Change epoll's timeout to Option<&Timespec>. (#1324)

This eliminates the last place in rustix's public API that exposed a
time value as a `c_int` milliseconds.

On Linux, the syscall needed to pass a full timespec is only available
on Linux >= 5.11, so add a "linux_5_11" cargo feature to enable it.

Author: sunfishcode

Cargo.toml

@@ -208,11 +208,14 @@ use-explicitly-provided-auxv = []
 
 # OS compatibility features
 
-# Optimize for Linux 4.11 or later
+# Specialize for Linux 4.11 or later
 linux_4_11 = []
 
-# Enable all optimizations for the latest Linux versions.
-linux_latest = ["linux_4_11"]
+# Specialize for Linux 5.11 or later
+linux_5_11 = ["linux_4_11"]
+
+# Enable all specializations for the latest Linux versions.
+linux_latest = ["linux_5_11"]
 
 # Enable features which depend on the Rust global allocator, such as functions
 # that return owned strings or `Vec`s.

src/backend/libc/event/syscalls.rs

@@ -200,21 +200,7 @@ pub(crate) fn poll(fds: &mut [PollFd<'_>], timeout: Option<&Timespec>) -> io::Re
     {
         let timeout = match timeout {
             None => -1,
-            Some(timeout) => {
-                // Convert from `Timespec` to `c_int` milliseconds.
-                let secs = timeout.tv_sec;
-                if secs < 0 {
-                    return Err(io::Errno::INVAL);
-                }
-                secs.checked_mul(1000)
-                    .and_then(|millis| {
-                        // Add the nanoseconds, converted to millis, rounding
-                        // up. With Rust 1.73.0 this can use `div_ceil`.
-                        millis.checked_add((i64::from(timeout.tv_nsec) + 999_999) / 1_000_000)
-                    })
-                    .and_then(|millis| c::c_int::try_from(millis).ok())
-                    .ok_or(io::Errno::INVAL)?
-            }
+            Some(timeout) => timeout.as_c_int_millis().ok_or(io::Errno::INVAL)?,
         };
         ret_c_int(unsafe { c::poll(fds.as_mut_ptr().cast(), nfds, timeout) })
             .map(|nready| nready as usize)
@@ -531,9 +517,72 @@ pub(crate) fn epoll_del(epoll: BorrowedFd<'_>, source: BorrowedFd<'_>) -> io::Re
 pub(crate) fn epoll_wait(
     epoll: BorrowedFd<'_>,
     events: &mut [MaybeUninit<crate::event::epoll::Event>],
-    timeout: c::c_int,
+    timeout: Option<&Timespec>,
 ) -> io::Result<usize> {
+    // If we're on Linux >= 5.11 and a libc that has an `epoll_pwait2`
+    // function, and it's y2038-safe, use it.
+    #[cfg(all(
+        linux_kernel,
+        feature = "linux_5_11",
+        target_env = "gnu",
+        not(fix_y2038)
+    ))]
+    unsafe {
+        weak! {
+            fn epoll_pwait2(
+                c::c_int,
+                *mut c::epoll_event,
+                c::c_int,
+                *const c::timespec,
+                *const c::sigset_t
+            ) -> c::c_int
+        }
+
+        if let Some(epoll_pwait2_func) = epoll_pwait2.get() {
+            return ret_u32(epoll_pwait2_func(
+                borrowed_fd(epoll),
+                events.as_mut_ptr().cast::<c::epoll_event>(),
+                events.len().try_into().unwrap_or(i32::MAX),
+                crate::utils::option_as_ptr(timeout).cast(),
+                null(),
+            ))
+            .map(|i| i as usize);
+        }
+    }
+
+    // If we're on Linux >= 5.11, use `epoll_pwait2` via `libc::syscall`.
+    #[cfg(all(linux_kernel, feature = "linux_5_11"))]
     unsafe {
+        use linux_raw_sys::general::__kernel_timespec as timespec;
+
+        syscall! {
+            fn epoll_pwait2(
+                epfd: c::c_int,
+                events: *mut c::epoll_event,
+                maxevents: c::c_int,
+                timeout: *const timespec,
+                sigmask: *const c::sigset_t
+            ) via SYS_epoll_pwait2 -> c::c_int
+        }
+
+        ret_u32(epoll_pwait2(
+            borrowed_fd(epoll),
+            events.as_mut_ptr().cast::<c::epoll_event>(),
+            events.len().try_into().unwrap_or(i32::MAX),
+            crate::utils::option_as_ptr(timeout).cast(),
+            null(),
+        ))
+        .map(|i| i as usize)
+    }
+
+    // Othewise just use `epoll_wait`.
+    #[cfg(not(all(linux_kernel, feature = "linux_5_11")))]
+    unsafe {
+        let timeout = match timeout {
+            None => -1,
+            Some(timeout) => timeout.as_c_int_millis().ok_or(io::Errno::INVAL)?,
+        };
+
         ret_u32(c::epoll_wait(
             borrowed_fd(epoll),
             events.as_mut_ptr().cast::<c::epoll_event>(),

