From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14821 invoked by alias); 9 Oct 2013 20:05:41 -0000 Mailing-List: contact libc-ports-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: libc-ports-owner@sourceware.org Received: (qmail 14797 invoked by uid 89); 9 Oct 2013 20:05:41 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.7 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,SPF_NEUTRAL autolearn=no version=3.3.2 X-Spam-User: qpsmtpd, 2 recipients X-HELO: popelka.ms.mff.cuni.cz Received: from popelka.ms.mff.cuni.cz (HELO popelka.ms.mff.cuni.cz) (195.113.20.131) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 09 Oct 2013 20:05:39 +0000 Received: from domone.kolej.mff.cuni.cz (popelka.ms.mff.cuni.cz [195.113.20.131]) by popelka.ms.mff.cuni.cz (Postfix) with ESMTPS id D203C5738F; Wed, 9 Oct 2013 22:05:34 +0200 (CEST) Received: by domone.kolej.mff.cuni.cz (Postfix, from userid 1000) id AC8015F96A; Wed, 9 Oct 2013 22:05:34 +0200 (CEST) Date: Wed, 09 Oct 2013 20:05:00 -0000 From: =?utf-8?B?T25kxZllaiBCw61sa2E=?= To: libc-alpha@sourceware.org, libc-ports@sourceware.org Subject: [RFC][BZ #1874] Fix assertion triggered by thread/fork interaction Message-ID: <20131009200534.GA4300@domone.podge> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) X-IsSubscribed: yes X-SW-Source: 2013-10/txt/msg00012.txt.bz2 Hi, This bug had a simple patch for five years without reply. https://sourceware.org/bugzilla/show_bug.cgi?id=4578 Could someone comment this? It was detected on custom chip, could this be replicated on other architectures? An analysis from bugzilla and patch are below " Details: If a thread happens to hold dl_load_lock and have r_state set to RT_ADD or RT_DELETE at the time another thread calls fork(), then the child exit code from fork (in nptl/sysdeps/unix/sysv/linux/fork.c in our case) re-initializes dl_load_lock but does not restore r_state to RT_CONSISTENT. If the child subsequently requires ld.so functionality before calling exec(), then the assertion will fire. The patch acquires dl_load_lock on entry to fork() and releases it on exit from the parent path. The child path is initialized as currently done. This is essentially pthreads_atfork, but forced to be first because the acquisition of dl_load_lock must happen before malloc_atfork is active to avoid a deadlock. " --- glibc-2.5-sources/nptl/sysdeps/unix/sysv/linux/fork.c 2007-05-29 23:44:33.000000000 -0400 +++ glibc-2.5-modified/nptl/sysdeps/unix/sysv/linux/fork.c 2007-05-31 15:07:18.712221827 -0400 @@ -27,6 +27,7 @@ #include "fork.h" #include #include +#include #include #include @@ -59,6 +60,8 @@ struct used_handler *next; } *allp = NULL; + /* grab ld.so lock BEFORE switching to malloc_atfork */ + __rtld_lock_lock_recursive (GL(dl_load_lock)); /* Run all the registered preparation handlers. In reverse order. While doing this we build up a list of all the entries. */ struct fork_handler *runp; @@ -208,6 +211,8 @@ allp = allp->next; } + /* unlock ld.so last, because we locked it first */ + __rtld_lock_unlock_recursive (GL(dl_load_lock)); } return pid;