fix data race between new pthread_key_delete and dtor execution

access to clear the entry in each thread's tsd array for the key being deleted was not synchronized with __pthread_tsd_run_dtors. I probably made this mistake from a mistaken belief that the thread list lock was held during the latter, which of course is not possible since it executes application code in a still-live-thread context. while we're at it, expand the interval during which signals are blocked to cover taking the write lock on key_lock, so that a signal at an inopportune time doesn't block forward progress of readers.
author: Rich Felker <dalias@aerifal.cx> 2019-02-17 21:46:14 -0500
committer: Rich Felker <dalias@aerifal.cx> 2019-02-17 21:46:14 -0500
commit: 805288929fdf511b4044cf07c59e02e2eaa9c546 (patch)
tree: fdd2cdfdea58d6b153923f2d7028e5e5e3ca8a5b /src
parent: 639bcf251e549f634da9a3e7ef8528eb2ec12505 (diff)
download: musl-805288929fdf511b4044cf07c59e02e2eaa9c546.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/src/thread/pthread_key_create.c b/src/thread/pthread_key_create.c
index dc20cc3f..210605c6 100644
--- a/src/thread/pthread_key_create.c
+++ b/src/thread/pthread_key_create.c
@@ -51,15 +51,17 @@ int __pthread_key_delete(pthread_key_t k)
 	pthread_t self = __pthread_self(), td=self;
 
 	__block_app_sigs(&set);
+	__pthread_rwlock_wrlock(&key_lock);
+
 	__tl_lock();
 	do td->tsd[k] = 0;
 	while ((td=td->next)!=self);
 	__tl_unlock();
-	__restore_sigs(&set);
 
-	__pthread_rwlock_wrlock(&key_lock);
 	keys[k] = 0;
+
 	__pthread_rwlock_unlock(&key_lock);
+	__restore_sigs(&set);
 
 	return 0;
 }
author	Rich Felker <dalias@aerifal.cx>	2019-02-17 21:46:14 -0500
committer	Rich Felker <dalias@aerifal.cx>	2019-02-17 21:46:14 -0500
commit	805288929fdf511b4044cf07c59e02e2eaa9c546 (patch)
tree	fdd2cdfdea58d6b153923f2d7028e5e5e3ca8a5b /src
parent	639bcf251e549f634da9a3e7ef8528eb2ec12505 (diff)
download	musl-805288929fdf511b4044cf07c59e02e2eaa9c546.tar.gz