[PATCH] cpukit/score: avoid NULL and races in priority mutex

Gedare Bloom gedare at rtems.org
Thu Jan 2 23:24:52 UTC 2020 

The PIP modifications from #3359 introduced new data structures
to track priority inheritance. Prioritized mutexes without PIP
share some of the code paths, and may result in NULL pointer
accesses. This patch checks for NULL, and also adds ISR critical
sections to an uncovered corner case during thread restarts.

Closes #3829.
---
 cpukit/score/src/threadqextractpriority.c | 4 +++-
 cpukit/score/src/threadreset.c            | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/cpukit/score/src/threadqextractpriority.c b/cpukit/score/src/threadqextractpriority.c
index 5c8188d661..9288d17980 100644
--- a/cpukit/score/src/threadqextractpriority.c
+++ b/cpukit/score/src/threadqextractpriority.c
@@ -109,7 +109,9 @@ bool _Thread_queue_Extract_priority_helper(
   }
 
   mutex = _Thread_Dequeue_priority_node( &the_thread->Priority_node );
-  _Thread_Evaluate_priority( mutex->holder );
+  if ( mutex != NULL ) {
+    _Thread_Evaluate_priority( mutex->holder );
+  }
 
   if ( !_Watchdog_Is_active( &the_thread->Timer ) ) {
     _ISR_Enable( level );
diff --git a/cpukit/score/src/threadreset.c b/cpukit/score/src/threadreset.c
index 464a611391..dfc85c93aa 100644
--- a/cpukit/score/src/threadreset.c
+++ b/cpukit/score/src/threadreset.c
@@ -48,6 +48,7 @@ void _Thread_Reset(
 )
 {
   CORE_mutex_Control *mutex;
+  ISR_Level              level;
 
   the_thread->resource_count   = 0;
   #if defined(RTEMS_ITRON_API)
@@ -66,17 +67,21 @@ void _Thread_Reset(
       (void) _Watchdog_Remove( &the_thread->Timer );
   }
 
+  _ISR_Disable( level );
   if ( the_thread->Priority_node.waiting_to_hold != NULL ) {
     mutex = _Thread_Dequeue_priority_node( &the_thread->Priority_node );
     _Thread_Evaluate_priority( mutex->holder );
   }
+  _ISR_Enable( level );
 
   while ( !_Chain_Is_empty( &the_thread->Priority_node.Inherited_priorities ) ) {
+    _ISR_Disable( level );
     _Thread_Dequeue_priority_node(
       ((Thread_Priority_node*)_Chain_First(
         &the_thread->Priority_node.Inherited_priorities
       ))
     );
+    _ISR_Enable( level );
   }
 
   if ( the_thread->Priority_node.current_priority != the_thread->Start.initial_priority ) {
-- 
2.17.1

More information about the devel mailing list