uefi: fs: Add file times plumbing #138918
Conversation
rustbot
added
S-waiting-on-review
|
(I'll initially mark these PRs as waiting on author in the sense that, that they are waiting for the author to summon @nicholasbishop and get a review. It can be marked as ready when there's a review.) |
rustbot
added
S-waiting-on-author
|
@rustbot label +O-UEFI |
There was a problem hiding this comment.
I'm a bit worried about the edge cases here. It's not that uncommon to end up with a system time of 1970-1-1 if the devices clock is uninitialised. If the current timezone is positive, this might lead to a panic when converting it to a UNIX time. Considering the insanely large bounds afforded by secs being 64-bit, using a signed integer in the conversion algorithm would allow converting dates before the UNIX epoch as well.
Aside from that, the checked methods on SystemTime operate on the assumption that the operation will fail if the time is not representable in the operating system format – but this is currently not the case: UEFI allows times from the year 1900 up to and including the year 9999, whereas a Duration since the UNIX epoch allows representing times from 1970 up to the heat death of the universe, but not before that. I think it would be better to use the UEFI time representation for SystemTime and only convert it into a Duration for the addition/subtraction operations.
library/std/src/sys/pal/uefi/time.rs
Outdated
| let secs = if timezone == r_efi::efi::UNSPECIFIED_TIMEZONE { | ||
| dur.as_secs() | ||
| } else { | ||
| dur.as_secs().checked_add_signed(-timezone as i64).unwrap() |
There was a problem hiding this comment.
I'd use subtraction here, just like the formula in the UEFI spec.
| dur.as_secs().checked_add_signed(-timezone as i64).unwrap() | |
| dur.as_secs().checked_sub_signed(timezone as i64).expect("times should be representable as local UEFI times") |
There was a problem hiding this comment.
checked_sub_signed is currently unstable. I can add the feature if that is fine though.
library/std/src/sys/pal/uefi/time.rs
Outdated
| let remaining_secs = secs % SECS_IN_DAY; | ||
| let z = days + 719468; | ||
| let era = z / 146097; | ||
| let doe = z - (era * 146097); |
There was a problem hiding this comment.
This is clear by operator precedence, and the source doesn't use parenthesis here either.
| let doe = z - (era * 146097); | |
| let doe = z - era * 146097; |
Yes, I did come to the same conclusion. I think the reason I initially went with duration was to have a simple implementation for all the function implemented on SystemTime (since all the results there are in |
|
☔ The latest upstream changes (presumably #145300) made this pull request unmergeable. Please resolve the merge conflicts. |
Ayush1325
force-pushed
the
uefi-fs-time
branch
from
4c497b4 to
48330eb
Compare
|
@rustbot ready ping @nicholasbishop @joboet |
rustbot
added
S-waiting-on-review
|
r? @joboet |
library/std/src/sys/fs/uefi.rs
Outdated
| @@ -32,8 +48,11 @@ pub struct OpenOptions { | |||
| create_new: bool, | |||
| } | |||
|
|
|||
| #[derive(Copy, Clone, Debug, Default)] | |||
| pub struct FileTimes {} | |||
| #[derive(Copy, Clone, Debug)] | |||
There was a problem hiding this comment.
Time implements Default, so can't we keep deriving Default here and remove ZERO_TIME?
Ayush1325
force-pushed
the
uefi-fs-time
branch
from
48330eb to
e21995b
Compare
library/std/src/sys/fs/uefi.rs
Outdated
| pub fn set_modified(&mut self, _t: SystemTime) {} | ||
| pub fn set_accessed(&mut self, t: SystemTime) { | ||
| self.accessed = | ||
| t.to_uefi(self.accessed.timezone, self.accessed.daylight).expect("Invalid Time"); |
There was a problem hiding this comment.
Can we avoid this panic? As the SystemTime was created successfully (i.e. checked_add did not return an error), this panic will come as a surprise to users.
A better way perhaps would be to try the initial timezone first, and if that fails, return the closest timezone (minute offset) that still allows the time to be represented. If filesystems ignore the timezone field, this would lead to the first and last 1440 minutes being collapsed into one minute, which doesn't seem too bad.
There was a problem hiding this comment.
I have added the appropriate helpers to use the closest timezone. I have also added the tests that I have used locally to check the new timezone.
