diff options
| author | Matthew Xie <mattx@google.com> | 2011-12-14 22:55:54 -0800 |
|---|---|---|
| committer | Matthew Xie <mattx@google.com> | 2011-12-14 23:33:29 -0800 |
| commit | 537eaff5de9aace3348436166d4cde7adc1e488e (patch) | |
| tree | fc1978bfa1db8677a395992ff81d84f8e2243087 | |
| parent | 34e4a715490c404a711ba1f0ccef0f88567b62fa (diff) | |
| download | dbus-537eaff5de9aace3348436166d4cde7adc1e488e.tar.gz | |
In condvar wait functions, set the holder back before restoring countandroid-sdk-adt_r20android-sdk-4.0.3-tools_r1android-cts-verifier-4.0_r1android-cts-verifier-4.0.3_r1android-cts-4.1_r4android-cts-4.1_r2android-cts-4.1_r1android-cts-4.0.3_r2android-cts-4.0.3_r1android-4.1_pre2android-4.1_pre1android-4.1.2_r2.1android-4.1.2_r2android-4.1.2_r1android-4.1.1_r6.1android-4.1.1_r6android-4.1.1_r5android-4.1.1_r4android-4.1.1_r3android-4.1.1_r2android-4.1.1_r1.1android-4.1.1_r1android-4.1-sdk_pre1android-4.0.4_r2.1android-4.0.4_r2android-4.0.4_r1.2android-4.0.4_r1.1android-4.0.4_r1android-4.0.4-aah_r1android-4.0.3_r1.1android-3.2.6_r1tools_r21tools_r20jb-releasejb-mr0-releasejb-devics-plus-aospics-mr1-releaseics-mr1ics-aah-release
Before this fix, there is a racing condition. The previous owner thread
can get into the mutex without proper locking by passing the lock owner
check in mutex_lock function.
bug 5699382
Change-Id: Ib81330e2f3669e5f72b101f3da7abdb15d3ac993
| -rw-r--r-- | dbus/dbus-sysdeps-pthread.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/dbus/dbus-sysdeps-pthread.c b/dbus/dbus-sysdeps-pthread.c index 70737512..1483c249 100644 --- a/dbus/dbus-sysdeps-pthread.c +++ b/dbus/dbus-sysdeps-pthread.c @@ -248,8 +248,12 @@ _dbus_pthread_condvar_wait (DBusCondVar *cond, pmutex->count = 0; /* allow other threads to lock */ PTHREAD_CHECK ("pthread_cond_wait", pthread_cond_wait (&pcond->cond, &pmutex->lock)); _dbus_assert (pmutex->count == 0); - pmutex->count = old_count; pmutex->holder = pthread_self(); /* other threads may have locked the mutex in the meantime */ + + /* The order of this line and the above line is important. + * See the comments below at the end of _dbus_pthread_condvar_wait_timeout + */ + pmutex->count = old_count; } static dbus_bool_t @@ -298,8 +302,13 @@ _dbus_pthread_condvar_wait_timeout (DBusCondVar *cond, } _dbus_assert (pmutex->count == 0); - pmutex->count = old_count; pmutex->holder = pthread_self(); /* other threads may have locked the mutex in the meantime */ + + /* restore to old count after setting the owner back to self, + * If reversing this line with above line, the previous owner thread could + * get into the mutex without proper locking by passing the lock owner check. + */ + pmutex->count = old_count; /* return true if we did not time out */ return result != ETIMEDOUT; |