[Python-checkins] r65481 - in python/trunk/Python: pystate.c thread.c

gregory.p.smith python-checkins at python.org
Mon Aug 4 09:33:37 CEST 2008 

Author: gregory.p.smith
Date: Mon Aug  4 09:33:37 2008
New Revision: 65481

Log:
Adds a sanity check to avoid a *very rare* infinite loop due to a corrupt tls
key list data structure in the thread startup path.

This change is a companion to r60148 which already successfully dealt with a
similar issue on thread shutdown.

In particular this loop has been observed happening from this call path:
 #0  in find_key ()
 #1  in PyThread_set_key_value ()
 #2  in _PyGILState_NoteThreadState ()
 #3  in PyThreadState_New ()
 #4  in t_bootstrap ()
 #5  in pthread_start_thread ()

I don't know how this happens but it does, *very* rarely.  On more than
one hardware platform.  I have not been able to reproduce it manually.
(A flaky mutex implementation on the system in question is one hypothesis).

As with r60148, the spinning we managed to observe in the wild was due to a
single list element pointing back upon itself.



Modified:
   python/trunk/Python/pystate.c
   python/trunk/Python/thread.c

Modified: python/trunk/Python/pystate.c
==============================================================================
--- python/trunk/Python/pystate.c	(original)
+++ python/trunk/Python/pystate.c	Mon Aug  4 09:33:37 2008
@@ -253,6 +253,10 @@
 				"PyThreadState_Delete: invalid tstate");
 		if (*p == tstate)
 			break;
+		/* Sanity check.  These states should never happen but if
+		 * they do we must abort.  Otherwise we'll end up spinning in
+		 * in a tight loop with the lock held.  A similar check is done
+		 * in thread.c find_key().  */
 		if (*p == prev_p)
 			Py_FatalError(
 				"PyThreadState_Delete: small circular list(!)"

Modified: python/trunk/Python/thread.c
==============================================================================
--- python/trunk/Python/thread.c	(original)
+++ python/trunk/Python/thread.c	Mon Aug  4 09:33:37 2008
@@ -264,15 +264,25 @@
 static struct key *
 find_key(int key, void *value)
 {
-	struct key *p;
+	struct key *p, *prev_p;
 	long id = PyThread_get_thread_ident();
 
 	if (!keymutex)
 		return NULL;
 	PyThread_acquire_lock(keymutex, 1);
+	prev_p = NULL;
 	for (p = keyhead; p != NULL; p = p->next) {
 		if (p->id == id && p->key == key)
 			goto Done;
+		/* Sanity check.  These states should never happen but if
+		 * they do we must abort.  Otherwise we'll end up spinning in
+		 * in a tight loop with the lock held.  A similar check is done
+		 * in pystate.c tstate_delete_common().  */
+		if (p == prev_p)
+			Py_FatalError("tls find_key: small circular list(!)");
+		prev_p = p;
+		if (p->next == keyhead)
+			Py_FatalError("tls find_key: circular list(!)");
 	}
 	if (value == NULL) {
 		assert(p == NULL);

More information about the Python-checkins mailing list