This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.24-605-ge9a96ea
- From: tuliom at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 3 Jan 2017 19:23:28 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.24-605-ge9a96ea
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via e9a96ea1aca4ebaa7c86e8b83b766f118d689d0f (commit)
from daaff5cc793acdd4f8667fca3b901647b4c34363 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e9a96ea1aca4ebaa7c86e8b83b766f118d689d0f
commit e9a96ea1aca4ebaa7c86e8b83b766f118d689d0f
Author: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
Date: Tue Jan 3 17:16:02 2017 -0200
powerpc: Fix write-after-destroy in lock elision [BZ #20822]
The update of *adapt_count after the release of the lock causes a race
condition when thread A unlocks, thread B continues and destroys the
mutex, and thread A writes to *adapt_count.
diff --git a/ChangeLog b/ChangeLog
index 70b6435..1e78a07 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2017-01-03 Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com>
+ Steven Munroe <sjmunroe@us.ibm.com>
+ Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
+
+ [BZ #20822]
+ * sysdeps/unix/sysv/linux/powerpc/elision-lock.c
+ (__lll_lock_elision): Access adapt_count via C11 atomics.
+ * sysdeps/unix/sysv/linux/powerpc/elision-trylock.c
+ (__lll_trylock_elision): Likewise.
+ * sysdeps/unix/sysv/linux/powerpc/elision-unlock.c
+ (__lll_unlock_elision): Update adapt_count variable inside the
+ critical section using C11 atomics.
+
2017-01-03 Joseph Myers <joseph@codesourcery.com>
* math/test-fenvinline.c (do_test): Disable tests of raised
diff --git a/sysdeps/unix/sysv/linux/powerpc/elision-lock.c b/sysdeps/unix/sysv/linux/powerpc/elision-lock.c
index 4589491..f7a5cbc 100644
--- a/sysdeps/unix/sysv/linux/powerpc/elision-lock.c
+++ b/sysdeps/unix/sysv/linux/powerpc/elision-lock.c
@@ -45,7 +45,9 @@
int
__lll_lock_elision (int *lock, short *adapt_count, EXTRAARG int pshared)
{
- if (*adapt_count > 0)
+ /* adapt_count is accessed concurrently but is just a hint. Thus,
+ use atomic accesses but relaxed MO is sufficient. */
+ if (atomic_load_relaxed (adapt_count) > 0)
{
goto use_lock;
}
@@ -67,7 +69,8 @@ __lll_lock_elision (int *lock, short *adapt_count, EXTRAARG int pshared)
if (_TEXASRU_FAILURE_PERSISTENT (__builtin_get_texasru ()))
{
if (aconf.skip_lock_internal_abort > 0)
- *adapt_count = aconf.skip_lock_internal_abort;
+ atomic_store_relaxed (adapt_count,
+ aconf.skip_lock_internal_abort);
goto use_lock;
}
}
@@ -75,7 +78,8 @@ __lll_lock_elision (int *lock, short *adapt_count, EXTRAARG int pshared)
/* Fall back to locks for a bit if retries have been exhausted */
if (aconf.try_tbegin > 0 && aconf.skip_lock_out_of_tbegin_retries > 0)
- *adapt_count = aconf.skip_lock_out_of_tbegin_retries;
+ atomic_store_relaxed (adapt_count,
+ aconf.skip_lock_out_of_tbegin_retries);
use_lock:
return LLL_LOCK ((*lock), pshared);
diff --git a/sysdeps/unix/sysv/linux/powerpc/elision-trylock.c b/sysdeps/unix/sysv/linux/powerpc/elision-trylock.c
index 1e5cbe8..ed244d3 100644
--- a/sysdeps/unix/sysv/linux/powerpc/elision-trylock.c
+++ b/sysdeps/unix/sysv/linux/powerpc/elision-trylock.c
@@ -34,7 +34,7 @@ __lll_trylock_elision (int *futex, short *adapt_count)
__libc_tabort (_ABORT_NESTED_TRYLOCK);
/* Only try a transaction if it's worth it. */
- if (*adapt_count > 0)
+ if (atomic_load_relaxed (adapt_count) > 0)
{
goto use_lock;
}
@@ -49,7 +49,7 @@ __lll_trylock_elision (int *futex, short *adapt_count)
__libc_tend (0);
if (aconf.skip_lock_busy > 0)
- *adapt_count = aconf.skip_lock_busy;
+ atomic_store_relaxed (adapt_count, aconf.skip_lock_busy);
}
else
{
@@ -59,7 +59,8 @@ __lll_trylock_elision (int *futex, short *adapt_count)
result in another failure. Use normal locking now and
for the next couple of calls. */
if (aconf.skip_trylock_internal_abort > 0)
- *adapt_count = aconf.skip_trylock_internal_abort;
+ atomic_store_relaxed (adapt_count,
+ aconf.skip_trylock_internal_abort);
}
}
diff --git a/sysdeps/unix/sysv/linux/powerpc/elision-unlock.c b/sysdeps/unix/sysv/linux/powerpc/elision-unlock.c
index 6f45a9c..759c146 100644
--- a/sysdeps/unix/sysv/linux/powerpc/elision-unlock.c
+++ b/sysdeps/unix/sysv/linux/powerpc/elision-unlock.c
@@ -28,13 +28,16 @@ __lll_unlock_elision (int *lock, short *adapt_count, int pshared)
__libc_tend (0);
else
{
- lll_unlock ((*lock), pshared);
+ /* Update adapt_count in the critical section to prevent a
+ write-after-destroy error as mentioned in BZ 20822. The
+ following update of adapt_count has to be contained within
+ the critical region of the fall-back lock in order to not violate
+ the mutex destruction requirements. */
+ short __tmp = atomic_load_relaxed (adapt_count);
+ if (__tmp > 0)
+ atomic_store_relaxed (adapt_count, __tmp--);
- /* Update the adapt count AFTER completing the critical section.
- Doing this here prevents unneeded stalling when entering
- a critical section. Saving about 8% runtime on P8. */
- if (*adapt_count > 0)
- (*adapt_count)--;
+ lll_unlock ((*lock), pshared);
}
return 0;
}
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 13 +++++++++++++
sysdeps/unix/sysv/linux/powerpc/elision-lock.c | 10 +++++++---
sysdeps/unix/sysv/linux/powerpc/elision-trylock.c | 7 ++++---
sysdeps/unix/sysv/linux/powerpc/elision-unlock.c | 15 +++++++++------
4 files changed, 33 insertions(+), 12 deletions(-)
hooks/post-receive
--
GNU C Library master sources