Ayush1325
force-pushed
the
uefi-fs-time
branch
from
e21995b to
6637ec8
Compare
library/std/src/sys/pal/uefi/time.rs
Outdated
| system_time_internal::to_uefi(&self.0, timezone, daylight) | ||
| } | ||
|
|
||
| /// Create UEFI Time with the closes timezone (minute offset) that still allows the time to be |
There was a problem hiding this comment.
| /// Create UEFI Time with the closes timezone (minute offset) that still allows the time to be | |
| /// Create UEFI Time with the closest timezone (minute offset) that still allows the time to be |
Ayush1325
force-pushed
the
uefi-fs-time
branch
from
6637ec8 to
0632fd5
Compare
library/std/src/sys/fs/uefi.rs
Outdated
| @@ -18,6 +18,8 @@ pub struct File(!); | |||
| pub struct FileAttr { | |||
| attr: u64, | |||
| size: u64, | |||
| created: r_efi::efi::Time, | |||
There was a problem hiding this comment.
UEFI allows creation time to be set, so created should be part of the FileTimes struct (a future PR can then use it to implement set_created in an extension trait like on Windows and Apple platforms).
library/std/src/sys/fs/uefi.rs
Outdated
| pub fn set_accessed(&mut self, _t: SystemTime) {} | ||
| pub fn set_modified(&mut self, _t: SystemTime) {} | ||
| pub fn set_accessed(&mut self, t: SystemTime) { | ||
| self.accessed = t.to_uefi_loose(self.accessed.timezone, self.accessed.daylight); |
There was a problem hiding this comment.
.timezone and .daylight will always be zero here (unless set_accessed/set_modified was called previously and that time had to have it's timezone adjusted to fit in the range of EFI_TIME). The EDK II FAT driver will ignore the timezone when setting the time.. As FAT stores timestamps in the system local time, this conversion should use the current system timezone from the runtime services GetTime in order to be compatible with that driver's behaviour. This conversion should be done in the File::set_times implementation to have consistent behaviour in the (unlikely) event the timezone is changed between the call to set_accessed and the actual setting of the file times in File::set_times (which I believe isn't being implemented in this PR); therefore the FileTimes struct should look something like struct FileTimes { accessed: SystemTime, modified: SystemTime, created: SystemTime }.
There was a problem hiding this comment.
I have converted all FileTimes members to be SystemTime.
library/std/src/sys/fs/uefi.rs
Outdated
| @@ -60,15 +65,15 @@ impl FileAttr { | |||
| } | |||
|
|
|||
| pub fn modified(&self) -> io::Result<SystemTime> { | |||
| unsupported() | |||
| Ok(SystemTime::from_uefi(self.times.modified)) | |||
There was a problem hiding this comment.
FAT timestamps are always stored in local time in the system timezone, and the EDK II FAT driver uses EFI_UNSPECIFIED_TIMEZONE to represent this. Therefore, if the modified/accessed/created EFI time has a timezone of unspecified, this conversion should use the timezone from the runtime services GetTime in order to be compatible.
There was a problem hiding this comment.
Since this PR does not have any boundary code, I have added helper uefi_to_systemtime that uses the timezone from current time in unspecified timezone cases.
When converting back to UEFI time, I am also using local timezone now in the helper systemtime_to_uefi
All these helpers are local fs since we do not know if some other subsystem might want to handle these specific cases differently.
Ayush1325
force-pushed
the
uefi-fs-time
branch
from
0632fd5 to
fc63980
Compare
| @@ -202,7 +219,11 @@ pub(crate) mod system_time_internal { | |||
| dur.as_secs().checked_add_signed((-timezone as i64) * SECS_IN_MINUTE as i64).unwrap(); | |||
There was a problem hiding this comment.
This is the wrong sign – you need to add the new timezone offset. Also, this will panic for positive timezones when the duration is very small – the overflow check should occur below.
There was a problem hiding this comment.
The UEFI fields are in locatime. And it is given in the spec that LocalTime = UTC - Timezone. When converting from UEFI to our time in secs from epoch, we do LocalTime + Timezone since we want to have the secs when time is in UTC.
