public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "triegel at redhat dot com" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug nptl/13690] pthread_mutex_unlock potentially cause invalid access Date: Wed, 18 Dec 2013 20:13:00 -0000 [thread overview] Message-ID: <bug-13690-131-IacQB74pcY@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-13690-131@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=13690 Torvald Riegel <triegel at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|WAITING |ASSIGNED CC| |triegel at redhat dot com --- Comment #24 from Torvald Riegel <triegel at redhat dot com> --- I agree that after release of a mutex (i.e., atomic_exchange_rel (__futex, 0)), we have both (1) a pending load from mutex->__data.__kind and (2) a pending futex_wake call. However, I think it is an open question whether POSIX actually allows destruction of the mutex just based on having obtained ownership of the lock. The example given in the standard and reproduced in Comment #1 is in an informative section, and it conflicts with a statement in the normative section: "Attempting to destroy a locked mutex or a mutex that is referenced [...] by another thread results in undefined behavior." Arguably, a mutex could still be considered "referenced" as long as a call to mutex_unlock has not yet returned. This would make the example in the normative text incorrect. OTOH, the intended semantics could also be that if a program ensures that (1) a thread is the last one to lock a mutex, and (2) this thread is able to lock and unlock a mutex, then this thread is also allowed to destroy the mutex; IOW, being able to doing the last lock and unlock of the mutex could be the defining constraint for when destruction is allowed. (That is what C++11 seems to require based on a quick read. C11 isn't very verbose but requires just that no thread is blocked on the mutex when it is destructed; nonetheless, it also mentions that all resources of the mutex are claimed, which could be understood to mean the same as the "referenced" constraint in POSIX.) I've asked the Austin Group for clarification: http://austingroupbugs.net/view.php?id=811 Depending on how they decide, this is either not a bug, or we'll have to avoid the pending load and futex_wake call, or make them harmless. The proposed patch should be right for the pending load, but the futex_wake needs more investigation: A futex_wake to a futex without waiters (or even to a futex not mapped anymore) should be harmless, but it could be different with PI futexes. -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2013-12-18 20:13 UTC|newest] Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-02-14 14:28 [Bug nptl/13690] New: " anemo at mba dot ocn.ne.jp 2012-02-14 14:29 ` [Bug nptl/13690] " anemo at mba dot ocn.ne.jp 2012-02-14 15:39 ` carlos at systemhalted dot org 2012-02-14 15:41 ` carlos at systemhalted dot org 2012-02-14 15:42 ` carlos at systemhalted dot org 2012-02-15 6:47 ` ppluzhnikov at google dot com 2012-02-15 13:18 ` anemo at mba dot ocn.ne.jp 2012-02-15 14:35 ` carlos at systemhalted dot org 2012-02-16 5:09 ` bugdal at aerifal dot cx 2012-02-16 14:43 ` anemo at mba dot ocn.ne.jp 2012-02-16 14:47 ` anemo at mba dot ocn.ne.jp 2012-02-16 15:37 ` carlos at systemhalted dot org 2012-02-16 15:41 ` carlos at systemhalted dot org 2012-02-16 16:22 ` bugdal at aerifal dot cx 2012-02-16 16:35 ` carlos at systemhalted dot org 2012-02-17 5:11 ` bugdal at aerifal dot cx 2012-02-17 13:27 ` anemo at mba dot ocn.ne.jp 2012-02-17 16:18 ` carlos at systemhalted dot org 2012-02-17 16:37 ` carlos at systemhalted dot org 2012-02-20 11:42 ` anemo at mba dot ocn.ne.jp 2012-02-22 14:57 ` carlos at systemhalted dot org 2012-02-29 16:54 ` carlos at systemhalted dot org 2012-03-07 10:30 ` drepper.fsp at gmail dot com 2012-03-07 17:53 ` bugdal at aerifal dot cx 2012-03-08 3:23 ` carlos at systemhalted dot org 2012-03-08 5:13 ` bugdal at aerifal dot cx 2012-04-28 9:57 ` coolhair24 at verizon dot net 2012-06-27 22:32 ` jsm28 at gcc dot gnu.org 2012-11-29 15:55 ` carlos_odonell at mentor dot com 2012-12-01 16:43 ` aj at suse dot de 2012-12-03 23:57 ` carlos at systemhalted dot org 2013-10-09 20:14 ` neleai at seznam dot cz 2013-12-18 20:13 ` triegel at redhat dot com [this message] 2013-12-18 20:33 ` bugdal at aerifal dot cx 2013-12-18 20:49 ` bugdal at aerifal dot cx 2013-12-20 19:08 ` lopresti at gmail dot com 2013-12-20 19:38 ` carlos at redhat dot com 2013-12-20 20:25 ` triegel at redhat dot com 2013-12-20 22:51 ` bugdal at aerifal dot cx 2014-01-03 9:10 ` kevin.dempsey at aculab dot com 2014-01-06 16:58 ` triegel at redhat dot com 2014-01-06 17:46 ` lopresti at gmail dot com 2014-01-06 20:38 ` triegel at redhat dot com 2014-01-06 20:47 ` bugdal at aerifal dot cx 2014-01-06 21:20 ` triegel at redhat dot com 2014-01-06 21:24 ` bugdal at aerifal dot cx 2014-03-28 1:27 ` dancol at dancol dot org 2014-03-28 20:07 ` tudorb at gmail dot com 2014-06-20 12:23 ` kevin.dempsey at aculab dot com 2014-06-20 18:29 ` triegel at redhat dot com 2014-06-20 19:02 ` bugdal at aerifal dot cx 2014-06-20 19:10 ` bugdal at aerifal dot cx 2014-06-23 3:06 ` bugdal at aerifal dot cx 2014-06-25 14:34 ` triegel at redhat dot com 2014-06-25 16:01 ` bugdal at aerifal dot cx 2014-06-25 17:40 ` triegel at redhat dot com 2014-06-25 18:03 ` bugdal at aerifal dot cx 2014-06-27 7:26 ` fweimer at redhat dot com 2014-08-09 20:38 ` triegel at redhat dot com 2014-08-12 2:29 ` bugdal at aerifal dot cx 2015-01-15 8:45 ` mtk.manpages at gmail dot com 2015-05-30 18:25 ` dancol at dancol dot org 2015-06-03 4:08 ` carlos at redhat dot com 2015-06-03 4:09 ` carlos at redhat dot com 2015-07-14 20:23 ` triegel at redhat dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-13690-131-IacQB74pcY@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).