Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 27 Jul 2015 23:40:36 -0400
From: Rich Felker <>
Subject: What's left for 1.1.11 release?

This release cycle has gotten way behind-schedule and I'd like to wrap
it up in the next few days. The CFI generation patch is the last
actual feature/roadmap item I want to get committed still, but I
believe there may be some important bugs to try to fix first. In

- Deadlocks in malloc due to a_store lacking acquire barrier on x86.
- Unbounded VSZ growth under free contention.

In principle the a_store issue affects all libc-internal __lock/LOCK
uses, and stdio locks too, but it's only been observed in malloc.
Since there don't seem to be any performance-relevant uses of a_store
that don't actually need the proper barrier, I think we have to just
put an explicit barrier (lock orl $0,(%esp) or mfence) after the store
and live with the loss of performance. Our x86 a_barrier is also
"wrong" for the same reasons as a_store, but I don't think any of its
callers actually want the full strength of a barrier, just some (much
weaker) ordering guarantees. This should be revisited after release to
assess what properties the callers actually want.

The VSZ growth issue is much harder to address before a release. I
would not be comfortable with pushing the changes needed for a proper
fix without a long testing window before a release, and even then I'm
not eagar to write this code. "Big hammer" solutions are of course
possible (e.g. serializing all malloc operations with a big lock) but
undesirable. The best I can probably do is put together an optional
patch which affected users can try until a real fix is available.

I'm also aware of the following open issues with patch discussion
going on, but they're not bugs/regressions affecting existing users,
and I don't see us reaching a resolution within a short timeframe:

- Adding powerpc soft-float.
- ARM asm incompatibility withe clang.

Anything else I'm missing in the way of bug reports of pending patches
that need to be addressed?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.