libstdc++: Avoid more 32-bit time_t overflows in futex calls
This fixes another overflow in code converting a std::chrono::seconds duration to a time_t. This time in the new code using a futex wait with an absolute timeout (so this one doesn't need to be backported to the release branches). A timeout after the epochalypse would overflow the tv_sec field, producing an incorrect value. If that incorrect value happened to be negative, the syscall would return with EINVAL and then the caller would keep retrying, spinning until the timeout was reached. If the value happened to be positive, we would wake up too soon and incorrectly report a timeout libstdc++-v3/ChangeLog: * src/c++11/futex.cc (relative_timespec): Add [[unlikely]] attributes. (__atomic_futex_unsigned_base::_M_futex_wait_until) (__atomic_futex_unsigned_base::_M_futex_wait_until_steady): Check for overflow. * testsuite/30_threads/future/members/wait_until_overflow.cc: New test.
This commit is contained in:
Jonathan Wakely
parent
500e7efee9
commit
91004436da
2 changed files with 70 additions and 14 deletions
|
|
@ -51,6 +51,8 @@ namespace std _GLIBCXX_VISIBILITY(default)
|
|||
{
|
||||
_GLIBCXX_BEGIN_NAMESPACE_VERSION
|
||||
|
||||
using __gnu_cxx::__int_traits;
|
||||
|
||||
namespace
|
||||
{
|
||||
std::atomic<bool> futex_clock_realtime_unavailable;
|
||||
|
|
@ -74,10 +76,10 @@ namespace
|
|||
auto rel_s = abs_s.count() - now_s;
|
||||
|
||||
// Avoid overflows
|
||||
if (rel_s > __gnu_cxx::__int_traits<time_t>::__max)
|
||||
rel_s = __gnu_cxx::__int_traits<time_t>::__max;
|
||||
else if (rel_s < __gnu_cxx::__int_traits<time_t>::__min)
|
||||
rel_s = __gnu_cxx::__int_traits<time_t>::__min;
|
||||
if (rel_s > __int_traits<time_t>::__max) [[unlikely]]
|
||||
rel_s = __int_traits<time_t>::__max;
|
||||
else if (rel_s < __int_traits<time_t>::__min) [[unlikely]]
|
||||
rel_s = __int_traits<time_t>::__min;
|
||||
|
||||
// Convert the absolute timeout value to a relative timeout
|
||||
rt.tv_sec = rel_s;
|
||||
|
|
@ -111,14 +113,17 @@ namespace
|
|||
{
|
||||
if (!futex_clock_realtime_unavailable.load(std::memory_order_relaxed))
|
||||
{
|
||||
struct timespec rt;
|
||||
rt.tv_sec = __s.count();
|
||||
rt.tv_nsec = __ns.count();
|
||||
|
||||
// futex sets errno=EINVAL for absolute timeouts before the epoch.
|
||||
if (__builtin_expect(rt.tv_sec < 0, false))
|
||||
if (__s.count() < 0)
|
||||
return false;
|
||||
|
||||
struct timespec rt;
|
||||
if (__s.count() > __int_traits<time_t>::__max) [[unlikely]]
|
||||
rt.tv_sec = __int_traits<time_t>::__max;
|
||||
else
|
||||
rt.tv_sec = __s.count();
|
||||
rt.tv_nsec = __ns.count();
|
||||
|
||||
if (syscall (SYS_futex, __addr,
|
||||
futex_wait_bitset_op | futex_clock_realtime_flag,
|
||||
__val, &rt, nullptr, futex_bitset_match_any) == -1)
|
||||
|
|
@ -184,14 +189,17 @@ namespace
|
|||
{
|
||||
if (!futex_clock_monotonic_unavailable.load(std::memory_order_relaxed))
|
||||
{
|
||||
struct timespec rt;
|
||||
rt.tv_sec = __s.count();
|
||||
rt.tv_nsec = __ns.count();
|
||||
|
||||
// futex sets errno=EINVAL for absolute timeouts before the epoch.
|
||||
if (__builtin_expect(rt.tv_sec < 0, false))
|
||||
if (__s.count() < 0) [[unlikely]]
|
||||
return false;
|
||||
|
||||
struct timespec rt;
|
||||
if (__s.count() > __int_traits<time_t>::__max) [[unlikely]]
|
||||
rt.tv_sec = __int_traits<time_t>::__max;
|
||||
else
|
||||
rt.tv_sec = __s.count();
|
||||
rt.tv_nsec = __ns.count();
|
||||
|
||||
if (syscall (SYS_futex, __addr,
|
||||
futex_wait_bitset_op | futex_clock_monotonic_flag,
|
||||
__val, &rt, nullptr, futex_bitset_match_any) == -1)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,48 @@
|
|||
// { dg-do run }
|
||||
// { dg-additional-options "-pthread" { target pthread } }
|
||||
// { dg-require-effective-target c++11 }
|
||||
// { dg-require-gthreads "" }
|
||||
|
||||
// Copyright (C) 2020 Free Software Foundation, Inc.
|
||||
//
|
||||
// This file is part of the GNU ISO C++ Library. This library is free
|
||||
// software; you can redistribute it and/or modify it under the
|
||||
// terms of the GNU General Public License as published by the
|
||||
// Free Software Foundation; either version 3, or (at your option)
|
||||
// any later version.
|
||||
|
||||
// This library is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU General Public License for more details.
|
||||
|
||||
// You should have received a copy of the GNU General Public License along
|
||||
// with this library; see the file COPYING3. If not see
|
||||
// <http://www.gnu.org/licenses/>.
|
||||
|
||||
|
||||
#include <future>
|
||||
#include <chrono>
|
||||
#include <climits>
|
||||
#include <testsuite_hooks.h>
|
||||
|
||||
namespace chrono = std::chrono;
|
||||
|
||||
void test01()
|
||||
{
|
||||
std::future<void> fut = std::async(std::launch::async, [] {
|
||||
std::this_thread::sleep_for(chrono::seconds(4));
|
||||
});
|
||||
|
||||
// A time in the distant future, but which overflows 32-bit time_t:
|
||||
auto then = chrono::system_clock::now() + chrono::seconds(UINT_MAX + 2LL);
|
||||
auto status = fut.wait_until(then);
|
||||
// The wait_until call should have waited for the result to be ready.
|
||||
// If converting the time_point to time_t overflows, it will timeout.
|
||||
VERIFY(status == std::future_status::ready);
|
||||
}
|
||||
|
||||
int main()
|
||||
{
|
||||
test01();
|
||||
}
|
||||
Loading…
Add table
Reference in a new issue