[2/2] nptl: Provide NULL abstime pointer handling in __futex_abstimed_wait_cancelable32

  This change fixes issue when NULL pointer would be passed to
__futex_abstimed_wait_cancelable32.

The call log for passing NULL as *abstime pointer.
	sem_wait (versioned symbol)
		 |
		\|/
	__new_sem_wait
		 |    (here the NULL is passed as *abstime)
		\|/
	__new_sem_wait_slow64
		 |
		\|/
	do_futex_wait
		 |
		\|/
__futex_abstimed_wait_cancelable64
		 |
		\|/
__futex_abstimed_wait_cancellable32

In this function the *abstime is dereferenced when checking if we have
time_t in range and when converting to 32 bit struct timespec to pass it
to futex syscall, which supports 32 bit time.
---
 sysdeps/nptl/futex-internal.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)
  

On Sep 16 2020, Lukasz Majewski wrote:

> This change fixes issue when NULL pointer would be passed to
> __futex_abstimed_wait_cancelable32.
>
> The call log for passing NULL as *abstime pointer.
> 	sem_wait (versioned symbol)
> 		 |
> 		\|/
> 	__new_sem_wait
> 		 |    (here the NULL is passed as *abstime)
> 		\|/
> 	__new_sem_wait_slow64
> 		 |
> 		\|/
> 	do_futex_wait
> 		 |
> 		\|/
> __futex_abstimed_wait_cancelable64
> 		 |
> 		\|/
> __futex_abstimed_wait_cancellable32

This is now __futex_abstimed_wait_cancelable32.

> In this function the *abstime is dereferenced when checking if we have
> time_t in range and when converting to 32 bit struct timespec to pass it
> to futex syscall, which supports 32 bit time.

Ok.

Andreas.
  

On Wed, Sep 16, 2020 at 4:07 AM Lukasz Majewski <lukma@denx.de> wrote:
>
> This change fixes issue when NULL pointer would be passed to
> __futex_abstimed_wait_cancelable32.
>
> The call log for passing NULL as *abstime pointer.
>         sem_wait (versioned symbol)
>                  |
>                 \|/
>         __new_sem_wait
>                  |    (here the NULL is passed as *abstime)
>                 \|/
>         __new_sem_wait_slow64
>                  |
>                 \|/
>         do_futex_wait
>                  |
>                 \|/
> __futex_abstimed_wait_cancelable64
>                  |
>                 \|/
> __futex_abstimed_wait_cancellable32
>
> In this function the *abstime is dereferenced when checking if we have
> time_t in range and when converting to 32 bit struct timespec to pass it
> to futex syscall, which supports 32 bit time.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

Alistair

> ---
>  sysdeps/nptl/futex-internal.c | 12 ++++++++----
>  1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/sysdeps/nptl/futex-internal.c b/sysdeps/nptl/futex-internal.c
> index a4fc1dc52f..3211b4c94f 100644
> --- a/sysdeps/nptl/futex-internal.c
> +++ b/sysdeps/nptl/futex-internal.c
> @@ -29,17 +29,21 @@ __futex_abstimed_wait_cancelable32 (unsigned int* futex_word,
>                                      const struct __timespec64* abstime,
>                                      int private)
>  {
> -  if (! in_time_t_range (abstime->tv_sec))
> +  struct timespec ts32;
> +
> +  if (abstime != NULL && ! in_time_t_range (abstime->tv_sec))
>      return -EOVERFLOW;
>
>    unsigned int clockbit = (clockid == CLOCK_REALTIME)
>           ? FUTEX_CLOCK_REALTIME : 0;
>    int op = __lll_private_flag (FUTEX_WAIT_BITSET | clockbit, private);
>
> -  struct timespec ts32 = valid_timespec64_to_timespec (*abstime);
> +  if (abstime != NULL)
> +    ts32 = valid_timespec64_to_timespec (*abstime);
> +
>    return INTERNAL_SYSCALL_CANCEL (futex, futex_word, op, expected,
> -                                  &ts32, NULL /* Unused.  */,
> -                                  FUTEX_BITSET_MATCH_ANY);
> +                                  abstime != NULL ? &ts32 : NULL,
> +                                  NULL /* Unused.  */, FUTEX_BITSET_MATCH_ANY);
>  }
>
>  static int
> --
> 2.20.1
>