public inbox for libc-ports@sourceware.org
 help / color / mirror / Atom feed
From: "Ondřej Bílka" <neleai@seznam.cz>
To: libc-alpha@sourceware.org, libc-ports@sourceware.org
Subject: [RFC][BZ #1874] Fix assertion triggered by thread/fork interaction
Date: Wed, 09 Oct 2013 20:05:00 -0000	[thread overview]
Message-ID: <20131009200534.GA4300@domone.podge> (raw)

Hi,

This bug had a simple patch for five years without reply. 
https://sourceware.org/bugzilla/show_bug.cgi?id=4578
Could someone comment this?

It was detected on custom chip, could this be replicated on other
architectures?

An analysis from bugzilla and patch are below

"
Details:

If a thread happens to hold dl_load_lock and have r_state set to RT_ADD
or RT_DELETE at the time another thread calls fork(), then the child exit
code from fork (in nptl/sysdeps/unix/sysv/linux/fork.c in our case)
re-initializes dl_load_lock but does not restore r_state to RT_CONSISTENT.
If the child subsequently requires ld.so functionality before calling exec(),
then the assertion will fire.

The patch acquires dl_load_lock on entry to fork() and releases it on exit
from the parent path.  The child path is initialized as currently done.
This is essentially pthreads_atfork, but forced to be first because the
acquisition of dl_load_lock must happen before malloc_atfork is active
to avoid a deadlock.
"

--- glibc-2.5-sources/nptl/sysdeps/unix/sysv/linux/fork.c
2007-05-29 23:44:33.000000000 -0400
+++ glibc-2.5-modified/nptl/sysdeps/unix/sysv/linux/fork.c
2007-05-31 15:07:18.712221827 -0400
@@ -27,6 +27,7 @@
 #include "fork.h"
 #include <hp-timing.h>
 #include <ldsodefs.h>
+#include <bits/libc-lock.h>
 #include <bits/stdio-lock.h>
 #include <atomic.h>
 
@@ -59,6 +60,8 @@
     struct used_handler *next;
   } *allp = NULL;
 
+  /* grab ld.so lock BEFORE switching to malloc_atfork */
+   __rtld_lock_lock_recursive (GL(dl_load_lock));
   /* Run all the registered preparation handlers.  In reverse order.
      While doing this we build up a list of all the entries.  */
   struct fork_handler *runp;
@@ -208,6 +211,8 @@
 
 	  allp = allp->next;
 	}
+      /* unlock ld.so last, because we locked it first */
+      __rtld_lock_unlock_recursive (GL(dl_load_lock));
     }
 
   return pid;

             reply	other threads:[~2013-10-09 20:05 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-09 20:05 Ondřej Bílka [this message]
2013-10-17 15:41 ` Ondřej Bílka
2014-01-02 20:30 ` [PING][RFC][BZ " Ondřej Bílka
2014-01-02 22:18 ` [RFC][BZ " Mike Frysinger
2014-01-02 23:54   ` Ondřej Bílka
2014-01-03  2:07     ` Mike Frysinger
2014-01-11 12:07       ` Ondřej Bílka

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131009200534.GA4300@domone.podge \
    --to=neleai@seznam.cz \
    --cc=libc-alpha@sourceware.org \
    --cc=libc-ports@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).