diff options
| author | Jonathan Wakely <jwakely@redhat.com> | 2020-11-13 19:11:02 +0000 |
|---|---|---|
| committer | Jonathan Wakely <jwakely@redhat.com> | 2020-11-13 19:11:07 +0000 |
| commit | 91004436daaf8d54daa467908d1b634a1a352707 (patch) | |
| tree | 2f449da8e4fab14f7f038e609453b7392393e863 /libstdc++-v3/src/c++11 | |
| parent | 500e7efee91cc66f91f993f53039983f131f7075 (diff) | |
libstdc++: Avoid more 32-bit time_t overflows in futex calls
This fixes another overflow in code converting a std::chrono::seconds
duration to a time_t. This time in the new code using a futex wait with
an absolute timeout (so this one doesn't need to be backported to the
release branches).
A timeout after the epochalypse would overflow the tv_sec field,
producing an incorrect value. If that incorrect value happened to be
negative, the syscall would return with EINVAL and then the caller would
keep retrying, spinning until the timeout was reached. If the value
happened to be positive, we would wake up too soon and incorrectly
report a timeout
libstdc++-v3/ChangeLog:
* src/c++11/futex.cc (relative_timespec): Add [[unlikely]]
attributes.
(__atomic_futex_unsigned_base::_M_futex_wait_until)
(__atomic_futex_unsigned_base::_M_futex_wait_until_steady):
Check for overflow.
* testsuite/30_threads/future/members/wait_until_overflow.cc:
New test.
Diffstat (limited to 'libstdc++-v3/src/c++11')
| -rw-r--r-- | libstdc++-v3/src/c++11/futex.cc | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/libstdc++-v3/src/c++11/futex.cc b/libstdc++-v3/src/c++11/futex.cc index c2b2d32e8c4..15959cebee5 100644 --- a/libstdc++-v3/src/c++11/futex.cc +++ b/libstdc++-v3/src/c++11/futex.cc @@ -51,6 +51,8 @@ namespace std _GLIBCXX_VISIBILITY(default) { _GLIBCXX_BEGIN_NAMESPACE_VERSION + using __gnu_cxx::__int_traits; + namespace { std::atomic<bool> futex_clock_realtime_unavailable; @@ -74,10 +76,10 @@ namespace auto rel_s = abs_s.count() - now_s; // Avoid overflows - if (rel_s > __gnu_cxx::__int_traits<time_t>::__max) - rel_s = __gnu_cxx::__int_traits<time_t>::__max; - else if (rel_s < __gnu_cxx::__int_traits<time_t>::__min) - rel_s = __gnu_cxx::__int_traits<time_t>::__min; + if (rel_s > __int_traits<time_t>::__max) [[unlikely]] + rel_s = __int_traits<time_t>::__max; + else if (rel_s < __int_traits<time_t>::__min) [[unlikely]] + rel_s = __int_traits<time_t>::__min; // Convert the absolute timeout value to a relative timeout rt.tv_sec = rel_s; @@ -111,14 +113,17 @@ namespace { if (!futex_clock_realtime_unavailable.load(std::memory_order_relaxed)) { - struct timespec rt; - rt.tv_sec = __s.count(); - rt.tv_nsec = __ns.count(); - // futex sets errno=EINVAL for absolute timeouts before the epoch. - if (__builtin_expect(rt.tv_sec < 0, false)) + if (__s.count() < 0) return false; + struct timespec rt; + if (__s.count() > __int_traits<time_t>::__max) [[unlikely]] + rt.tv_sec = __int_traits<time_t>::__max; + else + rt.tv_sec = __s.count(); + rt.tv_nsec = __ns.count(); + if (syscall (SYS_futex, __addr, futex_wait_bitset_op | futex_clock_realtime_flag, __val, &rt, nullptr, futex_bitset_match_any) == -1) @@ -184,14 +189,17 @@ namespace { if (!futex_clock_monotonic_unavailable.load(std::memory_order_relaxed)) { - struct timespec rt; - rt.tv_sec = __s.count(); - rt.tv_nsec = __ns.count(); - // futex sets errno=EINVAL for absolute timeouts before the epoch. - if (__builtin_expect(rt.tv_sec < 0, false)) + if (__s.count() < 0) [[unlikely]] return false; + struct timespec rt; + if (__s.count() > __int_traits<time_t>::__max) [[unlikely]] + rt.tv_sec = __int_traits<time_t>::__max; + else + rt.tv_sec = __s.count(); + rt.tv_nsec = __ns.count(); + if (syscall (SYS_futex, __addr, futex_wait_bitset_op | futex_clock_monotonic_flag, __val, &rt, nullptr, futex_bitset_match_any) == -1) |