mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-31 05:58:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

[3.13] gh-117657: Fix QSBR race condition (GH-118843) (#118905)

Browse source 
`_Py_qsbr_unregister` is called when the PyThreadState is already
detached, so the access to `tstate->qsbr` isn't safe without locking the
shared mutex. Grab the `struct _qsbr_shared` from the interpreter
instead.
(cherry picked from commit 33d20199af)

Co-authored-by: Alex Turner <alexturner@meta.com>
This commit is contained in:
Miss Islington (bot) 2024-05-10 17:13:17 +02:00 committed by GitHub
parent 0874a400a8
commit 0becae366c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

11
Python/qsbr.c
View file

@ -231,20 +231,21 @@ _Py_qsbr_register(_PyThreadStateImpl *tstate, PyInterpreterState *interp,
}
void
_Py_qsbr_unregister(_PyThreadStateImpl *tstate)
_Py_qsbr_unregister(PyThreadState *tstate)
{
struct _qsbr_shared *shared = tstate->qsbr->shared;
struct _qsbr_shared *shared = &tstate->interp->qsbr;
struct _PyThreadStateImpl *tstate_imp = (_PyThreadStateImpl*) tstate;
PyMutex_Lock(&shared->mutex);
// NOTE: we must load (or reload) the thread state's qbsr inside the mutex
// because the array may have been resized (changing tstate->qsbr) while
// we waited to acquire the mutex.
struct _qsbr_thread_state *qsbr = tstate->qsbr;
struct _qsbr_thread_state *qsbr = tstate_imp->qsbr;
assert(qsbr->seq == 0 && "thread state must be detached");
assert(qsbr->allocated && qsbr->tstate == (PyThreadState *)tstate);
assert(qsbr->allocated && qsbr->tstate == tstate);
tstate->qsbr = NULL;
tstate_imp->qsbr = NULL;
qsbr->tstate = NULL;
qsbr->allocated = false;
qsbr->freelist_next = shared->freelist;