Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Strip Monotonic Clock Readings when Comparing Credential Expiry Time #789

Merged
merged 3 commits into from
Oct 5, 2020

Conversation

skmcgrail
Copy link
Member

Strip monotonic clock readings from credential cache implementation when comparing expiration time.

@skmcgrail skmcgrail requested a review from jasdel October 2, 2020 01:01
@shogo82148
Copy link
Contributor

I don't understand why stripping is needed.
Could you explain to me, please?

@skmcgrail
Copy link
Member Author

skmcgrail commented Oct 2, 2020

I don't understand why stripping is needed.
Could you explain to me, please?

The reason for stripping off monotonic readings when comparing the expiry time is to prevent issues where Go's time functions will utilize the monotonic clock readings if present on both time values. The monotonic clock reading can be incorrect in cases where the host system is hibernated (for example using EC2 Hibernate). On Linux the monotonic clock readings post hibernation will not correctly represent the time that elapsed while the host system was hibernated. To ensure that credential expiration time comparisons are occurring based on the wall-clock time, we call Round(0) on one of the time values being compared, which will strip off the monotonic reading but keep the wall-clock the same.

@skmcgrail skmcgrail changed the title Strip Monotonic Clock Readings Strip Monotonic Clock Readings on Comparing Credential Expirty Time Oct 2, 2020
@skmcgrail skmcgrail changed the title Strip Monotonic Clock Readings on Comparing Credential Expirty Time Strip Monotonic Clock Readings when Comparing Credential Expirty Time Oct 2, 2020
@skmcgrail skmcgrail changed the title Strip Monotonic Clock Readings when Comparing Credential Expirty Time Strip Monotonic Clock Readings when Comparing Credential Expiry Time Oct 2, 2020
@shogo82148
Copy link
Contributor

The monotonic clock reading can be incorrect in cases where the host system is hibernated (for example using EC2 Hibernate).

I got it, thanks!

@skmcgrail skmcgrail merged commit 5861529 into aws:master Oct 5, 2020
@skmcgrail skmcgrail deleted the hibernateFixes branch November 8, 2021 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants