From nobody Wed Jul 02 18:28:08 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bXT0m758Jz60m80;
	Wed, 02 Jul 2025 18:28:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bXT0m6Q8Pz3HhS;
	Wed, 02 Jul 2025 18:28:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1751480888;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=KAJSX3sZwGEBiH0L1LjZmWmtsVWOsB4Eus8RZORQE/s=;
	b=YjFPmZ8gGpGZust96Pg2ggMHhoEWCZBo1qU1g5xBaJT1GlRHKDHZfbTrwgrqCFb+xUfrqU
	6PatbZNlQKb3isTs0O3wVjPlLyVBuWDOSqfxK7bYwHMAf0cwP7WfEGcQ14PKQudyVOAyx4
	NntW4AP1o+BY1UQSBGcl4m2aW8UkqDeRf7729POWZWTpWBJPpFbBrAHesA6jI6y/D4Bxky
	9iJLi/mKp8faU/KJTqyhah9JHQEI3Nqpjo6Xc++uj09grtTERusqGpiZfr1sZ+6F3j/OKa
	tZ0jiNAUnWpnrovFAXNQWpkPatIZtsS6gynU+cGdqR/WvJ36v0OaeQkyiDXaIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1751480888;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=KAJSX3sZwGEBiH0L1LjZmWmtsVWOsB4Eus8RZORQE/s=;
	b=wnYRnKt9DvYoJkTg8yd1r30gPdHuWKyTuVUuvuTT1dcNsGm4kG4MWvkX4naMRaGw2YEBVl
	RxWrdlm2f+hNasLQiSQwWaWpfojKvw4bEVrwKl14bwCaVkvzS2G3wczafJlpEq20/V3MHz
	feaNcmSnlVVUHuV+GqcuZN5cbnDjM1/0b+v19wwWfrvqiKSCfqm4iF/vz0vxQqurIQEFvO
	sYy6smWhf+uxBS4S85hPD5nqehCfhJTaujPhD6LUj6j+x6H+9h5j3KxpUssqcHXfhNmNoD
	CWZyKsOUe5IYwgOKwwb5D+Z23p7rwZgX+M5TMxuoSa3lj5k4rWqopzvuIPHdVg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1751480888; a=rsa-sha256; cv=none;
	b=B08OORDfxowgIcef3a8fgAkvPlb+N6W7B6tz2/tQfM/B/MCY+ZweV8225pS55M/sbxCAkg
	0hSCVy/dlHKfk1w0ZK2oy1wszjxtXeHzCogy2XQ34kQAWfo6UBo1v9tZfXNM+Th722xt3X
	eRmA457RrhpWH74/vF/ON48+8Tj60H5ZET2wbROgnM7k8chwyPgAm5eB56iz8WoZSoGUA5
	AUjwP1YCdV92m+j0NCRKuWQxKfA3kQpxUKYsS/4pSSLvacxilITEeG6pbYgf+uNPRb0P0x
	BC0RGqhd3PwxnV5uFXSlSYGSkVBEmRGo6bWyf8RxqlBtCghQ7L46xadIQr+C1A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bXT0m5nxjzVsH;
	Wed, 02 Jul 2025 18:28:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 562IS8Pv057324;
	Wed, 2 Jul 2025 18:28:08 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 562IS8FI057321;
	Wed, 2 Jul 2025 18:28:08 GMT
	(envelope-from git)
Date: Wed, 2 Jul 2025 18:28:08 GMT
Message-Id: <202507021828.562IS8FI057321@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Gordon Tetlow <gordon@FreeBSD.org>
Subject: git: 89a2823e17e5 - releng/14.2 - libc: allow __cxa_atexit
  handlers to be added during __cxa_finalize
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: gordon
X-Git-Repository: src
X-Git-Refname: refs/heads/releng/14.2
X-Git-Reftype: branch
X-Git-Commit: 89a2823e17e5e86b03516b89bfde88f2077c6da0
Auto-Submitted: auto-generated

The branch releng/14.2 has been updated by gordon:

URL: https://cgit.FreeBSD.org/src/commit/?id=89a2823e17e5e86b03516b89bfde88f2077c6da0

commit 89a2823e17e5e86b03516b89bfde88f2077c6da0
Author:     Aurélien Croc de Suray <freebsd@ap2c.com>
AuthorDate: 2025-04-05 00:47:53 +0000
Commit:     Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2025-07-02 05:46:14 +0000

    libc: allow __cxa_atexit handlers to be added during __cxa_finalize
    
    science/dlib-cpp reveals an interesting scenario that works fine on
    other platforms but not on FreeBSD; notably, it ends up creating a new
    global object from some destructor which is called during
    __cxa_finalize.  This breaks when libdlib is dlopen()ed and then
    subsequently dlclose()ed, as we never end up invoking the created
    object's dtor until program exit when the shlib is already unmapped.
    
    Fix it by noting when we're in the middle of __cxa_finalize for a dso,
    and then restarting the search if __cxa_atexit() was called in the
    middle somewhere.
    
