public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/12561] New: ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps
@ 2011-03-10 2:20 pasky at suse dot cz
2011-03-22 1:41 ` [Bug libc/12561] " pasky at suse dot cz
` (10 more replies)
0 siblings, 11 replies; 12+ messages in thread
From: pasky at suse dot cz @ 2011-03-10 2:20 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12561
Summary: ld.so: dlclose() can remove required local scope
elements of NODELETE linkmaps
Product: glibc
Version: 2.13
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: pasky@suse.cz
Created attachment 5283
--> http://sourceware.org/bugzilla/attachment.cgi?id=5283
proposed patch, incl. testcase
In case a library is opened with RTLD_LOCAL, dlclose()ing that library
will remove the local scope from all subsequently loaded libraries
unconditionally, even though such a library is marked as RTLD_NODELETE.
This causes subsequent lookups within that library to fail if the
library depends on other libraries than those already loaded within
the global scope.
This has been exposed in a real-world case where libproxy opens
a KDE4 plugin with RTLD_LOCAL, the plugin depends on libkde4_core
and libkde4_core is marked as NODELETE due to having a STB_GNU_UNIQ
symbol; the plugin is dlclose()d later but ld.so raises a fatal
error when libkde4_core global destructor is called (it depends
on libqt4, but libqt4 has been in the plugin's local scope only
and is gone now).
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/12561] ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps
2011-03-10 2:20 [Bug libc/12561] New: ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps pasky at suse dot cz
@ 2011-03-22 1:41 ` pasky at suse dot cz
2011-04-10 20:02 ` drepper.fsp at gmail dot com
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: pasky at suse dot cz @ 2011-03-22 1:41 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12561
--- Comment #1 from Petr Baudis <pasky at suse dot cz> 2011-03-22 01:08:42 UTC ---
The patch takes an approach that is probably too conservative. Some common .so
like libpthread are marked NODELETE and any RTLD_LOCAL-opened .so that depends
on such will be held in memory forever. The real solution should be to rebuild
the scope for the NODELETE object.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/12561] ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps
2011-03-10 2:20 [Bug libc/12561] New: ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps pasky at suse dot cz
2011-03-22 1:41 ` [Bug libc/12561] " pasky at suse dot cz
@ 2011-04-10 20:02 ` drepper.fsp at gmail dot com
2011-05-25 15:16 ` matz at suse dot de
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: drepper.fsp at gmail dot com @ 2011-04-10 20:02 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12561
Ulrich Drepper <drepper.fsp at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |WAITING
--- Comment #2 from Ulrich Drepper <drepper.fsp at gmail dot com> 2011-04-10 20:02:22 UTC ---
That test case doesn't show any bug. If you you use the handle for a dlopen'ed
object to look up an object, then close the object, and finally use the
returned function it is bound to fail. Whether the symbol has been found in a
different object doesn't matter.
You have to provide a valid test case.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/12561] ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps
2011-03-10 2:20 [Bug libc/12561] New: ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps pasky at suse dot cz
2011-03-22 1:41 ` [Bug libc/12561] " pasky at suse dot cz
2011-04-10 20:02 ` drepper.fsp at gmail dot com
@ 2011-05-25 15:16 ` matz at suse dot de
2011-05-25 19:29 ` aj at suse dot de
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: matz at suse dot de @ 2011-05-25 15:16 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12561
--- Comment #3 from Michael Matz <matz at suse dot de> 2011-05-25 15:15:55 UTC ---
Created attachment 5749
--> http://sourceware.org/bugzilla/attachment.cgi?id=5749
better testcase
Indeed, this is a better testcase really reflecting what the proxy library
does. The important part is that there needs to be two (independend)
libraries loaded, that one dependency of one of them is nodelete, and has a
finalizer that needs to lookup something in its own dependencies that wasn't
available before. Then with unpatched glibc:
# make
# /tmp/mm/lib64/ld-linux-x86-64.so.2 --library-path /tmp/mm/lib64/ ./app
./app: symbol lookup error: /suse/matz/src/nodeletebug/lib2.so: undefined
symbol: in_lib3
with patched glibc:
# ./app
#
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/12561] ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps
2011-03-10 2:20 [Bug libc/12561] New: ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps pasky at suse dot cz
` (2 preceding siblings ...)
2011-05-25 15:16 ` matz at suse dot de
@ 2011-05-25 19:29 ` aj at suse dot de
2012-02-21 2:10 ` [Bug ld.so|libdl/12561] " jsm28 at gcc dot gnu.org
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: aj at suse dot de @ 2011-05-25 19:29 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12561
Andreas Jaeger <aj at suse dot de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|WAITING |NEW
CC| |aj at suse dot de
--- Comment #4 from Andreas Jaeger <aj at suse dot de> 2011-05-25 19:29:24 UTC ---
thanks for the testcase, changing status now.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ld.so|libdl/12561] ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps
2011-03-10 2:20 [Bug libc/12561] New: ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps pasky at suse dot cz
` (3 preceding siblings ...)
2011-05-25 19:29 ` aj at suse dot de
@ 2012-02-21 2:10 ` jsm28 at gcc dot gnu.org
2012-03-30 14:13 ` [Bug dynamic-link/12561] " idoenmez at suse dot de
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: jsm28 at gcc dot gnu.org @ 2012-02-21 2:10 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12561
Joseph Myers <jsm28 at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|libc |ld.so|libdl
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/12561] ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps
2011-03-10 2:20 [Bug libc/12561] New: ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps pasky at suse dot cz
` (4 preceding siblings ...)
