From c68de0be2fb649f91b31080224fb6e48084eaaee Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Tue, 2 Aug 2011 20:31:15 -0400 Subject: avoid accessing mutex memory after atomic unlock this change is needed to fix a race condition and ensure that it's possible to unlock and destroy or unmap the mutex as soon as pthread_mutex_lock succeeds. POSIX explicitly gives such an example in the rationale and requires an implementation to allow such usage. --- src/thread/pthread_mutex_timedlock.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'src/thread/pthread_mutex_timedlock.c') diff --git a/src/thread/pthread_mutex_timedlock.c b/src/thread/pthread_mutex_timedlock.c index f1c3eed7..ae1e2c31 100644 --- a/src/thread/pthread_mutex_timedlock.c +++ b/src/thread/pthread_mutex_timedlock.c @@ -2,15 +2,23 @@ int pthread_mutex_timedlock(pthread_mutex_t *m, const struct timespec *at) { - int r, w=0; + int r, t; + + if (m->_m_type == PTHREAD_MUTEX_NORMAL && !a_cas(&m->_m_lock, 0, EBUSY)) + return 0; + while ((r=pthread_mutex_trylock(m)) == EBUSY) { if (!(r=m->_m_lock) || (r&0x40000000)) continue; - if (!w) a_inc(&m->_m_waiters), w++; - if (__timedwait(&m->_m_lock, r, CLOCK_REALTIME, at, 0) == ETIMEDOUT) { - if (w) a_dec(&m->_m_waiters); - return ETIMEDOUT; - } + if ((m->_m_type&3) == PTHREAD_MUTEX_ERRORCHECK + && (r&0x1fffffff) == pthread_self()->tid) + return EDEADLK; + + a_inc(&m->_m_waiters); + t = r | 0x80000000; + a_cas(&m->_m_lock, r, t); + r = __timedwait(&m->_m_lock, t, CLOCK_REALTIME, at, 0); + a_dec(&m->_m_waiters); + if (r && r != EINTR) break; } - if (w) a_dec(&m->_m_waiters); return r; } -- cgit v1.2.1