Post review removal of "goto restart" from
https://sourceware.org/pipermail/libc-alpha/2021-April/125470.html
introduced a bug when some atexit handers skipped.
Signed-off-by: Vitaly Buka <vitalybuka@google.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
(cherry picked from commit fd78cfa72e)
Keep __exit_funcs_lock almost all the time and unlock it only to execute
callbacks. This fixed two issues.
1. f->func.cxa was modified outside the lock with rare data race like:
thread 0: __run_exit_handlers unlock __exit_funcs_lock
thread 1: __internal_atexit locks __exit_funcs_lock
thread 0: f->flavor = ef_free;
thread 1: sees ef_free and use it as new
thread 1: new->func.cxa.fn = (void (*) (void *, int)) func;
thread 1: new->func.cxa.arg = arg;
thread 1: new->flavor = ef_cxa;
thread 0: cxafct = f->func.cxa.fn; // it's wrong fn!
thread 0: cxafct (f->func.cxa.arg, status); // it's wrong arg!
thread 0: goto restart;
thread 0: call the same exit_function again as it's ef_cxa
2. Don't unlock in main while loop after *listp = cur->next. If *listp
is NULL and __exit_funcs_done is false another thread may fail in
__new_exitfn on assert (l != NULL):
thread 0: *listp = cur->next; // It can be the last: *listp = NULL.
thread 0: __libc_lock_unlock
thread 1: __libc_lock_lock in __on_exit
thread 1: __new_exitfn
thread 1: if (__exit_funcs_done) // false: thread 0 isn't there yet.
thread 1: l = *listp
thread 1: moves one and crashes on assert (l != NULL);
The test needs multiple iterations to consistently fail without the fix.
Fixes https://sourceware.org/bugzilla/show_bug.cgi?id=27749
Checked on x86_64-linux-gnu.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
POSIX requires that dlclose() and exit() be thread safe, therefore
you can have one thread in the middle of dlclose() and another thread
executing exit() without causing any undefined behaviour on the part
of the implementation.
The existing implementation had a flaw that exit() exit handler processing
did not consider a concurrent dlclose() and would not mark already run
exit handlers using the ef_free flavour. The consequence of this is that
a concurrent exit() with dlclose() will run all the exit handlers that
dlclose() had not yet run, but then will block on the loader lock. The
concurrent dlclose() will continue to run all the exit handlers again
(twice) in violation of the Itanium C++ ABI requirements for __cxa_atexit().
This commit fixes this by having exit() mark all handlers with ef_free to
ensure that concurrent dlclose() won't re-run registered exit handlers that
have already run.
In C++11 18.5.12 says "Objects shall not be destroyed as a
result of calling quick_exit." In C11 quick_exit is silent
about thread object destruction. Therefore to make glibc
C++ compliant we do not call any thread local destructors.
A new regression test verifies the fix.
I will note that C++11 18.5.3 makes it clear that C++
defines additional requirements for _Exit() to prevent it
from executing destructors.
Given that the point of _Exit() is to terminate the process
immediately it makes sense the C and C++ should line up
and avoid calling destructors.
No failures. New regtest passes.
This feature is specifically for the C++ compiler to offload calling
thread_local object destructors on thread program exit, to glibc.
This is to overcome the possible complication of destructors of
thread_local objects getting called after the DSO in which they're
defined is unloaded by the dynamic linker. The DSO is marked as
'unloadable' if it has a constructed thread_local object and marked as
'unloadable' again when all the constructed thread_local objects
defined in it are destroyed.
cxa_at_quick_exit.
(static-only-routines): Add at_quick_exit.
* stdlib/Versions: Export quick_exit and __cxa_at_quick_exit for
GLIBC_2.10.
* stdlib/quick_exit.c: New file.
* stdlib/at_quick_exit.c: New file.
* stdlib/cxa_at_quick_exit.c: New file.
* stdlib/cxa_atexit.c (__cxa_atexit): Move body to new function. Call
it appropriately.
(__internal_atexit): New function.
(__new_exitfn): Now takes parameter to point to the list to use.
