* [Bug dynamic-link/27609] In elf/dl-open.c (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[]
2021-03-18 18:55 [Bug dynamic-link/27609] New: In elf/dl-open.c (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[] carlos at redhat dot com
@ 2021-08-17 18:31 ` hjl.tools at gmail dot com
2021-09-30 17:19 ` [Bug dynamic-link/27609] [2.32/2.33/2.34 Regression] " hjl.tools at gmail dot com
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: hjl.tools at gmail dot com @ 2021-08-17 18:31 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27609
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hjl.tools at gmail dot com
--- Comment #1 from H.J. Lu <hjl.tools at gmail dot com> ---
It does get here in nptl/tst-setuid1,c:
(gdb) bt
#0 _dl_open (file=<optimized out>, mode=-2147483646,
caller_dlopen=<optimized out>, nsid=-2, argc=2, argv=<optimized out>,
env=0xffffce70) at dl-open.c:851
#1 0xf7f194f2 in do_dlopen (ptr=ptr@entry=0xffffc990) at dl-libc.c:96
#2 0xf7f19ede in __GI__dl_catch_exception (
exception=exception@entry=0xffffc934, operate=<optimized out>,
args=<optimized out>)
at /export/gnu/import/git/gitlab/x86-glibc/elf/dl-error-skeleton.c:208
#3 0xf7f19f83 in __GI__dl_catch_error (objname=<optimized out>,
errstring=<optimized out>, mallocedp=<optimized out>,
operate=<optimized out>, args=<optimized out>)
at /export/gnu/import/git/gitlab/x86-glibc/elf/dl-error-skeleton.c:227
#4 0xf7f1946d in dlerror_run (operate=operate@entry=0xf7f194b0 <do_dlopen>,
args=args@entry=0xffffc990) at dl-libc.c:46
#5 0xf7f195f4 in __libc_dlopen_mode (name=<optimized out>,
mode=mode@entry=-2147483646) at dl-libc.c:163
#6 0xf7efefc9 in module_load (module=<optimized out>) at nss_module.c:191
#7 0xf7eff545 in __nss_module_load (module=<optimized out>)
at nss_module.c:310
#8 __nss_module_get_function (module=<optimized out>,
name=name@entry=0xf7f7d737 "getpwnam_r") at nss_module.c:333
#9 0xf7efd538 in __GI___nss_lookup_function (fct_name=<optimized out>,
ni=<optimized out>) at nsswitch.c:138
--Type <RET> for more, q to quit, c to continue without paging--
#10 __GI___nss_lookup (ni=<optimized out>, fct_name=<optimized out>,
fct2_name=<optimized out>, fctp=<optimized out>) at nsswitch.c:68
#11 0xf7efe723 in __GI___nss_passwd_lookup2 (ni=ni@entry=0xffffcbe8,
fct_name=fct_name@entry=0xf7f7d737 "getpwnam_r",
fct2_name=fct2_name@entry=0x0, fctp=fctp@entry=0xffffcbec)
at /export/gnu/import/git/gitlab/x86-glibc/nss/XXX-lookup.c:58
#12 0xf7ea2927 in __getpwnam_r (name=name@entry=0x4060fa "nobody",
resbuf=resbuf@entry=0xf7fbd6d0 <resbuf>, buffer=<optimized out>,
buflen=buflen@entry=1024, result=result@entry=0xffffcc3c)
at ../nss/getXXbyYY_r.c:265
#13 0xf7ea2480 in getpwnam (name=name@entry=0x4060fa "nobody")
at ../nss/getXXbyYY.c:135
#14 0x00403e6b in do_test () at tst-setuid1.c:1029
#15 legacy_test_function (argc=<optimized out>, argv=<optimized out>)
at ../test-skeleton.c:56
#16 0x004049e1 in support_test_main (argc=1, argv=0xffffce68,
config=config@entry=0xffffcd20) at support_test_main.c:403
#17 0x00402774 in main (argc=<optimized out>, argv=<optimized out>)
at ../support/test-driver.c:168
(gdb)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug dynamic-link/27609] [2.32/2.33/2.34 Regression] In elf/dl-open.c (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[]
2021-03-18 18:55 [Bug dynamic-link/27609] New: In elf/dl-open.c (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[] carlos at redhat dot com
2021-08-17 18:31 ` [Bug dynamic-link/27609] " hjl.tools at gmail dot com
@ 2021-09-30 17:19 ` hjl.tools at gmail dot com
2021-09-30 19:41 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: hjl.tools at gmail dot com @ 2021-09-30 17:19 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27609
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|In elf/dl-open.c (_dl_open) |[2.32/2.33/2.34 Regression]
|we might use __LM_ID_CALLER |In elf/dl-open.c (_dl_open)
|to index GL(dl_ns)[] |we might use __LM_ID_CALLER
| |to index GL(dl_ns)[]
Version|2.33 |2.32
CC| |fweimer at redhat dot com
--- Comment #2 from H.J. Lu <hjl.tools at gmail dot com> ---
commit ec935dea6332cb22f9881cd1162bad156173f4b0
Author: Florian Weimer <fweimer@redhat.com>
Date: Fri Apr 24 22:31:15 2020 +0200
elf: Implement __libc_early_init
