Date: Sun, 20 May 2012 20:24:19 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Alberto Villa <avilla@freebsd.org> Cc: Gustau P?rez i Querol <gperez@entel.upc.edu>, davidxu@freebsd.org, FreeBSD current <freebsd-current@freebsd.org> Subject: Re: RFC: jemalloc: qdbus sigsegv in malloc_init Message-ID: <20120520172419.GQ2358@deviant.kiev.zoral.com.ua> In-Reply-To: <CAJp7RHaOkEzyfD5e6pLMSBxvCBYCn9BWv=9BWu0CYsQHzGyFdg@mail.gmail.com> References: <4F9E9E06.4070004@entel.upc.edu> <4FB88925.4070008@gmail.com> <CAJp7RHaOkEzyfD5e6pLMSBxvCBYCn9BWv=9BWu0CYsQHzGyFdg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--C6e6/dnRACxPVebH
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, May 20, 2012 at 06:42:35PM +0200, Alberto Villa wrote:
> On Sun, May 20, 2012 at 8:03 AM, David Xu <listlog2011@gmail.com> wrote:
> > qdbus segfaults on my machine too, I tracked it down, and found the pro=
blem
> > is in QT,
> > it deleted current_thread_data_key, =9Abut it still uses it in some cxa=
hooks,
> > =9AI =9Aapplied the
> > following patch, =9Aand it works fine.
>=20
> Thanks for the analysis David!
>=20
> > I think the bug depends on linking order in QT library ? if the
> > qthread_unix.cpp is linked
> > as lastest module, the key will be deleted after all cxa hooks run, the=
n it
> > will be fine,
> > otherwise, it would crash.
>=20
> Is this really possible?
No, I do not think it is possible.
The only possibility for something weird happen is for atexit/__cxa_atexit
functions to be registered from another atexit function, and then we
indeed could call the newly registered function too late.
I wonder if the following hack makes any change in the observed behaviour.
diff --git a/lib/libc/stdlib/atexit.c b/lib/libc/stdlib/atexit.c
index 511172a..bab850c 100644
--- a/lib/libc/stdlib/atexit.c
+++ b/lib/libc/stdlib/atexit.c
@@ -72,6 +72,7 @@ struct atexit {
};
=20
static struct atexit *__atexit; /* points to head of LIFO stack */
+static int atexit_gen;
=20
/*
* Register the function described by 'fptr' to be called at application
@@ -107,6 +108,7 @@ atexit_register(struct atexit_fn *fptr)
__atexit =3D p;
}
p->fns[p->ind++] =3D *fptr;
+ atexit_gen++;
_MUTEX_UNLOCK(&atexit_mutex);
return 0;
}
@@ -162,7 +164,7 @@ __cxa_finalize(void *dso)
struct dl_phdr_info phdr_info;
struct atexit *p;
struct atexit_fn fn;
- int n, has_phdr;
+ int atexit_gen_prev, n, has_phdr;
=20
if (dso !=3D NULL)
has_phdr =3D _rtld_addr_phdr(dso, &phdr_info);
@@ -170,6 +172,8 @@ __cxa_finalize(void *dso)
has_phdr =3D 0;
=20
_MUTEX_LOCK(&atexit_mutex);
+retry:
+ atexit_gen_prev =3D atexit_gen;
for (p =3D __atexit; p; p =3D p->next) {
for (n =3D p->ind; --n >=3D 0;) {
if (p->fns[n].fn_type =3D=3D ATEXIT_FN_EMPTY)
@@ -196,6 +200,8 @@ __cxa_finalize(void *dso)
_MUTEX_LOCK(&atexit_mutex);
}
}
+ if (atexit_gen_prev !=3D atexit_gen)
+ goto retry;
_MUTEX_UNLOCK(&atexit_mutex);
if (dso =3D=3D NULL)
_MUTEX_DESTROY(&atexit_mutex);
--C6e6/dnRACxPVebH
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (FreeBSD)
iEYEARECAAYFAk+5KMMACgkQC3+MBN1Mb4hhIQCggOABVLx50dsA6zR2fLhSZPP1
VjEAoNAzx3cYxtZc/EwJJPma2ENeO102
=wMAk
-----END PGP SIGNATURE-----
--C6e6/dnRACxPVebH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120520172419.GQ2358>