Message ID | 20180827180416.CA55340483626@oldenburg.str.redhat.com |
---|---|
State | New |
Headers | show |
Series | pthread_cond_broadcast: Fix waiters-after-spinning case [BZ #23538] | expand |
* Florian Weimer: > From: Martin Kuchta <martin.kuchta@netapp.com> > > (cherry picked from commit 99ea93ca31795469d2a1f1570f17a5c39c2eb7e2) > > 2018-08-27 Martin Kuchta <martin.kuchta@netapp.com> > Torvald Riegel <triegel@redhat.com> > > [BZ #23538] > * nptl/pthread_cond_common.c (__condvar_quiesce_and_switch_g1): > Update r to include the set wake-request flag if waiters are > remaining after spinning. > > diff --git a/NEWS b/NEWS > index dafec5d82d..abe90d1422 100644 > --- a/NEWS > +++ b/NEWS > @@ -84,6 +84,7 @@ The following bugs are resolved with this release: > [22685] powerpc: Fix syscalls during early process initialization > [22715] x86-64: Properly align La_x86_64_retval to VEC_SIZE > [22774] malloc: Integer overflow in malloc (CVE-2018-6551) > + [23538] pthread_cond_broadcast: Fix waiters-after-spinning case > > Version 2.25 Sorry, script malfunction. This should have gone to libc-stable as a committed patch.
diff --git a/NEWS b/NEWS index dafec5d82d..abe90d1422 100644 --- a/NEWS +++ b/NEWS @@ -84,6 +84,7 @@ The following bugs are resolved with this release: [22685] powerpc: Fix syscalls during early process initialization [22715] x86-64: Properly align La_x86_64_retval to VEC_SIZE [22774] malloc: Integer overflow in malloc (CVE-2018-6551) + [23538] pthread_cond_broadcast: Fix waiters-after-spinning case Version 2.25 diff --git a/nptl/pthread_cond_common.c b/nptl/pthread_cond_common.c index 7c63ef9b89..886f0abcb3 100644 --- a/nptl/pthread_cond_common.c +++ b/nptl/pthread_cond_common.c @@ -406,8 +406,12 @@ __condvar_quiesce_and_switch_g1 (pthread_cond_t *cond, uint64_t wseq, { /* There is still a waiter after spinning. Set the wake-request flag and block. Relaxed MO is fine because this is just about - this futex word. */ - r = atomic_fetch_or_relaxed (cond->__data.__g_refs + g1, 1); + this futex word. + + Update r to include the set wake-request flag so that the upcoming + futex_wait only blocks if the flag is still set (otherwise, we'd + violate the basic client-side futex protocol). */ + r = atomic_fetch_or_relaxed (cond->__data.__g_refs + g1, 1) | 1; if ((r >> 1) > 0) futex_wait_simple (cond->__data.__g_refs + g1, r, private);
From: Martin Kuchta <martin.kuchta@netapp.com> (cherry picked from commit 99ea93ca31795469d2a1f1570f17a5c39c2eb7e2) 2018-08-27 Martin Kuchta <martin.kuchta@netapp.com> Torvald Riegel <triegel@redhat.com> [BZ #23538] * nptl/pthread_cond_common.c (__condvar_quiesce_and_switch_g1): Update r to include the set wake-request flag if waiters are remaining after spinning.