Bug 21031 - pthread_key_delete() race with thread finalization
Summary: pthread_key_delete() race with thread finalization
Status: REOPENED
Alias: None
Product: glibc
Classification: Unclassified
Component: nptl (show other bugs)
Version: 2.24
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-07 19:29 UTC by account disabled by myself since useless
Modified: 2023-02-08 16:23 UTC (History)
3 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed: 2023-02-08 00:00:00
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description account disabled by myself since useless 2017-01-07 19:29:09 UTC
A race condition could occur between the pthread_key_delete() and the __nptl_deallocate_tsd().

For instance, __nptl_deallocate_tsd() could call a destructor for the key, immediately before the pthread_key_delete() invalidates it (from an another thread), and will continue destructor execution after the completion of pthread_key_delete().

From a user code this looks as if the corresponding destructor executes after the key has been removed by pthread_key_delete(), and there is no way to know whether was destructor called/executed or not.

Suggest add pthread_rwlock_rdlock() for __nptl_deallocate_tsd() and pthread_rwlock_wrlock() for pthread_key_delete().
Comment 1 account disabled by myself since useless 2018-03-28 12:17:11 UTC
Related to bugs 18136, 21032.
Comment 2 account disabled by myself since useless 2023-02-08 12:06:23 UTC
Not a bug for glibc, but the feature )
Comment 3 Adhemerval Zanella 2023-02-08 16:23:31 UTC
Reopened because it still needs discussion.