Skip to content

Commit

Permalink
gh-114944: Fix race between _PyParkingLot_Park and `_PyParkingLot_U…
Browse files Browse the repository at this point in the history 
…nparkAll` when handling interrupts (#114945)

Fix race between `_PyParkingLot_Park` and `_PyParkingLot_UnparkAll` when handling interrupts

There is a potential race when `_PyParkingLot_UnparkAll` is executing in
one thread and another thread is unblocked because of an interrupt in
`_PyParkingLot_Park`. Consider the following scenario:

1. Thread T0 is blocked[^1] in `_PyParkingLot_Park` on address `A`.
2. Thread T1 executes `_PyParkingLot_UnparkAll` on address `A`. It
   finds the `wait_entry` for `T0` and unlinks[^2] its list node.
3. Immediately after (2), T0 is woken up due to an interrupt. It
   then segfaults trying to unlink[^3] the node that was previously
   unlinked in (2).

To fix this we mark each waiter as unparking before releasing the bucket
lock. `_PyParkingLot_Park` will wait to handle the coming wakeup, and not
attempt to unlink the node, when this field is set. `_PyParkingLot_Unpark`
does this already, presumably to handle this case.
  • Loading branch information
@mpage
mpage authored Feb 5, 2024
1 parent 652fbf8 commit c32bae5
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
1 change: 1 addition & 0 deletions Misc/NEWS.d/next/Core and Builtins/2024-02-03-01-48-38.gh-issue-114944.4J5ELD.rst
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fixes a race between ``PyParkingLot_Park`` and ``_PyParkingLot_UnparkAll``.
4 changes: 2 additions & 2 deletions Python/parking_lot.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,7 @@ dequeue(Bucket *bucket, const void *address)
if (wait->addr == (uintptr_t)address) {
llist_remove(node);
--bucket->num_waiters;
wait->is_unparking = true;
return wait;
}
}
Expand All @@ -262,6 +263,7 @@ dequeue_all(Bucket *bucket, const void *address, struct llist_node *dst)
llist_remove(node);
llist_insert_tail(dst, node);
--bucket->num_waiters;
wait->is_unparking = true;
}
}
}
Expand Down Expand Up @@ -337,8 +339,6 @@ _PyParkingLot_Unpark(const void *addr, _Py_unpark_fn_t *fn, void *arg)
_PyRawMutex_Lock(&bucket->mutex);
struct wait_entry *waiter = dequeue(bucket, addr);
if (waiter) {
waiter->is_unparking = true;

int has_more_waiters = (bucket->num_waiters > 0);
fn(arg, waiter->park_arg, has_more_waiters);
}
Expand Down

0 comments on commit c32bae5

Please sign in to comment.