From patchwork Tue Jul 11 00:53:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Pluzhnikov X-Patchwork-Id: 786427 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3x63Vt1kS6z9s74 for ; Tue, 11 Jul 2017 10:53:57 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b="sfiGXve6"; dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:from:date:message-id:subject:to :cc:content-type; q=dns; s=default; b=QWsjJLlhePkuLC18nDgCE0Lmjm 57HdXPyqmEJ5QU7Zvdr5aMjrjwuZTwI/D0UI0qgO2K9jqKjNcHlBE2vjOzxlfo/3 xHtFJS2vbzXO6WCiSrXURf4DlgG97Vylr6826sDxqQvOKqKaM0p3Fb1qNizvcyI9 vT4o8Ntj9Kfd/bj2Q= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:from:date:message-id:subject:to :cc:content-type; s=default; bh=Vx3na4SngzeLNe7yPqvj9tIbivs=; b= sfiGXve6biSUj2EXdXuzGHJkxJ3xilVK+mlyOsjfNMLMNNBnmRr0gAixZ6tNIX9p SWWVNDR38NHN1br6BFkmKmEGYu7iQrU0nZrJaXFQOZYMmV0+W6w5f1aD0h+QZzao py51qkgDeRz17a/LcXGxtWlmTN3CIWVu3iqr6IQdsps= Received: (qmail 53333 invoked by alias); 11 Jul 2017 00:53:44 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 53043 invoked by uid 89); 11 Jul 2017 00:53:43 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-24.5 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.2 spammy=H*Ad:D*in.ibm.com, registrations, 10215, HX-Received:10.176.79.146 X-HELO: mail-ua0-f173.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=gmGL2TYP+Rqgx/8UcKP4BFcm1MoSI30ckpJm1NGB/wQ=; b=gDtTRxnFid0MTgP2F5Padr1Gya9bwOeLovGScxVjj8G8WonrfVqclNOT2MrX1pyxZB xj1R628XPuBxEooxFCFdtg6ierxAGLrLJuo0wmXQ/7yclhvkmqh77apcmRbH6PPwyeQw acm+8jW1aYU4WHA4lYrO6NteDuEFvKS+6vXVGn7gsEtp/NED9gbmnChNz2xaeZ5R1tOR b+aJ6N2im3ZX5fUFjJotfinXWMC8Nt8j9RbYYOgvpNzWL/oKQg9PeiuJ/W7Nq6stEjZi ZAf9JcMzrDsN3Ra1rUodNKYsipGYJgBALFMk78649vcjvClBckBjnQMSvfsu+eWGC6Uj HA+Q== X-Gm-Message-State: AIVw112/Sz4kwiRxRj4BPdry5f1M/LU03Gg2Osn3NGQrAWIG/2PiKMDy ZE0BgEP4L1rE/5AgjgXFRzpfEWuquv/e/khMOA== X-Received: by 10.176.79.146 with SMTP id m18mr10497631uah.83.1499734419796; Mon, 10 Jul 2017 17:53:39 -0700 (PDT) MIME-Version: 1.0 From: Paul Pluzhnikov Date: Mon, 10 Jul 2017 17:53:08 -0700 Message-ID: Subject: [patch] Fix for bz14333 -- race between atexit() and exit() To: GLIBC Devel Cc: Anoop V Chakkalakkal Greetings, This patch is an update to previous patch by Anoop: https://sourceware.org/ml/libc-alpha/2008-09/msg00013.html See discussion in the above message. Changes from the previous patch: I extended the lifetime of the lock from __new_exitfn to its callers, since they *also* modify global state. Tested: "make check" on Linux/x86_64. Also ran the test from https://sourceware.org/bugzilla/show_bug.cgi?id=14333#c5 a few hundred times. 2017-07-10 Paul Pluzhnikov Anoop V Chakkalakkal [BZ #14333] * stdlib/cxa_atexit.c (__internal_atexit): Use __exit_funcs_lock. (__new_exitfn): Fail registration when we finished at_exit processing. * stdlib/on_exit.c (__on_exit): Likewise. * stdlib/exit.c (__exit_funcs_done): New variable. (__run_exit_handlers): Use __exit_funcs_lock. * stdlib/exit.h (__exit_funcs_lock, __exit_funcs_done): New declarations. diff --git a/stdlib/cxa_atexit.c b/stdlib/cxa_atexit.c index ce5d9f22b4..5db0b33060 100644 --- a/stdlib/cxa_atexit.c +++ b/stdlib/cxa_atexit.c @@ -26,16 +26,25 @@ #undef __cxa_atexit +/* We change global data, so we need locking. */ +__libc_lock_define_initialized (, __exit_funcs_lock) + int attribute_hidden __internal_atexit (void (*func) (void *), void *arg, void *d, struct exit_function_list **listp) { - struct exit_function *new = __new_exitfn (listp); + struct exit_function *new; + + __libc_lock_lock (__exit_funcs_lock); + new = __new_exitfn (listp); if (new == NULL) - return -1; + { + __libc_lock_unlock (__exit_funcs_lock); + return -1; + } #ifdef PTR_MANGLE PTR_MANGLE (func); @@ -45,6 +54,7 @@ __internal_atexit (void (*func) (void *), void *arg, void *d, new->func.cxa.dso_handle = d; atomic_write_barrier (); new->flavor = ef_cxa; + __libc_lock_unlock (__exit_funcs_lock); return 0; } @@ -60,10 +70,6 @@ __cxa_atexit (void (*func) (void *), void *arg, void *d) libc_hidden_def (__cxa_atexit) -/* We change global data, so we need locking. */ -__libc_lock_define_initialized (static, lock) - - static struct exit_function_list initial; struct exit_function_list *__exit_funcs = &initial; uint64_t __new_exitfn_called; @@ -76,7 +82,10 @@ __new_exitfn (struct exit_function_list **listp) struct exit_function *r = NULL; size_t i = 0; - __libc_lock_lock (lock); + if (__exit_funcs_done == 1) + /* exit code finished processing all handlers + so fail this registration */ + return NULL; for (l = *listp; l != NULL; p = l, l = l->next) { @@ -127,7 +136,5 @@ __new_exitfn (struct exit_function_list **listp) ++__new_exitfn_called; } - __libc_lock_unlock (lock); - return r; } diff --git a/stdlib/exit.c b/stdlib/exit.c index c0b6d666c7..dfc4474891 100644 --- a/stdlib/exit.c +++ b/stdlib/exit.c @@ -19,11 +19,14 @@ #include #include #include +#include #include "exit.h" #include "set-hooks.h" DEFINE_HOOK (__libc_atexit, (void)) +/* initialise the processing complete flag to 0 */ +int __exit_funcs_done = 0; /* Call all functions registered with `atexit' and `on_exit', in the reverse of the order in which they were registered @@ -44,14 +47,30 @@ __run_exit_handlers (int status, struct exit_function_list **listp, the functions registered with `atexit' and `on_exit'. We call everyone on the list and use the status value in the last exit (). */ - while (*listp != NULL) + while (true) { - struct exit_function_list *cur = *listp; + struct exit_function_list *cur; + + restart: + __libc_lock_lock (__exit_funcs_lock); + cur = *listp; + + if (cur == NULL) + { + /* Exit processing complete. We will not allow any more + atexit/on_exit registrations. */ + __exit_funcs_done = 1; + __libc_lock_unlock (__exit_funcs_lock); + break; + } while (cur->idx > 0) { const struct exit_function *const f = &cur->fns[--cur->idx]; + const uint64_t new_exitfn_called = __new_exitfn_called; + + __libc_lock_unlock (__exit_funcs_lock); switch (f->flavor) { void (*atfct) (void); @@ -83,6 +102,15 @@ __run_exit_handlers (int status, struct exit_function_list **listp, cxafct (f->func.cxa.arg, status); break; } + __libc_lock_lock (__exit_funcs_lock); + + if (__glibc_unlikely (new_exitfn_called != __new_exitfn_called)) + { + /* The last exit function, or another thread, has registered + more exit functions. Start the loop over. */ + __libc_lock_unlock (__exit_funcs_lock); + goto restart; + } } *listp = cur->next; @@ -90,6 +118,8 @@ __run_exit_handlers (int status, struct exit_function_list **listp, /* Don't free the last element in the chain, this is the statically allocate element. */ free (cur); + + __libc_lock_unlock (__exit_funcs_lock); } if (run_list_atexit) diff --git a/stdlib/exit.h b/stdlib/exit.h index 7f2e679246..023e81b83f 100644 --- a/stdlib/exit.h +++ b/stdlib/exit.h @@ -20,6 +20,7 @@ #include #include +#include enum { @@ -62,6 +63,10 @@ extern struct exit_function_list *__quick_exit_funcs attribute_hidden; extern struct exit_function *__new_exitfn (struct exit_function_list **listp); extern uint64_t __new_exitfn_called attribute_hidden; +__libc_lock_define (extern, __exit_funcs_lock); + +/* flag to mark that all registered atexit/onexit handlers are called */ +extern int __exit_funcs_done attribute_hidden; extern void __run_exit_handlers (int status, struct exit_function_list **listp, diff --git a/stdlib/on_exit.c b/stdlib/on_exit.c index 83845e76d8..2db3063db9 100644 --- a/stdlib/on_exit.c +++ b/stdlib/on_exit.c @@ -24,10 +24,16 @@ int __on_exit (void (*func) (int status, void *arg), void *arg) { - struct exit_function *new = __new_exitfn (&__exit_funcs); + struct exit_function *new; + + __libc_lock_lock (__exit_funcs_lock); + new = __new_exitfn (&__exit_funcs); if (new == NULL) - return -1; + { + __libc_lock_unlock (__exit_funcs_lock); + return -1; + } #ifdef PTR_MANGLE PTR_MANGLE (func); @@ -36,6 +42,7 @@ __on_exit (void (*func) (int status, void *arg), void *arg) new->func.on.arg = arg; atomic_write_barrier (); new->flavor = ef_on; + __libc_lock_unlock (__exit_funcs_lock); return 0; } weak_alias (__on_exit, on_exit)