Re: [PATCH] rtc: Add an option to invalidate dates in 2038

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Arnd Bergmann <arnd@arndb.de>
To: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
Cc: Alexandre Belloni <alexandre.belloni@free-electrons.com>,
	rtc-linux@googlegroups.com,
	Alessandro Zummo <a.zummo@towertech.it>, Willy Tarreau <w@1wt.eu>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] rtc: Add an option to invalidate dates in 2038
Date: Mon, 22 Feb 2016 16:44:32 +0100	[thread overview]
Message-ID: <6269543.oe8MmZQUmX@wuerfel> (raw)
In-Reply-To: <20160222134319.31e77b71@lxorguk.ukuu.org.uk>

On Monday 22 February 2016 13:43:19 One Thousand Gnomes wrote:
> On Mon, 22 Feb 2016 14:00:14 +0100
> Alexandre Belloni <alexandre.belloni@free-electrons.com> wrote:
> > I can also agree that systemd could be a bit more robust there but
> > you'll have to convince Lennart...
> 
> That's a systemd problem. If their code isn't robust then the
> distributiosn will just have to keep patching it.
> 
> The only problem that can actually be "fixed" is the case where it isn't
> 2038 yet and the user has a scrambled RTC. In that case your init tools
> need to be robust enough to handle the problem or use APIs that don't
> break. The kernel can't actually "fix" this because it never knows
> whether your userspace is sane or not.
> 
> I'd argue btw that any code using timerfd_create with TFD_TIMER_ABSTIME
> and passing it a value that wraps the range permitted by that time
> representation *is* buggy. It's the applications responsibility to use
> values that are within the defined behavioural range of the function.

IIRC, the problem is that user space passes in TIME_T_MAX and the kernel
is considering that to be in the past because the clock is set beyond 2038.

I find it hard to blame user space for that, but I don't have a good
idea for solving this either.

In case of systemd, it is literally the first thing that runs on the kernel
after booting, so we could fall back to setting the time to some known
working state (1970 or 2016 or something), but that would be a rather
bad default policy once the system has been running for a while.

The best we can do for a workaround localized to timerfd might be
to make absolute timers behave differently when they come from a 32-bit
process and the current time has already overflown.

> Far more constructive would I think be to add a TFD_TIME64 flag to
> timerfd_create that allows the use of 64bit time in timerfd_*. Systemd
> can then adopt that safely even on 32bit legacy systems, while on 64bit
> TFD_TIME64 would presumably be 0 and the 64/32bit time structs would
> match.

I should really dust off my syscall series, I'd rather not have any
partial solutions to merged here.

	Arnd

next prev parent reply	other threads:[~2016-02-22 15:45 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-02-20 19:10 [PATCH] rtc: Add an option to invalidate dates in 2038 Alexandre Belloni
2016-02-20 19:43 ` One Thousand Gnomes
2016-02-20 20:47   ` Alexandre Belloni
2016-02-20 22:16     ` Arnd Bergmann
2016-02-20 23:17       ` Alexandre Belloni
2016-02-20 23:42         ` Alexandre Belloni
2016-02-21 12:40         ` One Thousand Gnomes
2016-02-22 13:00           ` Alexandre Belloni
2016-02-22 13:43             ` One Thousand Gnomes
2016-02-22 15:44               ` Arnd Bergmann [this message]
2016-02-22 15:56                 ` Alexandre Belloni
2016-02-22 16:18                   ` Arnd Bergmann
2016-02-22 16:40                     ` Alexandre Belloni
2016-02-22 16:41                     ` Austin S. Hemmelgarn
2016-02-22 16:58                       ` Alexandre Belloni

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6269543.oe8MmZQUmX@wuerfel \
    --to=arnd@arndb.de \
    --cc=a.zummo@towertech.it \
    --cc=alexandre.belloni@free-electrons.com \
    --cc=gnomes@lxorguk.ukuu.org.uk \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rtc-linux@googlegroups.com \
    --cc=w@1wt.eu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox