From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glibc-bugs-return-28839-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Received: (qmail 25530 invoked by alias); 16 Jul 2015 03:15:07 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Received: (qmail 25438 invoked by uid 48); 16 Jul 2015 03:15:02 -0000
From: "carlos at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug dynamic-link/18684] New: dlmopen a DSO that dlopen's into RTLD_GLOBAL segfaults.
Date: Thu, 16 Jul 2015 03:15:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: dynamic-link
X-Bugzilla-Version: 2.21
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: carlos at redhat dot com
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution:
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-18684-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-07/txt/msg00119.txt.bz2

https://sourceware.org/bugzilla/show_bug.cgi?id=18684

            Bug ID: 18684
           Summary: dlmopen a DSO that dlopen's into RTLD_GLOBAL
                    segfaults.
           Product: glibc
           Version: 2.21
            Status: NEW
          Severity: normal
          Priority: P2
         Component: dynamic-link
          Assignee: unassigned at sourceware dot org
          Reporter: carlos at redhat dot com
  Target Milestone: ---

The following program segfaults on glibc master:

cat >> main.c <<EOF
/* Test dlmopen of a DSO that calls dlopen RTLD_GLOBAL.  */
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <dlfcn.h>
#define DSO "./libfoo.so"
#define FUNC "foo"
int
main (void)
{
  void *dso;
  int (*func) (void);
  dso = dlmopen (LM_ID_NEWLM, DSO, RTLD_NOW|RTLD_LOCAL);
  *(void **) (&func) = dlsym (dso, FUNC);
  (*func) ();
  dlclose (dso);
  return 0;
}
EOF
cat >> foo.c <<EOF
#include <stdio.h>
#include <stdlib.h>
#include <dlfcn.h>
#define DSO "./libbar.so"
#define FUNC "bar"

void 
foo (void)
{
  void *dso;
  int (*func) (void);
  dso = dlopen (DSO, RTLD_NOW|RTLD_GLOBAL);
  *(void **) (&func) = dlsym (dso, FUNC);
  (*func) ();
  dlclose (dso);
}
EOF
cat >> bar.c <<EOF
int
bar (void)
{
  return 42;
}
EOF
cat >> build.sh <<EOF
#!/bin/bash
set -x
set -e
BUILD=/home/carlos/build/glibc
gcc -O0 -g3 -Wall -pedantic -shared -fPIC -o libbar.so bar.c
gcc -O0 -g3 -Wall -pedantic -shared -fPIC -o libfoo.so foo.c -ldl
gcc -Wl,--dynamic-linker=$BUILD/elf/ld.so
-Wl,-rpath=$BUILD:$BUILD/elf:$BUILD/dlfcn -O0 -g3 -Wall -pedantic -o main
main.c -ldl 
LD_LIBRARY_PATH=. ./main
EOF
chmod u+x build.sh
./build.sh

+ set -e
+ BUILD=/home/carlos/build/glibc
+ gcc -O0 -g3 -Wall -pedantic -shared -fPIC -o libbar.so bar.c
+ gcc -O0 -g3 -Wall -pedantic -shared -fPIC -o libfoo.so foo.c -ldl
+ gcc -Wl,--dynamic-linker=/home/carlos/build/glibc/elf/ld.so
-Wl,-rpath=/home/carlos/build/glibc:/home/carlos/build/glibc/elf:/home/carlos/build/glibc/dlfcn
-O0 -g3 -Wall -pedantic -o main main.c -ldl
+ LD_LIBRARY_PATH=.
+ ./main
./build.sh: line 8: 22948 Segmentation fault      (core dumped)
LD_LIBRARY_PATH=. ./main

gdb main
GNU gdb (GDB) Fedora 7.8.2-38.fc21
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from main...done.
(gdb) r
Starting program: /home/carlos/support/dlmopen-rtld-global/main 

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7dedd44 in add_to_global (new=new@entry=0x6039b0) at dl-open.c:94
94              = ns->_ns_main_searchlist->r_nlist + to_add + 8;
(gdb) bt
#0  0x00007ffff7dedd44 in add_to_global (new=new@entry=0x6039b0) at
dl-open.c:94
#1  0x00007ffff7deeafe in dl_open_worker (a=a@entry=0x7fffffffdb88) at
dl-open.c:563
#2  0x00007ffff7dea104 in _dl_catch_error
(objname=objname@entry=0x7fffffffdb78, 
    errstring=errstring@entry=0x7fffffffdb80,
mallocedp=mallocedp@entry=0x7fffffffdb77, 
    operate=operate@entry=0x7ffff7dee490 <dl_open_worker>,
args=args@entry=0x7fffffffdb88)
    at dl-error.c:187
#3  0x00007ffff7dedf03 in _dl_open (file=0x7ffff76307ed "./libbar.so",
mode=-2147483390, 
    caller_dlopen=0x7ffff76307aa, nsid=-2, argc=<optimized out>,
argv=<optimized out>, 
    env=0x7fffffffdf18) at dl-open.c:648
#4  0x00007ffff742cfa9 in ?? ()
#5  0x00007fffffffdf18 in ?? ()
#6  0x00007fffffffddc0 in ?? ()
#7  0x0000000000000000 in ?? ()
(gdb) 

The bug is that the the namespace's global searchlist (RTLD_GLOBAL) is never
initialized.

The main global searchlist is initliazed by rtld.

We need a similar initialization in elf/dl-open.c (add_to_global) and set
ns->_ns_main_searchlist to something. The most appropriate thing is to set it
to the searchlist of the first DSO loaded into the namespace with RTLD_GLOBAL.

-- 
You are receiving this mail because:
You are on the CC list for the bug.