From 90b37cac8b5a3e1548c29d91e3e0bff1014d2e5c Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Thu, 23 Jul 2015 11:16:18 +0530 Subject: Also use l_tls_dtor_count to decide on object unload (BZ #18657) When an TLS destructor is registered, we set the DF_1_NODELETE flag to signal that the object should not be destroyed. We then clear the DF_1_NODELETE flag when all destructors are called, which is wrong - the flag could have been set by other means too. This patch replaces this use of the flag by using l_tls_dtor_count directly to determine whether it is safe to unload the object. This change has the added advantage of eliminating the lock taking when calling the destructors, which could result in a deadlock. The patch also fixes the test case tst-tls-atexit - it was making an invalid dlclose call, which would just return an error silently. I have also added a detailed note on concurrency which also aims to justify why I chose the semantics I chose for accesses to l_tls_dtor_count. Thanks to Torvald for his help in getting me started on this and (literally) teaching my how to approach the problem. Change verified on x86_64; the test suite does not show any regressions due to the patch. ChangeLog: [BZ #18657] * elf/dl-close.c (_dl_close_worker): Don't unload DSO if there are pending TLS destructor calls. * include/link.h (struct link_map): Add concurrency note for L_TLS_DTOR_COUNT. * stdlib/cxa_thread_atexit_impl.c (__cxa_thread_atexit_impl): Don't touch the link map flag. Atomically increment l_tls_dtor_count. (__call_tls_dtors): Atomically decrement l_tls_dtor_count. Avoid taking the load lock and don't touch the link map flag. * stdlib/tst-tls-atexit-nodelete.c: New test case. * stdlib/Makefile (tests): Use it. * stdlib/tst-tls-atexit.c (do_test): dlopen tst-tls-atexit-lib.so again before dlclose. Add conditionals to allow tst-tls-atexit-nodelete test case to use it. --- elf/dl-close.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'elf/dl-close.c') diff --git a/elf/dl-close.c b/elf/dl-close.c index 2104674bd0..910527746e 100644 --- a/elf/dl-close.c +++ b/elf/dl-close.c @@ -153,7 +153,11 @@ _dl_close_worker (struct link_map *map, bool force) maps[idx] = l; ++idx; - /* Clear DF_1_NODELETE to force object deletion. */ + /* Clear DF_1_NODELETE to force object deletion. We don't need to touch + l_tls_dtor_count because forced object deletion only happens when an + error occurs during object load. Destructor registration for TLS + non-POD objects should not have happened till then for this + object. */ if (force) l->l_flags_1 &= ~DF_1_NODELETE; } @@ -177,6 +181,9 @@ _dl_close_worker (struct link_map *map, bool force) if (l->l_type == lt_loaded && l->l_direct_opencount == 0 && (l->l_flags_1 & DF_1_NODELETE) == 0 + /* See CONCURRENCY NOTES in cxa_thread_atexit_impl.c to know why + acquire is sufficient and correct. */ + && atomic_load_acquire (&l->l_tls_dtor_count) == 0 && !used[done_index]) continue; -- cgit v1.2.3-70-g09d2