Date: Sun, 20 May 2012 20:24:19 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Alberto Villa <avilla@freebsd.org> Cc: Gustau P?rez i Querol <gperez@entel.upc.edu>, davidxu@freebsd.org, FreeBSD current <freebsd-current@freebsd.org> Subject: Re: RFC: jemalloc: qdbus sigsegv in malloc_init Message-ID: <20120520172419.GQ2358@deviant.kiev.zoral.com.ua> In-Reply-To: <CAJp7RHaOkEzyfD5e6pLMSBxvCBYCn9BWv=9BWu0CYsQHzGyFdg@mail.gmail.com> References: <4F9E9E06.4070004@entel.upc.edu> <4FB88925.4070008@gmail.com> <CAJp7RHaOkEzyfD5e6pLMSBxvCBYCn9BWv=9BWu0CYsQHzGyFdg@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On Sun, May 20, 2012 at 06:42:35PM +0200, Alberto Villa wrote:
> On Sun, May 20, 2012 at 8:03 AM, David Xu <listlog2011@gmail.com> wrote:
> > qdbus segfaults on my machine too, I tracked it down, and found the problem
> > is in QT,
> > it deleted current_thread_data_key, šbut it still uses it in some cxa hooks,
> > šI šapplied the
> > following patch, šand it works fine.
>
> Thanks for the analysis David!
>
> > I think the bug depends on linking order in QT library ? if the
> > qthread_unix.cpp is linked
> > as lastest module, the key will be deleted after all cxa hooks run, then it
> > will be fine,
> > otherwise, it would crash.
>
> Is this really possible?
No, I do not think it is possible.
The only possibility for something weird happen is for atexit/__cxa_atexit
functions to be registered from another atexit function, and then we
indeed could call the newly registered function too late.
I wonder if the following hack makes any change in the observed behaviour.
diff --git a/lib/libc/stdlib/atexit.c b/lib/libc/stdlib/atexit.c
index 511172a..bab850c 100644
--- a/lib/libc/stdlib/atexit.c
+++ b/lib/libc/stdlib/atexit.c
@@ -72,6 +72,7 @@ struct atexit {
};
static struct atexit *__atexit; /* points to head of LIFO stack */
+static int atexit_gen;
/*
* Register the function described by 'fptr' to be called at application
@@ -107,6 +108,7 @@ atexit_register(struct atexit_fn *fptr)
__atexit = p;
}
p->fns[p->ind++] = *fptr;
+ atexit_gen++;
_MUTEX_UNLOCK(&atexit_mutex);
return 0;
}
@@ -162,7 +164,7 @@ __cxa_finalize(void *dso)
struct dl_phdr_info phdr_info;
struct atexit *p;
struct atexit_fn fn;
- int n, has_phdr;
+ int atexit_gen_prev, n, has_phdr;
if (dso != NULL)
has_phdr = _rtld_addr_phdr(dso, &phdr_info);
@@ -170,6 +172,8 @@ __cxa_finalize(void *dso)
has_phdr = 0;
_MUTEX_LOCK(&atexit_mutex);
+retry:
+ atexit_gen_prev = atexit_gen;
for (p = __atexit; p; p = p->next) {
for (n = p->ind; --n >= 0;) {
if (p->fns[n].fn_type == ATEXIT_FN_EMPTY)
@@ -196,6 +200,8 @@ __cxa_finalize(void *dso)
_MUTEX_LOCK(&atexit_mutex);
}
}
+ if (atexit_gen_prev != atexit_gen)
+ goto retry;
_MUTEX_UNLOCK(&atexit_mutex);
if (dso == NULL)
_MUTEX_DESTROY(&atexit_mutex);
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (FreeBSD)
iEYEARECAAYFAk+5KMMACgkQC3+MBN1Mb4hhIQCggOABVLx50dsA6zR2fLhSZPP1
VjEAoNAzx3cYxtZc/EwJJPma2ENeO102
=wMAk
-----END PGP SIGNATURE-----
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120520172419.GQ2358>