From e3799530b3ba38567f8052b9e107884609fc71ea Mon Sep 17 00:00:00 2001 From: Jake Freeland Date: Fri, 20 Mar 2026 01:33:20 -0500 Subject: [PATCH] sys/time: Add saturating sbt conversions When converting from timespec to sbintime, the timespec's 64-bit tv_sec component is shifted to the left 32 bits, causing any information in the upper 32 bits to be lost. This data loss during conversion can turn timespecs with very large tv_sec counters into sbintimes that represent much smaller time durations. Add tstosbt_sat() and tvtosbt_sat(), which are saturating versions of tstosbt and tvtosbt. With these routines, any overflow resulting from the conversion is clamped to [-SBT_MAX - 1, SBT_MAX]. Reviewed by: imp, markj Differential Revision: https://reviews.freebsd.org/D55791 MFC after: 2 weeks --- sys/sys/time.h | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/sys/sys/time.h b/sys/sys/time.h index d3a19ebfc81..707565b6a6f 100644 --- a/sys/sys/time.h +++ b/sys/sys/time.h @@ -352,6 +352,16 @@ tstosbt(struct timespec _ts) return (((sbintime_t)_ts.tv_sec << 32) + nstosbt(_ts.tv_nsec)); } +static __inline sbintime_t +tstosbt_sat(struct timespec _ts) +{ + if (_ts.tv_sec > SBT_MAX >> 32) + return (SBT_MAX); + if (_ts.tv_sec < -(SBT_MAX >> 32) - 1) + return (-SBT_MAX - 1); + return (tstosbt(_ts)); +} + static __inline struct timeval sbttotv(sbintime_t _sbt) { @@ -368,6 +378,17 @@ tvtosbt(struct timeval _tv) return (((sbintime_t)_tv.tv_sec << 32) + ustosbt(_tv.tv_usec)); } + +static __inline sbintime_t +tvtosbt_sat(struct timeval _tv) +{ + if (_tv.tv_sec > SBT_MAX >> 32) + return (SBT_MAX); + if (_tv.tv_sec < -(SBT_MAX >> 32) - 1) + return (-SBT_MAX - 1); + return (tvtosbt(_tv)); +} + #endif /* __BSD_VISIBLE */ #ifdef _KERNEL