You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by ma...@apache.org on 2024/03/11 04:58:31 UTC

(nuttx) branch master updated: sched/group: set clear flag if the group is not really needed

This is an automated email from the ASF dual-hosted git repository.

masayuki pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx.git


The following commit(s) were added to refs/heads/master by this push:
     new d468ff3eeb sched/group: set clear flag if the group is not really needed
d468ff3eeb is described below

commit d468ff3eeba770f9cf2a109e94e3e63076fa9d38
Author: chao an <an...@lixiang.com>
AuthorDate: Mon Mar 11 10:36:20 2024 +0800

    sched/group: set clear flag if the group is not really needed
    
    The delete flag is not synchronized with the life cycle of the group,
    if the flag set before waitpid(), the tcb will be mistakenly deleted
    by group_del_waiter(), use-after-free will happen.
    
    Regression by:
    | commit 29e50ffa7374fa4c473d8d4f8cb3506665443d3e (origin/master, origin/HEAD)
    | Author: chao an <an...@lixiang.com>
    | Date:   Mon Mar 4 09:19:27 2024 +0800
    |
    |     sched/group: move task group into task_tcb_s to improve performance
    |
    |     move task group into task_tcb_s to avoid access allocator to improve performance
    |
    |     for Task Termination, the time consumption will be reduced ~2us (Tricore TC397 300MHZ):
    |     15.97(us) -> 13.55(us)
    |
    |     Signed-off-by: chao an <an...@lixiang.com>
    
    Signed-off-by: chao an <an...@lixiang.com>
---
 sched/group/group_leave.c      | 8 ++++----
 sched/sched/sched_releasetcb.c | 4 ++++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/sched/group/group_leave.c b/sched/group/group_leave.c
index b4bde70463..fe452f27c4 100644
--- a/sched/group/group_leave.c
+++ b/sched/group/group_leave.c
@@ -120,15 +120,15 @@ group_release(FAR struct task_group_s *group, uint8_t ttype)
     }
 #endif
 
-  /* Mark the group as deleted now */
-
-  group->tg_flags |= GROUP_FLAG_DELETED;
-
   /* Then drop the group freeing the allocated memory */
 
 #ifndef CONFIG_DISABLE_PTHREAD
   if (ttype == TCB_FLAG_TTYPE_PTHREAD)
     {
+      /* Mark the group as deleted now */
+
+      group->tg_flags |= GROUP_FLAG_DELETED;
+
       group_drop(group);
     }
 #endif
diff --git a/sched/sched/sched_releasetcb.c b/sched/sched/sched_releasetcb.c
index 005ab60482..8c3d312895 100644
--- a/sched/sched/sched_releasetcb.c
+++ b/sched/sched/sched_releasetcb.c
@@ -176,6 +176,10 @@ int nxsched_release_tcb(FAR struct tcb_s *tcb, uint8_t ttype)
 #endif
               )
             {
+              /* Mark the group as deleted now */
+
+              ttcb->group.tg_flags |= GROUP_FLAG_DELETED;
+
               return ret;
             }
         }