has
@@ -856,6 +876,11 @@ no more namespaces available for dlmopen()"));
/* See if an error occurred during loading. */
if (__glibc_unlikely (exception.errstring != NULL))
{
+ /* Avoid keeping around a dangling reference to the libc.so link
+ map in case it has been cached in libc_map. */
+ if (!args.libc_already_loaded)
+ GL(dl_ns)[nsid].libc_map = NULL;
+
do_dlopen calls _dl_open with nsid == __LM_ID_CALLER (-2), which calls
dl_open_worker with args.nsid = nsid. dl_open_worker updates args.nsid
if it is __LM_ID_CALLER. After dl_open_worker returns, it is wrong to
use nsid.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug dynamic-link/27609] [2.32/2.33/2.34 Regression] In elf/dl-open.c (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[]
2021-03-18 18:55 [Bug dynamic-link/27609] New: In elf/dl-open.c (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[] carlos at redhat dot com
2021-08-17 18:31 ` [Bug dynamic-link/27609] " hjl.tools at gmail dot com
2021-09-30 17:19 ` [Bug dynamic-link/27609] [2.32/2.33/2.34 Regression] " hjl.tools at gmail dot com
@ 2021-09-30 19:41 ` cvs-commit at gcc dot gnu.org
2021-10-13 12:29 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-09-30 19:41 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27609
--- Comment #3 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by H.J. Lu <hjl@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1e1ecea62e899acb58c3fdf3b320a0833ddd0dff
commit 1e1ecea62e899acb58c3fdf3b320a0833ddd0dff
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Thu Sep 30 10:29:17 2021 -0700
elf: Replace nsid with args.nsid [BZ #27609]
commit ec935dea6332cb22f9881cd1162bad156173f4b0
Author: Florian Weimer <fweimer@redhat.com>
Date: Fri Apr 24 22:31:15 2020 +0200
elf: Implement __libc_early_init
has
@@ -856,6 +876,11 @@ no more namespaces available for dlmopen()"));
/* See if an error occurred during loading. */
if (__glibc_unlikely (exception.errstring != NULL))
{
+ /* Avoid keeping around a dangling reference to the libc.so link
+ map in case it has been cached in libc_map. */
+ if (!args.libc_already_loaded)
+ GL(dl_ns)[nsid].libc_map = NULL;
+
do_dlopen calls _dl_open with nsid == __LM_ID_CALLER (-2), which calls
dl_open_worker with args.nsid = nsid. dl_open_worker updates args.nsid
if it is __LM_ID_CALLER. After dl_open_worker returns, it is wrong to
use nsid.
Replace nsid with args.nsid after dl_open_worker returns. This fixes
BZ #27609.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug dynamic-link/27609] [2.32/2.33/2.34 Regression] In elf/dl-open.c (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[]
2021-03-18 18:55 [Bug dynamic-link/27609] New: In elf/dl-open.c (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[] carlos at redhat dot com
` (2 preceding siblings ...)
2021-09-30 19:41 ` cvs-commit at gcc dot gnu.org
@ 2021-10-13 12:29 ` cvs-commit at gcc dot gnu.org
2021-10-13 12:57 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-10-13 12:29 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27609
--- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.34/master branch has been updated by H.J. Lu
<hjl@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=79528414dc1578800cbf1fba2fbdb6335f4f39bf
commit 79528414dc1578800cbf1fba2fbdb6335f4f39bf
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Thu Sep 30 10:29:17 2021 -0700
elf: Replace nsid with args.nsid [BZ #27609]
commit ec935dea6332cb22f9881cd1162bad156173f4b0
Author: Florian Weimer <fweimer@redhat.com>
Date: Fri Apr 24 22:31:15 2020 +0200
elf: Implement __libc_early_init
has
@@ -856,6 +876,11 @@ no more namespaces available for dlmopen()"));
/* See if an error occurred during loading. */
if (__glibc_unlikely (exception.errstring != NULL))
{
+ /* Avoid keeping around a dangling reference to the libc.so link
+ map in case it has been cached in libc_map. */
+ if (!args.libc_already_loaded)
+ GL(dl_ns)[nsid].libc_map = NULL;
+
do_dlopen calls _dl_open with nsid == __LM_ID_CALLER (-2), which calls
dl_open_worker with args.nsid = nsid. dl_open_worker updates args.nsid
if it is __LM_ID_CALLER. After dl_open_worker returns, it is wrong to
use nsid.
Replace nsid with args.nsid after dl_open_worker returns. This fixes
BZ #27609.
