summaryrefslogtreecommitdiff
path: root/src/setjmp/s390x/setjmp.s
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2022-10-05 11:07:52 -0400
committerRich Felker <dalias@aerifal.cx>2022-10-19 14:01:32 -0400
commitd64148a8743ad9ed0594091d2ff141b1e9334d4b (patch)
tree08c424fbd714208272f25a55dc547c0f40c2493a /src/setjmp/s390x/setjmp.s
parent36b72cd6fdfed2cac6b6ff1ed58a96d8265785cf (diff)
downloadmusl-d64148a8743ad9ed0594091d2ff141b1e9334d4b.tar.gz
musl-d64148a8743ad9ed0594091d2ff141b1e9334d4b.tar.bz2
musl-d64148a8743ad9ed0594091d2ff141b1e9334d4b.tar.xz
musl-d64148a8743ad9ed0594091d2ff141b1e9334d4b.zip
fix potential unsynchronized access to killlock state at thread exit
as reported by Alexey Izbyshev, when the second-to-last thread exits causing a return to single-threaded (no locks needed) state, it creates a situation where the last remaining thread may obtain the killlock that's already held by the exiting thread. this means it may erroneously use the tid of the exiting thread, and may corrupt the lock state due to double-unlock. commit 8d81ba8c0bc6fe31136cb15c9c82ef4c24965040, which (re)introduced the switch back to single-threaded state, documents the intent that the first lock after switching back should provide the necessary synchronization. this is correct, but only works if the switch back is made after there is no further need for synchronization with locks (other than the thread list lock, which can't be bypassed) held by the exiting thread. in order to hit the bug, the remaining thread must first take a different lock, causing it to perform an actual lock one last time, consume the need_locks==-1 state, and transition to need_locks==0. after that, the next attempt to lock the exiting thread's killlock will bypass locking. fix this by reordering the unlocking of killlock at thread exit time, along with changes to the state protected by it, to occur earlier, before the switch to single-threaded state. there are really no constraints on where it's done, except that it occur after there is no longer any possibility of application code executing in the exiting thread, so do it as early as possible.
Diffstat (limited to 'src/setjmp/s390x/setjmp.s')
0 files changed, 0 insertions, 0 deletions