From: Miklos Szeredi <mszeredi@suse.cz>
Date: Tue, 19 Mar 2013 16:16:14 +0000 (+0100)
Subject: libfuse: fix thread cancel race
X-Git-Tag: fuse_2_9_3~3
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=44088bc7fbe7c9234c090756dbf10742b1a281b1;p=qemu-gpiodev%2Flibfuse.git

libfuse: fix thread cancel race

Exiting a worker my race with cancelling that same worker.  This caused a
segmenation fault.

Reported and tested by Anatol Pomozov
---

diff --git a/ChangeLog b/ChangeLog
index a163bd4..3afa404 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2013-03-19  Miklos Szeredi <miklos@szeredi.hu>
+
+	* libfuse: fix thread cancel race.  Exiting a worker my race with
+	cancelling that same worker.  This caused a segmenation
+	fault. Reported and tested by Anatol Pomozov
+
 2013-02-04  Miklos Szeredi <miklos@szeredi.hu>
 
 	* libfuse: fix crash in unlock_path().  Patch by Ratna Manoj
diff --git a/lib/fuse_loop_mt.c b/lib/fuse_loop_mt.c
index 7ae5890..82e3001 100644
--- a/lib/fuse_loop_mt.c
+++ b/lib/fuse_loop_mt.c
@@ -241,9 +241,11 @@ int fuse_session_loop_mt(struct fuse_session *se)
 		while (!fuse_session_exited(se))
 			sem_wait(&mt.finish);
 
+		pthread_mutex_lock(&mt.lock);
 		for (w = mt.main.next; w != &mt.main; w = w->next)
 			pthread_cancel(w->thread_id);
 		mt.exit = 1;
+		pthread_mutex_unlock(&mt.lock);
 
 		while (mt.main.next != &mt.main)
 			fuse_join_worker(&mt, mt.main.next);