Home Explore Help
Sign In
hongwenjun
/
musl
mirror of https://git.musl-libc.org/git/musl
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix data race in timer_create with SIGEV_THREAD notification

in the timer thread start function, self->timer_id was accessed
without synchronization; the timer thread could fail to see the store
from the calling thread, resulting in timer_delete failing to delete
the correct kernel-level timer.

this fix is based on a patch by changdiankang, but with the load moved
to after receiving the timer_delete signal rather than just after the
start barrier, so as not to retain the possibility of data race with
timer_delete.
Rich Felker 5 years ago
parent
7d5c5706a0
commit
29bad49d72
1 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 2 2
      src/time/timer_create.c

+ 2 - 2
src/time/timer_create.c
View File 

@@ -1,5 +1,6 @@
 
 #include <time.h>
 
 #include <setjmp.h>
 
+#include <limits.h>
 
 #include "pthread_impl.h"
 
 
 struct ksigevent {
 
@@ -48,7 +49,6 @@ static void *start(void *arg)
 
 {
 
 	pthread_t self = __pthread_self();
 
 	struct start_args *args = arg;
 
-	int id = self->timer_id;
 
 	jmp_buf jb;
 
 
 	void (*notify)(union sigval) = args->sev->sigev_notify_function;
 
@@ -65,7 +65,7 @@ static void *start(void *arg)
 
 		}
 
 		if (self->timer_id < 0) break;
 
 	}
 
-	__syscall(SYS_timer_delete, id);
 
+	__syscall(SYS_timer_delete, self->timer_id & INT_MAX);
 
 	return 0;
 
 }