fix extremely rare but dangerous race condition in robust mutexes

[musl] / src / thread / pthread_mutex_unlock.c

diff --git a/src/thread/pthread_mutex_unlock.c b/src/thread/pthread_mutex_unlock.c
index fdf9fc1..5fc0f4e 100644 (file)
--- a/src/thread/pthread_mutex_unlock.c
+++ b/src/thread/pthread_mutex_unlock.c
@@ -1,5 +1,8 @@
 #include "pthread_impl.h"
 
+void __vm_lock_impl(int);
+void __vm_unlock_impl(void);
+
 int pthread_mutex_unlock(pthread_mutex_t *m)
 {
        pthread_t self;
@@ -20,11 +23,14 @@ int pthread_mutex_unlock(pthread_mutex_t *m)
                        self->robust_list.pending = &m->_m_next;
                        *(void **)m->_m_prev = m->_m_next;
                        if (m->_m_next) ((void **)m->_m_next)[-1] = m->_m_prev;
+                       __vm_lock_impl(+1);
                }
        }
        cont = a_swap(&m->_m_lock, 0);
-       if (robust)
+       if (robust) {
                self->robust_list.pending = 0;
+               __vm_unlock_impl();
+       }
        if (waiters || cont<0)
                __wake(&m->_m_lock, 1, 0);
        return 0;