Unlock BEFORE resuming the waitAll waiting task, to avoid unlock() on

ktoso · ktoso · commit bec78f6ae071 · 2023-08-03T18:02:13.000+09:00
released memory.

Because the waitAll() group method is called before the group returns
from withTaskGroup and is used to ensure all tasks have completed before
we destroy the task group, this method is then immediately followed by
calling TaskGroup::destroy.

If we, as previously, first resume the waiting task and then attempt to
unlock the lock held by the group, we are in an unsafe situation with
racing the task group destroy() and the unlock().

Therefore, we must release the lock before we resume the waiting task.
diff --git a/stdlib/public/Concurrency/TaskGroup.cpp b/stdlib/public/Concurrency/TaskGroup.cpp
@@ -1810,9 +1810,12 @@ void TaskGroupBase::waitAll(SwiftError* bodyError, AsyncTask *waitingTask,
       swift_release(completedTask);
     }
 
-    waitingTask->runInFullyEstablishedContext();
-
+    // We MUST release the lock before we resume the waiting task, because the resumption
+    // will allow it to destroy the task group, in which case the unlock()
+    // would be performed on freed memory (!)
     unlock();
+
+    waitingTask->runInFullyEstablishedContext();
     return;
   }
 

Original file line number	Diff line number	Diff line change
`@@ -1810,9 +1810,12 @@ void TaskGroupBase::waitAll(SwiftError* bodyError, AsyncTask *waitingTask,`
`1810`	`1810`	`swift_release(completedTask);`
`1811`	`1811`	`}`
`1812`	`1812`
`1813`		`- waitingTask->runInFullyEstablishedContext();`
`1814`		`-`
	`1813`	`+ // We MUST release the lock before we resume the waiting task, because the resumption`
	`1814`	`+ // will allow it to destroy the task group, in which case the unlock()`
	`1815`	`+ // would be performed on freed memory (!)`
`1815`	`1816`	`unlock();`
	`1817`	`+`
	`1818`	`+ waitingTask->runInFullyEstablishedContext();`
`1816`	`1819`	`return;`
`1817`	`1820`	`}`
`1818`	`1821`