[2/2] nptl: Provide NULL abstime pointer handling in __futex_abstimed_wait_cancelable32
Commit Message
This change fixes issue when NULL pointer would be passed to
__futex_abstimed_wait_cancelable32.
The call log for passing NULL as *abstime pointer.
sem_wait (versioned symbol)
|
\|/
__new_sem_wait
| (here the NULL is passed as *abstime)
\|/
__new_sem_wait_slow64
|
\|/
do_futex_wait
|
\|/
__futex_abstimed_wait_cancelable64
|
\|/
__futex_abstimed_wait_cancellable32
In this function the *abstime is dereferenced when checking if we have
time_t in range and when converting to 32 bit struct timespec to pass it
to futex syscall, which supports 32 bit time.
---
sysdeps/nptl/futex-internal.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
Comments
On Sep 16 2020, Lukasz Majewski wrote:
> This change fixes issue when NULL pointer would be passed to
> __futex_abstimed_wait_cancelable32.
>
> The call log for passing NULL as *abstime pointer.
> sem_wait (versioned symbol)
> |
> \|/
> __new_sem_wait
> | (here the NULL is passed as *abstime)
> \|/
> __new_sem_wait_slow64
> |
> \|/
> do_futex_wait
> |
> \|/
> __futex_abstimed_wait_cancelable64
> |
> \|/
> __futex_abstimed_wait_cancellable32
This is now __futex_abstimed_wait_cancelable32.
> In this function the *abstime is dereferenced when checking if we have
> time_t in range and when converting to 32 bit struct timespec to pass it
> to futex syscall, which supports 32 bit time.
Ok.
Andreas.
On Wed, Sep 16, 2020 at 4:07 AM Lukasz Majewski <lukma@denx.de> wrote:
>
> This change fixes issue when NULL pointer would be passed to
> __futex_abstimed_wait_cancelable32.
>
> The call log for passing NULL as *abstime pointer.
> sem_wait (versioned symbol)
> |
> \|/
> __new_sem_wait
> | (here the NULL is passed as *abstime)
> \|/
> __new_sem_wait_slow64
> |
> \|/
> do_futex_wait
> |
> \|/
> __futex_abstimed_wait_cancelable64
> |
> \|/
> __futex_abstimed_wait_cancellable32
>
> In this function the *abstime is dereferenced when checking if we have
> time_t in range and when converting to 32 bit struct timespec to pass it
> to futex syscall, which supports 32 bit time.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Alistair
> ---
> sysdeps/nptl/futex-internal.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/sysdeps/nptl/futex-internal.c b/sysdeps/nptl/futex-internal.c
> index a4fc1dc52f..3211b4c94f 100644
> --- a/sysdeps/nptl/futex-internal.c
> +++ b/sysdeps/nptl/futex-internal.c
> @@ -29,17 +29,21 @@ __futex_abstimed_wait_cancelable32 (unsigned int* futex_word,
> const struct __timespec64* abstime,
> int private)
> {
> - if (! in_time_t_range (abstime->tv_sec))
> + struct timespec ts32;
> +
> + if (abstime != NULL && ! in_time_t_range (abstime->tv_sec))
> return -EOVERFLOW;
>
> unsigned int clockbit = (clockid == CLOCK_REALTIME)
> ? FUTEX_CLOCK_REALTIME : 0;
> int op = __lll_private_flag (FUTEX_WAIT_BITSET | clockbit, private);
>
> - struct timespec ts32 = valid_timespec64_to_timespec (*abstime);
> + if (abstime != NULL)
> + ts32 = valid_timespec64_to_timespec (*abstime);
> +
> return INTERNAL_SYSCALL_CANCEL (futex, futex_word, op, expected,
> - &ts32, NULL /* Unused. */,
> - FUTEX_BITSET_MATCH_ANY);
> + abstime != NULL ? &ts32 : NULL,
> + NULL /* Unused. */, FUTEX_BITSET_MATCH_ANY);
> }
>
> static int
> --
> 2.20.1
>
@@ -29,17 +29,21 @@ __futex_abstimed_wait_cancelable32 (unsigned int* futex_word,
const struct __timespec64* abstime,
int private)
{
- if (! in_time_t_range (abstime->tv_sec))
+ struct timespec ts32;
+
+ if (abstime != NULL && ! in_time_t_range (abstime->tv_sec))
return -EOVERFLOW;
unsigned int clockbit = (clockid == CLOCK_REALTIME)
? FUTEX_CLOCK_REALTIME : 0;
int op = __lll_private_flag (FUTEX_WAIT_BITSET | clockbit, private);
- struct timespec ts32 = valid_timespec64_to_timespec (*abstime);
+ if (abstime != NULL)
+ ts32 = valid_timespec64_to_timespec (*abstime);
+
return INTERNAL_SYSCALL_CANCEL (futex, futex_word, op, expected,
- &ts32, NULL /* Unused. */,
- FUTEX_BITSET_MATCH_ANY);
+ abstime != NULL ? &ts32 : NULL,
+ NULL /* Unused. */, FUTEX_BITSET_MATCH_ANY);
}
static int