diff options
author | Rich Felker <dalias@aerifal.cx> | 2015-04-10 00:26:34 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2015-04-10 00:26:34 -0400 |
commit | 12e1e324683a1d381b7f15dd36c99b37dd44d940 (patch) | |
tree | 1347010df052cd8697558df4ca998d7631ea3312 /WHATSNEW | |
parent | 25748db301c242d36718c6708ffd2b67a456483a (diff) | |
download | musl-12e1e324683a1d381b7f15dd36c99b37dd44d940.tar.gz musl-12e1e324683a1d381b7f15dd36c99b37dd44d940.tar.xz musl-12e1e324683a1d381b7f15dd36c99b37dd44d940.zip |
process robust list in pthread_exit to fix detached thread use-after-unmap
the robust list head lies in the thread structure, which is unmapped before exit for detached threads. this leaves the kernel unable to process the exiting thread's robust list, and with a dangling pointer which may happen to point to new unrelated data at the time the kernel processes it. userspace processing of the robust list was already needed for non-pshared robust mutexes in order to perform private futex wakes rather than the shared ones the kernel would do, but it was conditional on linking pthread_mutexattr_setrobust and did not bother processing the pshared mutexes in the list, which requires additional logic for the robust list pending slot in case pthread_exit is interrupted by asynchronous process termination. the new robust list processing code is linked unconditionally (inlined in pthread_exit), handles both private and shared mutexes, and also removes the kernel's reference to the robust list before unmapping and exit if the exiting thread is detached.
Diffstat (limited to 'WHATSNEW')
0 files changed, 0 insertions, 0 deletions