BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless
If an isolated thread is marked as harmless, it will loop forever in
thread_harmless_till_end() waiting no threads are isolated anymore. It never
happens because the current thread is isolated. To fix the bug, we exclude
the current thread for the test. We now wait for all other threads to leave
the rendez-vous point.
This bug only seems to occurr if HAProxy is compiled with DEBUG_UAF, when
pool_gc() is called. pool_gc() isolates the current thread, while
pool_free_area() set the thread as harmless when munmap is called.
This patch must be backported as far as 2.0.
diff --git a/src/thread.c b/src/thread.c
index 06612e2..93a5294 100644
--- a/src/thread.c
+++ b/src/thread.c
@@ -48,13 +48,15 @@
#endif
/* Marks the thread as harmless until the last thread using the rendez-vous
- * point quits. Given that we can wait for a long time, sched_yield() is used
- * when available to offer the CPU resources to competing threads if needed.
+ * point quits, excluding the current one. Thus an isolated thread may be safely
+ * marked as harmless. Given that we can wait for a long time, sched_yield() is
+ * used when available to offer the CPU resources to competing threads if
+ * needed.
*/
void thread_harmless_till_end()
{
_HA_ATOMIC_OR(&threads_harmless_mask, tid_bit);
- while (threads_want_rdv_mask & all_threads_mask) {
+ while (threads_want_rdv_mask & ~tid_bit) {
ha_thread_relax();
}
}