2012-02-21 2:10 ` [Bug ld.so|libdl/12561] " jsm28 at gcc dot gnu.org
@ 2012-03-30 14:13 ` idoenmez at suse dot de
2012-10-23 17:34 ` ldv at altlinux dot org
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: idoenmez at suse dot de @ 2012-03-30 14:13 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12561
idoenmez at suse dot de changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |idoenmez at suse dot de
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/12561] ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps
2011-03-10 2:20 [Bug libc/12561] New: ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps pasky at suse dot cz
` (5 preceding siblings ...)
2012-03-30 14:13 ` [Bug dynamic-link/12561] " idoenmez at suse dot de
@ 2012-10-23 17:34 ` ldv at altlinux dot org
2012-10-25 14:08 ` matz at suse dot de
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: ldv at altlinux dot org @ 2012-10-23 17:34 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12561
Dmitry V. Levin <ldv at altlinux dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |WAITING
CC| |ldv at altlinux dot org
--- Comment #5 from Dmitry V. Levin <ldv at altlinux dot org> 2012-10-23 17:34:20 UTC ---
Is this bug still reproducible on glibc >= 2.15?
I've failed to reproduce it with 2.16+, and I suppose commit
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=glibc-2.14-208-g39dd69d
has something to do with it, because reverting it reintroduces the bug.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/12561] ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps
2011-03-10 2:20 [Bug libc/12561] New: ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps pasky at suse dot cz
` (6 preceding siblings ...)
2012-10-23 17:34 ` ldv at altlinux dot org
@ 2012-10-25 14:08 ` matz at suse dot de
2012-10-25 17:14 ` schwab@linux-m68k.org
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: matz at suse dot de @ 2012-10-25 14:08 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12561
Michael Matz <matz at suse dot de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |matz at suse dot de
--- Comment #6 from Michael Matz <matz at suse dot de> 2012-10-25 14:07:57 UTC ---
I really can't make up my mind right now if Andreas' patch is a fix for this
issue, or just hides it. The testcase here needed NODELETE libraries to force
some deps to stay around. Andreas' patch has this in it:
+ * elf/dl-close.c (_dl_close_worker): Reset private search list if
+ it wasn't used.
...
+ else if (new_list != NULL)
+ {
+ /* We didn't change the scope array, so reset the search
+ list. */
+ imap->l_searchlist.r_list = NULL;
+ imap->l_searchlist.r_nlist = 0;
So, what happens if we _do_ have changed the scope array, or used the
private search list? In other words, could the testcase from this report
be extended to make this happen and retrigger the bug, or is it fixed for
good?
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/12561] ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps
2011-03-10 2:20 [Bug libc/12561] New: ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps pasky at suse dot cz
` (7 preceding siblings ...)
2012-10-25 14:08 ` matz at suse dot de
@ 2012-10-25 17:14 ` schwab@linux-m68k.org
2012-11-28 10:46 ` schwab@linux-m68k.org
2014-06-27 13:46 ` fweimer at redhat dot com
10 siblings, 0 replies; 12+ messages in thread
From: schwab@linux-m68k.org @ 2012-10-25 17:14 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12561
--- Comment #7 from Andreas Schwab <schwab@linux-m68k.org> 2012-10-25 17:14:29 UTC ---
Both testcases (the attached one and the unload8 test) are equivalent: in the
attached testcase lib2 cannot be unloaded due to NODELETE, in the unload8
testcase unload8mod2 cannot be unloaded due to the dlopen dependency from
unload8mod3. Thus they trigger the same bug.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/12561] ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps
2011-03-10 2:20 [Bug libc/12561] New: ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps pasky at suse dot cz
` (8 preceding siblings ...)
2012-10-25 17:14 ` schwab@linux-m68k.org
@ 2012-11-28 10:46 ` schwab@linux-m68k.org
2014-06-27 13:46 ` fweimer at redhat dot com
10 siblings, 0 replies; 12+ messages in thread
From: schwab@linux-m68k.org @ 2012-11-28 10:46 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12561
Andreas Schwab <schwab@linux-m68k.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|WAITING |RESOLVED
Resolution| |FIXED
--- Comment #8 from Andreas Schwab <schwab@linux-m68k.org> 2012-11-28 10:45:42 UTC ---
Should be fixed in 2.15.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/12561] ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps
2011-03-10 2:20 [Bug libc/12561] New: ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps pasky at suse dot cz
` (9 preceding siblings ...)
2012-11-28 10:46 ` schwab@linux-m68k.org
@ 2014-06-27 13:46 ` fweimer at redhat dot com
10 siblings, 0 replies; 12+ messages in thread
From: fweimer at redhat dot com @ 2014-06-27 13:46 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=12561
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2014-06-27 13:46 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-03-10 2:20 [Bug libc/12561] New: ld.so: dlclose() can remove required local scope elements of NODELETE linkmaps pasky at suse dot cz
2011-03-22 1:41 ` [Bug libc/12561] " pasky at suse dot cz
2011-04-10 20:02 ` drepper.fsp at gmail dot com
2011-05-25 15:16 ` matz at suse dot de
2011-05-25 19:29 ` aj at suse dot de
2012-02-21 2:10 ` [Bug ld.so|libdl/12561] " jsm28 at gcc dot gnu.org
2012-03-30 14:13 ` [Bug dynamic-link/12561] " idoenmez at suse dot de
2012-10-23 17:34 ` ldv at altlinux dot org
2012-10-25 14:08 ` matz at suse dot de
2012-10-25 17:14 ` schwab@linux-m68k.org
2012-11-28 10:46 ` schwab@linux-m68k.org
2014-06-27 13:46 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).