[Bug 254995] pthread_cond_timedwait() returns EDEADLK
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 09 Oct 2021 20:07:38 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254995
--- Comment #11 from Konstantin Belousov <kib@FreeBSD.org> ---
Better this one, handling malicious userspace
commit dc64dc0a431faeded1ea294489c4584d537bb01a
Author: Konstantin Belousov <kib@FreeBSD.org>
Date: Sat Oct 9 22:46:08 2021 +0300
umtx: Do not return spurious failures on unlock after suspend for normal or
PI mutexes
diff --git a/sys/kern/kern_umtx.c b/sys/kern/kern_umtx.c
index ea87259161c8..b06e121e58ec 100644
--- a/sys/kern/kern_umtx.c
+++ b/sys/kern/kern_umtx.c
@@ -1486,7 +1486,7 @@ do_unlock_normal(struct thread *td, struct umutex *m,
uint32_t flags, bool rb)
if (error == -1)
return (EFAULT);
if (error == 1) {
- error = thread_check_susp(td, false);
+ error = thread_check_susp(td, true);
if (error != 0)
return (error);
goto again;
@@ -1523,7 +1523,7 @@ do_unlock_normal(struct thread *td, struct umutex *m,
uint32_t flags, bool rb)
if (error == 1) {
if (old != owner)
return (EINVAL);
- error = thread_check_susp(td, false);
+ error = thread_check_susp(td, true);
if (error != 0)
return (error);
goto again;
@@ -2427,8 +2427,8 @@ do_unlock_pi(struct thread *td, struct umutex *m,
uint32_t flags, bool rb)
new_owner |= UMUTEX_CONTESTED;
again:
error = casueword32(&m->m_owner, owner, &old, new_owner);
- if (error == 1) {
- error = thread_check_susp(td, false);
+ if (error == 1 && (old & ~UMUTEX_CONTESTED) == id) {
+ error = thread_check_susp(td, true);
if (error == 0)
goto again;
}
--
You are receiving this mail because:
You are the assignee for the bug.