diff options
| author | Sverker Eriksson <[email protected]> | 2017-01-12 13:58:26 +0100 |
|---|---|---|
| committer | Sverker Eriksson <[email protected]> | 2017-01-12 13:58:26 +0100 |
| commit | af5169d85fcd545e3c857a219db081a62f33404d (patch) | |
| tree | a08ad74d060311ada3b11b76fd419a1d01e32415 /erts/emulator/beam/beam_bif_load.c | |
| parent | 2b41d8f318b7e5ec139d42fd2f01a132699be839 (diff) | |
| download | otp-af5169d85fcd545e3c857a219db081a62f33404d.tar.gz otp-af5169d85fcd545e3c857a219db081a62f33404d.tar.bz2 otp-af5169d85fcd545e3c857a219db081a62f33404d.zip | |
erts: Fix race bug between export fun creation and code loading
Symptom: SEGV crash on ARM in delete_code() -> export_list().
Could probably happen on other machines as well.
Problem: Staging export table was iterated in an unsafe way
while an entry was added for a new export fun.
Solution: Correct write order and some memory barriers.
Diffstat (limited to 'erts/emulator/beam/beam_bif_load.c')
| -rw-r--r-- | erts/emulator/beam/beam_bif_load.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/erts/emulator/beam/beam_bif_load.c b/erts/emulator/beam/beam_bif_load.c index 5969197168..93f5ed500b 100644 --- a/erts/emulator/beam/beam_bif_load.c +++ b/erts/emulator/beam/beam_bif_load.c @@ -786,7 +786,7 @@ BIF_RETTYPE finish_after_on_load_2(BIF_ALIST_2) } if (BIF_ARG_2 == am_true) { - int i; + int i, num_exps; /* * Make the code with the on_load function current. @@ -802,7 +802,8 @@ BIF_RETTYPE finish_after_on_load_2(BIF_ALIST_2) /* * The on_load function succeded. Fix up export entries. */ - for (i = 0; i < export_list_size(code_ix); i++) { + num_exps = export_list_size(code_ix); + for (i = 0; i < num_exps; i++) { Export *ep = export_list(i,code_ix); if (ep == NULL || ep->code[0] != BIF_ARG_1) { continue; @@ -822,14 +823,15 @@ BIF_RETTYPE finish_after_on_load_2(BIF_ALIST_2) modp->curr.code_hdr->on_load_function_ptr = NULL; set_default_trace_pattern(BIF_ARG_1); } else if (BIF_ARG_2 == am_false) { - int i; + int i, num_exps; /* * The on_load function failed. Remove references to the * code that is about to be purged from the export entries. */ - for (i = 0; i < export_list_size(code_ix); i++) { + num_exps = export_list_size(code_ix); + for (i = 0; i < num_exps; i++) { Export *ep = export_list(i,code_ix); if (ep == NULL || ep->code[0] != BIF_ARG_1) { continue; @@ -2011,9 +2013,9 @@ delete_code(Module* modp) { ErtsCodeIndex code_ix = erts_staging_code_ix(); Eterm module = make_atom(modp->module); - int i; + int i, num_exps = export_list_size(code_ix); - for (i = 0; i < export_list_size(code_ix); i++) { + for (i = 0; i < num_exps; i++) { Export *ep = export_list(i, code_ix); if (ep != NULL && (ep->code[0] == module)) { if (ep->addressv[code_ix] == ep->code+3) { |