Hello alltogether,
while debugging a missbehaving PTP setup I found a bug in ptp4l:

A PTP master sometimes send timestamps which were out of range of a 32bit
signed timestamp (eg 4093180210s). I know the device also has a bug, but
this timestamps resulted in unexpected handling of my linux-device:

Within Clockadj.c, a timex object is created which holds a timeval struct.
The size of the timeval.tv_sec is architecture depended. If the offset is
bigger than what a 32bit int can hold, we start to randomly jump our clock
(because we never reduce the offset far enough).

My fix is to simply ignore messages which contain a timestamp invalid for
the current architecture.
If you think this fix is useful, feel free to apply it to ptp4l.

>From 2f4ddb130d43c2377d0391d2b03907b795bc57cd Mon Sep 17 00:00:00 2001
From: Oliver Westermann <owesterm...@googlemail.com>
Date: Fri, 11 Aug 2017 10:38:20 +0100
Subject: [PATCH] add boundary check for timestamps

---
 msg.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/msg.c b/msg.c
index 4b3d926..1ab7668 100644
--- a/msg.c
+++ b/msg.c
@@ -21,6 +21,7 @@
 #include <malloc.h>
 #include <string.h>
 #include <time.h>
+#include <limits.h>

 #include <asm/byteorder.h>

@@ -88,6 +89,22 @@ int64_t net2host64(int64_t val)
  return __be64_to_cpu(val);
 }

+static int check_ts_valid(struct timestamp * ts)
+{
+ // determine bytesize of system time interface used by clockadj
+ int d = sizeof(((struct timeval*) 0)->tv_sec);
+
+ if (d == 4) // 32 bit
+ {
+ if (ts->sec > (uint64_t)INT32_MAX)
+ {
+ pr_debug("Timestamp to big for system architecture");
+ return 0;
+ }
+ }
+ return 1;
+}
+
 static int hdr_post_recv(struct ptp_header *m)
 {
  if ((m->ver & VERSION_MASK) != VERSION)
@@ -315,6 +332,21 @@ int msg_post_recv(struct ptp_message *m, int cnt)
  break;
  }

+ switch (type)
+ {
+ case SYNC:
+ case PDELAY_RESP:
+ case FOLLOW_UP:
+ case DELAY_RESP:
+ case PDELAY_RESP_FOLLOW_UP:
+ case ANNOUNCE:
+ if(!check_ts_valid(&m->ts.pdu))
+ return -EPROTO;
+ break;
+ default:
+ break;
+ }
+
  if (msg_sots_missing(m))
  return -ETIME;

-- 
2.13.0

Best regards, Olli
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linuxptp-devel mailing list
Linuxptp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linuxptp-devel

Reply via email to