hal_lib: fix a race in hal_init()

SebKuzminsky · SebKuzminsky · commit ff16585144aa · 2022-01-26T13:33:33.000-07:00
This commit makes two changes in init_hal_data() (which is called by hal_init()): 1. Take the `hal_data->mutex` using `rtapi_mutex_get()` instead of `rtapi_mutex_try()`. The `try` version tries to take the mutex and returns immediately, indicating by its return value whether it actually took the mutex or not. Before this commit, the `init_hal_data()` function called `try` but didn't check the return value, and just assumed that it got the mutex. This commit switches to the `get` version, which blocks until the mutex is available, then takes it. Note: this relies on the promise made by rtapi_shmem_new() that a freshly-allocated `hal_data` is initialized such that `hal_data->mutex` is a valid, un-locked mutex. Uspace RTAPI meets this criterion because it uses shmget(), which initializes all shared memory to all-bytes-zero. RTAI RTAPI also meets this criterion, though it's not mentioned in the documentation: https://mail.rtai.org/pipermail/rtai/2022-January/028282.html http://cvs.savannah.nongnu.org/viewvc/rtai/magma/base/ipc/shm/shm.c?view=markup#l69 2. Take the `hal_data->mutex`, locking `hal_data`, *before* checking whether the memory is initialized. This fixes the hal_init() race condition.
diff --git a/src/hal/hal_lib.c b/src/hal/hal_lib.c
@@ -2781,18 +2781,29 @@ static void thread_task(void *arg)
 
 static int init_hal_data(void)
 {
-    /* has the block already been initialized? */
+    /* has the hal_data block already been initialized? */
+
+    /* Lock hal_data by taking the mutex, so that two processes
+    don't both try to initialize hal_data at the same time.  NOTE:
+    The first time through, the hal_data memory buffer is fresh from
+    rtapi_shmem_new(), which means it's initialized to all zero bytes.
+    This means hal_data->mutex is valid and unlocked. */
+    rtapi_mutex_get(&(hal_data->mutex));
+
     if (hal_data->version != 0) {
-        /* yes, verify version code */
+        /* hal_data has been initialized already, verify version code */
         if (hal_data->version == HAL_VER) {
+            rtapi_mutex_give(&(hal_data->mutex));
             return 0;
         } else {
             rtapi_print_msg(RTAPI_MSG_ERR, "HAL: ERROR: version code mismatch\n");
+            rtapi_mutex_give(&(hal_data->mutex));
             return -1;
         }
     }
-    /* no, we need to init it, grab the mutex unconditionally */
-    rtapi_mutex_try(&(hal_data->mutex));
+
+    /* hal_data has *NOT* been initialized yet, we get the honor */
+
     /* set version code so nobody else init's the block */
     hal_data->version = HAL_VER;
     /* initialize everything */