* stdlib/cxa_finalize.c: Remove quick_exit handlers, don't call them.
* stdlib/exit.c (__run_exit_handlers): New function. Split from...
(exit): ...here. Just call __run_exit_handlers appropriately.
* stdlib/exit.h: Declare __quick_exit_funcs, __run_exit_handlers,
__internal_atexit, __cxa_at_quick_exit. Adjust __new_exitfn.
* stdlib/on_exit.c: Adjust call to __new_exitfn.
* stdlib/stdlib.h: Declare at_quick_exit and quick_exit.
flavor field last and protect with memory barrier.
* stdlib/on_exit.c: Likewise.
* stdlib/cxa_finalize.c: Use PTR_DEMANGLE on function pointer before
using it.
* stdlib/exit.c: Likewise.
2001-07-06 Paul Eggert <eggert@twinsun.com>
* manual/argp.texi: Remove ignored LGPL copyright notice; it's
not appropriate for documentation anyway.
* manual/libc-texinfo.sh: "Library General Public License" ->
"Lesser General Public License".
2001-07-06 Andreas Jaeger <aj@suse.de>
* All files under GPL/LGPL version 2: Place under LGPL version
2.1.
1999-11-25 H.J. Lu <hjl@gnu.org>
* stdlib/exit.c (exit): Run funtions only if
__exit_funcs->idx > 0.
1999-11-25 Ulrich Drepper <drepper@cygnus.com>
* manual/charset.texi (iconv Examples): Add iconv call to flush
state. Reported by Andrew Clausen <clausen@alphalink.com.au>.
1999-11-25 Andreas Jaeger <aj@suse.de>
* manual/install.texi (Running make install): Better describe
update from libc5.
Patch by Michael Deutschmann <michael@talamasca.wkpowerlink.com>.
1999-11-25 Andreas Jaeger <aj@suse.de>
* include/sys/mman.h: Remove K&R compatibility.
1999-11-15 Andreas Jaeger <aj@suse.de>
* misc/sys/mman.h: Use __REDIRECT for mmap, correct prototype to
use __off64_t.
1999-11-25 Ulrich Drepper <drepper@cygnus.com>
* iconv/iconv_prog.c (process_block): For stateful charsets write
out byte sequence to get to initial state at the end of the file.
which was reported to not work (which proofed to be wrong).
Thu Oct 31 00:01:39 1996 Ulrich Drepper <drepper@cygnus.com>
* signal/Makefile (routines): Add sigwait.
* signal/signal.h: Add prototype for sigwait.
* sysdeps/posix/sigwait.c: New file. Implementation of sigwait
function from POSIX.1c.
* sysdeps/stub/sigwait.c: New file. Stub version of sigwait.
Wed Oct 30 02:01:17 1996 Richard Henderson <rth@tamu.edu>
* sunrpc/xdr_float.c (xdr_float): Handle sizeof(float)!=sizeof(long),
but don't bother going farther than sizeof(float)==sizeof(int).
(xdr_double): Handle little-endian machines! Handle sizeof(double)
!= 2*sizeof(long), though again don't bother with more than int.
Thu Oct 29 16:09:42 1996 Craig Metz <cmetz@inner.net>
* sysdeps/posix/getaddrinfo.c: Use buffer limits for inet_ntop
function.
Tue Oct 29 12:37:22 1996 Ulrich Drepper <drepper@cygnus.com>
* Makerules: Create symbolic links for linking in $(libdir).
(make-link): Use absolute path for destination if this is not in
the same directory.
* elf/rtld.c (dl_main): When verifying don't check the name of
the dynamic linker.
* shlib-versions: Change entries for Hurd specific libs from
*-*-gnu* to *-*-gnu?* so that i586-pc-linux-gnu does not match
these entries.
* assert/assert.h: Reformat copyright.
Change reference to ANSI into reference to ISO C.
* ctype/ctype.h: Likewise.
* errno.h: Likewise.
* limits.h: Likewise.
* math/math.h: Likewise.
* setjmp/setjmp.h: Likewise.
