[Bug 2172] SMP: Race condition in _Thread_queue_Process_timeout()

bugzilla-daemon at rtems.org bugzilla-daemon at rtems.org
Thu Mar 27 11:51:58 UTC 2014


https://www.rtems.org/bugzilla/show_bug.cgi?id=2172

Sebastian Huber <sebastian.huber at embedded-brains.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P3                          |P1
         AssignedTo|joel.sherrill at oarcorp.com   |sebastian.huber at embedded-br
                   |                            |ains.de
            Summary|SMP: System corruption      |SMP: Race condition in
                   |revealed with test          |_Thread_queue_Process_timeo
                   |smpload01                   |ut()
           Severity|normal                      |critical

--- Comment #1 from Sebastian Huber <sebastian.huber at embedded-brains.de> 2014-03-27 06:51:58 CDT ---
One bug is in _Thread_queue_Process_timeout():

[...]
      /*
       * After we enable interrupts here, a lot may happen in the meantime,
       * e.g. nested interrupts may release the resource that times out here.
       * So we enter _Thread_queue_Extract() speculatively.  Inside this
       * function we check the actual status under ISR disable protection.
       * This ensures that exactly one executing context performs the extract
       * operation (other parties may call _Thread_queue_Dequeue()).  If this
       * context won, then we have a timeout.
       *
       * We can use the_thread_queue pointer here even if
       * the_thread->Wait.queue is already set to NULL since the extract
       * operation will only use the thread queue discipline to select the
       * right extract operation.  The timeout status is set during thread
       * queue initialization.
       */
      we_did_it = _Thread_queue_Extract( the_thread_queue, the_thread );
      if ( we_did_it ) {
        the_thread->Wait.return_code = the_thread_queue->timeout_status;
      }
[...]

In case _Thread_queue_Extract() successfully extracted a thread, then this
thread may start execution on a remote processor and read the
the_thread->Wait.return_code before we update it here with the timeout status.

-- 
Configure bugmail: https://www.rtems.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the bugs mailing list