From 74665eaf3a44d3af5a136996ccbe39035306e8e5 Mon Sep 17 00:00:00 2001 From: Kenneth Graunke Date: Mon, 21 Oct 2019 14:51:13 -0700 Subject: [PATCH] util: Detect use-after-destroy in simple_mtx MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This makes simple_mtx_destroy set the counter to an invalid canary value and then makes lock/unlock assert that the value is legal. That way, calling lock/unlock after destroy will assert fail, rather than deadlocking or potentially even working. This has caught real deadlocks in dEQP multithreaded tests (in st/mesa shader variant zombie list handling), which have since been fixed. Reviewed-by: Tapani Pälli Reviewed-by: Eric Engestrom --- src/util/simple_mtx.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/util/simple_mtx.h b/src/util/simple_mtx.h index 94ab6fcef1f..c0cc13b3663 100644 --- a/src/util/simple_mtx.h +++ b/src/util/simple_mtx.h @@ -60,6 +60,8 @@ typedef struct { #define _SIMPLE_MTX_INITIALIZER_NP { 0 } +#define _SIMPLE_MTX_INVALID_VALUE 0xd0d0d0d0 + static inline void simple_mtx_init(simple_mtx_t *mtx, ASSERTED int type) { @@ -69,8 +71,9 @@ simple_mtx_init(simple_mtx_t *mtx, ASSERTED int type) } static inline void -simple_mtx_destroy(UNUSED simple_mtx_t *mtx) +simple_mtx_destroy(simple_mtx_t *mtx) { + mtx->val = _SIMPLE_MTX_INVALID_VALUE; } static inline void @@ -79,6 +82,9 @@ simple_mtx_lock(simple_mtx_t *mtx) uint32_t c; c = __sync_val_compare_and_swap(&mtx->val, 0, 1); + + assert(c != _SIMPLE_MTX_INVALID_VALUE); + if (__builtin_expect(c != 0, 0)) { if (c != 2) c = __sync_lock_test_and_set(&mtx->val, 2); @@ -95,6 +101,9 @@ simple_mtx_unlock(simple_mtx_t *mtx) uint32_t c; c = __sync_fetch_and_sub(&mtx->val, 1); + + assert(c != _SIMPLE_MTX_INVALID_VALUE); + if (__builtin_expect(c != 1, 0)) { mtx->val = 0; futex_wake(&mtx->val, 1); -- 2.30.2