[Issue 16979] New: Race in druntime leads to undefined behaviour

[via Digitalmars-d-bugs]

https://issues.dlang.org/show_bug.cgi?id=16979

          Issue ID: 16979
           Summary: Race in druntime leads to undefined behaviour
           Product: D
           Version: D2
          Hardware: x86_64
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P1
         Component: druntime
          Assignee: nobody at puremagic.com
          Reporter: safety0ff.bugz at gmail.com

This issue affects Posix (excl. Darwin) druntime implementation of thread
suspend.

Order of events:

Thread 1                            |   Thread 2

thread_suspendAll
↳suspend(Thread 2)
 reads Thread 2.isRunning as true
                                     thread_cleanupHandler
                                     ↳ sets isRunning to false
                                     Thread 2 exits
 calls pthread_kill with the invalid Thread 2.m_addr


This problem is not present on the normal exit path because Thread 1 holds the
lock for the thread list and thread 2 would block trying to remove itself.

Possible solutions:
#1:
Remove the thread from the list in the cleanup handler.

There is a comment in the current code stating that it is safer to defer this
operation, however, there is no full explanation & rationale for deferring.

#2:
Make Thread.suspend prevent the target thread from returning from
thread_cleanupHandler until after it has called pthread_kill on it.

This may be the cause of #15939.

--