From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 11338 invoked by alias); 22 Jul 2013 16:02:56 -0000 Mailing-List: contact libc-ports-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: libc-ports-owner@sourceware.org Received: (qmail 11310 invoked by uid 89); 22 Jul 2013 16:02:55 -0000 X-Spam-SWARE-Status: No, score=-0.5 required=5.0 tests=AWL,BAYES_50,RDNS_NONE autolearn=no version=3.3.1 Received: from Unknown (HELO USMAMAIL.TILERA.COM) (12.216.194.151) by sourceware.org (qpsmtpd/0.84/v0.84-167-ge50287c) with ESMTP; Mon, 22 Jul 2013 16:02:27 +0000 Received: from farm-0002.internal.tilera.com (10.2.0.32) by USMAEXCH2.tad.internal.tilera.com (10.3.0.33) with Microsoft SMTP Server (TLS) id 14.0.722.0; Mon, 22 Jul 2013 12:02:19 -0400 Received: (from cmetcalf@localhost) by farm-0002.internal.tilera.com (8.14.4/8.12.11/Submit) id r6MG2IWR029097; Mon, 22 Jul 2013 12:02:18 -0400 Message-ID: <201307221602.r6MG2IWR029097@farm-0002.internal.tilera.com> From: Chris Metcalf Date: Mon, 22 Jul 2013 16:02:00 -0000 Subject: [COMMITTED PATCH] tile BZ #15759: Fix bug in _dl_unmap To: , "David S. Miller" MIME-Version: 1.0 Content-Type: text/plain X-SW-Source: 2013-07/txt/msg00030.txt.bz2 We returned without calling __munmap if not in the simulator. Now we call a separate sim_dlclose() function to make the control flow work correctly. --- Siddhesh: Thanks for locating the bug! David: this bug was (only) in 2.17. It seems like it merits a backport since it's a pretty straightforward fix. What do you think? ports/ChangeLog.tile | 6 ++++++ ports/sysdeps/tile/dl-runtime.c | 12 +++++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 4b2d5ca..a67e40b 100644 --- a/NEWS +++ b/NEWS @@ -21,7 +21,8 @@ Version 2.18 15395, 15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429, 15431, 15432, 15441, 15442, 15448, 15465, 15480, 15485, 15488, 15490, 15492, 15493, 15497, 15506, 15529, 15536, 15553, 15577, 15583, - 15618, 15627, 15631, 15654, 15655, 15666, 15667, 15674, 15711, 15755. + 15618, 15627, 15631, 15654, 15655, 15666, 15667, 15674, 15711, 15755, + 15759. * CVE-2013-2207 Incorrectly granting access to another user's pseudo-terminal has been fixed by disabling the use of pt_chown (Bugzilla #15755). diff --git a/ports/ChangeLog.tile b/ports/ChangeLog.tile index dd3d4f4..41855f2 100644 --- a/ports/ChangeLog.tile +++ b/ports/ChangeLog.tile @@ -1,3 +1,9 @@ +2013-07-22 Chris Metcalf + + [BZ #15759] + * sysdeps/tile/dl-runtime.c (sim_dlclose): New function. + (_dl_unmap): Call sim_dlclose(). + 2013-07-19 Chris Metcalf * sysdeps/unix/sysv/linux/tile/sys/ptrace.h diff --git a/ports/sysdeps/tile/dl-runtime.c b/ports/sysdeps/tile/dl-runtime.c index 84b5a5a..42f0ab3 100644 --- a/ports/sysdeps/tile/dl-runtime.c +++ b/ports/sysdeps/tile/dl-runtime.c @@ -127,8 +127,8 @@ _dl_after_load (struct link_map *l) } /* Support notifying the simulator about removed objects prior to munmap(). */ -void internal_function -_dl_unmap (struct link_map *l) +static void +sim_dlclose (ElfW(Addr) map_start) { int shift; @@ -144,9 +144,15 @@ _dl_unmap (struct link_map *l) DLPUTC ('0'); DLPUTC ('x'); for (shift = (int) sizeof (unsigned long) * 8 - 4; shift >= 0; shift -= 4) - DLPUTC ("0123456789abcdef"[(l->l_map_start >> shift) & 0xF]); + DLPUTC ("0123456789abcdef"[(map_start >> shift) & 0xF]); DLPUTC ('\0'); + #undef DLPUTC +} +void internal_function +_dl_unmap (struct link_map *l) +{ + sim_dlclose (l->l_map_start); __munmap ((void *) l->l_map_start, l->l_map_end - l->l_map_start); } -- 1.8.3.1