Project

General

Profile

Actions

Bug #3746

closed

ZRLs are racy

Added by Will Andrews about 9 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2013-04-23
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

From the original change log:

It was possible for a reference to be added even with the lock held, and
for references added just after a lock release to be lost.

This bug was also independently found and reported in wesunsolve.net
issues 6985013 6995524.

In zrl_add(), always use an atomic operation to update the refcount.
The mutex in the ZRL only guarantees that wakeups occur for waiters on the
lock. It offers no protection against concurrent updates of the refcount.
The only refcount transition that is safe to perform without an atomic
operation is from ZRL_LOCKED back to 0, since this can only be performed
by the thread which has the ZRL locked.


Files

zrlock-issue.txt (11.9 KB) zrlock-issue.txt one of our servers had lots of threads blocked due to a zrlock in LOCKED state Youzhong Yang, 2016-09-23 03:07 PM
zrlock-test.c (5.52 KB) zrlock-test.c test program reproducing the issue, and with proposed fix for zrl_add_impl Youzhong Yang, 2016-09-23 03:07 PM
Actions

Also available in: Atom PDF