bpo-39847: win32: don't over-wait for mutex after tickcount overflow

bobince · 2020-03-04T16:40:28Z

The 32-bit (49-day) TickCount relied on in EnterNonRecursiveMutex can overflow in the gap between the 'target' time and the 'now' time WaitForSingleObjectEx returns, causing the loop to think it needs to wait another 49 days. This is most likely to happen when the machine is hibernated during WaitForSingleObjectEx.

This makes acquiring a lock/event/etc from the _thread or threading module appear to never timeout.

Replace with GetTickCount64. This is OK now we no longer support WinXP which lacks it; it is already in use for time.monotonic.

Approaches not taken:

forcing signed arithmetic for the now/target comparison (this would only partially solve the problem with GetTickCount as you could still break it by hibernating for 24 days; it's unnecessary for 64-bit which takes however many hundred million years to roll over);
doing anything to cope with the possibility of the new milliseconds being out of range for DWORD; this shouldn't be possible given the target-now time should never be more than the original milliseconds DWORD passed in, and PyCOND_TIMEDWAIT can't accept a longer time anyway;
I haven't been able to add a representative test, as it would mean waiting 49 days or some pretty nasty syscall hooking which seems like overkill. Hopefully change is fairly transparently harmless.

https://bugs.python.org/issue39847

The 32-bit (49-day) TickCount relied on in EnterNonRecursiveMutex can overflow in the gap between the 'target' time and the 'now' time WaitForSingleObjectEx returns, causing the loop to think it needs to wait another 49 days. This is most likely to happen when the machine is hibernated during WaitForSingleObjectEx. This makes acquiring a lock/event/etc from the _thread or threading module appear to never timeout. Replace with GetTickCount64 - this is OK now we no longer support XP which lacks it, and is in use for time.monotonic. Approaches not taken: - forcing signed arithmetic for the now/target comparison (this would only partially solve the problem with GetTickCount as you could still break it by hibernating for 24 days; it's unnecessary for 64-bit which takes however many hundred million years to roll over)

vstinner

LGTM.

@zooba: Do you want to have a look?

vstinner · 2020-03-04T22:22:42Z

cc @pitrou who loves lock if I recall correctly :-D

miss-islington · 2020-03-11T23:39:41Z

Thanks @bobince for the PR, and @vstinner for merging it 🌮🎉.. I'm working now to backport this PR to: 3.7.
🐍🍒⛏🤖

miss-islington · 2020-03-11T23:39:41Z

Thanks @bobince for the PR, and @vstinner for merging it 🌮🎉.. I'm working now to backport this PR to: 3.8.
🐍🍒⛏🤖

miss-islington · 2020-03-11T23:39:43Z

Sorry @bobince and @vstinner, I had trouble checking out the 3.7 backport branch.
Please backport using cherry_picker on command line.
cherry_picker 64838ce7172c7a92183b39b22504b433a33a884d 3.7

…8780) The 32-bit (49-day) TickCount relied on in EnterNonRecursiveMutex can overflow in the gap between the 'target' time and the 'now' time WaitForSingleObjectEx returns, causing the loop to think it needs to wait another 49 days. This is most likely to happen when the machine is hibernated during WaitForSingleObjectEx. This makes acquiring a lock/event/etc from the _thread or threading module appear to never timeout. Replace with GetTickCount64 - this is OK now Python no longer supports XP which lacks it, and is in use for time.monotonic(). Co-authored-by: And Clover <and.clover@bromium.com> (cherry picked from commit 64838ce) Co-authored-by: bobince <and+github@doxdesk.com>

bedevere-bot · 2020-03-11T23:39:53Z

GH-18945 is a backport of this pull request to the 3.8 branch.

vstinner · 2020-03-11T23:41:22Z

@bobince: There is a conflict on the backport to 3.7. Can you try to backport manually the fix to 3.7? Either use "git cherry-pick -x 64838ce" or try "cherry_picker 64838ce 3.7".

The 32-bit (49-day) TickCount relied on in EnterNonRecursiveMutex can overflow in the gap between the 'target' time and the 'now' time WaitForSingleObjectEx returns, causing the loop to think it needs to wait another 49 days. This is most likely to happen when the machine is hibernated during WaitForSingleObjectEx. This makes acquiring a lock/event/etc from the _thread or threading module appear to never timeout. Replace with GetTickCount64 - this is OK now Python no longer supports XP which lacks it, and is in use for time.monotonic(). Co-authored-by: And Clover <and.clover@bromium.com> (cherry picked from commit 64838ce) Co-authored-by: bobince <and+github@doxdesk.com>

…onGH-18780) The 32-bit (49-day) TickCount relied on in EnterNonRecursiveMutex can overflow in the gap between the 'target' time and the 'now' time WaitForSingleObjectEx returns, causing the loop to think it needs to wait another 49 days. This is most likely to happen when the machine is hibernated during WaitForSingleObjectEx. This makes acquiring a lock/event/etc from the _thread or threading module appear to never timeout. Replace with GetTickCount64 - this is OK now Python no longer supports XP which lacks it, and is in use for time.monotonic(). Co-authored-by: And Clover <and.clover@bromium.com> (cherry picked from commit 64838ce) Co-authored-by: bobince <and+github@doxdesk.com>

bedevere-bot · 2020-03-12T14:08:16Z

GH-18959 is a backport of this pull request to the 3.7 branch.

bobince · 2020-03-12T14:09:28Z

Yep, ta. I couldn't see any conflict with my human eyes but the cherry-pick doesn't care.

…8780) (GH-18959) The 32-bit (49-day) TickCount relied on in EnterNonRecursiveMutex can overflow in the gap between the 'target' time and the 'now' time WaitForSingleObjectEx returns, causing the loop to think it needs to wait another 49 days. This is most likely to happen when the machine is hibernated during WaitForSingleObjectEx. This makes acquiring a lock/event/etc from the _thread or threading module appear to never timeout. Replace with GetTickCount64 - this is OK now Python no longer supports XP which lacks it, and is in use for time.monotonic(). Co-authored-by: And Clover <and.clover@bromium.com> (cherry picked from commit 64838ce) Co-authored-by: bobince <and+github@doxdesk.com>

vstinner · 2020-03-12T16:20:08Z

Yep, ta. I couldn't see any conflict with my human eyes but the cherry-pick doesn't care.

Thanks. I merged your 3.7 backport.

the-knights-who-say-ni added the CLA signed label Mar 4, 2020

bedevere-bot added the awaiting review label Mar 4, 2020

bobince force-pushed the bpo39847-mutex-wait-dword-overflow branch from 181d6de to 1026d8d Compare March 4, 2020 17:06

vstinner approved these changes Mar 4, 2020

View reviewed changes

bedevere-bot added awaiting merge and removed awaiting review labels Mar 4, 2020

vstinner merged commit 64838ce into python:master Mar 11, 2020

bedevere-bot removed the awaiting merge label Mar 11, 2020

vstinner added needs backport to 3.7 labels Mar 11, 2020

miss-islington assigned vstinner Mar 11, 2020

bedevere-bot removed the needs backport to 3.8 label Mar 11, 2020

bedevere-bot removed the needs backport to 3.7 label Mar 12, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

bpo-39847: win32: don't over-wait for mutex after tickcount overflow #18780

bpo-39847: win32: don't over-wait for mutex after tickcount overflow #18780

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

bpo-39847: win32: don't over-wait for mutex after tickcount overflow #18780

bpo-39847: win32: don't over-wait for mutex after tickcount overflow #18780

Uh oh!

Conversation

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!