lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-12-24 17:51:17 +03:00
Code Activity

powerpc: Fix write-after-destroy in lock elision [BZ #20822]

Browse Source 
The update of *adapt_count after the release of the lock causes a race
condition when thread A unlocks, thread B continues and destroys the
mutex, and thread A writes to *adapt_count.
This commit is contained in:
Tulio Magno Quites Machado Filho
2017-01-03 17:16:02 -02:00
parent daaff5cc79
commit e9a96ea1ac
4 changed files with 33 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
sysdeps/unix/sysv/linux/powerpc/elision-trylock.c
View File

@@ -34,7 +34,7 @@ __lll_trylock_elision (int *futex, short *adapt_count)
__libc_tabort (_ABORT_NESTED_TRYLOCK);
/* Only try a transaction if it's worth it. */
if (*adapt_count > 0)
if (atomic_load_relaxed (adapt_count) > 0)
{
goto use_lock;
}
@@ -49,7 +49,7 @@ __lll_trylock_elision (int *futex, short *adapt_count)
__libc_tend (0);
if (aconf.skip_lock_busy > 0)
*adapt_count = aconf.skip_lock_busy;
atomic_store_relaxed (adapt_count, aconf.skip_lock_busy);
}
else
{
@@ -59,7 +59,8 @@ __lll_trylock_elision (int *futex, short *adapt_count)
result in another failure. Use normal locking now and
for the next couple of calls. */
if (aconf.skip_trylock_internal_abort > 0)
*adapt_count = aconf.skip_trylock_internal_abort;
atomic_store_relaxed (adapt_count,
aconf.skip_trylock_internal_abort);
}
}