From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vivek@collabora.com>
Received: from bhuna.collabora.co.uk (bhuna.collabora.co.uk
 [IPv6:2a00:1098:0:82:1000:25:2eeb:e3e3])
 by sourceware.org (Postfix) with ESMTPS id F28D33850401
 for <libc-alpha@sourceware.org>; Wed,  2 Jun 2021 15:42:57 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org F28D33850401
Received: from collabora.com (unknown
 [IPv6:2a00:5f00:102:0:dc0d:feff:fe92:6c27])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested) (Authenticated sender: vivek)
 by bhuna.collabora.co.uk (Postfix) with ESMTPSA id B7DA01F42D8C;
 Wed,  2 Jun 2021 16:42:56 +0100 (BST)
Date: Wed, 2 Jun 2021 16:42:53 +0100 (BST)
From: =?UTF-8?Q?Vivek_Das=C2=A0Mohapatra?= <vivek@collabora.com>
X-X-Sender: vivek@noise.cbg.collabora.co.uk
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>
cc: libc-alpha@sourceware.org
Subject: Re: [RFC][PATCH v10 5/7] Implement dlmopen RTLD_SHARED flag (bug
 22745)
In-Reply-To: <982a4b32-30b0-5112-53dd-2bdc8319ee63@linaro.org>
Message-ID: <alpine.DEB.2.21.2106021638560.6900@noise.cbg.collabora.co.uk>
References: <20210322154111.24798-1-vivek@collabora.com>
 <20210322154111.24798-6-vivek@collabora.com>
 <fe028af6-794c-bb58-2fd7-f5efbe60a2c3@linaro.org>
 <982a4b32-30b0-5112-53dd-2bdc8319ee63@linaro.org>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
X-Spam-Status: No, score=-5.7 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
 SPF_HELO_PASS, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jun 2021 15:42:59 -0000

> The 'loader' GL(dl_ns)[nsid].libc_map points to a read-only memory segment,
> I haven't debug it further.

Stared at the code for a while and did some code tweaking and figured it out:
If the library is loaded _without_ RTLD_ISOLATE then some error paths will
not result in a new namespace being initialised at all (since libc will be 
shared with the main namespace), which in turn means that nsid will never be
upgraded from LM_ID_NEWLM (-1).

So in the error path you'll try a negative offset from GL(dl_ns) and Very
Bad Things will happen.

Easy enough to add a guard for. I'll address the comments so far and send a
new patch series.