From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-stable@nongnu.org
Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 08/43] rtc: fix overflow in mktimegm
Date: Mon, 3 Dec 2012 16:08:32 -0600 [thread overview]
Message-ID: <1354572547-21271-9-git-send-email-mdroth@linux.vnet.ibm.com> (raw)
In-Reply-To: <1354572547-21271-1-git-send-email-mdroth@linux.vnet.ibm.com>
From: Paolo Bonzini <pbonzini@redhat.com>
When setting a date in 1980, Linux is actually disregarding the century
byte and setting the year to 2080. This causes a year-2038 overflow
in mktimegm. Fix this by doing the days-to-seconds computation in
64-bit math.
Reported-by: Lucas Meneghel Rodrigues <lookkas@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit b6db4aca20e9af4f62c9c9e08b9b9672a6ed3390)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
cutils.c | 2 +-
tests/rtc-test.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 46 insertions(+), 1 deletion(-)
diff --git a/cutils.c b/cutils.c
index 8ef648f..8edd8fa 100644
--- a/cutils.c
+++ b/cutils.c
@@ -115,7 +115,7 @@ time_t mktimegm(struct tm *tm)
m += 12;
y--;
}
- t = 86400 * (d + (153 * m - 457) / 5 + 365 * y + y / 4 - y / 100 +
+ t = 86400ULL * (d + (153 * m - 457) / 5 + 365 * y + y / 4 - y / 100 +
y / 400 - 719469);
t += 3600 * tm->tm_hour + 60 * tm->tm_min + tm->tm_sec;
return t;
diff --git a/tests/rtc-test.c b/tests/rtc-test.c
index f23ac3a..2b9aa63 100644
--- a/tests/rtc-test.c
+++ b/tests/rtc-test.c
@@ -179,6 +179,50 @@ static void check_time(int wiggle)
static int wiggle = 2;
+static void set_year(void)
+{
+ /* Set BCD mode */
+ cmos_write(RTC_REG_B, cmos_read(RTC_REG_B) & ~REG_B_DM);
+ cmos_write(RTC_REG_A, 0x76);
+ cmos_write(RTC_YEAR, 0x11);
+ cmos_write(RTC_MONTH, 0x02);
+ cmos_write(RTC_DAY_OF_MONTH, 0x02);
+ cmos_write(RTC_HOURS, 0x02);
+ cmos_write(RTC_MINUTES, 0x04);
+ cmos_write(RTC_SECONDS, 0x58);
+ cmos_write(RTC_REG_A, 0x26);
+
+ g_assert_cmpint(cmos_read(RTC_HOURS), ==, 0x02);
+ g_assert_cmpint(cmos_read(RTC_MINUTES), ==, 0x04);
+ g_assert_cmpint(cmos_read(RTC_SECONDS), >=, 0x58);
+ g_assert_cmpint(cmos_read(RTC_DAY_OF_MONTH), ==, 0x02);
+ g_assert_cmpint(cmos_read(RTC_MONTH), ==, 0x02);
+ g_assert_cmpint(cmos_read(RTC_YEAR), ==, 0x11);
+
+ /* Set a date in 2080 to ensure there is no year-2038 overflow. */
+ cmos_write(RTC_REG_A, 0x76);
+ cmos_write(RTC_YEAR, 0x80);
+ cmos_write(RTC_REG_A, 0x26);
+
+ g_assert_cmpint(cmos_read(RTC_HOURS), ==, 0x02);
+ g_assert_cmpint(cmos_read(RTC_MINUTES), ==, 0x04);
+ g_assert_cmpint(cmos_read(RTC_SECONDS), >=, 0x58);
+ g_assert_cmpint(cmos_read(RTC_DAY_OF_MONTH), ==, 0x02);
+ g_assert_cmpint(cmos_read(RTC_MONTH), ==, 0x02);
+ g_assert_cmpint(cmos_read(RTC_YEAR), ==, 0x80);
+
+ cmos_write(RTC_REG_A, 0x76);
+ cmos_write(RTC_YEAR, 0x11);
+ cmos_write(RTC_REG_A, 0x26);
+
+ g_assert_cmpint(cmos_read(RTC_HOURS), ==, 0x02);
+ g_assert_cmpint(cmos_read(RTC_MINUTES), ==, 0x04);
+ g_assert_cmpint(cmos_read(RTC_SECONDS), >=, 0x58);
+ g_assert_cmpint(cmos_read(RTC_DAY_OF_MONTH), ==, 0x02);
+ g_assert_cmpint(cmos_read(RTC_MONTH), ==, 0x02);
+ g_assert_cmpint(cmos_read(RTC_YEAR), ==, 0x11);
+}
+
static void bcd_check_time(void)
{
/* Set BCD mode */
@@ -269,6 +313,7 @@ int main(int argc, char **argv)
qtest_add_func("/rtc/bcd/check-time", bcd_check_time);
qtest_add_func("/rtc/dec/check-time", dec_check_time);
qtest_add_func("/rtc/alarm-time", alarm_time);
+ qtest_add_func("/rtc/set-year", set_year);
qtest_add_func("/rtc/fuzz-registers", fuzz_registers);
ret = g_test_run();
--
1.7.9.5
next prev parent reply other threads:[~2012-12-03 22:15 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-03 22:08 [Qemu-devel] Patch Round-up for stable 1.2.2, freeze Wednesday Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 01/43] configure: Fix CONFIG_QEMU_HELPERDIR generation Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 02/43] fix CONFIG_QEMU_HELPERDIR generation again Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 03/43] ui/vnc: Only report/use TIGHT_PNG encoding if enabled Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 04/43] vnc: fix "info vnc" with "-vnc ..., reverse=on" Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 05/43] uhci: Raise interrupt when requested even for non active tds Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 06/43] hw/qxl: qxl_dirty_surfaces: use uintptr_t Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 07/43] qxl: always update displaysurface on resize Michael Roth
