commit f21e8f8ca466320fed38bdb71526c574dae98026

Author: Andreas Schwab <schwab@suse.de>

Date:   Thu Nov 8 14:28:22 2018 +0100

    Fix rwlock stall with PREFER_WRITER_NONRECURSIVE_NP (bug 23861)

    In the read lock function (__pthread_rwlock_rdlock_full) there was a

    code path which would fail to reload __readers while waiting for

    PTHREAD_RWLOCK_RWAITING to change. This failure to reload __readers

    into a local value meant that various conditionals used the old value

    of __readers and with only two threads left it could result in an

    indefinite stall of one of the readers (waiting for PTHREAD_RWLOCK_RWAITING

    to go to zero, but it never would).

diff --git a/nptl/Makefile b/nptl/Makefile

index ee720960d18f33d1..2d2db648f730db61 100644

--- a/nptl/Makefile

+++ b/nptl/Makefile

@@ -318,7 +318,8 @@ tests = tst-attr1 tst-attr2 tst-attr3 tst-default-attr \

 	tst-minstack-throw \

 	tst-cnd-basic tst-mtx-trylock tst-cnd-broadcast \

 	tst-cnd-timedwait tst-thrd-detach tst-mtx-basic tst-thrd-sleep \

-	tst-mtx-recursive tst-tss-basic tst-call-once tst-mtx-timedlock

+	tst-mtx-recursive tst-tss-basic tst-call-once tst-mtx-timedlock \

+	tst-rwlock-pwn

 tests-internal := tst-rwlock19 tst-rwlock20 \

 		  tst-sem11 tst-sem12 tst-sem13 \

diff --git a/nptl/pthread_rwlock_common.c b/nptl/pthread_rwlock_common.c

index 5dd534271aed6b41..85fc1bcfc7f5e60d 100644

--- a/nptl/pthread_rwlock_common.c

+++ b/nptl/pthread_rwlock_common.c

@@ -314,7 +314,7 @@ __pthread_rwlock_rdlock_full (pthread_rwlock_t *rwlock,

 		 harmless because the flag is just about the state of

 		 __readers, and all threads set the flag under the same

 		 conditions.  */

-	      while ((atomic_load_relaxed (&rwlock->__data.__readers)

+	      while (((r = atomic_load_relaxed (&rwlock->__data.__readers))

 		      & PTHREAD_RWLOCK_RWAITING) != 0)

 		{

 		  int private = __pthread_rwlock_get_private (rwlock);

diff --git a/nptl/tst-rwlock-pwn.c b/nptl/tst-rwlock-pwn.c

new file mode 100644

index 0000000000000000..c39dd70973f1a76e

--- /dev/null

+++ b/nptl/tst-rwlock-pwn.c

@@ -0,0 +1,87 @@

+/* Test rwlock with PREFER_WRITER_NONRECURSIVE_NP (bug 23861).

+   Copyright (C) 2018 Free Software Foundation, Inc.

+   This file is part of the GNU C Library.

+

+   The GNU C Library is free software; you can redistribute it and/or

+   modify it under the terms of the GNU Lesser General Public

+   License as published by the Free Software Foundation; either

+   version 2.1 of the License, or (at your option) any later version.

+

+   The GNU C Library is distributed in the hope that it will be useful,

+   but WITHOUT ANY WARRANTY; without even the implied warranty of

+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

+   Lesser General Public License for more details.

+

+   You should have received a copy of the GNU Lesser General Public

+   License along with the GNU C Library; if not, see

+   <http://www.gnu.org/licenses/>.  */

+

+#include <stdio.h>

+#include <stdlib.h>

+#include <unistd.h>

+#include <pthread.h>

+#include <support/xthread.h>

+

+/* We choose 10 iterations because this happens to be able to trigger the

+   stall on contemporary hardware.  */

+#define LOOPS 10

+/* We need 3 threads to trigger bug 23861.  One thread as a writer, and

+   two reader threads.  The test verifies that the second-to-last reader

+   is able to notify the *last* reader that it should be done waiting.

+   If the second-to-last reader fails to notify the last reader or does

+   so incorrectly then the last reader may stall indefinitely.  */

+#define NTHREADS 3

+

+_Atomic int do_exit;

+pthread_rwlockattr_t mylock_attr;

+pthread_rwlock_t mylock;

+

+void *

+run_loop (void *a)

+{

+  while (!do_exit)

+    {

+      if (random () & 1)

+	{

+	  xpthread_rwlock_wrlock (&mylock);

+	  xpthread_rwlock_unlock (&mylock);

+	}

+      else

+	{

+	  xpthread_rwlock_rdlock (&mylock);

+	  xpthread_rwlock_unlock (&mylock);

+	}

+    }

+  return NULL;

+}

+

+int

+do_test (void)

+{

+  xpthread_rwlockattr_init (&mylock_attr);

+  xpthread_rwlockattr_setkind_np (&mylock_attr,

+				  PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP);

+  xpthread_rwlock_init (&mylock, &mylock_attr);

+

+  for (int n = 0; n < LOOPS; n++)

+    {

+      pthread_t tids[NTHREADS];

+      do_exit = 0;

+      for (int i = 0; i < NTHREADS; i++)

+	tids[i] = xpthread_create (NULL, run_loop, NULL);

+      /* Let the threads run for some time.  */

+      sleep (1);

+      printf ("Exiting...");

+      fflush (stdout);

+      do_exit = 1;

+      for (int i = 0; i < NTHREADS; i++)

+	xpthread_join (tids[i]);

+      printf ("done.\n");

+    }

+  pthread_rwlock_destroy (&mylock);

+  pthread_rwlockattr_destroy (&mylock_attr);

+  return 0;

+}

+

+#define TIMEOUT (DEFAULT_TIMEOUT + 3 * LOOPS)

+#include <support/test-driver.c>