From 0742c314c35c2c96b72e42076c76d6a6786045ba Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Thu, 5 Dec 2019 15:11:19 +0100 Subject: [PATCH] BUG/MEDIUM: tasks: Make sure we switch wait queues in task_set_affinity(). In task_set_affinity(), leave the wait_queue if any before changing the affinity, and re-enter a wait queue once it is done. If we don't do that, the task may stay in the wait queue of another thread, and we later may end up modifying that wait queue while holding no lock, which could lead to memory corruption. THis should be backported to 2.1, 2.0 and 1.9. --- include/proto/task.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/proto/task.h b/include/proto/task.h index b29d84a914..a828cd71f1 100644 --- a/include/proto/task.h +++ b/include/proto/task.h @@ -105,6 +105,8 @@ extern struct task_per_thread task_per_thread[MAX_THREADS]; __decl_hathreads(extern HA_SPINLOCK_T rq_lock); /* spin lock related to run queue */ __decl_hathreads(extern HA_RWLOCK_T wq_lock); /* RW lock related to the wait queue */ +static inline struct task *task_unlink_wq(struct task *t); +static inline void task_queue(struct task *task); /* return 0 if task is in run queue, otherwise non-zero */ static inline int task_in_rq(struct task *t) @@ -153,7 +155,11 @@ static inline void task_wakeup(struct task *t, unsigned int f) /* change the thread affinity of a task to */ static inline void task_set_affinity(struct task *t, unsigned long thread_mask) { + if (task_in_wq(t)) + task_unlink_wq(t); t->thread_mask = thread_mask; + if (t->expire != TICK_ETERNITY) + task_queue(t); } /* -- 2.39.5