Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RTC plugin fixes and extension #419

Merged
merged 4 commits into from
Nov 4, 2024
Merged

RTC plugin fixes and extension #419

merged 4 commits into from
Nov 4, 2024

Conversation

troglobit
Copy link
Owner

This PR contains three major changes to the RTC plugin:

  • Big refactor for readability, breaking out time_set() and time_get() functions
  • Add support for saving and restoring time from a file on systems with seriously buggy RTC
  • Fix --with-rtc-date fixes, both configure script and strpdate() error handling

Factor out time_set() and time_get() for readability and reuse.

Signed-off-by: Joachim Wiberg <[email protected]>
@troglobit troglobit added this to the 4.9 milestone Nov 3, 2024
@troglobit troglobit self-assigned this Nov 3, 2024
@troglobit
Copy link
Owner Author

@wkz could you have a look at the second commit in this PR? It should fix issue kernelkit/infix#794 -- I have tested it on an x86_64 qemu system where I disabled the RTC driver, and it works great. We should test it also on aarch64, of course, but it needs a few tweaks to the finit.mk in Infix first.

Copy link
Collaborator

@wkz wkz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! 💪

Potential Improvement

We could opt to always keep an RTC file when that has been enabled in the config - i.e., even when a real RTC is available.

If the time we read from the RTC is invalid, then we could use the file data as a fallback. This would improve the worst-case date offset for a device that has been gathering dust for a year, and whose super-cap has long since been drained.

In combination --with-rtc-date, that should ensure that the device always comes up with a date good enough to take care of most certificate ranges.

@troglobit
Copy link
Owner Author

This looks great! 💪

Thanks! 😃

If the time we read from the RTC is invalid, then we could use the file data as a fallback. This would improve the worst-case date offset for a device that has been gathering dust for a year, and whose super-cap has long since been drained.

Interesting idea! And, like you say, combined --with-rtc-date, it should improve the situation radically! I'll have a look!

@troglobit
Copy link
Owner Author

troglobit commented Nov 4, 2024

Alright, now it looks as follows if both RTC is bad and the system has no "save game" on disk yet:

● ● ●  Infix -- a Network Operating System v24.10.1-68-ge50fa66b ═══════
[ OK ] Mounting filesystems from /etc/fstab
[WARN] Restoring system clock (UTC) from RTC
[WARN] Restoring system clock from backup

... and when we have a bad RTC and working backup:

[WARN] Restoring system clock (UTC) from RTC
[ OK ] Restoring system clock from backup

This patch introduces a new configure option --with-rtc-file=FILE.  When
enabled the RTC plugin detects missing RTC device and falls back to save
and restore system time from a file instead.  When --with-rtc-file is
used without an argument the default file is /var/lib/misc/rtc, but the
feature itself is disabled by default.

The usefulness of this feature may not be obvious at first, but some
systems are equipped with an RTC that resets to a random date at power
on.  This can be really bad in the case the date is far in the future,
because an NTP sync would then cause time skips backwards, which shows
up in logs and causes a whole lot of pain in alarm systems.

The solution is to disable the RTC driver or device tree node, and when
Finit starts up, the RTC plugin detects a the device node and instead
restores time from the last save game.  Meaning time will always only
move forwards.

NOTE: when Finit is built --with-rtc-file we always save to disk, but
      only restore from the "save game" if restoring from RTC fails.
      If the system has no RTC we always restore from disk.

      As an added bonus, this change also makes sure to periodically
      sync also the RTC with the system clock.  Useful for systems
      that do not run an NTP client.

Signed-off-by: Joachim Wiberg <[email protected]>
In 42ef3d3, for v4.4-rc1, support for setting a custom RTC restore date
was introduced.  Unfortunately the configure script was wrong and caused
config.h to contain

    #define RTC_TIMESTAMP_CUSTOM "$rtc_date"

instead of

    #define RTC_TIMESTAMP_CUSTOM "2023-04-10 14:35:42"

Furthermore, the error handling for strptime() was wrong, so the restore
date was always reverted to the default.

This patch fixes both issues and extends the DATE of --with-rtc-date to
also include seconds.

Signed-off-by: Joachim Wiberg <[email protected]>
These plugins signal success and failure directly to the console, the
user should inspect syslog for more information.

This change is a follow-up to 340cae4, where kernel logs of LOG_ERR and
higher are allowed to log directly to the console.  Since syslogd has
not been started before these plugins, the log messages would otherwise
leak to the console.

Signed-off-by: Joachim Wiberg <[email protected]>
@troglobit troglobit merged commit d4889b4 into master Nov 4, 2024
4 checks passed
@troglobit troglobit deleted the rtc branch November 4, 2024 09:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants