fix race condition in pthread_kill
if thread id was reused by the kernel between the time pthread_kill read it from the userspace pthread_t object and the time of the tgkill syscall, a signal could be sent to the wrong thread. the tgkill syscall was supposed to prevent this race (versus the old tkill syscall) but it can't; it can only help in the case where the tid is reused in a different process, but not when the tid is reused in the same process. the only solution i can see is an extra lock to prevent threads from exiting while another thread is trying to pthread_kill them. it should be very very cheap in the non-contended case.
diff --git a/src/internal/pthread_impl.h b/src/internal/pthread_impl.h
index 12f8ccfc..2089c857 100644
--- a/src/internal/pthread_impl.h
+++ b/src/internal/pthread_impl.h
@@ -46,6 +46,7 @@ struct pthread {
int unblock_cancel;
int delete_timer;
locale_t locale;
+ int killlock;
struct __timer {
diff --git a/src/thread/pthread_create.c b/src/thread/pthread_create.c
index c856c581..d60c2a4d 100644
--- a/src/thread/pthread_create.c
+++ b/src/thread/pthread_create.c
@@ -27,7 +27,9 @@ void __pthread_unwind_next(struct __ptcb *cb)
/* Mark this thread dead before decrementing count */
+ __lock(&self->killlock);
self->dead = 1;
+ a_store(&self->killlock, 0);
do n = libc.threads_minus_1;
while (n && a_cas(&libc.threads_minus_1, n, n-1)!=n);
diff --git a/src/thread/pthread_kill.c b/src/thread/pthread_kill.c
index 36e9b6da..a24ecc20 100644
--- a/src/thread/pthread_kill.c
+++ b/src/thread/pthread_kill.c
@@ -2,5 +2,9 @@
int pthread_kill(pthread_t t, int sig)
- return -__syscall(SYS_tgkill, t->pid, t->tid, sig);
+ int r;
+ __lock(&t->killlock);
+ r = t->dead ? ESRCH : -__syscall(SYS_tgkill, t->pid, t->tid, sig);
+ a_store(&t->killlock, 0);
+ return r;