From e803829e6b087c0ed91adc11f87185109bc59b31 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Fri, 20 Sep 2013 02:00:27 -0400 Subject: fix potential deadlock bug in libc-internal locking logic if a multithreaded program became non-multithreaded (i.e. all other threads exited) while one thread held an internal lock, the remaining thread would fail to release the lock. the the program then became multithreaded again at a later time, any further attempts to obtain the lock would deadlock permanently. the underlying cause is that the value of libc.threads_minus_1 at unlock time might not match the value at lock time. one solution would be returning a flag to the caller indicating whether the lock was taken and needs to be unlocked, but there is a simpler solution: using the lock itself as such a flag. note that this flag is not needed anyway for correctness; if the lock is not held, the unlock code is harmless. however, the memory synchronization properties associated with a_store are costly on some archs, so it's best to avoid executing the unlock code when it is unnecessary. --- src/malloc/malloc.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'src/malloc') diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c index 4044eb2a..fb65ab5b 100644 --- a/src/malloc/malloc.c +++ b/src/malloc/malloc.c @@ -64,28 +64,27 @@ static struct { static inline void lock(volatile int *lk) { - if (!libc.threads_minus_1) return; - while(a_swap(lk, 1)) __wait(lk, lk+1, 1, 1); + if (libc.threads_minus_1) + while(a_swap(lk, 1)) __wait(lk, lk+1, 1, 1); } static inline void unlock(volatile int *lk) { - if (!libc.threads_minus_1) return; - a_store(lk, 0); - if (lk[1]) __wake(lk, 1, 1); + if (lk[0]) { + a_store(lk, 0); + if (lk[1]) __wake(lk, 1, 1); + } } static inline void lock_bin(int i) { - if (libc.threads_minus_1) - lock(mal.bins[i].lock); + lock(mal.bins[i].lock); if (!mal.bins[i].head) mal.bins[i].head = mal.bins[i].tail = BIN_TO_CHUNK(i); } static inline void unlock_bin(int i) { - if (!libc.threads_minus_1) return; unlock(mal.bins[i].lock); } -- cgit v1.2.3-70-g09d2