From 1b455428d311a7c2e562a72960a916f8be606b8f Mon Sep 17 00:00:00 2001 From: normal Date: Mon, 5 Mar 2018 22:58:13 +0000 Subject: [PATCH] thread.c: reset waitq of keeping mutexes in child We must not maintain references to threads in the parent process in any mutexes held by the child process. * thread_sync.c (rb_mutex_cleanup_keeping_mutexes): new function * thread.c (rb_thread_atfork): cleanup keeping mutexes [ruby-core:85940] [Bug #14578] Fixes: r58604 (commit 3586c9e0876e784767a1c1adba9ebc2499fa0ec2) ("reduce rb_mutex_t size from 160 to 80 bytes on 64-bit") git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62668 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- test/ruby/test_thread.rb | 11 +++++++++++ thread.c | 1 + thread_sync.c | 14 ++++++++++++++ 3 files changed, 26 insertions(+) diff --git a/test/ruby/test_thread.rb b/test/ruby/test_thread.rb index 921f5a01c1..eebedb053b 100644 --- a/test/ruby/test_thread.rb +++ b/test/ruby/test_thread.rb @@ -1205,6 +1205,17 @@ q.pop assert_predicate(status, :success?, bug9751) end if Process.respond_to?(:fork) + def test_fork_while_locked + m = Mutex.new + thrs = [] + 3.times do |i| + thrs << Thread.new { m.synchronize { Process.waitpid2(fork{})[1] } } + end + thrs.each do |t| + assert_predicate t.value, :success?, '[ruby-core:85940] [Bug #14578]' + end + end if Process.respond_to?(:fork) + def test_subclass_no_initialize t = Module.new do break eval("class C\u{30b9 30ec 30c3 30c9} < Thread; self; end") diff --git a/thread.c b/thread.c index 27f5e5dabf..2c06127292 100644 --- a/thread.c +++ b/thread.c @@ -4236,6 +4236,7 @@ rb_thread_atfork(void) rb_thread_t *th = GET_THREAD(); rb_thread_atfork_internal(th, terminate_atfork_i); th->join_list = NULL; + rb_mutex_cleanup_keeping_mutexes(th); /* We don't want reproduce CVE-2003-0900. */ rb_reset_random_seed(); diff --git a/thread_sync.c b/thread_sync.c index e4a28ccb5c..8f68583a78 100644 --- a/thread_sync.c +++ b/thread_sync.c @@ -415,6 +415,20 @@ rb_mutex_abandon_all(rb_mutex_t *mutexes) list_head_init(&mutex->waitq); } } + +/* + * All other threads are dead in the a new child process, so waitqs + * contain references to dead threads which we need to clean up + */ +static void +rb_mutex_cleanup_keeping_mutexes(const rb_thread_t *current_thread) +{ + rb_mutex_t *mutex = current_thread->keeping_mutexes; + while (mutex) { + list_head_init(&mutex->waitq); + mutex = mutex->next_mutex; + } +} #endif static VALUE