diff mbox

pthread_cond_broadcast: Fix waiters-after-spinning case [BZ #23538]

Message ID 20180827180416.CA55340483626@oldenburg.str.redhat.com
State Not applicable
Headers

Commit Message

Florian Weimer Aug. 27, 2018, 6:04 p.m. UTC 
  From: Martin Kuchta <martin.kuchta@netapp.com>

(cherry picked from commit 99ea93ca31795469d2a1f1570f17a5c39c2eb7e2)

2018-08-27 Martin Kuchta  <martin.kuchta@netapp.com>
	   Torvald Riegel  <triegel@redhat.com>

	[BZ #23538]
	* nptl/pthread_cond_common.c (__condvar_quiesce_and_switch_g1):
	Update r to include the set wake-request flag if waiters are
	remaining after spinning.

Comments

Florian Weimer Aug. 27, 2018, 6:05 p.m. UTC | #1 
* Florian Weimer:

> From: Martin Kuchta <martin.kuchta@netapp.com>
>
> (cherry picked from commit 99ea93ca31795469d2a1f1570f17a5c39c2eb7e2)
>
> 2018-08-27 Martin Kuchta  <martin.kuchta@netapp.com>
> 	   Torvald Riegel  <triegel@redhat.com>
>
> 	[BZ #23538]
> 	* nptl/pthread_cond_common.c (__condvar_quiesce_and_switch_g1):
> 	Update r to include the set wake-request flag if waiters are
> 	remaining after spinning.
>
> diff --git a/NEWS b/NEWS
> index dafec5d82d..abe90d1422 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -84,6 +84,7 @@ The following bugs are resolved with this release:
>    [22685] powerpc: Fix syscalls during early process initialization
>    [22715] x86-64: Properly align La_x86_64_retval to VEC_SIZE
>    [22774] malloc: Integer overflow in malloc (CVE-2018-6551)
> +  [23538] pthread_cond_broadcast: Fix waiters-after-spinning case
>  
>  Version 2.25

Sorry, script malfunction.  This should have gone to libc-stable as a
committed patch.
diff mbox

Patch

diff --git a/NEWS b/NEWS
index dafec5d82d..abe90d1422 100644
--- a/NEWS
+++ b/NEWS
@@ -84,6 +84,7 @@  The following bugs are resolved with this release:
   [22685] powerpc: Fix syscalls during early process initialization
   [22715] x86-64: Properly align La_x86_64_retval to VEC_SIZE
   [22774] malloc: Integer overflow in malloc (CVE-2018-6551)
+  [23538] pthread_cond_broadcast: Fix waiters-after-spinning case
 
 Version 2.25
 
diff --git a/nptl/pthread_cond_common.c b/nptl/pthread_cond_common.c
index 7c63ef9b89..886f0abcb3 100644
--- a/nptl/pthread_cond_common.c
+++ b/nptl/pthread_cond_common.c
@@ -406,8 +406,12 @@  __condvar_quiesce_and_switch_g1 (pthread_cond_t *cond, uint64_t wseq,
 	{
 	  /* There is still a waiter after spinning.  Set the wake-request
 	     flag and block.  Relaxed MO is fine because this is just about
-	     this futex word.  */
-	  r = atomic_fetch_or_relaxed (cond->__data.__g_refs + g1, 1);
+	     this futex word.
+
+	     Update r to include the set wake-request flag so that the upcoming
+	     futex_wait only blocks if the flag is still set (otherwise, we'd
+	     violate the basic client-side futex protocol).  */
+	  r = atomic_fetch_or_relaxed (cond->__data.__g_refs + g1, 1) | 1;
 
 	  if ((r >> 1) > 0)
 	    futex_wait_simple (cond->__data.__g_refs + g1, r, private);