src/backend/libc/event/windows_syscalls.rs

@@ -13,21 +13,7 @@ pub(crate) fn poll(fds: &mut [PollFd<'_>], timeout: Option<&Timespec>) -> io::Re
 
     let timeout = match timeout {
         None => -1,
-        Some(timeout) => {
-            // Convert from `Timespec` to `c_int` milliseconds.
-            let secs = timeout.tv_sec;
-            if secs < 0 {
-                return Err(io::Errno::INVAL);
-            }
-            secs.checked_mul(1000)
-                .and_then(|millis| {
-                    // Add the nanoseconds, converted to millis, rounding up.
-                    // With Rust 1.73.0 this can use `div_ceil`.
-                    millis.checked_add((i64::from(timeout.tv_nsec) + 999_999) / 1_000_000)
-                })
-                .and_then(|millis| c::c_int::try_from(millis).ok())
-                .ok_or(io::Errno::INVAL)?
-        }
+        Some(timeout) => timeout.as_c_int_millis().ok_or(io::Errno::INVAL)?,
     };
 
     ret_c_int(unsafe { c::poll(fds.as_mut_ptr().cast(), nfds, timeout) })

src/backend/libc/fs/syscalls.rs

@@ -2009,7 +2009,7 @@ pub(crate) fn statx(
     }
 }
 
-#[cfg(linux_kernel)]
+#[cfg(all(linux_kernel, not(feature = "linux_4_11")))]
 #[inline]
 pub(crate) fn is_statx_available() -> bool {
     unsafe {

src/backend/linux_raw/event/syscalls.rs

@@ -5,16 +5,16 @@
 //! See the `rustix::backend` module documentation for details.
 #![allow(unsafe_code, clippy::undocumented_unsafe_blocks)]
 
-#[cfg(feature = "alloc")]
-use crate::backend::c;
 use crate::backend::conv::{
     by_ref, c_int, c_uint, opt_ref, ret, ret_c_int, ret_error, ret_owned_fd, ret_usize, size_of,
     slice_mut, zero,
 };
 use crate::event::{epoll, EventfdFlags, FdSetElement, PollFd, Timespec};
 use crate::fd::{BorrowedFd, OwnedFd};
 use crate::io;
-use crate::utils::{as_mut_ptr, option_as_ptr};
+use crate::utils::as_mut_ptr;
+#[cfg(feature = "linux_5_11")]
+use crate::utils::option_as_ptr;
 #[cfg(feature = "alloc")]
 use core::mem::MaybeUninit;
 use core::ptr::null_mut;
@@ -24,14 +24,12 @@ use linux_raw_sys::general::{kernel_sigset_t, EPOLL_CTL_ADD, EPOLL_CTL_DEL, EPOL
 pub(crate) fn poll(fds: &mut [PollFd<'_>], timeout: Option<&Timespec>) -> io::Result<usize> {
     let (fds_addr_mut, fds_len) = slice_mut(fds);
 
