
> --- sys/libkern.h (revision 314424)
> +++ sys/libkern.h (working copy)
> @@ -57,8 +57,10 @@
> bcd2bin(int bcd)
> {
>
> - KASSERT(bcd >= 0 && bcd < LIBKERN_LEN_BCD2BIN,
> - ("invalid bcd %d", bcd));
> + if (bcd < 0 || bcd >= LIBKERN_LEN_BCD2BIN) {
> + printf("invalid bcd %d\n", bcd);
> + return (0);
> + }
> return (bcd2bin_data[bcd]);
> }
I don't think removing this assertion and truncating to zero is the
right thing to do. Adding an error return to this routine is a little
much, though. I think probably the caller should perform input
validation between the broken device and this routine.
Thanks,
Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpXGQds1NYOOd1trYBTE8KNm=VYA3mq9yK3gjjVMt3NNpA>