From 82d7abc1f4b03f37ff94c5f184d49502b6cf489b Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 30 Jan 2009 13:41:12 +0100 Subject: bugfix: invalid mutex access in msg.c --- runtime/msg.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'runtime/msg.c') diff --git a/runtime/msg.c b/runtime/msg.c index c8dbf2c2..064ed44b 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -188,6 +188,7 @@ static void MsgPrepareEnqueueLockingCase(msg_t *pThis) * rgerhards, 2008-07-14 */ pthread_mutexattr_destroy(&pThis->mutAttr); + pThis->bDoLock = 1; ENDfunc } @@ -197,14 +198,16 @@ static void MsgLockLockingCase(msg_t *pThis) { /* DEV debug only! dbgprintf("MsgLock(0x%lx)\n", (unsigned long) pThis); */ assert(pThis != NULL); - pthread_mutex_lock(&pThis->mut); + if(pThis->bDoLock == 1) /* TODO: this is a testing hack, we should find a way with better performance! -- rgerhards, 2009-01-27 */ + pthread_mutex_lock(&pThis->mut); } static void MsgUnlockLockingCase(msg_t *pThis) { /* DEV debug only! dbgprintf("MsgUnlock(0x%lx)\n", (unsigned long) pThis); */ assert(pThis != NULL); - pthread_mutex_unlock(&pThis->mut); + if(pThis->bDoLock == 1) /* TODO: this is a testing hack, we should find a way with better performance! -- rgerhards, 2009-01-27 */ + pthread_mutex_unlock(&pThis->mut); } /* delete the mutex object on message destruction (locking case) -- cgit From 2cfaf5f86a4fb40cc37ae71118c506f1d924df13 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 30 Jan 2009 13:49:41 +0100 Subject: bugfix: inconsistent use of mutex/atomic operations could cause segfault details are too many, for full analysis see blog post at: http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html --- runtime/msg.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'runtime/msg.c') diff --git a/runtime/msg.c b/runtime/msg.c index 3073fc5f..038e002a 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -281,14 +281,13 @@ finalize_it: BEGINobjDestruct(msg) /* be sure to specify the object type also in END and CODESTART macros! */ int currRefCount; CODESTARTobjDestruct(msg) - /* DEV Debugging only ! dbgprintf("msgDestruct\t0x%lx, Ref now: %d\n", (unsigned long)pM, pM->iRefCount - 1); */ -//# ifdef DO_HAVE_ATOMICS -// currRefCount = ATOMIC_DEC_AND_FETCH(pThis->iRefCount); -//# else + /* DEV Debugging only ! dbgprintf("msgDestruct\t0x%lx, Ref now: %d\n", (unsigned long)pThis, pThis->iRefCount - 1); */ +# ifdef HAVE_ATOMIC_BUILTINS + currRefCount = ATOMIC_DEC_AND_FETCH(pThis->iRefCount); +# else MsgLock(pThis); currRefCount = --pThis->iRefCount; -//# endif -// we need a mutex, because we may be suspended after getting the refcount but before +# endif if(currRefCount == 0) { /* DEV Debugging Only! dbgprintf("msgDestruct\t0x%lx, RefCount now 0, doing DESTROY\n", (unsigned long)pThis); */ @@ -348,7 +347,9 @@ CODESTARTobjDestruct(msg) rsCStrDestruct(&pThis->pCSPROCID); if(pThis->pCSMSGID != NULL) rsCStrDestruct(&pThis->pCSMSGID); +# ifndef HAVE_ATOMIC_BUILTINS MsgUnlock(pThis); +# endif funcDeleteMutex(pThis); } else { MsgUnlock(pThis); -- cgit