[nginx] Core: fixed a race resulting in extra sem_post()'s.
Maxim Dounin
mdounin at mdounin.ru
Tue Apr 7 13:04:31 UTC 2015
details: http://hg.nginx.org/nginx/rev/4296627f385a
branches: stable-1.6
changeset: 6080:4296627f385a
user: Roman Arutyunyan <arut at nginx.com>
date: Wed Feb 04 16:22:43 2015 +0300
description:
Core: fixed a race resulting in extra sem_post()'s.
The mtx->wait counter was not decremented if we were able to obtain the lock
right after incrementing it. This resulted in unneeded sem_post() calls,
eventually leading to EOVERFLOW errors being logged, "sem_post() failed
while wake shmtx (75: Value too large for defined data type)".
To close the race, mtx->wait is now decremented if we obtain the lock right
after incrementing it in ngx_shmtx_lock(). The result can become -1 if a
concurrent ngx_shmtx_unlock() decrements mtx->wait before the added code does.
However, that only leads to one extra iteration in the next call of
ngx_shmtx_lock().
diffstat:
src/core/ngx_shmtx.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diffs (20 lines):
diff --git a/src/core/ngx_shmtx.c b/src/core/ngx_shmtx.c
--- a/src/core/ngx_shmtx.c
+++ b/src/core/ngx_shmtx.c
@@ -101,6 +101,7 @@ ngx_shmtx_lock(ngx_shmtx_t *mtx)
(void) ngx_atomic_fetch_add(mtx->wait, 1);
if (*mtx->lock == 0 && ngx_atomic_cmp_set(mtx->lock, 0, ngx_pid)) {
+ (void) ngx_atomic_fetch_add(mtx->wait, -1);
return;
}
@@ -174,7 +175,7 @@ ngx_shmtx_wakeup(ngx_shmtx_t *mtx)
wait = *mtx->wait;
- if (wait == 0) {
+ if ((ngx_atomic_int_t) wait <= 0) {
return;
}
More information about the nginx-devel
mailing list