    We wait until we've processed the initial set before starting over and
    processing the newly added handlers as if it were a complete set of
    handlers added during runtime.  The alternative is calling them as
    they're added to maintain a LIFO in terms of total ordering, but in
    theory a constructor could add another global object that also needs to
    be destroyed, and that object needs to be destroyed after the one that
    constructed it to avoid creating unexpected lifetime issues.
    
    This manifests in the pdlib PHP extension for dlib crashing, see [0].
    
    [0] https://github.com/goodspb/pdlib/issues/39
    
    PR:             285870
    Reviewed by:    kevans (also supplied commit message)
    Approved by:    so
    Security:       FreeBSD-EN-25:09.libc
    
    (cherry picked from commit 23427c8e1fedb9fc68ad0bd27a59c7ffd2b3008c)
    (cherry picked from commit c43ae65b4b89be422cdcd399a7abc44f6db4b298)
---
 lib/libc/stdlib/atexit.c | 61 ++++++++++++++++++++++++++++--------------------
 1 file changed, 36 insertions(+), 25 deletions(-)

diff --git a/lib/libc/stdlib/atexit.c b/lib/libc/stdlib/atexit.c
index b2c10ca4cca5..6468b9ff0a62 100644
--- a/lib/libc/stdlib/atexit.c
+++ b/lib/libc/stdlib/atexit.c
@@ -38,6 +38,7 @@ static char sccsid[] = "@(#)atexit.c	8.2 (Berkeley) 7/3/94";
 #include "namespace.h"
 #include <errno.h>
 #include <link.h>
+#include <stdbool.h>
 #include <stddef.h>
 #include <stdlib.h>
 #include <unistd.h>
@@ -59,6 +60,8 @@ _Block_copy(void*);
 #define	ATEXIT_FN_CXA	2
 
 static pthread_mutex_t atexit_mutex = PTHREAD_MUTEX_INITIALIZER;
+static void *current_finalize_dso = NULL;
+static bool call_finalize_again = false;
 
 #define _MUTEX_LOCK(x)		if (__isthreaded) _pthread_mutex_lock(x)
 #define _MUTEX_UNLOCK(x)	if (__isthreaded) _pthread_mutex_unlock(x)
@@ -118,6 +121,9 @@ atexit_register(struct atexit_fn *fptr)
 		__atexit = p;
 	}
 	p->fns[p->ind++] = *fptr;
+	if (current_finalize_dso != NULL &&
+	    current_finalize_dso == fptr->fn_dso)
+		call_finalize_again = true;
 	_MUTEX_UNLOCK(&atexit_mutex);
 	return 0;
 }
@@ -211,33 +217,38 @@ __cxa_finalize(void *dso)
 	}
 
 	_MUTEX_LOCK(&atexit_mutex);
-	for (p = __atexit; p; p = p->next) {
-		for (n = p->ind; --n >= 0;) {
-			if (p->fns[n].fn_type == ATEXIT_FN_EMPTY)
-				continue; /* already been called */
-			fn = p->fns[n];
-			if (dso != NULL && dso != fn.fn_dso) {
-				/* wrong DSO ? */
-				if (!has_phdr || global_exit ||
-				    !__elf_phdr_match_addr(&phdr_info,
-				    fn.fn_ptr.cxa_func))
-					continue;
+	current_finalize_dso = dso;
+	do {
+		call_finalize_again = false;
+		for (p = __atexit; p; p = p->next) {
+			for (n = p->ind; --n >= 0;) {
+				if (p->fns[n].fn_type == ATEXIT_FN_EMPTY)
+					continue; /* already been called */
+				fn = p->fns[n];
+				if (dso != NULL && dso != fn.fn_dso) {
+					/* wrong DSO ? */
+					if (!has_phdr || global_exit ||
+					    !__elf_phdr_match_addr(&phdr_info,
+					    fn.fn_ptr.cxa_func))
+						continue;
+				}
+				/*
+				  Mark entry to indicate that this particular
+				  handler has already been called.
+				*/
+				p->fns[n].fn_type = ATEXIT_FN_EMPTY;
+				_MUTEX_UNLOCK(&atexit_mutex);
+
+				/* Call the function of correct type. */
+				if (fn.fn_type == ATEXIT_FN_CXA)
+					fn.fn_ptr.cxa_func(fn.fn_arg);
+				else if (fn.fn_type == ATEXIT_FN_STD)
+					fn.fn_ptr.std_func();
+				_MUTEX_LOCK(&atexit_mutex);
 			}
-			/*
-			  Mark entry to indicate that this particular handler
-			  has already been called.
-			*/
-			p->fns[n].fn_type = ATEXIT_FN_EMPTY;
-		        _MUTEX_UNLOCK(&atexit_mutex);
-		
-			/* Call the function of correct type. */
-			if (fn.fn_type == ATEXIT_FN_CXA)
-				fn.fn_ptr.cxa_func(fn.fn_arg);
-			else if (fn.fn_type == ATEXIT_FN_STD)
-				fn.fn_ptr.std_func();
-			_MUTEX_LOCK(&atexit_mutex);
 		}
-	}
+	} while (call_finalize_again);
+	current_finalize_dso = NULL;
 	_MUTEX_UNLOCK(&atexit_mutex);
 	if (dso == NULL)
 		_MUTEX_DESTROY(&atexit_mutex);