This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH] malloc: Don't call tsd_setspecific before tsd_key_create
- From: Joern Engel <joern at purestorage dot com>
- To: "GNU C. Library" <libc-alpha at sourceware dot org>
- Cc: Siddhesh Poyarekar <siddhesh dot poyarekar at gmail dot com>, Roland Dreier <roland at purestorage dot com>
- Date: Mon, 25 Jan 2016 16:25:41 -0800
- Subject: [PATCH] malloc: Don't call tsd_setspecific before tsd_key_create
- Authentication-results: sourceware.org; auth=none
- References: <1453767942-19369-1-git-send-email-joern at purestorage dot com>
From: Roland Dreier <roland@purestorage.com>
Commit 2c9effe0e1e6 ("malloc: initial numa support") added a call from
ptmalloc_init() to "tsd_setspecific(arena_key, ..." (via
_int_new_arena()) before "tsd_key_create(&arena_key, ...". This leads to
corruption someone else's thread-local storage.
Fix this by moving the tsd_key_create() calls earlier.
Found while trying to run gcc AddressSanitizer.
JIRA: PURE-43504
https://codereviews.purestorage.com/r/23907/
Reviewed-by: Joern
---
tpc/malloc2.13/arena.h | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/tpc/malloc2.13/arena.h b/tpc/malloc2.13/arena.h
index fdb029e89669..e53076d213b2 100644
--- a/tpc/malloc2.13/arena.h
+++ b/tpc/malloc2.13/arena.h
@@ -272,6 +272,10 @@ static void ptmalloc_init(void)
main_arena.local_next = &main_arena;
main_arena.numa_node = -1;
+ mutex_init(&list_lock);
+ tsd_key_create(&cache_key, tcache_destroy);
+ tsd_key_create(&arena_key, NULL);
+
/* numa_node_count() can recurse into malloc(). Use main_arena
for all numa nodes and set init_tid to allow recursion. */
for (i = 0; i < MAX_NUMA_NODES; i++) {
@@ -285,9 +289,6 @@ static void ptmalloc_init(void)
(void)mutex_unlock(&numa_arena[i]->mutex);
}
- mutex_init(&list_lock);
- tsd_key_create(&cache_key, tcache_destroy);
- tsd_key_create(&arena_key, NULL);
tsd_setspecific(arena_key, (Void_t *) & main_arena);
thread_atfork(ptmalloc_lock_all, ptmalloc_unlock_all, ptmalloc_unlock_all2);
--
2.7.0.rc3