This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nptl/20985] New: robust mutexes: lowlevelrobustlock assembly on x86 blocks on wrong condition
- From: "triegel at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 21 Dec 2016 12:33:27 +0000
- Subject: [Bug nptl/20985] New: robust mutexes: lowlevelrobustlock assembly on x86 blocks on wrong condition
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=20985
Bug ID: 20985
Summary: robust mutexes: lowlevelrobustlock assembly on x86
blocks on wrong condition
Product: glibc
Version: 2.25
Status: NEW
Severity: normal
Priority: P2
Component: nptl
Assignee: unassigned at sourceware dot org
Reporter: triegel at redhat dot com
CC: drepper.fsp at gmail dot com
Target Milestone: ---
lll_robust_unlock on i386 and x86_64 first sets the futex word to
FUTEX_WAITERS|0 before calling __LLL_unlock_wake, which will set the futex word
to 0. If the thread is killed between these steps, then the futex word will be
FUTEX_WAITERS|0, and the kernel (at least current upstream) will not set it to
FUTEX_OWNER_DIED|FUTEX_WAITERS because 0 is not equal to the TID of the crashed
thread.
The lll_robust_lock assembly code on i386 and x86_64 is not prepared to deal
with this case because the fastpath tries to only CAS 0 to TID and not
FUTEX_WAITERS|0 to TID; the slowpath simply waits until it can CAS 0 to TID or
the futex_word has the FUTEX_OWNER_DIED bit set.
The reproducer in bug 19402 can trigger this behavior (if the core problem of
19402 is fixed).
--
You are receiving this mail because:
You are on the CC list for the bug.