-    let timeout = option_as_ptr(timeout);
-
     unsafe {
         ret_usize(syscall!(
             __NR_ppoll,
             fds_addr_mut,
             fds_len,
-            opt_ref(timeout.as_ref()),
+            opt_ref(timeout),
             zero(),
             size_of::<kernel_sigset_t, _>()
         ))
@@ -181,33 +179,53 @@ pub(crate) fn epoll_del(epfd: BorrowedFd<'_>, fd: BorrowedFd<'_>) -> io::Result<
 pub(crate) fn epoll_wait(
     epfd: BorrowedFd<'_>,
     events: &mut [MaybeUninit<crate::event::epoll::Event>],
-    timeout: c::c_int,
+    timeout: Option<&Timespec>,
 ) -> io::Result<usize> {
     let (buf_addr_mut, buf_len) = slice_mut(events);
-    // SAFETY: `__NR_epoll_wait` doesn't access any user memory outside of
-    // the `events` array.
-    #[cfg(not(any(target_arch = "aarch64", target_arch = "riscv64")))]
-    unsafe {
-        ret_usize(syscall!(
-            __NR_epoll_wait,
-            epfd,
-            buf_addr_mut,
-            buf_len,
-            c_int(timeout)
-        ))
+
+    // If we have Linux 5.11, use `epoll_pwait2`, which takes a `timespec`.
+    #[cfg(feature = "linux_5_11")]
+    {
+        let timeout = option_as_ptr(timeout);
+
+        // SAFETY: `__NR_epoll_pwait2` doesn't access any user memory outside of
+        // the `events` array, as we don't pass it a `sigmask`.
+        unsafe {
+            ret_usize(syscall!(
+                __NR_epoll_pwait2,
+                epfd,
+                buf_addr_mut,
+                buf_len,
+                timeout,
+                zero()
+            ))
+        }
     }
-    // SAFETY: `__NR_epoll_pwait` doesn't access any user memory outside of
-    // the `events` array, as we don't pass it a `sigmask`.
-    #[cfg(any(target_arch = "aarch64", target_arch = "riscv64"))]
-    unsafe {
-        ret_usize(syscall!(
-            __NR_epoll_pwait,
-            epfd,
-            buf_addr_mut,
-            buf_len,
-            c_int(timeout),
-            zero()
-        ))
+
+    // If we don't have Linux 5.11, use `epoll_pwait`, which takes a `c_int`.
+    //
+    // We do this unconditionally, rather than trying `epoll_pwait2` and
+    // falling back on `Errno::NOSYS`, because seccomp configurations will
+    // sometimes abort the process on syscalls they don't recognize.
+    #[cfg(not(feature = "linux_5_11"))]
+    {
+        let timeout = match timeout {
+            None => -1,
+            Some(timeout) => timeout.as_c_int_millis().ok_or(io::Errno::INVAL)?,
+        };
+
+        // SAFETY: `__NR_epoll_pwait` doesn't access any user memory outside of
+        // the `events` array, as we don't pass it a `sigmask`.
+        unsafe {
+            ret_usize(syscall!(
+                __NR_epoll_pwait,
+                epfd,
+                buf_addr_mut,
+                buf_len,
+                c_int(timeout),
+                zero()
+            ))
+        }
     }
 }
 

