|
 |
00db10 |
commit 8e31cafb268938729a1314806a924d73fb1991c5
|
|
|
00db10 |
Author: Torvald Riegel <triegel@redhat.com>
|
|
|
00db10 |
Date: Wed Dec 21 13:37:19 2016 +0100
|
|
|
00db10 |
|
|
|
00db10 |
Clear list of acquired robust mutexes in the child process after forking.
|
|
|
00db10 |
|
|
|
00db10 |
Robust mutexes acquired at the time of a call to fork() do not remain
|
|
|
00db10 |
acquired by the forked child process. We have to clear the list of
|
|
|
00db10 |
acquired robust mutexes before registering this list with the kernel;
|
|
|
00db10 |
otherwise, if some of the robust mutexes are process-shared, the parent
|
|
|
00db10 |
process can alter the child's robust mutex list, which can lead to
|
|
|
00db10 |
deadlocks or even modification of memory that may not be occupied by a
|
|
|
00db10 |
mutex anymore.
|
|
|
00db10 |
|
|
|
00db10 |
[BZ #19402]
|
|
|
00db10 |
* sysdeps/nptl/fork.c (__libc_fork): Clear list of acquired robust
|
|
|
00db10 |
mutexes.
|
|
|
00db10 |
|
|
|
00db10 |
Index: glibc-2.17-c758a686/nptl/sysdeps/unix/sysv/linux/fork.c
|
|
|
00db10 |
===================================================================
|
|
|
00db10 |
--- glibc-2.17-c758a686.orig/nptl/sysdeps/unix/sysv/linux/fork.c
|
|
|
00db10 |
+++ glibc-2.17-c758a686/nptl/sysdeps/unix/sysv/linux/fork.c
|
|
|
00db10 |
@@ -161,12 +161,20 @@ __libc_fork (void)
|
|
|
00db10 |
#endif
|
|
|
00db10 |
|
|
|
00db10 |
#ifdef __NR_set_robust_list
|
|
|
00db10 |
- /* Initialize the robust mutex list which has been reset during
|
|
|
00db10 |
- the fork. We do not check for errors since if it fails here
|
|
|
00db10 |
- it failed at process start as well and noone could have used
|
|
|
00db10 |
- robust mutexes. We also do not have to set
|
|
|
00db10 |
- self->robust_head.futex_offset since we inherit the correct
|
|
|
00db10 |
- value from the parent. */
|
|
|
00db10 |
+ /* Initialize the robust mutex list setting in the kernel which has
|
|
|
00db10 |
+ been reset during the fork. We do not check for errors because if
|
|
|
00db10 |
+ it fails here, it must have failed at process startup as well and
|
|
|
00db10 |
+ nobody could have used robust mutexes.
|
|
|
00db10 |
+ Before we do that, we have to clear the list of robust mutexes
|
|
|
00db10 |
+ because we do not inherit ownership of mutexes from the parent.
|
|
|
00db10 |
+ We do not have to set self->robust_head.futex_offset since we do
|
|
|
00db10 |
+ inherit the correct value from the parent. We do not need to clear
|
|
|
00db10 |
+ the pending operation because it must have been zero when fork was
|
|
|
00db10 |
+ called. */
|
|
|
00db10 |
+# ifdef __PTHREAD_MUTEX_HAVE_PREV
|
|
|
00db10 |
+ self->robust_prev = &self->robust_head;
|
|
|
00db10 |
+# endif
|
|
|
00db10 |
+ self->robust_head.list = &self->robust_head;
|
|
|
00db10 |
# ifdef SHARED
|
|
|
00db10 |
if (__builtin_expect (__libc_pthread_functions_init, 0))
|
|
|
00db10 |
PTHFCT_CALL (ptr_set_robust, (self));
|