about summary refs log tree commit diff
path: root/stdlib/cxa_finalize.c
blob: 496141d80218bd5f3284a7d316436397f0c22937 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
/* Copyright (C) 1999-2024 Free Software Foundation, Inc.
   This file is part of the GNU C Library.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, see
   <https://www.gnu.org/licenses/>.  */

#include <assert.h>
#include <stdlib.h>
#include "exit.h"
#include <register-atfork.h>
#include <pointer_guard.h>
#include <stdint.h>

/* If D is non-NULL, call all functions registered with `__cxa_atexit'
   with the same dso handle.  Otherwise, if D is NULL, call all of the
   registered handlers.

   A __cxa_finalize function is declared in the libstdc++ <cxxabi.h>
   header, and the libstdc++ implementation calls this function.  GCC
   calls the glibc variant directly from its CRT files, from an ELF
   destructor.  this call always passes a non-null D argument.  In the
   current implementation, the GCC-provided __cxa_finalize call is
   responsible for removing the registered __cxa_atexit (C++)
   destructors of an object that is undergoing dlclose.  Note that
   this is specific to dlclose.  During process termination, glibc
   invokes the __run_exit_handlers, which calls registered
   __cxa_atexit (C++) destructors in reverse registration order,
   across all objects.  The subsequent GCC-provided __cxa_finalize
   calls (which are ordered according to ELF object dependencies, not
   __cxa_atexit call order, and group destructor calls per object
   during dlclose) do not result in further destructor invocations.  */
void
__cxa_finalize (void *d)
{
  struct exit_function_list *funcs;

  __libc_lock_lock (__exit_funcs_lock);

 restart:
  for (funcs = __exit_funcs; funcs; funcs = funcs->next)
    {
      struct exit_function *f;

      for (f = &funcs->fns[funcs->idx - 1]; f >= &funcs->fns[0]; --f)
	if ((d == NULL || d == f->func.cxa.dso_handle) && f->flavor == ef_cxa)
	  {
	    const uint64_t check = __new_exitfn_called;
	    void (*cxafn) (void *arg, int status) = f->func.cxa.fn;
	    void *cxaarg = f->func.cxa.arg;

	    /* We don't want to run this cleanup more than once.  The Itanium
	       C++ ABI requires that multiple calls to __cxa_finalize not
	       result in calling termination functions more than once.  One
	       potential scenario where that could happen is with a concurrent
	       dlclose and exit, where the running dlclose must at some point
	       release the list lock, an exiting thread may acquire it, and
	       without setting flavor to ef_free, might re-run this destructor
	       which could result in undefined behaviour.  Therefore we must
	       set flavor to ef_free to avoid calling this destructor again.
	       Note that the concurrent exit must also take the dynamic loader
	       lock (for library finalizer processing) and therefore will
	       block while dlclose completes the processing of any in-progress
	       exit functions. Lastly, once we release the list lock for the
	       entry marked ef_free, we must not read from that entry again
	       since it may have been reused by the time we take the list lock
	       again.  Lastly the detection of new registered exit functions is
	       based on a monotonically incrementing counter, and there is an
	       ABA if between the unlock to run the exit function and the
	       re-lock after completion the user registers 2^64 exit functions,
	       the implementation will not detect this and continue without
	       executing any more functions.

	       One minor issue remains: A registered exit function that is in
	       progress by a call to dlclose() may not completely finish before
	       the next registered exit function is run. This may, according to
	       some readings of POSIX violate the requirement that functions
	       run in effective LIFO order.  This should probably be fixed in a
	       future implementation to ensure the functions do not run in
	       parallel.  */
	    f->flavor = ef_free;

	    PTR_DEMANGLE (cxafn);

	    /* Unlock the list while we call a foreign function.  */
	    __libc_lock_unlock (__exit_funcs_lock);
	    cxafn (cxaarg, 0);
	    __libc_lock_lock (__exit_funcs_lock);

	    /* It is possible that that last exit function registered
	       more exit functions.  Start the loop over.  */
	    if (__glibc_unlikely (check != __new_exitfn_called))
	      goto restart;
	  }
    }

  /* Also remove the quick_exit handlers, but do not call them.  */
  for (funcs = __quick_exit_funcs; funcs; funcs = funcs->next)
    {
      struct exit_function *f;

      for (f = &funcs->fns[funcs->idx - 1]; f >= &funcs->fns[0]; --f)
	if (d == NULL || d == f->func.cxa.dso_handle)
	  f->flavor = ef_free;
    }

  /* Remove the registered fork handlers.  We do not have to
     unregister anything if the program is going to terminate anyway.  */
  if (d != NULL)
    UNREGISTER_ATFORK (d);
  __libc_lock_unlock (__exit_funcs_lock);
}