From owner-freebsd-threads@FreeBSD.ORG  Wed Oct  4 14:00:53 2006
Return-Path: <owner-freebsd-threads@FreeBSD.ORG>
X-Original-To: freebsd-threads@hub.freebsd.org
Delivered-To: freebsd-threads@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5CB7B16A4DA
	for <freebsd-threads@hub.freebsd.org>;
	Wed,  4 Oct 2006 14:00:53 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 167F643D5A
	for <freebsd-threads@hub.freebsd.org>;
	Wed,  4 Oct 2006 14:00:52 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k94E0pTd092065
	for <freebsd-threads@freefall.freebsd.org>; Wed, 4 Oct 2006 14:00:51 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k94E0pIc092064;
	Wed, 4 Oct 2006 14:00:51 GMT (envelope-from gnats)
Resent-Date: Wed, 4 Oct 2006 14:00:51 GMT
Resent-Message-Id: <200610041400.k94E0pIc092064@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-threads@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, KUROSAWA@FreeBSD.org,
	Takahiro <takahiro.kurosawa@gmail.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7C8C316A403
	for <freebsd-gnats-submit@FreeBSD.org>;
	Wed,  4 Oct 2006 13:56:34 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2351643D7E
	for <freebsd-gnats-submit@FreeBSD.org>;
	Wed,  4 Oct 2006 13:56:24 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k94DuOxm097239
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 4 Oct 2006 13:56:24 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k94DuOmj097237;
	Wed, 4 Oct 2006 13:56:24 GMT (envelope-from nobody)
Message-Id: <200610041356.k94DuOmj097237@www.freebsd.org>
Date: Wed, 4 Oct 2006 13:56:24 GMT
From: KUROSAWA@FreeBSD.org, Takahiro <takahiro.kurosawa@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-2.3
Cc: 
Subject: threads/103975: Implicit loading/unloading of libpthread.so may
	crash user processes
X-BeenThere: freebsd-threads@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Threading on FreeBSD <freebsd-threads.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-threads>, 
	<mailto:freebsd-threads-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-threads>
List-Post: <mailto:freebsd-threads@freebsd.org>
List-Help: <mailto:freebsd-threads-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-threads>,
	<mailto:freebsd-threads-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Oct 2006 14:00:53 -0000


>Number:         103975
>Category:       threads
>Synopsis:       Implicit loading/unloading of libpthread.so may crash user processes
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-threads
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 04 14:00:50 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     KUROSAWA, Takahiro
>Release:        6.2-PRERELEASE
>Organization:
>Environment:
FreeBSD cube.nodomain.noroot 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #13: Fri Sep 29 14:34:05 JST 2006     kurosawa@cube.nodomain.noroot:/usr/obj/usr/src/sys/CUBE  i386

>Description:
A program (described as ProgA below) gets SIGSEGV if following conditions
are met:
- ProgA dlopen()s and dlclose()s a shared object (ShobjB)
- ProgA doesn't link libpthread.so
- ShbjB dynamically links libpthread.so
  (libpthread.so will be loaded when ProgA dlopen()s ShobjB)
- ProgA calls functions like gethostbyname() that uses __thr_jtable
  (in src/lib/libc/gen/_pthread_stubs.c) after unloading ShobjB.

The problem is that function pointers in __thr_jtable still point to functions
in libpthread.so after libpthread.so is unloaded from ProgA's memory space.

To fix the problem, a function that has __attribute__((destructor))
in libpthread should probably be implemented in order to recover
the initial state before unloading.

>How-To-Repeat:
The problem occurs on the web server built with following ports
when the httpd receives SIGHUP that is sent by newsyslog:
- www/apache20
- lang/php4
- databases/php4-pgsql
- databases/postgresql81-{client,server} with the option WITH_THREADSAFE=true

Or extract the following archive then run "make test."
The 3rd call of test() in pjt-replace.c causes SIGSEGV.

begin 644 pjt.tar.gz
M'XL(`#J[(T4``^V4WV_3,!#'^QK_%:?02>GH#[=-6JFC$Z,;?2DO6WD`(2'7
M<99L7A+%SA!"_._8257:CL%3-P'W>;GX_#W?Q9=+?J,;AX92.@X",+8_#OK6
M4CKP:[L&^C3HT_$P\`,*M#\(1N,&!`>OS%`JS0I3RFU99(I]88_IC"R*?G/.
M^CTV]B\AO]&]=^Q61(D4A\IA[F/D^X_WWQ\,]_KO#VG0`'JH@K;YS_M_?O'F
M_=QQIM"Y)K.WB[/YE>.\G$+3JS9:9'EV.;]87EF%^52Z*K.F4XA<,BX(85).
M?KFAA=(3,-O$Z?9V=K86D^V8;D:<IC>;M3;)H9-!\_6>AM39ZE"5=?G#*!6S
M0H1;T58&'9GKN!`LK$NPO@EQ.-/0"\5]+RVEA%,309Z[)4^*G?_M"^8'R/&G
M^0]&_M[\!X,!SO^3\"))N2Q#`:]"&?&T&Y^2GRZEPR3;=:5"AROK(N9"=,+A
M/DO":MH];L8.CD.A>(M\(X[21<DUQ)G2(M5P',,4KH6VZ]77E-T)SY499](Z
MW-8)<?(B277DN4=JLBN$0NBR2,U('^6?4K<--D<;8A/TG1`31.Y8DGJVDBJS
M?3#Y3@AQJL+<E8BR0D`HLURD52Y;3+WTW.K_9'XIYN#+Y>+\\^+LXP>KJ6-9
MI$6QUK9A<Q*7F1+54>MG+WX8LQ$1IWX%H+;DY^XY@B`(@B`(@B`(@B`(@B`(
2@B`(@B`(\N_Q`XCZB,H`*```
`
end

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: