From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9083 invoked by alias); 10 Apr 2017 14:40:16 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Received: (qmail 8452 invoked by uid 89); 10 Apr 2017 14:40:15 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-24.4 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=ham version=3.3.2 spammy=holding X-HELO: mail-qt0-f176.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=mTVEN2vx1t17Xwj4o+iQYeQSzUIGbtZEy5oSNmOkmWs=; b=XGSTq3z1cLXBLkh40ygkqRyZ3LVOBP2S7WaUkb1AVpeOzEOCU1fjOdiFyyN80/mmrJ syDmQ/3LJBFsduUynhh7/tS/FoiY1pMeFPhYyY0I4I4r55wZ++o/fWf9/x7MDbWVB1Qh Kw5e44A+Cy+9C/cSAXgiuWI2v0N8EWMPcQHj4UYY0u/4YXwCDZJ2ZISbFmEaBFp5OMKa NamBdL/X//dGmZaWblSbBv0bRqNe3UqPY81UdYsxWebn/FyoA+GmLpflsgYRAK9+KE9a b6Q/wjCqj2BjtK726HdlJfFX4pdloIy4JUmRMLJb2Dleq6c4C1dla5y9Q3kPKlThwffE A0fA== X-Gm-Message-State: AN3rC/6nZ1nwZlhkq4QHcrZ81l2aGkT1GPYKwqjDhsHDXiOzJaO3HSvRyy1JQHa0qJTnu8CR X-Received: by 10.200.42.28 with SMTP id k28mr1859667qtk.248.1491835212440; Mon, 10 Apr 2017 07:40:12 -0700 (PDT) Subject: Re: [PATCH][BZ 21357] unwind-dw2-fde: Call free() outside of unwind mutex To: libc-alpha@sourceware.org References: <1491508681-30385-1-git-send-email-rabin.vincent@axis.com> From: Adhemerval Zanella Message-ID: <4a4719c1-1381-fb60-7a06-d1db29b474d2@linaro.org> Date: Mon, 10 Apr 2017 14:40:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <1491508681-30385-1-git-send-email-rabin.vincent@axis.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-SW-Source: 2017-04/txt/msg00166.txt.bz2 On 06/04/2017 16:58, Rabin Vincent wrote: > From: Rabin Vincent > > __deregister_frame_info_bases() calls free() while holding a mutex which > is also used from _Unwind_Find_FDE(). This leads to a deadlock if > AddressSanitizer uses _Unwind_Backtrace() from its free() > implementation. > > 2017-04-06 Rabin Vincent > > [BZ #21357] > * sysdeps/generic/unwind-dw2-fde.c (__deregister_frame_info_bases): > Call free() outside of mutex. > > diff --git a/sysdeps/generic/unwind-dw2-fde.c b/sysdeps/generic/unwind-dw2-fde.c > index 2f0bcd2..104a255 100644 > --- a/sysdeps/generic/unwind-dw2-fde.c > +++ b/sysdeps/generic/unwind-dw2-fde.c > @@ -202,6 +202,7 @@ __deregister_frame_info_bases (void *begin) > { > struct object **p; > struct object *ob = 0; > + struct fde_vector *tofree = NULL; > > /* If .eh_frame is empty, we haven't registered. */ > if (*(uword *) begin == 0) > @@ -225,7 +226,7 @@ __deregister_frame_info_bases (void *begin) > { > ob = *p; > *p = ob->next; > - free (ob->u.sort); > + tofree = ob->u.sort; > goto out; > } > } > @@ -244,6 +245,7 @@ __deregister_frame_info_bases (void *begin) > > out: > __gthread_mutex_unlock (&object_mutex); > + free (tofree); > return (void *) ob; > } > hidden_def (__deregister_frame_info_bases) LGTM, I assume you actually tested on some platform, right? Do you have write access?