Fix force-first handling in dlclose (RHEL-10481)
Resolves: RHEL-10481
This commit is contained in:
		
							parent
							
								
									cc28cc2e2a
								
							
						
					
					
						commit
						159c3a720f
					
				
							
								
								
									
										112
									
								
								glibc-RHEL-10481.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										112
									
								
								glibc-RHEL-10481.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,112 @@ | |||||||
|  | commit 849274d48fc59bfa6db3c713c8ced8026b20f3b7 | ||||||
|  | Author: Florian Weimer <fweimer@redhat.com> | ||||||
|  | Date:   Thu Nov 16 19:55:35 2023 +0100 | ||||||
|  | 
 | ||||||
|  |     elf: Fix force_first handling in dlclose (bug 30981) | ||||||
|  |      | ||||||
|  |     The force_first parameter was ineffective because the dlclose'd | ||||||
|  |     object was not necessarily the first in the maps array.  Also | ||||||
|  |     enable force_first handling unconditionally, regardless of namespace. | ||||||
|  |     The initial object in a namespace should be destructed first, too. | ||||||
|  |      | ||||||
|  |     The _dl_sort_maps_dfs function had early returns for relocation | ||||||
|  |     dependency processing which broke force_first handling, too, and | ||||||
|  |     this is fixed in this change as well. | ||||||
|  |      | ||||||
|  |     Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org> | ||||||
|  | 
 | ||||||
|  | diff --git a/elf/dl-close.c b/elf/dl-close.c
 | ||||||
|  | index 66524b6708c59f29..8107c2d5f6ad2bc6 100644
 | ||||||
|  | --- a/elf/dl-close.c
 | ||||||
|  | +++ b/elf/dl-close.c
 | ||||||
|  | @@ -182,6 +182,16 @@ _dl_close_worker (struct link_map *map, bool force)
 | ||||||
|  |      } | ||||||
|  |    assert (idx == nloaded); | ||||||
|  |   | ||||||
|  | +  /* Put the dlclose'd map first, so that its destructor runs first.
 | ||||||
|  | +     The map variable is NULL after a retry.  */
 | ||||||
|  | +  if (map != NULL)
 | ||||||
|  | +    {
 | ||||||
|  | +      maps[map->l_idx] = maps[0];
 | ||||||
|  | +      maps[map->l_idx]->l_idx = map->l_idx;
 | ||||||
|  | +      maps[0] = map;
 | ||||||
|  | +      maps[0]->l_idx = 0;
 | ||||||
|  | +    }
 | ||||||
|  | +
 | ||||||
|  |    /* Keep track of the lowest index link map we have covered already.  */ | ||||||
|  |    int done_index = -1; | ||||||
|  |    while (++done_index < nloaded) | ||||||
|  | @@ -255,9 +265,10 @@ _dl_close_worker (struct link_map *map, bool force)
 | ||||||
|  |  	  } | ||||||
|  |      } | ||||||
|  |   | ||||||
|  | -  /* Sort the entries.  We can skip looking for the binary itself which is
 | ||||||
|  | -     at the front of the search list for the main namespace.  */
 | ||||||
|  | -  _dl_sort_maps (maps, nloaded, (nsid == LM_ID_BASE), true);
 | ||||||
|  | +  /* Sort the entries.  Unless retrying, the maps[0] object (the
 | ||||||
|  | +     original argument to dlclose) needs to remain first, so that its
 | ||||||
|  | +     destructor runs first.  */
 | ||||||
|  | +  _dl_sort_maps (maps, nloaded, /* force_first */ map != NULL, true);
 | ||||||
|  |   | ||||||
|  |    /* Call all termination functions at once.  */ | ||||||
|  |    bool unload_any = false; | ||||||
|  | @@ -768,7 +779,11 @@ _dl_close_worker (struct link_map *map, bool force)
 | ||||||
|  |    /* Recheck if we need to retry, release the lock.  */ | ||||||
|  |   out: | ||||||
|  |    if (dl_close_state == rerun) | ||||||
|  | -    goto retry;
 | ||||||
|  | +    {
 | ||||||
|  | +      /* The map may have been deallocated.  */
 | ||||||
|  | +      map = NULL;
 | ||||||
|  | +      goto retry;
 | ||||||
|  | +    }
 | ||||||
|  |   | ||||||
|  |    dl_close_state = not_pending; | ||||||
|  |  } | ||||||
|  | diff --git a/elf/dl-sort-maps.c b/elf/dl-sort-maps.c
 | ||||||
|  | index aeb79b40b45054c0..c17ac325eca658ef 100644
 | ||||||
|  | --- a/elf/dl-sort-maps.c
 | ||||||
|  | +++ b/elf/dl-sort-maps.c
 | ||||||
|  | @@ -260,13 +260,12 @@ _dl_sort_maps_dfs (struct link_map **maps, unsigned int nmaps,
 | ||||||
|  |  	     The below memcpy is not needed in the do_reldeps case here, | ||||||
|  |  	     since we wrote back to maps[] during DFS traversal.  */ | ||||||
|  |  	  if (maps_head == maps) | ||||||
|  | -	    return;
 | ||||||
|  | +	    break;
 | ||||||
|  |  	} | ||||||
|  |        assert (maps_head == maps); | ||||||
|  | -      return;
 | ||||||
|  |      } | ||||||
|  | -
 | ||||||
|  | -  memcpy (maps, rpo, sizeof (struct link_map *) * nmaps);
 | ||||||
|  | +  else
 | ||||||
|  | +    memcpy (maps, rpo, sizeof (struct link_map *) * nmaps);
 | ||||||
|  |   | ||||||
|  |    /* Skipping the first object at maps[0] is not valid in general, | ||||||
|  |       since traversing along object dependency-links may "find" that | ||||||
|  | diff --git a/elf/dso-sort-tests-1.def b/elf/dso-sort-tests-1.def
 | ||||||
|  | index 4bf9052db16fb352..cf6453e9eb85ac65 100644
 | ||||||
|  | --- a/elf/dso-sort-tests-1.def
 | ||||||
|  | +++ b/elf/dso-sort-tests-1.def
 | ||||||
|  | @@ -56,14 +56,16 @@ output: b>a>{}<a<b
 | ||||||
|  |  # relocation(dynamic) dependencies. While this is technically unspecified, the | ||||||
|  |  # presumed reasonable practical behavior is for the destructor order to respect | ||||||
|  |  # the static DT_NEEDED links (here this means the a->b->c->d order). | ||||||
|  | -# The older dynamic_sort=1 algorithm does not achieve this, while the DFS-based
 | ||||||
|  | -# dynamic_sort=2 algorithm does, although it is still arguable whether going
 | ||||||
|  | -# beyond spec to do this is the right thing to do.
 | ||||||
|  | +# The older dynamic_sort=1 algorithm originally did not achieve this,
 | ||||||
|  | +# but this was a bug in the way _dl_sort_maps was called from _dl_close_worker,
 | ||||||
|  | +# effectively disabling proper force_first handling.
 | ||||||
|  | +# The new dynamic_sort=2 algorithm shows the effect of the simpler force_first
 | ||||||
|  | +# handling: the a object is simply moved to the front.
 | ||||||
|  |  # The below expected outputs are what the two algorithms currently produce | ||||||
|  |  # respectively, for regression testing purposes. | ||||||
|  |  tst-bz15311: {+a;+e;+f;+g;+d;%d;-d;-g;-f;-e;-a};a->b->c->d;d=>[ba];c=>a;b=>e=>a;c=>f=>b;d=>g=>c | ||||||
|  | -output(glibc.rtld.dynamic_sort=1): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<a<c<d<g<f<b<e];}
 | ||||||
|  | -output(glibc.rtld.dynamic_sort=2): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<g<f<a<b<c<d<e];}
 | ||||||
|  | +output(glibc.rtld.dynamic_sort=1): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<a<b<c<d<g<f<e];}
 | ||||||
|  | +output(glibc.rtld.dynamic_sort=2): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<a<g<f<b<c<d<e];}
 | ||||||
|  |   | ||||||
|  |  # Test that even in the presence of dependency loops involving dlopen'ed | ||||||
|  |  # object, that object is initialized last (and not unloaded prematurely). | ||||||
| @ -1,6 +1,6 @@ | |||||||
| %define glibcsrcdir glibc-2.28 | %define glibcsrcdir glibc-2.28 | ||||||
| %define glibcversion 2.28 | %define glibcversion 2.28 | ||||||
| %define glibcrelease 241%{?dist} | %define glibcrelease 242%{?dist} | ||||||
| # Pre-release tarballs are pulled in from git using a command that is | # Pre-release tarballs are pulled in from git using a command that is | ||||||
| # effectively: | # effectively: | ||||||
| # | # | ||||||
| @ -1057,6 +1057,7 @@ Patch869: glibc-RHEL-3757.patch | |||||||
| Patch870: glibc-RHEL-2122.patch | Patch870: glibc-RHEL-2122.patch | ||||||
| Patch871: glibc-RHEL-1192.patch | Patch871: glibc-RHEL-1192.patch | ||||||
| Patch872: glibc-RHEL-3639.patch | Patch872: glibc-RHEL-3639.patch | ||||||
|  | Patch873: glibc-RHEL-10481.patch | ||||||
| 
 | 
 | ||||||
| ############################################################################## | ############################################################################## | ||||||
| # Continued list of core "glibc" package information: | # Continued list of core "glibc" package information: | ||||||
| @ -2888,6 +2889,9 @@ fi | |||||||
| %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared | %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Mon Nov 20 2023 Florian Weimer <fweimer@redhat.com> - 2.28-242 | ||||||
|  | - Fix force-first handling in dlclose (RHEL-10481) | ||||||
|  | 
 | ||||||
| * Fri Nov 10 2023 Florian Weimer <fweimer@redhat.com> - 2.28-241 | * Fri Nov 10 2023 Florian Weimer <fweimer@redhat.com> - 2.28-241 | ||||||
| - Avoid lazy binding failures during dlclose (RHEL-3639) | - Avoid lazy binding failures during dlclose (RHEL-3639) | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user