Rollup merge of rust-lang#127813 - ChrisDenton:win-futex, r=joboet

tgross35 · web-flow · commit a2cf63619d70 · 2024-07-17T04:05:59.000-05:00
Prevent double reference in generic futex

In the Windows futex implementation we were a little lax at allowing references to references (i.e. `&amp;&amp;`) which can lead to deadlocks due to reading the wrong memory address. This uses a trait to tighten the constraints and ensure this doesn't happen.

r? libs
diff --git a/std/src/sys/pal/windows/futex.rs b/std/src/sys/pal/windows/futex.rs
@@ -15,6 +15,7 @@ pub type SmallAtomic = AtomicU8;
 /// Must be the underlying type of SmallAtomic
 pub type SmallPrimitive = u8;
 
+pub unsafe trait Futex {}
 pub unsafe trait Waitable {
     type Atomic;
 }
@@ -24,6 +25,7 @@ macro_rules! unsafe_waitable_int {
             unsafe impl Waitable for $int {
                 type Atomic = $atomic;
             }
+            unsafe impl Futex for $atomic {}
         )*
     };
 }
@@ -46,6 +48,7 @@ unsafe impl<T> Waitable for *const T {
 unsafe impl<T> Waitable for *mut T {
     type Atomic = AtomicPtr<T>;
 }
+unsafe impl<T> Futex for AtomicPtr<T> {}
 
 pub fn wait_on_address<W: Waitable>(
     address: &W::Atomic,
@@ -61,14 +64,14 @@ pub fn wait_on_address<W: Waitable>(
     }
 }
 
-pub fn wake_by_address_single<T>(address: &T) {
+pub fn wake_by_address_single<T: Futex>(address: &T) {
     unsafe {
         let addr = ptr::from_ref(address).cast::<c_void>();
         c::WakeByAddressSingle(addr);
     }
 }
 
-pub fn wake_by_address_all<T>(address: &T) {
+pub fn wake_by_address_all<T: Futex>(address: &T) {
     unsafe {
         let addr = ptr::from_ref(address).cast::<c_void>();
         c::WakeByAddressAll(addr);
@@ -80,11 +83,11 @@ pub fn futex_wait<W: Waitable>(futex: &W::Atomic, expected: W, timeout: Option<D
     wait_on_address(futex, expected, timeout) || api::get_last_error() != WinError::TIMEOUT
 }
 
-pub fn futex_wake<T>(futex: &T) -> bool {
+pub fn futex_wake<T: Futex>(futex: &T) -> bool {
     wake_by_address_single(futex);
     false
 }
 
-pub fn futex_wake_all<T>(futex: &T) {
+pub fn futex_wake_all<T: Futex>(futex: &T) {
     wake_by_address_all(futex)
 }
diff --git a/std/src/sys/sync/once/futex.rs b/std/src/sys/sync/once/futex.rs
@@ -57,7 +57,7 @@ impl<'a> Drop for CompletionGuard<'a> {
         // up on the Once. `futex_wake_all` does its own synchronization, hence
         // we do not need `AcqRel`.
         if self.state.swap(self.set_state_on_drop_to, Release) == QUEUED {
-            futex_wake_all(&self.state);
+            futex_wake_all(self.state);
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ pub type SmallAtomic = AtomicU8;`
`15`	`15`	`/// Must be the underlying type of SmallAtomic`
`16`	`16`	`pub type SmallPrimitive = u8;`
`17`	`17`
	`18`	`+pub unsafe trait Futex {}`
`18`	`19`	`pub unsafe trait Waitable {`
`19`	`20`	`type Atomic;`
`20`	`21`	`}`
`@@ -24,6 +25,7 @@ macro_rules! unsafe_waitable_int {`
`24`	`25`	`unsafe impl Waitable for $int {`
`25`	`26`	`type Atomic = $atomic;`
`26`	`27`	`}`
	`28`	`+ unsafe impl Futex for $atomic {}`
`27`	`29`	`)*`
`28`	`30`	`};`
`29`	`31`	`}`
`@@ -46,6 +48,7 @@ unsafe impl<T> Waitable for *const T {`
`46`	`48`	`unsafe impl<T> Waitable for *mut T {`
`47`	`49`	`type Atomic = AtomicPtr<T>;`
`48`	`50`	`}`
	`51`	`+unsafe impl<T> Futex for AtomicPtr<T> {}`
`49`	`52`
`50`	`53`	`pub fn wait_on_address<W: Waitable>(`
`51`	`54`	`address: &W::Atomic,`
`@@ -61,14 +64,14 @@ pub fn wait_on_address<W: Waitable>(`
`61`	`64`	`}`
`62`	`65`	`}`
`63`	`66`
`64`		`-pub fn wake_by_address_single<T>(address: &T) {`
	`67`	`+pub fn wake_by_address_single<T: Futex>(address: &T) {`
`65`	`68`	`unsafe {`
`66`	`69`	`let addr = ptr::from_ref(address).cast::<c_void>();`
`67`	`70`	`c::WakeByAddressSingle(addr);`
`68`	`71`	`}`
`69`	`72`	`}`
`70`	`73`
`71`		`-pub fn wake_by_address_all<T>(address: &T) {`
	`74`	`+pub fn wake_by_address_all<T: Futex>(address: &T) {`
`72`	`75`	`unsafe {`
`73`	`76`	`let addr = ptr::from_ref(address).cast::<c_void>();`
`74`	`77`	`c::WakeByAddressAll(addr);`
`@@ -80,11 +83,11 @@ pub fn futex_wait<W: Waitable>(futex: &W::Atomic, expected: W, timeout: Option<D`
`80`	`83`	`wait_on_address(futex, expected, timeout) \|\| api::get_last_error() != WinError::TIMEOUT`
`81`	`84`	`}`
`82`	`85`
`83`		`-pub fn futex_wake<T>(futex: &T) -> bool {`
	`86`	`+pub fn futex_wake<T: Futex>(futex: &T) -> bool {`
`84`	`87`	`wake_by_address_single(futex);`
`85`	`88`	`false`
`86`	`89`	`}`
`87`	`90`
`88`		`-pub fn futex_wake_all<T>(futex: &T) {`
	`91`	`+pub fn futex_wake_all<T: Futex>(futex: &T) {`
`89`	`92`	`wake_by_address_all(futex)`
`90`	`93`	`}`
Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@ impl<'a> Drop for CompletionGuard<'a> {`
`57`	`57`	// up on the Once. `futex_wake_all` does its own synchronization, hence
`58`	`58`	// we do not need `AcqRel`.
`59`	`59`	`if self.state.swap(self.set_state_on_drop_to, Release) == QUEUED {`
`60`		`- futex_wake_all(&self.state);`
	`60`	`+ futex_wake_all(self.state);`
`61`	`61`	`}`
`62`	`62`	`}`
`63`	`63`	`}`