From owner-freebsd-current@freebsd.org Sun Aug 26 12:00:46 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CCCD91073F11 for ; Sun, 26 Aug 2018 12:00:46 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from smtp.digiware.nl (smtp.digiware.nl [IPv6:2001:4cb8:90:ffff::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 63E3B7D748; Sun, 26 Aug 2018 12:00:46 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from router.digiware.nl (localhost.digiware.nl [127.0.0.1]) by smtp.digiware.nl (Postfix) with ESMTP id 3E03CB577B; Sun, 26 Aug 2018 14:00:36 +0200 (CEST) X-Virus-Scanned: amavisd-new at digiware.com Received: from smtp.digiware.nl ([127.0.0.1]) by router.digiware.nl (router.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gQ2s3KtWhtoe; Sun, 26 Aug 2018 14:00:35 +0200 (CEST) Received: from [192.168.11.152] (unknown [192.168.11.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.digiware.nl (Postfix) with ESMTPSA id 1B553B577A; Sun, 26 Aug 2018 14:00:35 +0200 (CEST) Subject: Re: Warnings about dlclose before thread exit. __cxa_thread_call_dtors To: David Chisnall Cc: freebsd current References: <4b231ed8-f853-fb7e-06a7-b1bd57028ced@digiware.nl> <6a57c77d-944d-166b-07a3-263aac8fe297@digiware.nl> <4BBFC07B-F995-42DD-8C93-5E93AE6AE1DD@FreeBSD.org> From: Willem Jan Withagen Message-ID: <9795b802-cf63-dc9e-c2c0-b7fe74f3783c@digiware.nl> Date: Sun, 26 Aug 2018 14:00:33 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <4BBFC07B-F995-42DD-8C93-5E93AE6AE1DD@FreeBSD.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Aug 2018 12:00:47 -0000 On 26/08/2018 12:19, David Chisnall wrote: > The FreeBSD implementation here looks racy. If one thread dlcloses an object while another thread is exiting, we can end up calling a function at an invalid memory address. It also looks as if it may be possible to unload one library, load another at the same address, and end up executing entirely the wrong code, which would have some serious security implications. > The error report occurs when the thread terminates. And gdb really points me to the destructor of a class. (Random in this case) > The GNU/Linux equivalent of this function locks the DSO in memory until all references to it have gone away. A call to dlclose() on GNU/Linux will not actually unload the library until all threads with destructors in that library have been unloaded. I believe that this reuses the same reference counting mechanism that allows the same library to be dlopened and dlclosed multiple times. > > It would be nice if the FreeBSD version had the same behaviour, because this is almost certainly expected in code written on other platforms. ehh, yes, ... For the moment I disabled the notice.. It drives me crazy. --WjW > > David > >> On 18 Aug 2018, at 14:18, Willem Jan Withagen wrote: >> >> Hi, >> >> I've sent the question below to the Ceph-devel list, asking if any recent changes would be able to cause this. >> >> But then of course this could stem from FreeBSD libs, and of ports.... >> So the question here is if anybody has gotten these "warnings" in other tools. >> >> --WjW >> >> >> -------- Forwarded Message -------- >> Subject: Warnings about dlclose before thread exit >> Date: Sat, 18 Aug 2018 14:46:35 +0200 >> From: Willem Jan Withagen >> To: Ceph Development >> >> Hi, >> >> I've have upgraded to FreeBSD ALPHA 12.0, but I don't think the errors them from there. Although they could be in one of the libs that came along with the upgrade. >> >> I'm getting these warnings during rbd and ceph (maybe even more) invocations that indicate that indicate a possible problem because: >> === >> It could be possible that a dynamically loaded library, use >> thread_local variable but is dlclose()'d before thread exit. The >> destructor of this variable will then try to access the address, >> for calling it but it's unloaded, so it'll crash. We're using >> __elf_phdr_match_addr() to detect and prevent such cases and so >> prevent the crash. >> === >> this is from : https://github.com/freebsd/freebsd/blob/master/lib/libc/stdlib/cxa_thread_atexit_impl.c >> >> Now it could be that dlclose() and thread exit are just closed to one another. But still this is hard core embedded in libc already since 2017, so I'm sort of expecting that a recent change has caused this. >> >> And as indicated it is a possible cause for crashed, because thread_exit is going to clean up things that are no longer there. >> >> Now the 20 dollar question is: >> Where was this introduced?? >> >> Otherwise I'll have to try and throw my best gdb capabilities at it, and try to invoke an rbd call and see where it activates this warning. >> >> --WjW >> _______________________________________________ >> freebsd-current@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-current >> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >