Module: xenomai-forge
Branch: next
Commit: 7a15bf4aebf346be12cdf04c14a587bcee5a4f01
URL:    
http://git.xenomai.org/?p=xenomai-forge.git;a=commit;h=7a15bf4aebf346be12cdf04c14a587bcee5a4f01

Author: Philippe Gerum <r...@xenomai.org>
Date:   Fri Apr 11 16:42:45 2014 +0200

boilerplate/lock: prevent FMR in safe unlock op

Since dropping the lock may result in the memory holding the restored
cancel state to become stale, we'd better read it prior to unlocking.

Typically, this case would happen with call sites like
threadobj_unlock(), fetching the cancel state word from the TCB of a
thread which pends on its own lock, prior to finalizing. If that
thread preempts threadobj_unlock() (as a result of the lock drop) then
exits, the cancel state may become stale before threadobj_unlock()
refers to it.

---

 include/boilerplate/lock.h |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/boilerplate/lock.h b/include/boilerplate/lock.h
index dce1ff0..4819b34 100644
--- a/include/boilerplate/lock.h
+++ b/include/boilerplate/lock.h
@@ -177,9 +177,9 @@ int __check_cancel_type(const char *locktype);
 
 #define __do_unlock_safe(__lock, __state)                              \
        ({                                                              \
-               int __ret;                                              \
+               int __ret, __restored_state = __state;                  \
                __ret = -__RT(pthread_mutex_unlock(__lock));            \
-               pthread_setcancelstate(__state, NULL);                  \
+               pthread_setcancelstate(__restored_state, NULL);         \
                __ret;                                                  \
        })
 


_______________________________________________
Xenomai-git mailing list
Xenomai-git@xenomai.org
http://www.xenomai.org/mailman/listinfo/xenomai-git

Reply via email to