(cherry picked from commit 1e1ecea62e899acb58c3fdf3b320a0833ddd0dff)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug dynamic-link/27609] [2.32/2.33/2.34 Regression] In elf/dl-open.c (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[]
2021-03-18 18:55 [Bug dynamic-link/27609] New: In elf/dl-open.c (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[] carlos at redhat dot com
` (3 preceding siblings ...)
2021-10-13 12:29 ` cvs-commit at gcc dot gnu.org
@ 2021-10-13 12:57 ` cvs-commit at gcc dot gnu.org
2021-10-13 14:10 ` cvs-commit at gcc dot gnu.org
2021-10-13 14:11 ` hjl.tools at gmail dot com
6 siblings, 0 replies; 8+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-10-13 12:57 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27609
--- Comment #5 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.33/master branch has been updated by H.J. Lu
<hjl@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6090cf1330faf2deb17285758f327cb23b89ebf1
commit 6090cf1330faf2deb17285758f327cb23b89ebf1
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Thu Sep 30 10:29:17 2021 -0700
elf: Replace nsid with args.nsid [BZ #27609]
commit ec935dea6332cb22f9881cd1162bad156173f4b0
Author: Florian Weimer <fweimer@redhat.com>
Date: Fri Apr 24 22:31:15 2020 +0200
elf: Implement __libc_early_init
has
@@ -856,6 +876,11 @@ no more namespaces available for dlmopen()"));
/* See if an error occurred during loading. */
if (__glibc_unlikely (exception.errstring != NULL))
{
+ /* Avoid keeping around a dangling reference to the libc.so link
+ map in case it has been cached in libc_map. */
+ if (!args.libc_already_loaded)
+ GL(dl_ns)[nsid].libc_map = NULL;
+
do_dlopen calls _dl_open with nsid == __LM_ID_CALLER (-2), which calls
dl_open_worker with args.nsid = nsid. dl_open_worker updates args.nsid
if it is __LM_ID_CALLER. After dl_open_worker returns, it is wrong to
use nsid.
Replace nsid with args.nsid after dl_open_worker returns. This fixes
BZ #27609.
(cherry picked from commit 1e1ecea62e899acb58c3fdf3b320a0833ddd0dff)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug dynamic-link/27609] [2.32/2.33/2.34 Regression] In elf/dl-open.c (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[]
2021-03-18 18:55 [Bug dynamic-link/27609] New: In elf/dl-open.c (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[] carlos at redhat dot com
` (4 preceding siblings ...)
2021-10-13 12:57 ` cvs-commit at gcc dot gnu.org
@ 2021-10-13 14:10 ` cvs-commit at gcc dot gnu.org
2021-10-13 14:11 ` hjl.tools at gmail dot com
6 siblings, 0 replies; 8+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-10-13 14:10 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27609
--- Comment #6 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.32/master branch has been updated by H.J. Lu
<hjl@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=53c8f3f1255f4e45084476c9c23d63e99516ad3b
commit 53c8f3f1255f4e45084476c9c23d63e99516ad3b
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Thu Sep 30 10:29:17 2021 -0700
elf: Replace nsid with args.nsid [BZ #27609]
commit ec935dea6332cb22f9881cd1162bad156173f4b0
Author: Florian Weimer <fweimer@redhat.com>
Date: Fri Apr 24 22:31:15 2020 +0200
elf: Implement __libc_early_init
has
@@ -856,6 +876,11 @@ no more namespaces available for dlmopen()"));
/* See if an error occurred during loading. */
if (__glibc_unlikely (exception.errstring != NULL))
{
+ /* Avoid keeping around a dangling reference to the libc.so link
+ map in case it has been cached in libc_map. */
+ if (!args.libc_already_loaded)
+ GL(dl_ns)[nsid].libc_map = NULL;
+
do_dlopen calls _dl_open with nsid == __LM_ID_CALLER (-2), which calls
dl_open_worker with args.nsid = nsid. dl_open_worker updates args.nsid
if it is __LM_ID_CALLER. After dl_open_worker returns, it is wrong to
use nsid.
Replace nsid with args.nsid after dl_open_worker returns. This fixes
BZ #27609.
(cherry picked from commit 1e1ecea62e899acb58c3fdf3b320a0833ddd0dff)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug dynamic-link/27609] [2.32/2.33/2.34 Regression] In elf/dl-open.c (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[]
2021-03-18 18:55 [Bug dynamic-link/27609] New: In elf/dl-open.c (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[] carlos at redhat dot com
` (5 preceding siblings ...)
2021-10-13 14:10 ` cvs-commit at gcc dot gnu.org
@ 2021-10-13 14:11 ` hjl.tools at gmail dot com
6 siblings, 0 replies; 8+ messages in thread
From: hjl.tools at gmail dot com @ 2021-10-13 14:11 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27609
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
Target Milestone|--- |2.35
--- Comment #7 from H.J. Lu <hjl.tools at gmail dot com> ---
Fixed for 2.35 and 2.34/2.33/2.32 branches.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread