libfuse: fix thread cancel race

Exiting a worker my race with cancelling that same worker.  This caused a
segmenation fault.

Reported and tested by Anatol Pomozov

diff --git a/ChangeLog b/ChangeLog
index a163bd48e385a6b064ec1dcad8fa85ba8d0474b8..3afa404a7cb5624baf2804000e74e49bac4be1de 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2013-03-19  Miklos Szeredi <miklos@szeredi.hu>
+
+       * libfuse: fix thread cancel race.  Exiting a worker my race with
+       cancelling that same worker.  This caused a segmenation
+       fault. Reported and tested by Anatol Pomozov
+
 2013-02-04  Miklos Szeredi <miklos@szeredi.hu>
 
        * libfuse: fix crash in unlock_path().  Patch by Ratna Manoj

diff --git a/lib/fuse_loop_mt.c b/lib/fuse_loop_mt.c
index 7ae58900a501dbdb3da4a79d420526ea3d9fa71d..82e30014b7618fa5fe907cd696e576c4c6a003b3 100644 (file)
--- a/lib/fuse_loop_mt.c
+++ b/lib/fuse_loop_mt.c
@@ -241,9 +241,11 @@ int fuse_session_loop_mt(struct fuse_session *se)
                while (!fuse_session_exited(se))
                        sem_wait(&mt.finish);
 
+               pthread_mutex_lock(&mt.lock);
                for (w = mt.main.next; w != &mt.main; w = w->next)
                        pthread_cancel(w->thread_id);
                mt.exit = 1;
+               pthread_mutex_unlock(&mt.lock);
 
                while (mt.main.next != &mt.main)
                        fuse_join_worker(&mt, mt.main.next);