2012-12-03 22:08 ` Michael Roth [this message]
2012-12-03 22:08 ` [Qemu-devel] [PATCH 09/43] hw: Fix return value check for bdrv_read, bdrv_write Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 10/43] target-i386: Allow tsc-frequency to be larger then 2.147G Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 11/43] e1000: drop check_rxov, always treat RX ring with RDH == RDT as empty Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 12/43] memory: fix rendering of a region obscured by another Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 13/43] s390x: fix -initrd in virtio machine Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 14/43] PPC: Bamboo: Fix memory size DT property Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 15/43] target-sparc64: disable VGA cirrus Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 16/43] xhci: fix usb name in caps Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 17/43] tools: initialize main loop before block layer Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 18/43] m68k: Return semihosting errno values correctly Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 19/43] nbd: fixes to read-only handling Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 20/43] mips/malta: fix CBUS UART interrupt pin Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 21/43] target-mips: fix wrong microMIPS opcode encoding Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 22/43] tcg/arm: fix TLB access in qemu-ld/st ops Michael Roth
2013-01-17 16:55 ` Peter Maydell
2012-12-03 22:08 ` [Qemu-devel] [PATCH 23/43] tcg/arm: fix cross-endian qemu_st16 Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 24/43] target-openrisc: remove conflicting definitions from cpu.h Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 25/43] configure: avoid compiler warning in pipe2 detection Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 26/43] qcow2: Fix refcount table size calculation Michael Roth
2012-12-03 22:08 ` [Qemu-devel] [PATCH 27/43] tci: Fix type of tci_read_label Michael Roth
2012-12-03 22:25 ` [Qemu-devel] [PATCH 28/43] block: Fix regression for MinGW (assertion caused by short string) Michael Roth
2012-12-03 22:25 ` [Qemu-devel] [PATCH 29/43] qom: dynamic_cast of NULL is always NULL Michael Roth
2012-12-03 22:25 ` [Qemu-devel] [PATCH 30/43] hmp: do not crash on invalid SCSI hotplug Michael Roth
2012-12-03 22:25 ` [Qemu-devel] [PATCH 31/43] PPC: Fix missing TRACE exception Michael Roth
2012-12-03 22:25 ` [Qemu-devel] [PATCH 32/43] qom: fix refcount of non-heap-allocated objects Michael Roth
2012-12-03 22:44 ` [Qemu-devel] [PATCH 33/43] qapi: handle visitor->type_size() in QapiDeallocVisitor Michael Roth
2012-12-03 22:44 ` [Qemu-devel] [PATCH 34/43] qapi: fix qapi_dealloc_type_size parameter type Michael Roth
2012-12-03 22:44 ` [Qemu-devel] [PATCH 35/43] iscsi: fix segfault in url parsing Michael Roth
2012-12-03 22:44 ` [Qemu-devel] [PATCH 36/43] iscsi: fix deadlock during login Michael Roth
2012-12-03 22:44 ` [Qemu-devel] [PATCH 37/43] iscsi: do not assume device is zero initialized Michael Roth
2012-12-03 22:44 ` [Qemu-devel] [PATCH 38/43] virtio-scsi: Fix some endian bugs with virtio-scsi Michael Roth
2012-12-03 22:44 ` [Qemu-devel] [PATCH 39/43] virtio-scsi: Fix subtle (guest) endian bug Michael Roth
2012-12-03 22:44 ` [Qemu-devel] [PATCH 40/43] qxl: reload memslots after migration, when qxl is in UNDEFINED mode Michael Roth
2012-12-03 22:44 ` [Qemu-devel] [PATCH 41/43] usb: fail usbdevice_create() when there is no USB bus Michael Roth
2012-12-03 22:44 ` [Qemu-devel] [PATCH 42/43] stream: fix ratelimit_set_speed Michael Roth
2012-12-03 22:44 ` [Qemu-devel] [PATCH 43/43] e1000: Discard packets that are too long if !SBP and !LPE Michael Roth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1354572547-21271-9-git-send-email-mdroth@linux.vnet.ibm.com \
--to=mdroth@linux.vnet.ibm.com \
--cc=aliguori@us.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).