From: Sam Gross <colesbury@gmail.com>
Date: Fri, 8 Mar 2024 17:39:53 +0000 (-0500)
Subject: gh-115103: Fix unregistering of QSBR state (#116480)
X-Git-Tag: v3.13.0a5~51
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cca30230d992c46dfb607dcc24b3dc2e6d05f536;p=thirdparty%2FPython%2Fcpython.git

gh-115103: Fix unregistering of QSBR state (#116480)

If a thread blocks while waiting on the `shared->mutex` lock, the array
of QSBR states may be reallocated. The `tstate->qsbr` values before the
lock is acquired may not be the same as the value after the lock is acquired.
---

diff --git a/Python/qsbr.c b/Python/qsbr.c
index 69f77f490828..d7ac8f479cda 100644
--- a/Python/qsbr.c
+++ b/Python/qsbr.c
@@ -233,13 +233,17 @@ _Py_qsbr_register(_PyThreadStateImpl *tstate, PyInterpreterState *interp,
 void
 _Py_qsbr_unregister(_PyThreadStateImpl *tstate)
 {
+    struct _qsbr_shared *shared = tstate->qsbr->shared;
+
+    PyMutex_Lock(&shared->mutex);
+    // NOTE: we must load (or reload) the thread state's qbsr inside the mutex
+    // because the array may have been resized (changing tstate->qsbr) while
+    // we waited to acquire the mutex.
     struct _qsbr_thread_state *qsbr = tstate->qsbr;
-    struct _qsbr_shared *shared = qsbr->shared;
 
     assert(qsbr->seq == 0 && "thread state must be detached");
-
-    PyMutex_Lock(&shared->mutex);
     assert(qsbr->allocated && qsbr->tstate == (PyThreadState *)tstate);
+
     tstate->qsbr = NULL;
     qsbr->tstate = NULL;
     qsbr->allocated = false;