fix failure to obtain EOWNERDEAD status for process-shared robust mutexes

Linux's documentation (robust-futex-ABI.txt) claims that, when a
process dies with a futex on the robust list, bit 30 (0x40000000) is
set to indicate the status. however, what actually happens is that
bits 0-30 are replaced with the value 0x40000000, i.e. bits 0-29
(containing the old owner tid) are cleared at the same time bit 30 is
set.

our userspace-side code for robust mutexes was written based on that
documentation, assuming that kernel would never produce a futex value
of 0x40000000, since the low (owner) bits would always be non-zero.
commit d338b506e3 introduced this
assumption explicitly while fixing another bug in how non-recoverable
status for robust mutexes was tracked. presumably the tests conducted
at that time only checked non-process-shared robust mutexes, which are
handled in pthread_exit (which implemented the documented kernel
protocol, not the actual one) rather than by the kernel.

change pthread_exit robust list processing to match the kernel
behavior, clearing bits 0-29 while setting bit 30, and use the value
0x7fffffff instead of 0x40000000 to encode non-recoverable status. the
choice of value here is arbitrary; any value with at least one of bits
0-29 set should work just as well,
This commit is contained in:
Rich Felker 2016-06-27 15:18:13 -04:00
parent 6cec7bc57f
commit 384d103d94
3 changed files with 3 additions and 3 deletions

View File

@ -79,7 +79,7 @@ _Noreturn void __pthread_exit(void *result)
int priv = (m->_m_type & 128) ^ 128; int priv = (m->_m_type & 128) ^ 128;
self->robust_list.pending = rp; self->robust_list.pending = rp;
self->robust_list.head = *rp; self->robust_list.head = *rp;
int cont = a_swap(&m->_m_lock, self->tid|0x40000000); int cont = a_swap(&m->_m_lock, 0x40000000);
self->robust_list.pending = 0; self->robust_list.pending = 0;
if (cont < 0 || waiters) if (cont < 0 || waiters)
__wake(&m->_m_lock, 1, priv); __wake(&m->_m_lock, 1, priv);

View File

@ -14,7 +14,7 @@ int __pthread_mutex_trylock_owner(pthread_mutex_t *m)
m->_m_count++; m->_m_count++;
return 0; return 0;
} }
if (own == 0x40000000) return ENOTRECOVERABLE; if (own == 0x7fffffff) return ENOTRECOVERABLE;
if (m->_m_type & 128) { if (m->_m_type & 128) {
if (!self->robust_list.off) { if (!self->robust_list.off) {

View File

@ -24,7 +24,7 @@ int __pthread_mutex_unlock(pthread_mutex_t *m)
if (next != &self->robust_list.head) *(volatile void *volatile *) if (next != &self->robust_list.head) *(volatile void *volatile *)
((char *)next - sizeof(void *)) = prev; ((char *)next - sizeof(void *)) = prev;
} }
cont = a_swap(&m->_m_lock, (type & 8) ? 0x40000000 : 0); cont = a_swap(&m->_m_lock, (type & 8) ? 0x7fffffff : 0);
if (type != PTHREAD_MUTEX_NORMAL && !priv) { if (type != PTHREAD_MUTEX_NORMAL && !priv) {
self->robust_list.pending = 0; self->robust_list.pending = 0;
__vm_unlock(); __vm_unlock();