fix data race between new pthread_key_delete and dtor execution

access to clear the entry in each thread's tsd array for the key being
deleted was not synchronized with __pthread_tsd_run_dtors. I probably
made this mistake from a mistaken belief that the thread list lock was
held during the latter, which of course is not possible since it
executes application code in a still-live-thread context.

while we're at it, expand the interval during which signals are
blocked to cover taking the write lock on key_lock, so that a signal
at an inopportune time doesn't block forward progress of readers.

diff --git a/src/thread/pthread_key_create.c b/src/thread/pthread_key_create.c
index dc20cc3f3b54d647ebf299bdf189ed61fd38482f..210605c6e9c3bf2f730fce96a9b229d2e7a39e32 100644 (file)
--- a/src/thread/pthread_key_create.c
+++ b/src/thread/pthread_key_create.c
@@ -51,15 +51,17 @@ int __pthread_key_delete(pthread_key_t k)
        pthread_t self = __pthread_self(), td=self;
 
        __block_app_sigs(&set);
+       __pthread_rwlock_wrlock(&key_lock);
+
        __tl_lock();
        do td->tsd[k] = 0;
        while ((td=td->next)!=self);
        __tl_unlock();
-       __restore_sigs(&set);
 
-       __pthread_rwlock_wrlock(&key_lock);
        keys[k] = 0;
+
        __pthread_rwlock_unlock(&key_lock);
+       __restore_sigs(&set);
 
        return 0;
 }