From 90c400bd4904b0240a148f0b357a5cbc36179239 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 21 Dec 2015 16:42:46 +0100 Subject: malloc: Fix list_lock/arena lock deadlock [BZ #19182] * malloc/arena.c (list_lock): Document lock ordering requirements. (free_list_lock): New lock. (ptmalloc_lock_all): Comment on free_list_lock. (ptmalloc_unlock_all2): Reinitialize free_list_lock. (detach_arena): Update comment. free_list_lock is now needed. (_int_new_arena): Use free_list_lock around detach_arena call. Acquire arena lock after list_lock. Add comment, including FIXME about incorrect synchronization. (get_free_list): Switch to free_list_lock. (reused_arena): Acquire free_list_lock around detach_arena call and attached threads counter update. Add two FIXMEs about incorrect synchronization. (arena_thread_freeres): Switch to free_list_lock. * malloc/malloc.c (struct malloc_state): Update comments to mention free_list_lock. --- malloc/malloc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'malloc/malloc.c') diff --git a/malloc/malloc.c b/malloc/malloc.c index a030109c3e..1a03079344 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -1710,12 +1710,12 @@ struct malloc_state struct malloc_state *next; /* Linked list for free arenas. Access to this field is serialized - by list_lock in arena.c. */ + by free_list_lock in arena.c. */ struct malloc_state *next_free; /* Number of threads attached to this arena. 0 if the arena is on - the free list. Access to this field is serialized by list_lock - in arena.c. */ + the free list. Access to this field is serialized by + free_list_lock in arena.c. */ INTERNAL_SIZE_T attached_threads; /* Memory allocated from the system in this arena. */ -- cgit v1.2.1