Opened 2 years ago
Last modified 2 years ago
#18182 new bug
Crash on thread exit if image with TLS object with destructor is unloaded
Reported by: | X512 | Owned by: | nobody |
---|---|---|---|
Priority: | normal | Milestone: | Unscheduled |
Component: | System/runtime_loader | Version: | R1/Development |
Keywords: | Cc: | ||
Blocked By: | Blocking: | ||
Platform: | All |
Description
This is hrev56630.
Steps to reproduce:
- Dynamically load image that creates TLS object with destructor.
- Unload image.
- Exit thread. TLS object destructor from unloaded image will be called and cause crash.
Reproduce code attached.
Attachments (1)
Change History (6)
by , 2 years ago
Attachment: | LoaderBug2.zip added |
---|
comment:1 by , 2 years ago
comment:2 by , 2 years ago
We already have thread hooks that call TLS destructors: https://xref.landonf.org/source/xref/haiku/src/system/libroot/os/thread.c#170
So the real problem is that things are not called in the right order.
comment:3 by , 2 years ago
No, real problem is that TLS destructors should be called at image unload, not thread exit if image containing TLS variable is unloaded.
comment:4 by , 2 years ago
Hmm, so does that mean that https://cgit.haiku-os.org/haiku/tree/src/system/runtime_loader/elf.cpp#n773 isn't doing the right thing here, and we should be destroying the TLS block immediately?
I wonder if adding an implementation of
__cxa_thread_exit
that can call intoruntime_loader
directly, would be the right way to do this. Will require updating buildtools once an implementation has been added.