diff options
| author | Andy Wingo <wingo@pobox.com> | 2016-06-23 11:47:42 +0200 |
|---|---|---|
| committer | Andy Wingo <wingo@pobox.com> | 2016-06-23 12:13:02 +0200 |
| commit | c01a2a757e3c59727bdfa8d77568bf42525fbe05 (patch) | |
| tree | b2f8d4ffb55df1b2ed4cc1853d2d6efa354cdbda /libguile/smob.c | |
| parent | 9a951678713557b548415d32eae6d63d039bf652 (diff) | |
| download | guile-c01a2a757e3c59727bdfa8d77568bf42525fbe05.tar.gz | |
Fix race between SMOB marking and finalization
* libguile/smob.c (clear_smobnum): New helper.
(finalize_smob): Re-set the smobnum to the "finalized smob" type
before finalizing. Fixes #19883.
(scm_smob_prehistory): Pre-register a "finalized smob" type, which has
no mark procedure.
* test-suite/standalone/test-smob-mark-race.c: New file.
* test-suite/standalone/Makefile.am: Arrange to build and run the new
test.
Diffstat (limited to 'libguile/smob.c')
| -rw-r--r-- | libguile/smob.c | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/libguile/smob.c b/libguile/smob.c index 6a97caa7c..43ea613de 100644 --- a/libguile/smob.c +++ b/libguile/smob.c @@ -372,20 +372,43 @@ scm_gc_mark (SCM o) } +static void* +clear_smobnum (void *ptr) +{ + SCM smob; + scm_t_bits smobnum; + + smob = SCM_PACK_POINTER (ptr); + + smobnum = SCM_SMOBNUM (smob); + /* Frob the object's type in place, re-setting it to be the "finalized + smob" type. This will prevent other routines from accessing its + internals in a way that assumes that the smob data is valid. This + is notably the case for SMOB's own "mark" procedure, if any; as the + finalizer runs without the alloc lock, it's possible for a GC to + occur while it's running, in which case the object is alive and yet + its data is invalid. */ + SCM_SET_SMOB_DATA_0 (smob, SCM_SMOB_DATA_0 (smob) & ~(scm_t_bits) 0xff00); + + return (void *) smobnum; +} + /* Finalize SMOB by calling its SMOB type's free function, if any. */ static void finalize_smob (void *ptr, void *data) { SCM smob; + scm_t_bits smobnum; size_t (* free_smob) (SCM); smob = SCM_PACK_POINTER (ptr); + smobnum = (scm_t_bits) GC_call_with_alloc_lock (clear_smobnum, ptr); + #if 0 - printf ("finalizing SMOB %p (smobnum: %u)\n", - ptr, SCM_SMOBNUM (smob)); + printf ("finalizing SMOB %p (smobnum: %u)\n", ptr, smobnum); #endif - free_smob = scm_smobs[SCM_SMOBNUM (smob)].free; + free_smob = scm_smobs[smobnum].free; if (free_smob) free_smob (smob); } @@ -460,6 +483,7 @@ void scm_smob_prehistory () { long i; + scm_t_bits finalized_smob_tc16; scm_i_pthread_key_create (¤t_mark_stack_pointer, NULL); scm_i_pthread_key_create (¤t_mark_stack_limit, NULL); @@ -483,6 +507,9 @@ scm_smob_prehistory () scm_smobs[i].apply = 0; scm_smobs[i].apply_trampoline = SCM_BOOL_F; } + + finalized_smob_tc16 = scm_make_smob_type ("finalized smob", 0); + if (SCM_TC2SMOBNUM (finalized_smob_tc16) != 0) abort (); } /* |