public inbox for
 help / color / mirror / Atom feed
From: "Ondřej Bílka" <>
Subject: [RFC][BZ #1874] Fix assertion triggered by thread/fork interaction
Date: Wed, 09 Oct 2013 20:05:00 -0000	[thread overview]
Message-ID: <20131009200534.GA4300@domone.podge> (raw)


This bug had a simple patch for five years without reply.
Could someone comment this?

It was detected on custom chip, could this be replicated on other

An analysis from bugzilla and patch are below


If a thread happens to hold dl_load_lock and have r_state set to RT_ADD
or RT_DELETE at the time another thread calls fork(), then the child exit
code from fork (in nptl/sysdeps/unix/sysv/linux/fork.c in our case)
re-initializes dl_load_lock but does not restore r_state to RT_CONSISTENT.
If the child subsequently requires functionality before calling exec(),
then the assertion will fire.

The patch acquires dl_load_lock on entry to fork() and releases it on exit
from the parent path.  The child path is initialized as currently done.
This is essentially pthreads_atfork, but forced to be first because the
acquisition of dl_load_lock must happen before malloc_atfork is active
to avoid a deadlock.

--- glibc-2.5-sources/nptl/sysdeps/unix/sysv/linux/fork.c
2007-05-29 23:44:33.000000000 -0400
+++ glibc-2.5-modified/nptl/sysdeps/unix/sysv/linux/fork.c
2007-05-31 15:07:18.712221827 -0400
@@ -27,6 +27,7 @@
 #include "fork.h"
 #include <hp-timing.h>
 #include <ldsodefs.h>
+#include <bits/libc-lock.h>
 #include <bits/stdio-lock.h>
 #include <atomic.h>
@@ -59,6 +60,8 @@
     struct used_handler *next;
   } *allp = NULL;
+  /* grab lock BEFORE switching to malloc_atfork */
+   __rtld_lock_lock_recursive (GL(dl_load_lock));
   /* Run all the registered preparation handlers.  In reverse order.
      While doing this we build up a list of all the entries.  */
   struct fork_handler *runp;
@@ -208,6 +211,8 @@
 	  allp = allp->next;
+      /* unlock last, because we locked it first */
+      __rtld_lock_unlock_recursive (GL(dl_load_lock));
   return pid;

             reply	other threads:[~2013-10-09 20:05 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-09 20:05 Ondřej Bílka [this message]
2013-10-17 15:41 ` Ondřej Bílka
2014-01-02 20:30 ` [PING][RFC][BZ " Ondřej Bílka
2014-01-02 22:18 ` [RFC][BZ " Mike Frysinger
2014-01-02 23:54   ` Ondřej Bílka
2014-01-03  2:07     ` Mike Frysinger
2014-01-11 12:07       ` Ondřej Bílka

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131009200534.GA4300@domone.podge \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).