path: root/src/corelib
diff options
authorMarc Mutz <>2019-06-24 09:41:07 +0200
committerMarc Mutz <>2019-08-05 19:30:37 +0000
commit787e498487831c55be89979824709622ba29f17c (patch)
tree94a4ec99c8815b88791f900deaa7361b00a4ad94 /src/corelib
parent64d949207686a0225a78de572548a5361e340ae3 (diff)
QMutexPool: fix memory order of atomic operations
The array of QAtomicPointer<QMutex> can be initialized using relaxed stores of nullptr, since nullptr is the whole data. But once we store an actual QMutex pointer in the array, we need to publish the indirect data thus created. We did this, with testAndSetRelease(); what was missing was a corresponding acquire fence on load, without which there is no happens-before relationship between the writes performed by the QMutex ctor and the reads performed by a subsequent mutex.lock(), say, on the same data. Fix by adding acquire fences to all loads. That includes the dtor, since mutexes may have been created in different threads, and never been imported into this_thread before the dtor is running. As a drive-by, return a new'ed QMutex that was successfully installed directly to the caller, without again going through a load-acquire. Fixes: QTBUG-59164 Change-Id: Ia25d205b1127c8c4de0979cef997d1a88123c5c3 Reviewed-by: David Faure <> Reviewed-by: Giuseppe D'Angelo <> Reviewed-by: Thiago Macieira <> (cherry picked from commit 65b8f59e045bb41fef99b1a44f462115de65064a) (cherry picked from commit da38f0d691d9d7eacfac5fbcbd47b887bd59bd39)
Diffstat (limited to 'src/corelib')
2 files changed, 7 insertions, 4 deletions
diff --git a/src/corelib/thread/qmutexpool.cpp b/src/corelib/thread/qmutexpool.cpp
index 3f9e8da942..bb063b8ab6 100644
--- a/src/corelib/thread/qmutexpool.cpp
+++ b/src/corelib/thread/qmutexpool.cpp
@@ -104,7 +104,7 @@ QMutexPool::QMutexPool(QMutex::RecursionMode recursionMode, int size)
for (int index = 0; index < mutexes.count(); ++index)
- delete mutexes[index].load();
+ delete mutexes[index].loadAcquire();
@@ -129,9 +129,12 @@ QMutex *QMutexPool::createMutex(int index)
// mutex not created, create one
QMutex *newMutex = new QMutex(recursionMode);
- if (!mutexes[index].testAndSetRelease(0, newMutex))
+ if (!mutexes[index].testAndSetRelease(nullptr, newMutex)) {
delete newMutex;
- return mutexes[index].load();
+ return mutexes[index].loadAcquire();
+ } else {
+ return newMutex;
+ }
diff --git a/src/corelib/thread/qmutexpool_p.h b/src/corelib/thread/qmutexpool_p.h
index 89d006ac29..00710199b8 100644
--- a/src/corelib/thread/qmutexpool_p.h
+++ b/src/corelib/thread/qmutexpool_p.h
@@ -68,7 +68,7 @@ public:
inline QMutex *get(const void *address) {
int index = uint(quintptr(address)) % mutexes.count();
- QMutex *m = mutexes[index].load();
+ QMutex *m = mutexes[index].loadAcquire();
if (m)
return m;