[rtems commit] cpukit/score: avoid NULL and races in priority mutex

Gedare Bloom gedare at rtems.org
Fri Jan 3 18:11:24 UTC 2020 

Module:    rtems
Branch:    4.10
Commit:    e3f6d35f65a49a2e5f79ddba0645bb9b7e51f182
Changeset: http://git.rtems.org/rtems/commit/?id=e3f6d35f65a49a2e5f79ddba0645bb9b7e51f182

Author:    Gedare Bloom <gedare at rtems.org>
Date:      Thu Jan  2 15:45:30 2020 -0700

cpukit/score: avoid NULL and races in priority mutex

The PIP modifications from #3359 introduced new data structures
to track priority inheritance. Prioritized mutexes without PIP
share some of the code paths, and may result in NULL pointer
accesses. This patch checks for NULL, and also adds ISR critical
sections to an uncovered corner case during thread restarts.

Closes #3829.

---

 cpukit/score/src/threadqextractpriority.c | 4 +++-
 cpukit/score/src/threadreset.c            | 6 ++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/cpukit/score/src/threadqextractpriority.c b/cpukit/score/src/threadqextractpriority.c
index 5c8188d..9288d17 100644
--- a/cpukit/score/src/threadqextractpriority.c
+++ b/cpukit/score/src/threadqextractpriority.c
@@ -109,7 +109,9 @@ bool _Thread_queue_Extract_priority_helper(
   }
 
   mutex = _Thread_Dequeue_priority_node( &the_thread->Priority_node );
-  _Thread_Evaluate_priority( mutex->holder );
+  if ( mutex != NULL ) {
+    _Thread_Evaluate_priority( mutex->holder );
+  }
 
   if ( !_Watchdog_Is_active( &the_thread->Timer ) ) {
     _ISR_Enable( level );
diff --git a/cpukit/score/src/threadreset.c b/cpukit/score/src/threadreset.c
index 464a611..6a03135 100644
--- a/cpukit/score/src/threadreset.c
+++ b/cpukit/score/src/threadreset.c
@@ -48,6 +48,7 @@ void _Thread_Reset(
 )
 {
   CORE_mutex_Control *mutex;
+  ISR_Level              level;
 
   the_thread->resource_count   = 0;
   #if defined(RTEMS_ITRON_API)
@@ -66,18 +67,23 @@ void _Thread_Reset(
       (void) _Watchdog_Remove( &the_thread->Timer );
   }
 
+  _ISR_Disable( level );
   if ( the_thread->Priority_node.waiting_to_hold != NULL ) {
     mutex = _Thread_Dequeue_priority_node( &the_thread->Priority_node );
     _Thread_Evaluate_priority( mutex->holder );
   }
+  _ISR_Enable( level );
 
+  _ISR_Disable( level );
   while ( !_Chain_Is_empty( &the_thread->Priority_node.Inherited_priorities ) ) {
     _Thread_Dequeue_priority_node(
       ((Thread_Priority_node*)_Chain_First(
         &the_thread->Priority_node.Inherited_priorities
       ))
     );
+    _ISR_Flash( level );
   }
+  _ISR_Enable( level );
 
   if ( the_thread->Priority_node.current_priority != the_thread->Start.initial_priority ) {
     the_thread->Priority_node.real_priority = the_thread->Start.initial_priority;

More information about the vc mailing list