- validate sensor values against constraints

- do not restart settime timeout interval if something happens in the main
  event loop
- apply a tight loop protection; it can be painfull on a single
  core machine since the process runs at maximum priority. Should only
  happen when a bug is introduced while developing, but prevents having to
  machine taken over by ntpd.

3 files changed, 26 insertions, 8 deletions

diff --git a/usr.sbin/ntpd/ntp.c b/usr.sbin/ntpd/ntp.c
index 8127498802d..d8bb26e9227 100644
--- a/usr.sbin/ntpd/ntp.c
+++ b/usr.sbin/ntpd/ntp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ntp.c,v 1.159 2019/07/16 14:15:40 otto Exp $ */
+/*	$OpenBSD: ntp.c,v 1.160 2019/11/10 07:32:58 otto Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -298,7 +298,8 @@ ntp_main(struct ntpd_conf *nconf, struct passwd *pw, int argc, char **argv)
 		}
 		idx_clients = i;
 
-		if (!TAILQ_EMPTY(&conf->ntp_conf_sensors)) {
+		if (!TAILQ_EMPTY(&conf->ntp_conf_sensors) &&
+		    (constraint_cnt == 0 || conf->constraint_median != 0)) {
 			if (last_sensor_scan == 0 ||
 			    last_sensor_scan + SENSOR_SCAN_INTERVAL <= getmonotime()) {
 				sensors_cnt = sensor_scan();
@@ -346,7 +347,7 @@ ntp_main(struct ntpd_conf *nconf, struct passwd *pw, int argc, char **argv)
 		if (timeout < 0)
 			timeout = 0;
 
-		if ((nfds = poll(pfd, i, timeout * 1000)) == -1)
+		if ((nfds = poll(pfd, i, timeout ? timeout * 1000 : 1)) == -1)
 			if (errno != EINTR) {
 				log_warn("poll error");
 				ntp_quit = 1;
diff --git a/usr.sbin/ntpd/ntpd.c b/usr.sbin/ntpd/ntpd.c
index ef1b43e133a..e3bd30aba78 100644
--- a/usr.sbin/ntpd/ntpd.c
+++ b/usr.sbin/ntpd/ntpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ntpd.c,v 1.124 2019/06/28 13:32:49 deraadt Exp $ */
+/*	$OpenBSD: ntpd.c,v 1.125 2019/11/10 07:32:58 otto Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -138,6 +138,7 @@ main(int argc, char *argv[])
 	int			argc0 = argc, logdest;
 	char			**argv0 = argv;
 	char			*pname = NULL;
+	time_t			 settime_deadline;
 
 	if (strcmp(__progname, "ntpctl") == 0) {
 		ctl_main(argc, argv);
@@ -240,8 +241,10 @@ main(int argc, char *argv[])
 		if (!lconf.debug)
 			if (daemon(1, 0))
 				fatal("daemon");
-	} else
-		timeout = SETTIME_TIMEOUT * 1000;
+	} else {
+		settime_deadline = getmonotime();
+		timeout = 100;
+	}
 
 	if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, PF_UNSPEC,
 	    pipe_chld) == -1)
@@ -314,7 +317,8 @@ main(int argc, char *argv[])
 				quit = 1;
 			}
 
-		if (nfds == 0 && lconf.settime) {
+		if (nfds == 0 && lconf.settime &&
+		    getmonotime() > settime_deadline + SETTIME_TIMEOUT) {
 			lconf.settime = 0;
 			timeout = INFTIM;
 			log_init(logdest, lconf.verbose, LOG_DAEMON);
diff --git a/usr.sbin/ntpd/sensors.c b/usr.sbin/ntpd/sensors.c
index 6d137932928..4ca9a554065 100644
--- a/usr.sbin/ntpd/sensors.c
+++ b/usr.sbin/ntpd/sensors.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sensors.c,v 1.52 2016/09/03 11:52:06 reyk Exp $ */
+/*	$OpenBSD: sensors.c,v 1.53 2019/11/10 07:32:58 otto Exp $ */
 
 /*
  * Copyright (c) 2006 Henning Brauer <henning@openbsd.org>
@@ -165,6 +165,7 @@ sensor_query(struct ntp_sensor *s)
 {
 	char		 dxname[MAXDEVNAMLEN];
 	struct sensor	 sensor;
+	double		 sens_time;
 
 	if (conf->settime)
 		s->next = getmonotime() + SENSOR_QUERY_INTERVAL_SETTIME;
@@ -193,6 +194,18 @@ sensor_query(struct ntp_sensor *s)
 		return;
 
 	s->last = sensor.tv.tv_sec;
+	
+	if (!TAILQ_EMPTY(&conf->constraints)) {
+		if (conf->constraint_median == 0) {
+			return;
+		}
+		sens_time = gettime() + (sensor.value / -1e9) +
+		    (s->correction / 1e6);
+		if (constraint_check(sens_time) != 0) {
+			log_info("sensor %s: constraint check failed", s->device);
+			return;
+		}
+	}
 	/*
 	 * TD = device time
 	 * TS = system time