git.ipfire.org Git - thirdparty/glibc.git/commit

PowerPC: Fix a race condition when eliding a lock

The previous code used to evaluate the preprocessor token is_lock_free to
a variable before starting a transaction.  This behavior can cause an
error if another thread got the lock (without using a transaction)
between the evaluation of the token and the beginning of the transaction.

This bug can be triggered with the following order of events:
1. The lock accessed by is_lock_free is free.
2. Thread T1 evaluates is_lock_free and stores into register R1 that the
   lock is free.
3. Thread T2 acquires the same lock used in is_lock_free.
4. T1 begins the transaction, creating a memory barrier where is_lock_free
   is false, but R1 is true.
5. T1 reads R1 and doesn't abort the transaction.
6. T1 calls ELIDE_UNLOCK, which reads false from is_lock_free and decides
   to unlock a lock acquired by T2, leading to undefined behavior.

This patch delays the evaluation of is_lock_free to inside a transaction
by moving this part of the code to the macro ELIDE_LOCK.

[BZ #18743]
* sysdeps/powerpc/nptl/elide.h (__elide_lock): Move most of this
code to...
(ELIDE_LOCK): ...here.
(__get_new_count): New function with part of the code from
__elide_lock that updates the value of adapt_count after a
transaction abort.
(__elided_trylock): Moved this code to...
(ELIDE_TRYLOCK): ...here.

(cherry picked from commit 6ec52bf634b7650b57ff67b5f5053bce8992d549)

author	Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
	Wed, 22 Jul 2015 12:26:02 +0000 (09:26 -0300)
committer	Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
	Tue, 20 Oct 2015 15:45:16 +0000 (13:45 -0200)
commit	5b319ce2949cf6fb97862ff81558944f76c704f1
tree	7763c7a9a4e007eb494ceed673c923b25ff25770	tree
parent	5fb7924cb6cf606ce865122e5bbac9df934db14e	commit \| diff

ChangeLog		diff \| blob \| blame \| history
NEWS		diff \| blob \| blame \| history
sysdeps/powerpc/nptl/elide.h		diff \| blob \| blame \| history