You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by GitBox <gi...@apache.org> on 2019/01/30 14:21:34 UTC
[GitHub] andrzej-kaczmarek opened a new pull request #1625: kernel/os: Fix
possible race in os_mutex_release()
andrzej-kaczmarek opened a new pull request #1625: kernel/os: Fix possible race in os_mutex_release()
URL: https://github.com/apache/mynewt-core/pull/1625
There is possible race between `os_mutex_release()` and `os_mutex_pend()` due to modification of `mu_level` outside critical section. The scenario is as follows:
1. `os_mutex_release()` decrements `mu_level` on mutex which is not nested this means that now `mu_level==0` and will be unlocked
2. current task is preempted by another one which calls `os_mutex_pend()` on the same mutex
3. `os_mutex_pend()` checks if `mu_level==0` (i.e. unlocked) and locks it by setting `mu_level=1` and `mu_owner=<task>`
4. previous task resumes execution and enters critical section which should unlock the mutex and overwrites `mu_owner=NULL` (assuming there is no other task waiting to lock this mutex)
5. the result is that mutex has `mu_level>0` so it is assumed locked, but at the same time `mu_owner==NULL` which will cause hardfault when trying to lock it again due to `NULL` pointer access when comparing task priorities
The solution here is to modify `os_mutex_release()` to check if mutex is nested with `mu_level==1` (i.e. last lock) and if it is, remove last reference inside critical section.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services