* stdio/stdio.h: Likewise.
* libio/stdio.h: Likewise.
* stdlib/stdlib.h: Likewise.
* string/string.h: Likewise.
* time/time.h: Likewise.
* string/argz.h: Use __const is definitions.
* elf/dlfcn.h: Use __const and __P. Reformat copyright.
* misc/err.h: Likewise.
* wctype/wctype.h (wctrans_t): Use __const instead of const.
* Makeconfig ($(common-objpfx)soversions.mk): Generate list of
sonames for versioned libraries.
* Makefile: Remove code to generate libc-version.h.
Generate gnu/lib-names.h with info from soversions.mk.
* features.h: Define __GLIBC__ and __GLIBC_MINOR__.
* dirent/tst-seekdir.c: Initialize save3.
* grp/testgrp.c: Initialize my_group.
* grp/fgetgrent_r.c: Change interface to follow POSIX.1c.
* grp/grp.h: Likewise.
* nss/getXXbyYY.c: Likewise.
* nss/getXXbyYY_r.c: Likewise.
* nss/getXXent.c: Likewise.
* nss/getXXent_r.c: Likewise.
* pwd/fgetpwent_r.c: Likewise.
* pwd/pwd.h: Likewise.
* shadow/fgetspent_r.c: Likewise.
* shadow/sgetspent.c: Likewise.
* shadow/sgetspent_r.c: Likewise.
* grp/fgetgrent.c: Adapt for change in interface of fgetgrent_r.
* pwd/fgetpwent.c: Likewise, for fgetpwent_r.c.
* shadow/fgetspent.c: Likewise, for fgetpwent_r.c.
* resolv/netdb.h: Adapt prototypes for reentrant functions to
follow POSIX.1c.
* sunrpc/rpc/netdb.h: Likewise,
* shadow/shadow.h: Likewise.
* inet/getnetgrent_r.c: Follow change in pwd/grp function interface.
* sysdeps/unix/getlogin_r.c: Return ERANGE when buffer is too small.
* inet/herrno.c: Don't define __h_errno. Only h_errno otherwise the
ELF aliasing creates strange situations.
* sysdeps/unix/sysv/linux/errnos.H: Define __set_errno as inline
function.
* sysdeps/unix/sysv/linux/i386/sysdep.S: Don't define __errno.
* sysdeps/unix/sysv/linux/m68k/sysdep.S: Likewise.
* libio/libio.h: Don't declare _IO_flockfile and _IO_funlockfile
weak.
* locale/programs/charmap.c: Add casts to prevent warnings.
* locale/programs/linereader.h: Likewise.
* locale/programs/ld-collate.c: Likewise.
* locale/programs/stringtrans.c: Likewise.
Change types for various variables to prevent warnings.
* locale/programs/ld-ctype.c: Likewise.
* locale/programs/linereader.h (lr_ungetc): Likewise.
* locale/programs/charset.h (struct charset): Use `unsigned int'
as type for width_default.
* posix/regex.c: Change type of `this_reg' variables.
* stdio-common/Makefile: Use -Wno-format for tstdiomisc.c.
* stdio-common/bug5.c: De-ANSI-fy. Use correct types for
variables.
* stdio-common/printf_fp.c: Initialize to_shift.
* stdio-common/test_rdwr.c: Add cast.
* stdio-common/vfprintf.c: Add casts and use correct types to
prevent warnings.
* stdio-common/vfscanf.c: Initialize str and strptr.
* sysdeps/libm-ieee754/e_jnf.c: Use correct types to prevent warnings.
* sysdeps/libm-ieee754/e_pow.c: Likewise.
* sysdeps/libm-ieee754/e_powf.c: Likewise.
* sysdeps/libm-ieee754/e_rem_pio2f.c: Likewise.
* time/test-tz.c: Likewise.
* manual/creature.texi: Document _REENTRANT and _THREAD_SAFE.
* manual/libc.texinfo: Prevent makeinfo failure by avoiding
libc.cp index. This must be fixed.
* manual/nss.texi: Adapt for correct POSIX.1c interface of
reentrant functions.
* manual/users.texi: Document netgroup functions.
* po/es.po: Updated.
* po/fr.po: Updated.
* posix/fnmatch.c: Change to match libit version.
* posix/unistd.h: Change prototype for ttyname_r to match POSIX.1c.
* sysdep/posix/ttyname_r.c: Likewise.
* stdlib/atexit.h (__new_exitfn): Add internal locking.
* stdlib/exit.c: De-ANSI-fy. Handle new ef_us value for flavor.
* stdlib/exit.h: De-ANSI-fy. Define new ef_us value for flavor.
* stdlib/random.c (__srandom): Add internal locking.
(__initstate): Likewise.
(__setstate): Likewise.
(__random): Likewise.
Mon Oct 28 22:28:37 1996 NIIBE Yutaka <gniibe@mri.co.jp>
* sysdeps/generic/crypt-entry.c (crypt_r): Use __set_errno.
(crypt): Likewise.
* resolv/gethnamaddr.c (gethostbyname2): Likewise.
* sysdeps/generic/uname.c: Likewise.
* sysdeps/posix/rename.c: Likewise.
* sysdeps/stub/setrlimit.c: Likewise.
* nss/nss_db/db-netgrp.c (_nss_db_setnetgrent): Fix typo.
Sun Oct 27 11:12:50 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* locale/programs/ld-collate.c (collate_order_elem): Fix format
string.
(collate_element_to): Cast field width argument to `int' for
format string.
(collate_symbol): Likewise.
(collate_order_elem): Likewise.
(collate_weight_bsymbol): Likewise.
(collate_simple_weight): Likewise.
* locale/programs/ld-time.c (STRARR_ELEM): Fix format string.
* locale/programs/ld-ctype.c (ctype_class_newP): Add missing
argument for format string.
(ctype_map_newP): Likewise.
(set_class_defaults): Fix format string.
* locale/programs/localedef.c (construct_output_path): Putting an
explicit \0 into the format string does not work, use %c.
Sat Oct 26 20:38:36 1996 Richard Henderson <rth@tamu.edu>
* Makerules: Install all shared libraries in $(slibdir).
* login/Makefile: Build libutil.so in others pass after
libc.so is created.
* misc/mntent.h: Include <paths.h> for _PATH_MNTTAB & _PATH_MOUNTED.
* string/stratcliff.c: Allocate 3 pages instead of one, then use
mprotect so that we know that the adjacent pages are inaccessible.
* resource/sys/resource.h: Move all structures and enums to ...
* sysdeps/generic/resourcebits.h: ... here ...
* sysdeps/unix/bsd/sun/sunos4/resourcebits.h: ... and here.
* sysdeps/unix/sysv/linux/alpha/resourcebits.h: Remove.
* sysdeps/unix/sysv/linux/i386/resourcebits.h: Remove.
* sysdeps/unix/sysv/linux/m68k/resourcebits.h: Remove.
* sysdeps/unix/sysv/linux/mips/resourcebits.h: Remove.
* sysdeps/unix/sysv/linux/resourcebits.h: New file. Use kernel
header for RLIMIT_* definitions. The members of struct rlimit
are longs.
Thu Oct 24 17:43:34 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* MakeTAGS (sysdep-dirs): Fix typo.
Wed Oct 23 03:45:22 1996 Ulrich Drepper <drepper@cygnus.com>
* Makefile (headers): Don't mention libc-version.h.
(install-others): ...but here.
* time/strptime.c: Recognize %s, %u, %g, and %G format.
nothing is found. This guarantees all subsequent calls behave
* sysdeps/unix/sysv/linux/syscalls.list: Change function name for
* io/getwd.c (getwd) [! PATH_MAX]: Don't assume that the user's
buffer is any longer than the amount necessary to hold the
filename; the Hurd getcwd uses the *entire* contents of the
buffer, however long it is specified to be.
* posix/getconf.c: De-ANSI-fy. Recognize POSIX.2 constant names.
since these do not depend on the platform.