From: Arnd Bergmann <arnd@arndb.de>
To: Miroslav Lichvar <mlichvar@redhat.com>
Cc: linux-kernel@vger.kernel.org, y2038@lists.linaro.org,
John Stultz <john.stultz@linaro.org>,
Thomas Gleixner <tglx@linutronix.de>,
Prarit Bhargava <prarit@redhat.com>,
Richard Cochran <richardcochran@gmail.com>
Subject: Re: [PATCH] timekeeping: Limit system time to prevent 32-bit time_t overflow
Date: Wed, 07 Oct 2015 15:47:19 +0200 [thread overview]
Message-ID: <5256796.UZaLfWxmcd@wuerfel> (raw)
In-Reply-To: <1444224137-32510-1-git-send-email-mlichvar@redhat.com>
On Wednesday 07 October 2015 15:22:17 Miroslav Lichvar wrote:
> On systems with 32-bit time_t there are quite a few problems that
> applications may have with time overflowing in year 2038. Beside getting
> to an unexpected state by not checking integer operations with time_t
> variables, some system calls have unexpected behavior, e.g. the system
> time can't be set back to the current time (negative value), timers with
> the ABSTIME flag can't be set (negative value) or they expire
> immediately (current time is always larger).
>
> It would be unrealistic to expect all applications to be able to handle
> all these problems. Year 2038 is still many years away, but this can be
> a problem even now. The clock can get close to the overflow accidentally
> or maliciously, e.g. when it is synchronized over network by NTP or PTP.
>
> This patch sets a maximum value of the system time to prevent the system
> time from getting too close to the overflow. The time can't be set to a
> larger value. When the maximum is reached in normal time accumulation,
> the clock will be stepped back by one week.
>
> A new kernel sysctl time_max is added to select the maximum time. It can
> be set to 0 for no limit, 1 for one week before 32-bit time_t overflow,
> and 2 for one week before ktime_t overflow. The default value is 1 with
> 32-bit time_t and 2 with 64-bit time_t. This can be changed later to be
> always 2 when 64-bit versions of system calls working with time_t are
> available.
I can't see whether this is really a good idea: moving the time backwards
will break all sorts of drivers that (incorrectly) expect the real
time clock to have monotonic behavior, and quite often, file timestamps
are expected to be in the past in user space. A common example is
'make', which goes nuts when it sees files in the future.
So for all I can tell, your patch only replaces one set of problems
that happens at the time of the overflow with a different set of problems.
Arnd
next prev parent reply other threads:[~2015-10-07 13:47 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-07 13:22 [PATCH] timekeeping: Limit system time to prevent 32-bit time_t overflow Miroslav Lichvar
2015-10-07 13:47 ` Arnd Bergmann [this message]
2015-10-07 14:23 ` Miroslav Lichvar
2015-10-07 15:10 ` Arnd Bergmann
2015-10-08 6:23 ` Miroslav Lichvar
2015-10-08 8:52 ` Arnd Bergmann
2015-10-08 9:39 ` Miroslav Lichvar
2015-10-09 9:46 ` Thomas Gleixner
2015-10-09 10:34 ` Miroslav Lichvar
2015-10-09 10:38 ` Thomas Gleixner
2015-10-09 10:47 ` Miroslav Lichvar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5256796.UZaLfWxmcd@wuerfel \
--to=arnd@arndb.de \
--cc=john.stultz@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlichvar@redhat.com \
--cc=prarit@redhat.com \
--cc=richardcochran@gmail.com \
--cc=tglx@linutronix.de \
--cc=y2038@lists.linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox