malloc crash
Corinna Vinschen
corinna-cygwin@cygwin.com
Tue Oct 26 16:03:28 GMT 2021
On Oct 26 10:32, Ken Brown wrote:
> On 10/26/2021 5:24 AM, Corinna Vinschen wrote:
> > On Oct 25 18:02, Ken Brown wrote:
> > > Or does the fifo_reader thread call a malloc function before the main thread
> > > has called malloc_init()? This would presumably cause __malloc_lock() to
> > > fail, but there's no error check.
> >
> > That sounds more likely. In theory this shouldn't have much influence,
> > though. First of all, all fixup calls are running in a single thread,
> > so there's no serialization required(*), and the malloc_init call
> > doesn't set up the malloc arena, it just initializes the muto and checks
> > for user space provided malloc calls, which is not a problem in this
> > scenario.
> >
> > (*) unless multiple threads are started during fixup and some of these
> > threads mallocate memory again...
> >
> > Ken, is there a chance to tweak the fifo code to stop creating
> > threads from inside fixup, and to defer the thread start to the first
> > call in the process actually relying on the thread being started?
>
> I can't think of any way to do that. The thread is listening for various
> events that cause it to take action, so it has to always be running. But I
> can probably tweak the code so that the thread doesn't have to call malloc
> early on.
>
> It might take a while to get this right, and the bug has existed ever since
> I overhauled the fifo code. So I don't think you have to hold up releasing
> 3.3.0 while I work on this.
Try the below patch instead, per Takashi's testing and subsequent discussion.
>From 9e53881e81bc6d2d072a0d625a9eac8ffc7cc698 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Tue, 26 Oct 2021 17:53:08 +0200
Subject: [PATCH] Cygwin: split malloc_init
Per https://cygwin.com/pipermail/cygwin-developers/2021-October/012429.html,
we may encounter a crash when starting multiple threads during process
startup (here: fhandler_fifo::fixup_after_{fork,exec}) which in turn
allocate memory via malloc.
The problem is concurrent usage of malloc before the malloc muto has
been initialized.
To fix this issue, split malloc_init into malloc_init_0, called from
dll_crt0_0, and malloc_init_1, called from dll_crt_0_1. malloc_init_0
just initializes the muto, malloc_init_1 checks for user space provided
malloc.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
---
winsup/cygwin/dcrt0.cc | 4 +++-
winsup/cygwin/heap.cc | 1 -
winsup/cygwin/heap.h | 3 ++-
winsup/cygwin/malloc_wrapper.cc | 6 +++++-
4 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/winsup/cygwin/dcrt0.cc b/winsup/cygwin/dcrt0.cc
index 6f4723bb059d..7c460274fb86 100644
--- a/winsup/cygwin/dcrt0.cc
+++ b/winsup/cygwin/dcrt0.cc
@@ -769,6 +769,8 @@ dll_crt0_0 ()
NtOpenProcessToken (NtCurrentProcess (), MAXIMUM_ALLOWED, &hProcToken);
set_cygwin_privileges (hProcToken);
+ malloc_init_0 ();
+
device::init ();
do_global_ctors (&__CTOR_LIST__, 1);
cygthread::init ();
@@ -857,7 +859,7 @@ dll_crt0_1 (void *)
on a functioning malloc and it's possible that the user's program may
have overridden malloc. We only know about that at this stage,
unfortunately. */
- malloc_init ();
+ malloc_init_1 ();
user_shared->initialize ();
#ifdef CYGHEAP_DEBUG
diff --git a/winsup/cygwin/heap.cc b/winsup/cygwin/heap.cc
index b839c8cd48ee..f27f81bc4b59 100644
--- a/winsup/cygwin/heap.cc
+++ b/winsup/cygwin/heap.cc
@@ -230,7 +230,6 @@ user_heap_info::init ()
debug_printf ("heap base %p, heap top %p, heap size %ly (%lu)",
base, top, chunk, chunk);
page_const--;
- // malloc_init ();
}
#define pround(n) (((size_t)(n) + page_const) & ~page_const)
diff --git a/winsup/cygwin/heap.h b/winsup/cygwin/heap.h
index 565758e4872c..42099051f619 100644
--- a/winsup/cygwin/heap.h
+++ b/winsup/cygwin/heap.h
@@ -10,7 +10,8 @@ details. */
/* Heap management. */
void heap_init ();
-void malloc_init ();
+void malloc_init_0 ();
+void malloc_init_1 ();
#define inheap(s) \
(cygheap->user_heap.ptr && s \
diff --git a/winsup/cygwin/malloc_wrapper.cc b/winsup/cygwin/malloc_wrapper.cc
index 3b245800abec..85c411a3e258 100644
--- a/winsup/cygwin/malloc_wrapper.cc
+++ b/winsup/cygwin/malloc_wrapper.cc
@@ -272,10 +272,14 @@ strdup (const char *s)
muto NO_COPY mallock;
void
-malloc_init ()
+malloc_init_0 ()
{
mallock.init ("mallock");
+}
+void
+malloc_init_1 ()
+{
/* Check if malloc is provided by application. If so, redirect all
calls to malloc/free/realloc to application provided. This may
happen if some other dll calls cygwin's malloc, but main code provides
--
2.31.1
More information about the Cygwin-developers
mailing list