Re: [PATCH] robust futex thread exit race


On Sun, 30 Sep 2007, Ingo Molnar wrote:
* Martin Schwidefsky <schwidefsky@xxxxxxxxxx> wrote:

Hi Ingo,
I finally found the bug that causes tst-robust8 from the glibc to fail
on s390x. Turned out to be a common code problem with the processing of
the robust futex list. The patch below fixes the bug for me.

good catch! A quick preliminary review of your patch indicates it's fine
- and it might be v2.6.23 material.

Acked-by: Ingo Molnar <mingo@xxxxxxx>

Acked-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>

Calling handle_futex_death in exit_robust_list for the different
robust mutexes of a thread basically frees the mutex. Another thread
might grab the lock immediately which updates the next pointer of the
mutex. fetch_robust_entry over the next pointer might therefore branch
into the robust mutex list of a different thread. This can cause two
problems: 1) some mutexes held by the dead thread are not getting
freed and 2) some mutexs held by a different thread are freed. The
next point need to be read before calling handle_futex_death.

nasty race... Ulrich, Thomas, do you concur?

Yes. Where do they sell those brown paperbags again ?

tglx

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages

  • Re: [PATCH] robust futex thread exit race
    ... The patch below fixes the bug for me. ... robust mutexes of a thread basically frees the mutex. ... might grab the lock immediately which updates the next pointer of the ...
    (Linux-Kernel)
  • Re: [PATCH] robust futex thread exit race
    ... Turned out to be a common code problem with the processing of ... The patch below fixes the bug for me. ... robust mutexes of a thread basically frees the mutex. ...
    (Linux-Kernel)
  • [PATCH] Memory management livelock
    ... Here is a patch for MM livelock. ... The original bug report follows after the ... I declared a mutex starvation_barrier in struct ... int nr_pages; ...
    (Linux-Kernel)
  • Re: question on pthread condition variable
    ... I didn't mean that could be a bug of pthread, ... Did you set a break in the sched thread and observe that a debugger ... statement before and after, locking, unlocking, signaling and waiting, ... signaling thread had executed the statement to unlock the mutex. ...
    (comp.programming.threads)
  • Re: How to implement synchronous rpc between 2 processes on the same machine.
    ... A robust shared memory impl might be beyond your ... trying to lock the mutex can get the info that there is some problem and hence can bail out by sending an error. ... SysV and robust PThread mutexs can provide this type of functionality... ...
    (comp.programming.threads)