This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH] powerpc: Fix race condition in lock elision
- From: Rajalakshmi Srinivasaraghavan <raji at linux dot vnet dot ibm dot com>
- To: libc-alpha at sourceware dot org
- Cc: sjmunroe at us dot ibm dot com, Rajalakshmi Srinivasaraghavan <raji at linux dot vnet dot ibm dot com>
- Date: Wed, 16 Nov 2016 21:24:02 +0530
- Subject: [PATCH] powerpc: Fix race condition in lock elision
- Authentication-results: sourceware.org; auth=none
The update of *adapt_count after the release of the lock causes a race
condition when thread A unlocks, thread B continues and returns,
destroying mutex on stack, then gets into another function,
thread A writes to *adapt_count and corrupts stack.
2016-11-16 Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com>
[BZ #20822]
* sysdeps/unix/sysv/linux/powerpc/elision-unlock.c
(__lll_unlock_elision): Update adapt_count variable
inside the critical section.
---
sysdeps/unix/sysv/linux/powerpc/elision-unlock.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/sysdeps/unix/sysv/linux/powerpc/elision-unlock.c b/sysdeps/unix/sysv/linux/powerpc/elision-unlock.c
index 43c5a67..e5e1afd 100644
--- a/sysdeps/unix/sysv/linux/powerpc/elision-unlock.c
+++ b/sysdeps/unix/sysv/linux/powerpc/elision-unlock.c
@@ -28,13 +28,12 @@ __lll_unlock_elision (int *lock, short *adapt_count, int pshared)
__libc_tend (0);
else
{
- lll_unlock ((*lock), pshared);
-
- /* Update the adapt count AFTER completing the critical section.
- Doing this here prevents unneeded stalling when entering
- a critical section. Saving about 8% runtime on P8. */
+ /* Update the adapt count in the critical section to
+ prevent race condition as mentioned in BZ 20822. */
if (*adapt_count > 0)
(*adapt_count)--;
+ lll_unlock ((*lock), pshared);
+
}
return 0;
}
--
1.8.3.1