| Summary: | relocations not performed on failed dlopen | ||
|---|---|---|---|
| Product: | glibc | Reporter: | Ben Woodard <woodard> |
| Component: | libc | Assignee: | Not yet assigned to anyone <unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | CC: | drepper.fsp, fweimer |
| Priority: | P2 | Flags: | fweimer:
security-
|
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Host: | Target: | ||
| Build: | Last reconfirmed: | ||
| Attachments: | reproducer | ||
Created attachment 10521 [details] reproducer The runtime linker fails to perform relocation on a shared library brought in as a dependency which is marked NODELETE even though it isn't deleted. This causes problems when a subsequent library also tries to make use of the same library. [ben@Mustang dl-bug]$ make all cc -g -c -o main.o main.c cc -g -o main main.o -ldl cc -g -c -fpic a.c cc -g -c -fpic d.c cc -g -fpic -shared -Wl,-z,nodelete -o libd.so d.o cc -g -c -fpic e.c cc -g -fpic -shared -o libe.so e.o cc -g -fpic -shared -o liba.so a.o -L. -ld -le cc -g -c -fpic b.c cc -g -fpic -shared -o libb.so b.o -L. -ld [ben@Mustang dl-bug]$ make run LD_LIBRARY_PATH=. ./main d_fn x=12 inside b_fn rm libe.so LD_LIBRARY_PATH=. ./main Could not open liba.so - libe.so: cannot open shared object file: No such file or directory make: *** [Makefile:38: run] Segmentation fault (core dumped) Note that libd.so is marked NODELETE So when main dlopen's liba.so which needs on libd.so and libe.so because libe.so is missing, the load of liba.so fails. This is expected. However, when libb.so is loaded which also needs libd.so the application crashes because the relocations haven't been done. [ben@Mustang dl-bug]$ LD_LIBRARY_PATH=. LD_DEBUG=reloc,files ./main 2> foo d_fn x=12 inside b_fn [ben@Mustang dl-bug]$ egrep file\|reloc foo 10901: file=libdl.so.2 [0]; needed by ./main [0] 10901: file=libdl.so.2 [0]; generating link map 10901: file=libc.so.6 [0]; needed by ./main [0] 10901: file=libc.so.6 [0]; generating link map 10901: relocation processing: /lib64/libc.so.6 10901: relocation processing: /lib64/libdl.so.2 10901: relocation processing: ./main (lazy) 10901: relocation processing: /lib64/ld-linux-x86-64.so.2 10901: file=liba.so [0]; dynamically loaded by ./main [0] 10901: file=liba.so [0]; generating link map 10901: file=libd.so [0]; needed by ./liba.so [0] 10901: file=libd.so [0]; generating link map 10901: file=libe.so [0]; needed by ./liba.so [0] 10901: file=libe.so [0]; generating link map 10901: relocation processing: ./libe.so 10901: relocation processing: ./libd.so 10901: relocation processing: ./liba.so 10901: opening file=./liba.so [0]; direct_opencount=1 10901: file=libb.so [0]; dynamically loaded by ./main [0] 10901: file=libb.so [0]; generating link map 10901: relocation processing: ./libb.so 10901: opening file=./libb.so [0]; direct_opencount=1 vs. [ben@Mustang dl-bug]$ rm libe.so [ben@Mustang dl-bug]$ LD_LIBRARY_PATH=. LD_DEBUG=reloc,files ./main 2> foo Segmentation fault (core dumped) [ben@Mustang dl-bug]$ egrep file\|reloc foo 10965: file=libdl.so.2 [0]; needed by ./main [0] 10965: file=libdl.so.2 [0]; generating link map 10965: file=libc.so.6 [0]; needed by ./main [0] 10965: file=libc.so.6 [0]; generating link map 10965: relocation processing: /lib64/libc.so.6 10965: relocation processing: /lib64/libdl.so.2 10965: relocation processing: ./main (lazy) 10965: relocation processing: /lib64/ld-linux-x86-64.so.2 10965: file=liba.so [0]; dynamically loaded by ./main [0] 10965: file=liba.so [0]; generating link map 10965: file=libd.so [0]; needed by ./liba.so [0] 10965: file=libd.so [0]; generating link map 10965: file=libe.so [0]; needed by ./liba.so [0] 10965: file=./liba.so [0]; destroying link map Could not open liba.so - libe.so: cannot open shared object file: No such file or directory 10965: file=libb.so [0]; dynamically loaded by ./main [0] 10965: file=libb.so [0]; generating link map 10965: relocation processing: ./libb.so Note on the failing case the relocations are never done on libd.so