This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hi! The following testcase shows a crash in the dynamic linker. unload4mod3.so is not unloaded with its loader (unload4mod1.so), because there was a relocation dependency: 1031: file=./unload4mod2.so [0]; needed by ./unload4mod4.so [0] (relocation dependency) and /* We have to bump the counts for all dependencies since so far this object was only a normal or transitive dependency. Now it might be closed with _dl_close() directly. */ for (list = map->l_initfini; *list != NULL; ++list) ++(*list)->l_opencount; loop in dl-lookup.c incremented l_opencount for unload4mod{2,4,3}.so. When dlclosing unload4mod1.so, its l_opencount is 1, so it is unloaded, but unload4mod{2,3,4}.so are kept. After the http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/elf/dl-close.c.diff?cvsroot=glibc&r1=1.109&r2=1.110 change, the code that changed unload4mod3.so's l_scope[1] to its l_searchlist is gone and thus even after unloading unload4mod1.so (and freeing its link_map), unload4mod3.so's l_scope[1] still points into unload4mod1.so's l_searchlist (now just freed memory). I'm using M_PERTURB only conditionally, as the testcase happens to crash on fedora-2_3-branch too. If I run it with LD_PRELOAD=libefence.so.0 EF_PROTECT_FREE=1 it crashes slightly earlier, without efence it crashes on the same spot as https://bugzilla.redhat.com/beta/show_bug.cgi?id=150414 crashes. 2005-03-08 Jakub Jelinek <jakub@redhat.com> * elf/Makefile: Add rules to build and run unload4 test. * elf/unload4.c: New test. * elf/unload4mod1.c: New file. * elf/unload4mod2.c: Likewise. * elf/unload4mod3.c: Likewise. * elf/unload4mod4.c: Likewise. --- libc/elf/Makefile.jj 2005-03-03 14:16:05.000000000 +0100 +++ libc/elf/Makefile 2005-03-08 14:06:22.268036905 +0100 @@ -85,6 +85,7 @@ distribute := rtld-Rules \ check-textrel.c dl-sysdep.h test-dlopenrpathmod.c \ tst-deep1mod1.c tst-deep1mod2.c tst-deep1mod3.c \ unload3mod1.c unload3mod2.c unload3mod3.c unload3mod4.c \ + unload4mod1.c unload4mod2.c unload4mod3.c unload4mod4.c \ tst-auditmod1.c CFLAGS-dl-runtime.c = -fexceptions -fasynchronous-unwind-tables @@ -160,7 +161,7 @@ tests += loadtest restest1 preloadtest l tst-tls10 tst-tls11 tst-tls12 tst-tls13 tst-tls14 tst-align \ tst-align2 $(tests-execstack-$(have-z-execstack)) tst-dlmodcount \ tst-dlopenrpath tst-deep1 tst-dlmopen1 tst-dlmopen2 tst-dlmopen3 \ - unload3 tst-audit1 tst-global1 + unload3 unload4 tst-audit1 tst-global1 # reldep9 test-srcs = tst-pathopt tests-vis-yes = vismain @@ -196,7 +197,8 @@ modules-names = testobj1 testobj2 testob $(modules-execstack-$(have-z-execstack)) \ tst-dlopenrpathmod tst-deep1mod1 tst-deep1mod2 tst-deep1mod3 \ tst-dlmopen1mod tst-auditmod1 \ - unload3mod1 unload3mod2 unload3mod3 unload3mod4 + unload3mod1 unload3mod2 unload3mod3 unload3mod4 \ + unload4mod1 unload4mod2 unload4mod3 unload4mod4 ifeq (yes,$(have-initfini-array)) modules-names += tst-array2dep endif @@ -431,6 +433,8 @@ $(objpfx)reldep9mod3.so: $(objpfx)reldep $(objpfx)unload3mod1.so: $(objpfx)unload3mod3.so $(objpfx)unload3mod2.so: $(objpfx)unload3mod3.so $(objpfx)unload3mod3.so: $(objpfx)unload3mod4.so +$(objpfx)unload4mod1.so: $(objpfx)unload4mod2.so $(objpfx)unload4mod3.so +$(objpfx)unload4mod2.so: $(objpfx)unload4mod4.so $(objpfx)unload4mod3.so LDFLAGS-tst-tlsmod5.so = -nostdlib LDFLAGS-tst-tlsmod6.so = -nostdlib @@ -471,6 +475,7 @@ circlemod3a.so-no-z-defs = yes reldep8mod2.so-no-z-defs = yes reldep9mod1.so-no-z-defs = yes unload3mod4.so-no-z-defs = yes +unload4mod1.so-no-z-defs = yes # filtmod1.so has a special rule $(filter-out $(objpfx)filtmod1.so, $(test-modules)): $(objpfx)%.so: $(objpfx)%.os @@ -691,6 +696,9 @@ $(objpfx)unload3: $(libdl) $(objpfx)unload3.out: $(objpfx)unload3mod1.so $(objpfx)unload3mod2.so \ $(objpfx)unload3mod3.so $(objpfx)unload3mod4.so +$(objpfx)unload4: $(libdl) +$(objpfx)unload4.out: $(objpfx)unload4mod1.so $(objpfx)unload4mod3.so + ifdef libdl $(objpfx)tst-tls9-static: $(common-objpfx)dlfcn/libdl.a $(objpfx)tst-tls9-static.out: $(objpfx)tst-tlsmod5.so $(objpfx)tst-tlsmod6.so --- libc/elf/unload4.c.jj 2005-03-08 13:53:05.196954197 +0100 +++ libc/elf/unload4.c 2005-03-08 13:54:08.207735948 +0100 @@ -0,0 +1,48 @@ +#include <dlfcn.h> +#include <stdio.h> +#include <malloc.h> + +int +main (void) +{ +#ifdef M_PERTURB + mallopt (M_PERTURB, 0xaa); +#endif + + void *h; + int (*fn) (int); + h = dlopen ("unload4mod1.so", RTLD_LAZY); + if (h == NULL) + { + puts ("1st dlopen failed"); + return 1; + } + fn = dlsym (h, "foo"); + if (fn == NULL) + { + puts ("dlsym failed"); + return 1; + } + int n = fn (10); + if (n != 28) + { + printf ("foo (10) returned %d != 28\n", n); + return 1; + } + dlclose (h); + h = dlopen ("unload4mod3.so", RTLD_LAZY); + fn = dlsym (h, "mod3fn2"); + if (fn == NULL) + { + puts ("second dlsym failed"); + return 1; + } + n = fn (10); + if (n != 22) + { + printf ("mod3fn2 (10) returned %d != 22\n", n); + return 1; + } + dlclose (h); + return 0; +} --- libc/elf/unload4mod1.c.jj 2005-03-08 13:53:05.196954197 +0100 +++ libc/elf/unload4mod1.c 2005-03-08 13:22:09.000000000 +0100 @@ -0,0 +1,10 @@ +#include <stdio.h> + +extern int bar (int); + +int +foo (int x) +{ + puts ("in foo"); + return bar (x / 2) + 2; +} --- libc/elf/unload4mod2.c.jj 2005-03-08 13:53:05.196954197 +0100 +++ libc/elf/unload4mod2.c 2005-03-08 13:19:18.000000000 +0100 @@ -0,0 +1,8 @@ +#include <stdio.h> + +int +baz (int x) +{ + puts ("in baz"); + return x * 4; +} --- libc/elf/unload4mod3.c.jj 2005-03-08 13:53:05.196954197 +0100 +++ libc/elf/unload4mod3.c 2005-03-08 14:03:14.220520033 +0100 @@ -0,0 +1,16 @@ +#include <stdio.h> + +int +__attribute__((noinline)) +mod3fn1 (int x) +{ + puts ("in mod3fn1"); + return x + 6; +} + +int +mod3fn2 (int x) +{ + puts ("in mod3fn2"); + return mod3fn1 (x / 2) * 2; +} --- libc/elf/unload4mod4.c.jj 2005-03-08 13:53:05.196954197 +0100 +++ libc/elf/unload4mod4.c 2005-03-08 13:23:06.000000000 +0100 @@ -0,0 +1,16 @@ +#include <stdio.h> +#include <stdlib.h> + +int +__attribute__((noinline)) +baz (int x) +{ + abort (); +} + +int +bar (int x) +{ + puts ("in bar"); + return baz (x + 1) + 2; +} Jakub
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |