mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-03-29 19:22:28 +01:00
8f3ab9a1b1
ce893c0497fc9b8ab9752153dfcc77c9f427545e doc: Update developer notes (Anthony Towns)
d2852917eecad6ab422a7b2c9892d351a7f0cc96 sync.h: Imply negative assertions when calling LOCK (Anthony Towns)
bba87c0553780eacf0317fbfec7330ea27aa02f8 scripted-diff: Convert global Mutexes to GlobalMutexes (Anthony Towns)
a559509a0b8cade27199740212d7b589f71a0e3b sync.h: Add GlobalMutex type (Anthony Towns)
be6aa72f9f8d50b6b5b19b319a74abe7ab4099ff qt/clientmodel: thread safety annotation for m_cached_tip_mutex (Anthony Towns)
f24bd45b37e1b2d19e5a053dbfefa30306c1d41a net_processing: thread safety annotation for m_tx_relay_mutex (Anthony Towns)
Pull request description:
This changes `LOCK(mutex)` for non-global, non-recursive mutexes to be annotated with the negative capability for the mutex it refers to, to prevent . clang applies negative capabilities recursively, so this helps avoid forgetting to annotate functions.
This can't reasonably be used for globals, because clang would require every function to be annotated with `EXCLUSIVE_LOCKS_REQUIRED(!g_mutex)` for each global mutex; so this introduces a trivial `GlobalMutex` subclass of `Mutex`, and reduces the annotations for both `GlobalMutex` to `LOCKS_EXCLUDED` which only catches trivial errors (eg (`LOCK(x); LOCK(x);`).
ACKs for top commit:
MarcoFalke:
review ACK ce893c0497fc9b8ab9752153dfcc77c9f427545e 🐦
hebasto:
ACK ce893c0497fc9b8ab9752153dfcc77c9f427545e
Tree-SHA512: 5c35e8c7677ce3d994a7e3774f4344adad496223a51b3a1d1d3b5f20684b2e1d5cff688eb3fbc8d33e1b9940dfa76e515f9434e21de6f3ce3c935e29a319f529
121 lines
4.2 KiB
C++
121 lines
4.2 KiB
C++
// Copyright (c) 2014-2021 The Bitcoin Core developers
|
|
// Distributed under the MIT software license, see the accompanying
|
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
#if defined(HAVE_CONFIG_H)
|
|
#include <config/bitcoin-config.h>
|
|
#endif
|
|
|
|
#include <timedata.h>
|
|
|
|
#include <netaddress.h>
|
|
#include <node/ui_interface.h>
|
|
#include <sync.h>
|
|
#include <tinyformat.h>
|
|
#include <util/system.h>
|
|
#include <util/translation.h>
|
|
#include <warnings.h>
|
|
|
|
static GlobalMutex g_timeoffset_mutex;
|
|
static int64_t nTimeOffset GUARDED_BY(g_timeoffset_mutex) = 0;
|
|
|
|
/**
|
|
* "Never go to sea with two chronometers; take one or three."
|
|
* Our three time sources are:
|
|
* - System clock
|
|
* - Median of other nodes clocks
|
|
* - The user (asking the user to fix the system clock if the first two disagree)
|
|
*/
|
|
int64_t GetTimeOffset()
|
|
{
|
|
LOCK(g_timeoffset_mutex);
|
|
return nTimeOffset;
|
|
}
|
|
|
|
int64_t GetAdjustedTime()
|
|
{
|
|
return GetTime() + GetTimeOffset();
|
|
}
|
|
|
|
#define BITCOIN_TIMEDATA_MAX_SAMPLES 200
|
|
|
|
static std::set<CNetAddr> g_sources;
|
|
static CMedianFilter<int64_t> g_time_offsets{BITCOIN_TIMEDATA_MAX_SAMPLES, 0};
|
|
static bool g_warning_emitted;
|
|
|
|
void AddTimeData(const CNetAddr& ip, int64_t nOffsetSample)
|
|
{
|
|
LOCK(g_timeoffset_mutex);
|
|
// Ignore duplicates
|
|
if (g_sources.size() == BITCOIN_TIMEDATA_MAX_SAMPLES)
|
|
return;
|
|
if (!g_sources.insert(ip).second)
|
|
return;
|
|
|
|
// Add data
|
|
g_time_offsets.input(nOffsetSample);
|
|
LogPrint(BCLog::NET, "added time data, samples %d, offset %+d (%+d minutes)\n", g_time_offsets.size(), nOffsetSample, nOffsetSample / 60);
|
|
|
|
// There is a known issue here (see issue #4521):
|
|
//
|
|
// - The structure g_time_offsets contains up to 200 elements, after which
|
|
// any new element added to it will not increase its size, replacing the
|
|
// oldest element.
|
|
//
|
|
// - The condition to update nTimeOffset includes checking whether the
|
|
// number of elements in g_time_offsets is odd, which will never happen after
|
|
// there are 200 elements.
|
|
//
|
|
// But in this case the 'bug' is protective against some attacks, and may
|
|
// actually explain why we've never seen attacks which manipulate the
|
|
// clock offset.
|
|
//
|
|
// So we should hold off on fixing this and clean it up as part of
|
|
// a timing cleanup that strengthens it in a number of other ways.
|
|
//
|
|
if (g_time_offsets.size() >= 5 && g_time_offsets.size() % 2 == 1) {
|
|
int64_t nMedian = g_time_offsets.median();
|
|
std::vector<int64_t> vSorted = g_time_offsets.sorted();
|
|
// Only let other nodes change our time by so much
|
|
int64_t max_adjustment = std::max<int64_t>(0, gArgs.GetIntArg("-maxtimeadjustment", DEFAULT_MAX_TIME_ADJUSTMENT));
|
|
if (nMedian >= -max_adjustment && nMedian <= max_adjustment) {
|
|
nTimeOffset = nMedian;
|
|
} else {
|
|
nTimeOffset = 0;
|
|
|
|
if (!g_warning_emitted) {
|
|
// If nobody has a time different than ours but within 5 minutes of ours, give a warning
|
|
bool fMatch = false;
|
|
for (const int64_t nOffset : vSorted) {
|
|
if (nOffset != 0 && nOffset > -5 * 60 && nOffset < 5 * 60) fMatch = true;
|
|
}
|
|
|
|
if (!fMatch) {
|
|
g_warning_emitted = true;
|
|
bilingual_str strMessage = strprintf(_("Please check that your computer's date and time are correct! If your clock is wrong, %s will not work properly."), PACKAGE_NAME);
|
|
SetMiscWarning(strMessage);
|
|
uiInterface.ThreadSafeMessageBox(strMessage, "", CClientUIInterface::MSG_WARNING);
|
|
}
|
|
}
|
|
}
|
|
|
|
if (LogAcceptCategory(BCLog::NET, BCLog::Level::Debug)) {
|
|
std::string log_message{"time data samples: "};
|
|
for (const int64_t n : vSorted) {
|
|
log_message += strprintf("%+d ", n);
|
|
}
|
|
log_message += strprintf("| median offset = %+d (%+d minutes)", nTimeOffset, nTimeOffset / 60);
|
|
LogPrint(BCLog::NET, "%s\n", log_message);
|
|
}
|
|
}
|
|
}
|
|
|
|
void TestOnlyResetTimeData()
|
|
{
|
|
LOCK(g_timeoffset_mutex);
|
|
nTimeOffset = 0;
|
|
g_sources.clear();
|
|
g_time_offsets = CMedianFilter<int64_t>{BITCOIN_TIMEDATA_MAX_SAMPLES, 0};
|
|
g_warning_emitted = false;
|
|
}
|