Add PTHREAD_PRIO_INHERIT Locks for Mac

base/synchronization/lock_impl_posix.cc

Index: base/synchronization/lock_impl_posix.cc
diff --git a/base/synchronization/lock_impl_posix.cc b/base/synchronization/lock_impl_posix.cc
index 5619adaf5d829df72f93fd57b0687d551fb9390d..f6d6f4af16cbabf50013e2547c9e64925766bcc8 100644
--- a/base/synchronization/lock_impl_posix.cc
+++ b/base/synchronization/lock_impl_posix.cc
@@ -8,26 +8,30 @@
 #include <string.h>
 
 #include "base/logging.h"
+#include "base/synchronization/lock.h"
 
 namespace base {
 namespace internal {
 
 LockImpl::LockImpl() {
-#ifndef NDEBUG
-  // In debug, setup attributes for lock error checking.
   pthread_mutexattr_t mta;
   int rv = pthread_mutexattr_init(&mta);
   DCHECK_EQ(rv, 0) << ". " << strerror(rv);
+#if PRIORITY_INHERITANCE_LOCKS_POSSIBLE()

[danakj, 2016/07/27 22:47:53]

Alternatively, if guarding everything else by OS_POSIX, why is this guarding the
call with this here, instead of just calling and getting false?

[robliao, 2016/07/28 20:06:09]

We're already in a POSIX-only file, so OS_POSIX should be guaranteed, shouldn't
it? 

This code will fail to compile on NaCl and Android builds since
PTHREAD_PRIO_INHERIT isn't defined in their pthreads headers.

+  if (PriorityInheritanceAvailable()) {
+    rv = pthread_mutexattr_setprotocol(&mta, PTHREAD_PRIO_INHERIT);
+  }
+  DCHECK_EQ(rv, 0) << ". " << strerror(rv);

[danakj, 2016/07/27 22:47:53]

put this inside the if?

[robliao, 2016/07/28 20:06:09]

Done.

+#endif
+#ifndef NDEBUG
+  // In debug, setup attributes for lock error checking.
   rv = pthread_mutexattr_settype(&mta, PTHREAD_MUTEX_ERRORCHECK);
   DCHECK_EQ(rv, 0) << ". " << strerror(rv);
+#endif
   rv = pthread_mutex_init(&native_handle_, &mta);
   DCHECK_EQ(rv, 0) << ". " << strerror(rv);
   rv = pthread_mutexattr_destroy(&mta);
   DCHECK_EQ(rv, 0) << ". " << strerror(rv);
-#else
-  // In release, go with the default lock attributes.
-  pthread_mutex_init(&native_handle_, NULL);
-#endif
 }
 
 LockImpl::~LockImpl() {
@@ -51,5 +55,29 @@ void LockImpl::Unlock() {
   DCHECK_EQ(rv, 0) << ". " << strerror(rv);
 }
 
+// static
+bool LockImpl::PriorityInheritanceAvailable() {
+#if PRIORITY_INHERITANCE_LOCKS_POSSIBLE() && defined(OS_MACOSX)
+  return true;
+#else
+  // Security concerns prevent the use of priority inheritance mutexes on Linux.
+  //   * CVE-2010-0622 - wake_futex_pi unlocks incorrect, possible DoS.
+  //     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622
+  //   * CVE-2012-6647 - Linux < 3.5.1, futex_wait_requeue_pi possible DoS.
+  //     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6647
+  //   * CVE-2014-3153 - Linux <= 3.14.5, futex_requeue, privilege escalation.
+  //     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153
+  //
+  // If the above were all addressed, we still need a runtime check to deal with
+  // the bug below.
+  //   * glibc Bug 14652: https://sourceware.org/bugzilla/show_bug.cgi?id=14652
+  //     Fixed in glibc 2.17.
+  //     Priority inheritance mutexes may deadlock with condition variables
+  //     during recacquisition of the mutex after the condition variable is
+  //     signalled.
+  return false;
+#endif
+}
+
 }  // namespace internal
 }  // namespace base