Module: xenomai-forge
Branch: next
Commit: ccd3bcbaa04bedfc0c71ef6fa7603d328116e7ee
URL:
http://git.xenomai.org/?p=xenomai-forge.git;a=commit;h=ccd3bcbaa04bedfc0c71ef6fa7603d328116e7ee
Author: Philippe Gerum <r...@xenomai.org>
Date: Fri Apr 11 16:42:45 2014 +0200
boilerplate/lock: prevent FMR in safe unlock op
Since dropping the lock may result in the memory holding the restored
cancel state to become stale, we'd better read it prior to unlocking.
Typically, this case would happen with call sites like
threadobj_unlock(), fetching the cancel state word from the TCB of a
thread which pends on its own lock, prior to finalizing. If that
thread preempts threadobj_unlock() (as a result of the lock drop) then
exits, the cancel state may become stale before threadobj_unlock()
refers to it.
---
include/boilerplate/lock.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/boilerplate/lock.h b/include/boilerplate/lock.h
index dce1ff0..4819b34 100644
--- a/include/boilerplate/lock.h
+++ b/include/boilerplate/lock.h
@@ -177,9 +177,9 @@ int __check_cancel_type(const char *locktype);
#define __do_unlock_safe(__lock, __state) \
({ \
- int __ret; \
+ int __ret, __restored_state = __state; \
__ret = -__RT(pthread_mutex_unlock(__lock)); \
- pthread_setcancelstate(__state, NULL); \
+ pthread_setcancelstate(__restored_state, NULL); \
__ret; \
})
_______________________________________________
Xenomai-git mailing list
Xenomai-git@xenomai.org
http://www.xenomai.org/mailman/listinfo/xenomai-git