So to get back localtime, wouldn't we do UTC secs - Timezone?
library/std/src/sys/pal/uefi/time.rs
Outdated
| @@ -117,12 +134,11 @@ pub(crate) mod system_time_internal { | |||
| use crate::mem::MaybeUninit; | |||
| use crate::ptr::NonNull; | |||
|
|
|||
| const SECS_IN_MINUTE: u64 = 60; | |||
| const SECS_IN_HOUR: u64 = SECS_IN_MINUTE * 60; | |||
| const SECS_IN_DAY: u64 = SECS_IN_HOUR * 24; | |||
| const TIMEZONE_DELTA: u64 = 1440 * SECS_IN_MINUTE; | |||
There was a problem hiding this comment.
Maybe you could rename this to SYSTEMTIME_TIMEZONE so that its clearer in which direction the delta applies?
library/std/src/sys/pal/uefi/time.rs
Outdated
| @@ -202,7 +219,11 @@ pub(crate) mod system_time_internal { | |||
| dur.as_secs().checked_add_signed((-timezone as i64) * SECS_IN_MINUTE as i64).unwrap(); | |||
|
|
|||
| // Convert to seconds since 1900-01-01-00:00:00 in timezone. | |||
| let Some(secs) = secs.checked_sub(TIMEZONE_DELTA) else { return None }; | |||
| let Some(secs) = secs.checked_sub(TIMEZONE_DELTA) else { | |||
There was a problem hiding this comment.
| let Some(secs) = secs.checked_sub(TIMEZONE_DELTA) else { | |
| let Some(secs) = secs.checked_add_signed((timezone - SYSTEMTIME_TIMEZONE) as i64 * SECS_IN_MINUTE) else { |
There was a problem hiding this comment.
I think we messed up in #139806. The earliest representable time in UEFI is in timezone +1440, not -1440: 1900-01-01-00:00:00+24:00 is 1899-12-31-00:00:00Z. Could you please check that all timezone conversions are correct:
- to go from UTC to local, add
- to go from local to UTC, subtract
- to go from local to local, subtract the current offset and add the new one
| let Some(secs) = secs.checked_sub(TIMEZONE_DELTA) else { | ||
| let new_tz = | ||
| (secs / SECS_IN_MINUTE - if secs % SECS_IN_MINUTE == 0 { 0 } else { 1 }) as i16; | ||
| return Err(new_tz); |
There was a problem hiding this comment.
Is there a usecase for to_uefi outside of to_uefi_loose? Otherwise you could update the timezone here instead of returning an error.
rustbot
added
S-waiting-on-author
library/std/src/sys/fs/uefi.rs
Outdated
| /// Convert to UEFI Time with the current timezone. | ||
| #[allow(dead_code)] | ||
| fn systemtime_to_uefi(time: SystemTime) -> r_efi::efi::Time { | ||
| time.to_uefi_loose(current_timezone(), 0) |
There was a problem hiding this comment.
This should also take the daylight value from time::system_time_internal::now().
library/std/src/sys/fs/uefi.rs
Outdated
| accessed: SystemTime, | ||
| modified: SystemTime, | ||
| created: SystemTime, |
There was a problem hiding this comment.
| accessed: SystemTime, | |
| modified: SystemTime, | |
| created: SystemTime, | |
| accessed: Option<SystemTime>, | |
| modified: Option<SystemTime>, | |
| created: Option<SystemTime>, |
Apologies, my suggestion in my previous review comment was incomplete. These all need to be optional as when using FileTimes to set file timestamps it's possible to only set some of the timestamps.
library/std/src/sys/fs/uefi.rs
Outdated
|
|
||
| /// EDK2 FAT driver uses EFI_UNSPECIFIED_TIMEZONE to represent localtime. So for proper | ||
| /// conversion to SystemTime, we use the current time to get the timezone in such cases. | ||
| #[allow(dead_code)] |
There was a problem hiding this comment.
| #[allow(dead_code)] | |
| #[expect(dead_code)] |
To ensure the attribute gets removed once the function is used (same with the #[allow(dead_code)] on systemtime_to_uefi).
Ayush1325
force-pushed
the
uefi-fs-time
branch
2 times, most recently
from
940fb59 to
9bb2a65
Compare
- Add FileTimes implementation. Signed-off-by: Ayush Singh <ayush@beagleboard.org>
Ayush1325
force-pushed
the
uefi-fs-time
branch
from
9bb2a65 to
c7325fc
Compare
cc @nicholasbishop
r? @petrochenkov