Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 2 Nov 2010 17:40:11 GMT
From:      Jaakko Heinonen <jh@FreeBSD.org>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: misc/151861: dlclose() of library causes separately opened libraries to unload as well
Message-ID:  <201011021740.oA2HeBPn053419@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR misc/151861; it has been noted by GNATS.

From: Jaakko Heinonen <jh@FreeBSD.org>
To: Arjan van Leeuwen <freebsd-maintainer@opera.com>
Cc: bug-followup@FreeBSD.org, kan@FreeBSD.org, kib@FreeBSD.org
Subject: Re: misc/151861: dlclose() of library causes separately opened
 libraries to unload as well
Date: Tue, 2 Nov 2010 19:36:54 +0200

 On 2010-11-01, Arjan van Leeuwen wrote:
 > Assume we have a library liba.so, containing a function a(), and a
 > library libb.so, containing function b(). liba.so needs functionality
 > from libb.so, so liba.so links in libb.so.
 > 
 > An application doesn't know about the relation between these
 > libraries, but needs to call a() and b(). It dlopen()s libb.so and
 > obtains a pointer to b(), and it dlopen()s liba.so and obtains a
 > pointer to a().
 > 
 > As soon as the application doesn't need a() anymore, it dlclose()s
 > liba.so.
 > 
 > Expected result: the pointer to b() is still valid and can be called
 > Actual result: the pointer to b() has become invalid, even though the
 > application did not dlclose() the handle to libb.so. On calling b(),
 > the application crashes with a segmentation fault.
 > 
 > Extract the attached shar archive and execute 'make test'.
 
 Thank you for providing the test case.
 
 > This will cause a crash on FreeBSD, and will print 'success' on Linux.
 
 There is a problem with reference counting in dlopen(). If an object has
 been loaded by load_needed_objects() its dagmembers list may be empty
 after loading. If the list is empty, the ref_dag() call done for already
 loaded objects in dlopen() doesn't have effect.
 
 Here is a patch to demonstrate the problem. The test passes with the
 patch applied.
 
 %%%
 Index: libexec/rtld-elf/rtld.c
 ===================================================================
 --- libexec/rtld-elf/rtld.c	(revision 214676)
 +++ libexec/rtld-elf/rtld.c	(working copy)
 @@ -2046,7 +2046,10 @@ dlopen(const char *name, int mode)
  	} else {
  
  	    /* Bump the reference counts for objects on this DAG. */
 -	    ref_dag(obj);
 +	    if (STAILQ_EMPTY(&obj->dagmembers))
 +		init_dag(obj);
 +	    else
 +		ref_dag(obj);
  
  	    if (ld_tracing)
  		goto trace;
 %%%
 
 I have cc'd kan@ and kib@. Do you have ideas how to fix this correctly?
 
 -- 
 Jaakko

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201011021740.oA2HeBPn053419>