Timer pool may be freed while another thread executes timer_notify().
This leads to segmentation fault.
Example scenario:
Time main_thread timer_notify_thread
--------------------------------------------------------------------------------
1 call odp_timer_pool_del(tp) call timer_notify(sigval)
2 odp_lock(&tp->lock); tp = sigval.sival_ptr;
3 ... ...
4 odp_lock(&tp->itimer_running); ...
5 itimer_fini(tp); timer_getoverrun(tp->timerid);
6 odp_shm_free(tp->shm); ...
7 ... odp_atomic_fetch_inc_u64(&tp->cur_tick);
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffedffb700 (LWP 1744)]
in odp_atomic_fetch_inc_u64 (atom=...) at ./include/odp/atomic.h:158
158 return __atomic_fetch_add(&atom->v, 1, __ATOMIC_RELAXED);
(gdb) bt
#0 odp_atomic_fetch_inc_u64 (atom=...) at ./include/odp/atomic.h:158
#1 timer_notify (sigval=..., sigval@entry=...) at odp_timer.c:650
#2 timer_sigev_thread (arg=...) at ../unix/sysv/linux/timer_routines.c:62
#3 start_thread (arg=0x7fffedffb700) at pthread_create.c:333
#4 clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Segmentation fault appears approximately 1 time from 200 runs of
./test/validation/timer/timer_main on my system.
Hint: There is no way to protect memory from feeing by lock located
inside that memory.
I have no time to fix that. Tag below may be added to patch that fixes that.
Reported-by: Ilya Maximets <i.maxim...@samsung.com>
_______________________________________________
lng-odp mailing list
lng-odp@lists.linaro.org
https://lists.linaro.org/mailman/listinfo/lng-odp
