public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "bugdal at aerifal dot cx" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sources.redhat.com Subject: [Bug nptl/13690] pthread_mutex_unlock potentially cause invalid access Date: Wed, 07 Mar 2012 17:53:00 -0000 [thread overview] Message-ID: <bug-13690-131-oghhieq3ki@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-13690-131@http.sourceware.org/bugzilla/> http://sourceware.org/bugzilla/show_bug.cgi?id=13690 --- Comment #18 from Rich Felker <bugdal at aerifal dot cx> 2012-03-07 17:52:03 UTC --- You misunderstand the race. Suppose thread A is unlocking the mutex and gets descheduled after the atomic_exchange_rel but before the lll_futex_wake, and thread B is waiting to lock the mutex. At this point, as far thread B can observe, A is no longer a user of the mutex. Thread B obtains the mutex, performs some operations, unlocks the mutex, and assuming (correctly) that it's now the last user of the mutex, destroys it and frees the memory it occupied. Now at some later point, thread A gets scheduled again and crashes accessing freed memory. If you're wondering how thread B could wake up without thread A calling lll_futex_wake, here are several reasons: 1. Never going to sleep due to value mismatch on the original futex wait call. 2. Receipt of a signal, and value mismatch when the signal handler returns and futex wait is called again. 3. Spurious wakes that look like successful returns from wait. These do exist in Linux, and I have not been able to determine the reason, but I have a test program which can successfully produce them in one case (unrelated to mutexes). -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
next prev parent reply other threads:[~2012-03-07 17:53 UTC|newest] Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-02-14 14:28 [Bug nptl/13690] New: " anemo at mba dot ocn.ne.jp 2012-02-14 14:29 ` [Bug nptl/13690] " anemo at mba dot ocn.ne.jp 2012-02-14 15:39 ` carlos at systemhalted dot org 2012-02-14 15:41 ` carlos at systemhalted dot org 2012-02-14 15:42 ` carlos at systemhalted dot org 2012-02-15 6:47 ` ppluzhnikov at google dot com 2012-02-15 13:18 ` anemo at mba dot ocn.ne.jp 2012-02-15 14:35 ` carlos at systemhalted dot org 2012-02-16 5:09 ` bugdal at aerifal dot cx 2012-02-16 14:43 ` anemo at mba dot ocn.ne.jp 2012-02-16 14:47 ` anemo at mba dot ocn.ne.jp 2012-02-16 15:37 ` carlos at systemhalted dot org 2012-02-16 15:41 ` carlos at systemhalted dot org 2012-02-16 16:22 ` bugdal at aerifal dot cx 2012-02-16 16:35 ` carlos at systemhalted dot org 2012-02-17 5:11 ` bugdal at aerifal dot cx 2012-02-17 13:27 ` anemo at mba dot ocn.ne.jp 2012-02-17 16:18 ` carlos at systemhalted dot org 2012-02-17 16:37 ` carlos at systemhalted dot org 2012-02-20 11:42 ` anemo at mba dot ocn.ne.jp 2012-02-22 14:57 ` carlos at systemhalted dot org 2012-02-29 16:54 ` carlos at systemhalted dot org 2012-03-07 10:30 ` drepper.fsp at gmail dot com 2012-03-07 17:53 ` bugdal at aerifal dot cx [this message] 2012-03-08 3:23 ` carlos at systemhalted dot org 2012-03-08 5:13 ` bugdal at aerifal dot cx 2012-04-28 9:57 ` coolhair24 at verizon dot net 2012-06-27 22:32 ` jsm28 at gcc dot gnu.org 2012-11-29 15:55 ` carlos_odonell at mentor dot com 2012-12-01 16:43 ` aj at suse dot de 2012-12-03 23:57 ` carlos at systemhalted dot org 2013-10-09 20:14 ` neleai at seznam dot cz 2013-12-18 20:13 ` triegel at redhat dot com 2013-12-18 20:33 ` bugdal at aerifal dot cx 2013-12-18 20:49 ` bugdal at aerifal dot cx 2013-12-20 19:08 ` lopresti at gmail dot com 2013-12-20 19:38 ` carlos at redhat dot com 2013-12-20 20:25 ` triegel at redhat dot com 2013-12-20 22:51 ` bugdal at aerifal dot cx 2014-01-03 9:10 ` kevin.dempsey at aculab dot com 2014-01-06 16:58 ` triegel at redhat dot com 2014-01-06 17:46 ` lopresti at gmail dot com 2014-01-06 20:38 ` triegel at redhat dot com 2014-01-06 20:47 ` bugdal at aerifal dot cx 2014-01-06 21:20 ` triegel at redhat dot com 2014-01-06 21:24 ` bugdal at aerifal dot cx 2014-03-28 1:27 ` dancol at dancol dot org 2014-03-28 20:07 ` tudorb at gmail dot com 2014-06-20 12:23 ` kevin.dempsey at aculab dot com 2014-06-20 18:29 ` triegel at redhat dot com 2014-06-20 19:02 ` bugdal at aerifal dot cx 2014-06-20 19:10 ` bugdal at aerifal dot cx 2014-06-23 3:06 ` bugdal at aerifal dot cx 2014-06-25 14:34 ` triegel at redhat dot com 2014-06-25 16:01 ` bugdal at aerifal dot cx 2014-06-25 17:40 ` triegel at redhat dot com 2014-06-25 18:03 ` bugdal at aerifal dot cx 2014-06-27 7:26 ` fweimer at redhat dot com 2014-08-09 20:38 ` triegel at redhat dot com 2014-08-12 2:29 ` bugdal at aerifal dot cx 2015-01-15 8:45 ` mtk.manpages at gmail dot com 2015-05-30 18:25 ` dancol at dancol dot org 2015-06-03 4:08 ` carlos at redhat dot com 2015-06-03 4:09 ` carlos at redhat dot com 2015-07-14 20:23 ` triegel at redhat dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-13690-131-oghhieq3ki@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sources.redhat.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).