From e463c38f0ec65d06e544681d1916991808a6a2b9 Mon Sep 17 00:00:00 2001
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Mon, 3 Jun 2024 10:10:49 -0400
Subject: [PATCH] futex.h: Use urcu_posix_assert to validate unused values

When building on FreeBSD, uaddr2 and val3 are unused. Add a
urcu_posix_assert() to validate that they are zero and hence allow users
of the API to quickly figure out that those are not effectively used.

When building on OpenBSD, val3 is unused. Add a urcu_posix_assert() to
validate that it is zero.

Those asserts are already present in the compat code. Use the same
mechanism to prevent users from expecting futex arguments to be used
when they are in fact discarded.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: I4e69d240c6f07da471e6af083854440c060ef53b
---
 include/urcu/futex.h | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/include/urcu/futex.h b/include/urcu/futex.h
index b219835..f4c115a 100644
--- a/include/urcu/futex.h
+++ b/include/urcu/futex.h
@@ -25,6 +25,7 @@
 #include <errno.h>
 #include <urcu/compiler.h>
 #include <urcu/arch.h>
+#include <urcu/assert.h>
 
 #elif defined(__FreeBSD__)
 
@@ -71,8 +72,7 @@ extern int compat_futex_async(int32_t *uaddr, int op, int32_t val,
 static inline int futex(int32_t *uaddr, int op, int32_t val,
 		const struct timespec *timeout, int32_t *uaddr2, int32_t val3)
 {
-	return syscall(__NR_futex, uaddr, op, val, timeout,
-			uaddr2, val3);
+	return syscall(__NR_futex, uaddr, op, val, timeout, uaddr2, val3);
 }
 
 static inline int futex_noasync(int32_t *uaddr, int op, int32_t val,
@@ -114,9 +114,7 @@ static inline int futex_async(int32_t *uaddr, int op, int32_t val,
 #elif defined(__FreeBSD__)
 
 static inline int futex_async(int32_t *uaddr, int op, int32_t val,
-		const struct timespec *timeout,
-		int32_t *uaddr2 __attribute__((unused)),
-		int32_t val3 __attribute__((unused)))
+		const struct timespec *timeout, int32_t *uaddr2, int32_t val3)
 {
 	int umtx_op;
 	void *umtx_uaddr = NULL, *umtx_uaddr2 = NULL;
@@ -125,6 +123,13 @@ static inline int futex_async(int32_t *uaddr, int op, int32_t val,
 		._clockid = CLOCK_MONOTONIC,
 	};
 
+	/*
+	 * Check if NULL or zero. Don't let users expect that they are
+	 * taken into account.
+	 */
+	urcu_posix_assert(!uaddr2);
+	urcu_posix_assert(!val3);
+
 	switch (op) {
 	case FUTEX_WAIT:
 		/* On FreeBSD, a "u_int" is a 32-bit integer. */
@@ -160,6 +165,12 @@ static inline int futex_noasync(int32_t *uaddr, int op, int32_t val,
 {
 	int ret;
 
+	/*
+	 * Check that val3 is zero. Don't let users expect that it is
+	 * taken into account.
+	 */
+	urcu_posix_assert(!val3);
+
 	ret = futex((volatile uint32_t *) uaddr, op, val, timeout,
 		(volatile uint32_t *) uaddr2);
 	if (caa_unlikely(ret < 0 && errno == ENOSYS)) {
@@ -174,6 +185,12 @@ static inline int futex_async(int32_t *uaddr, int op, int32_t val,
 {
 	int ret;
 
+	/*
+	 * Check that val3 is zero. Don't let users expect that it is
+	 * taken into account.
+	 */
+	urcu_posix_assert(!val3);
+
 	ret = futex((volatile uint32_t *) uaddr, op, val, timeout,
 		(volatile uint32_t *) uaddr2);
 	if (caa_unlikely(ret < 0 && errno == ENOSYS)) {
-- 
2.34.1