From 805288929fdf511b4044cf07c59e02e2eaa9c546 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Sun, 17 Feb 2019 21:46:14 -0500 Subject: [PATCH] fix data race between new pthread_key_delete and dtor execution access to clear the entry in each thread's tsd array for the key being deleted was not synchronized with __pthread_tsd_run_dtors. I probably made this mistake from a mistaken belief that the thread list lock was held during the latter, which of course is not possible since it executes application code in a still-live-thread context. while we're at it, expand the interval during which signals are blocked to cover taking the write lock on key_lock, so that a signal at an inopportune time doesn't block forward progress of readers. --- src/thread/pthread_key_create.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/thread/pthread_key_create.c b/src/thread/pthread_key_create.c index dc20cc3f..210605c6 100644 --- a/src/thread/pthread_key_create.c +++ b/src/thread/pthread_key_create.c @@ -51,15 +51,17 @@ int __pthread_key_delete(pthread_key_t k) pthread_t self = __pthread_self(), td=self; __block_app_sigs(&set); + __pthread_rwlock_wrlock(&key_lock); + __tl_lock(); do td->tsd[k] = 0; while ((td=td->next)!=self); __tl_unlock(); - __restore_sigs(&set); - __pthread_rwlock_wrlock(&key_lock); keys[k] = 0; + __pthread_rwlock_unlock(&key_lock); + __restore_sigs(&set); return 0; } -- 2.25.1