diff options
author | Torvald Riegel <triegel@redhat.com> | 2015-07-14 21:58:34 +0200 |
---|---|---|
committer | Torvald Riegel <triegel@redhat.com> | 2015-12-23 18:44:53 +0100 |
commit | 389fdf78b2e606387ce9d51f29e5c0a22ad9ad2a (patch) | |
tree | 3c665e20903d53ded06618a794b10d0d28292cc9 /sysdeps/nptl/lowlevellock.h | |
parent | 7962541a32eff5597bc4207e781cfac8d1bb0d87 (diff) | |
download | glibc-389fdf78b2e606387ce9d51f29e5c0a22ad9ad2a.tar.gz glibc-389fdf78b2e606387ce9d51f29e5c0a22ad9ad2a.tar.xz glibc-389fdf78b2e606387ce9d51f29e5c0a22ad9ad2a.zip |
Do not violate mutex destruction requirements.
POSIX and C++11 require that a thread can destroy a mutex if no other thread owns the mutex, is blocked on the mutex, or will try to acquire it in the future. After destroying the mutex, it can reuse or unmap the underlying memory. Thus, we must not access a mutex' memory after releasing it. Currently, we can load the private flag after releasing the mutex, which is fixed by this patch. See https://sourceware.org/bugzilla/show_bug.cgi?id=13690 for more background. We need to call futex_wake on the lock after releasing it, however. This is by design, and can lead to spurious wake-ups on unrelated futex words (e.g., when the mutex memory is reused for another mutex). This behavior is documented in the glibc-internal futex API and in recent drafts of the Linux kernel's futex documentation (see the draft_futex branch of git://git.kernel.org/pub/scm/docs/man-pages/man-pages.git).
Diffstat (limited to 'sysdeps/nptl/lowlevellock.h')
-rw-r--r-- | sysdeps/nptl/lowlevellock.h | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/sysdeps/nptl/lowlevellock.h b/sysdeps/nptl/lowlevellock.h index 27f41424ea..7d41ef0335 100644 --- a/sysdeps/nptl/lowlevellock.h +++ b/sysdeps/nptl/lowlevellock.h @@ -191,14 +191,21 @@ extern int __lll_robust_timedlock_wait (int *futex, const struct timespec *, that's cast to void. */ /* Unconditionally set FUTEX to 0 (not acquired), releasing the lock. If FUTEX was >1 (acquired, possibly with waiters), then wake any waiters. The waiter - that acquires the lock will set FUTEX to >1. */ + that acquires the lock will set FUTEX to >1. + Evaluate PRIVATE before releasing the lock so that we do not violate the + mutex destruction requirements. Specifically, we need to ensure that + another thread can destroy the mutex (and reuse its memory) once it + acquires the lock and when there will be no further lock acquisitions; + thus, we must not access the lock after releasing it, or those accesses + could be concurrent with mutex destruction or reuse of the memory. */ #define __lll_unlock(futex, private) \ ((void) \ ({ \ int *__futex = (futex); \ + int __private = (private); \ int __oldval = atomic_exchange_rel (__futex, 0); \ if (__glibc_unlikely (__oldval > 1)) \ - lll_futex_wake (__futex, 1, private); \ + lll_futex_wake (__futex, 1, __private); \ })) #define lll_unlock(futex, private) \ __lll_unlock (&(futex), private) @@ -209,14 +216,17 @@ extern int __lll_robust_timedlock_wait (int *futex, const struct timespec *, that's cast to void. */ /* Unconditionally set FUTEX to 0 (not acquired), releasing the lock. If FUTEX had FUTEX_WAITERS set then wake any waiters. The waiter that acquires the - lock will set FUTEX_WAITERS. */ + lock will set FUTEX_WAITERS. + Evaluate PRIVATE before releasing the lock so that we do not violate the + mutex destruction requirements (see __lll_unlock). */ #define __lll_robust_unlock(futex, private) \ ((void) \ ({ \ int *__futex = (futex); \ + int __private = (private); \ int __oldval = atomic_exchange_rel (__futex, 0); \ if (__glibc_unlikely (__oldval & FUTEX_WAITERS)) \ - lll_futex_wake (__futex, 1, private); \ + lll_futex_wake (__futex, 1, __private); \ })) #define lll_robust_unlock(futex, private) \ __lll_robust_unlock (&(futex), private) |