diff options
Diffstat (limited to 'libc/private/bionic_lock.h')
| -rw-r--r-- | libc/private/bionic_lock.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/libc/private/bionic_lock.h b/libc/private/bionic_lock.h index ec179d1b6..d70ba6c5c 100644 --- a/libc/private/bionic_lock.h +++ b/libc/private/bionic_lock.h @@ -72,6 +72,12 @@ class Lock { void unlock() { bool shared = process_shared; /* cache to local variable */ if (atomic_exchange_explicit(&state, Unlocked, memory_order_release) == LockedWithWaiter) { + // The Lock object may have been deallocated between the atomic exchange and the futex wake + // call, so avoid accessing any fields of Lock here. In that case, the wake call may target + // unmapped memory or trigger a spurious futex wakeup. The same situation happens with + // pthread mutexes. References: + // - https://lkml.org/lkml/2014/11/27/472 + // - http://austingroupbugs.net/view.php?id=811#c2267 __futex_wake_ex(&state, shared, 1); } } |