src/event/epoll.rs

@@ -38,7 +38,7 @@
 //! // Process events.
 //! let mut event_list = Vec::with_capacity(4);
 //! loop {
-//!     epoll::wait(&epoll, &mut event_list, -1)?;
+//!     epoll::wait(&epoll, &mut event_list, None)?;
 //!     for event in &event_list {
 //!         let target = event.data;
 //!         if target.u64() == 1 {
@@ -78,6 +78,8 @@ use crate::backend::event::syscalls;
 use crate::fd::{AsFd, OwnedFd};
 use crate::io;
 #[cfg(feature = "alloc")]
+use crate::timespec::Timespec;
+#[cfg(feature = "alloc")]
 use alloc::vec::Vec;
 use core::ffi::c_void;
 use core::hash::{Hash, Hasher};
@@ -190,6 +192,12 @@ pub fn delete<EpollFd: AsFd, SourceFd: AsFd>(epoll: EpollFd, source: SourceFd) -
 /// For each event of interest, an element is written to `events`. On
 /// success, this returns the number of written elements.
 ///
+/// Linux versions older than 5.11 (those that don't support `epoll_pwait2`)
+/// don't support timeouts greater than `c_int::MAX` milliseconds; if an
+/// unsupported timeout is passed, this function fails with
+/// [`io::Errno::INVAL`]. Enable the "linux_5_11" feature to enable the full
+/// range of timeouts.
+///
 /// # References
 ///  - [Linux]
 ///  - [illumos]
@@ -202,7 +210,7 @@ pub fn delete<EpollFd: AsFd, SourceFd: AsFd>(epoll: EpollFd, source: SourceFd) -
 pub fn wait<EpollFd: AsFd>(
     epoll: EpollFd,
     event_list: &mut Vec<Event>,
-    timeout: crate::ffi::c_int,
+    timeout: Option<&Timespec>,
 ) -> io::Result<()> {
     // SAFETY: We're calling `epoll_wait` via FFI and we know how it
     // behaves.

src/timespec.rs

@@ -7,7 +7,6 @@ use core::num::TryFromIntError;
 use core::ops::{Add, AddAssign, Neg, Sub, SubAssign};
 use core::time::Duration;
 
-#[cfg(not(fix_y2038))]
 use crate::backend::c;
 #[allow(unused)]
 use crate::ffi;
@@ -128,6 +127,21 @@ impl Timespec {
             None
         }
     }
+
+    /// Convert from `Timespec` to `c::c_int` milliseconds, rounded up.
+    pub(crate) fn as_c_int_millis(&self) -> Option<c::c_int> {
+        let secs = self.tv_sec;
+        if secs < 0 {
+            return None;
+        }
+        secs.checked_mul(1000)
+            .and_then(|millis| {
+                // Add the nanoseconds, converted to millis, rounding
+                // up. With Rust 1.73.0 this can use `div_ceil`.
+                millis.checked_add((i64::from(self.tv_nsec) + 999_999) / 1_000_000)
+            })
+            .and_then(|millis| c::c_int::try_from(millis).ok())
+    }
 }
 
 impl TryFrom<Timespec> for Duration {

tests/event/epoll.rs

@@ -40,7 +40,7 @@ fn server(ready: Arc<(Mutex<u16>, Condvar)>) {
 
     let mut event_list = Vec::with_capacity(4);
     loop {
-        epoll::wait(&epoll, &mut event_list, -1).unwrap();
+        epoll::wait(&epoll, &mut event_list, None).unwrap();
         for event in &event_list {
             let target = event.data;
             if target.u64() == 1 {

tests/event/epoll_timeout.rs

@@ -0,0 +1,25 @@
+use rustix::event::{epoll, Timespec};
+use std::time::Instant;
+
+#[test]
+fn epoll_timeout() {
+    let epoll_fd = epoll::create(epoll::CreateFlags::CLOEXEC).unwrap();
+
+    let start = Instant::now();
+    let mut events = Vec::with_capacity(1);
+    epoll::wait(
+        &epoll_fd,
+        &mut events,
+        Some(&Timespec {
+            tv_sec: 0,
+            tv_nsec: 1_000_000,
+        }),
+    )
+    .unwrap();
+
+    let duration = start.elapsed();
+
+    assert!(
+        duration.as_secs() > 0 || (duration.as_secs() == 0 && duration.subsec_nanos() >= 1_000_000)
+    );
+}

tests/event/main.rs

@@ -6,6 +6,10 @@
 #[cfg(feature = "net")]
 #[cfg(any(linux_kernel, target_os = "illumos", target_os = "redox"))]
 mod epoll;
+#[cfg(not(feature = "rustc-dep-of-std"))] // TODO
+#[cfg(feature = "net")]
+#[cfg(any(linux_kernel, target_os = "illumos", target_os = "redox"))]
+mod epoll_timeout;
 #[cfg(not(windows))]
 #[cfg(not(target_os = "wasi"))]
 mod eventfd;