public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug dynamic-link/30425] New: Symbol lookup during dlclose may fail unnecessarily
@ 2023-05-05 20:31 fweimer at redhat dot com
2023-05-05 20:34 ` [Bug dynamic-link/30425] " fweimer at redhat dot com
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2023-05-05 20:31 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30425
Bug ID: 30425
Summary: Symbol lookup during dlclose may fail unnecessarily
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Target Milestone: ---
Once an object is under removal, all its symbols become unavailable for symbol
resolution, due to this check in do_lookup_x:
/* Do not look into objects which are going to be removed. */
if (map->l_removed)
continue;
This can cause mysterious crashes during dlclose, particularly if function
symbols are weak due to GCC's C++ vague linkage implementation.
This (admittedly silly) patch fixes the downstream reproducer, but we should
add a C test case for this as well.
diff --git a/elf/dl-lookup.c b/elf/dl-lookup.c
index 05f36a2507..ecc1896c9d 100644
--- a/elf/dl-lookup.c
+++ b/elf/dl-lookup.c
@@ -366,8 +366,10 @@ do_lookup_x (const char *undef_name, unsigned int
new_hash,
if ((type_class & ELF_RTYPE_CLASS_COPY) && map->l_type == lt_executable)
continue;
- /* Do not look into objects which are going to be removed. */
- if (map->l_removed)
+ /* Do not look into objects which are going to be removed.
+ References from a map that is under removal are allowed, to
+ enable lazy binding during dlclose. */
+ if (map->l_removed && !undef_map->l_removed)
continue;
/* Print some debugging info if wanted. */
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug dynamic-link/30425] Symbol lookup during dlclose may fail unnecessarily
2023-05-05 20:31 [Bug dynamic-link/30425] New: Symbol lookup during dlclose may fail unnecessarily fweimer at redhat dot com
@ 2023-05-05 20:34 ` fweimer at redhat dot com
2023-05-21 14:24 ` fw at deneb dot enyo.de
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2023-05-05 20:34 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30425
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug dynamic-link/30425] Symbol lookup during dlclose may fail unnecessarily
2023-05-05 20:31 [Bug dynamic-link/30425] New: Symbol lookup during dlclose may fail unnecessarily fweimer at redhat dot com
2023-05-05 20:34 ` [Bug dynamic-link/30425] " fweimer at redhat dot com
@ 2023-05-21 14:24 ` fw at deneb dot enyo.de
2023-05-22 13:24 ` fweimer at redhat dot com
2023-06-05 16:09 ` fweimer at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: fw at deneb dot enyo.de @ 2023-05-21 14:24 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30425
Florian Weimer <fw at deneb dot enyo.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fw at deneb dot enyo.de
--- Comment #1 from Florian Weimer <fw at deneb dot enyo.de> ---
The patch should check that undef_map is not NULL; there are other such checks
in elf/dl-lookup.c.
The situation is a bit more complicated because dlclose sets l_removed to false
only after running destructors for that DSO, so at least two DSOs are required,
and symbol interposition or some other ordering violation.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug dynamic-link/30425] Symbol lookup during dlclose may fail unnecessarily
2023-05-05 20:31 [Bug dynamic-link/30425] New: Symbol lookup during dlclose may fail unnecessarily fweimer at redhat dot com
2023-05-05 20:34 ` [Bug dynamic-link/30425] " fweimer at redhat dot com
2023-05-21 14:24 ` fw at deneb dot enyo.de
@ 2023-05-22 13:24 ` fweimer at redhat dot com
2023-06-05 16:09 ` fweimer at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2023-05-22 13:24 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30425
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at sourceware dot org |fweimer at redhat dot com
Status|NEW |ASSIGNED
--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
Patch posted:
[PATCH v2] elf: Make more functions available for binding during dlclose (bug
30425)
<https://sourceware.org/pipermail/libc-alpha/2023-May/148370.html>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug dynamic-link/30425] Symbol lookup during dlclose may fail unnecessarily
2023-05-05 20:31 [Bug dynamic-link/30425] New: Symbol lookup during dlclose may fail unnecessarily fweimer at redhat dot com
` (2 preceding siblings ...)
2023-05-22 13:24 ` fweimer at redhat dot com
@ 2023-06-05 16:09 ` fweimer at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2023-06-05 16:09 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30425
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Target Milestone|--- |2.38
Status|ASSIGNED |RESOLVED
--- Comment #3 from Florian Weimer <fweimer at redhat dot com> ---
Fixed via:
commit d0f07f7df8d9758c838674b70144ac73bcbd1634
Author: Florian Weimer <fweimer@redhat.com>
Date: Tue May 30 13:25:50 2023 +0200
elf: Make more functions available for binding during dlclose (bug 30425)
Previously, after destructors for a DSO have been invoked, ld.so refused
to bind against that DSO in all cases. Relax this restriction somewhat
if the referencing object is itself a DSO that is being unloaded. This
assumes that the symbol reference is not going to be stored anywhere.
The situation in the test case can arise fairly easily with C++ and
objects that are built with different optimization levels and therefore
define different functions with vague linkage.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-06-05 16:09 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-05 20:31 [Bug dynamic-link/30425] New: Symbol lookup during dlclose may fail unnecessarily fweimer at redhat dot com
2023-05-05 20:34 ` [Bug dynamic-link/30425] " fweimer at redhat dot com
2023-05-21 14:24 ` fw at deneb dot enyo.de
2023-05-22 13:24 ` fweimer at redhat dot com
2023-06-05 16:09 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).