misc/151861: dlclose() of library causes separately opened libraries to unload as well

Jaakko Heinonen jh at FreeBSD.org
Tue Nov 2 17:40:11 UTC 2010 

The following reply was made to PR misc/151861; it has been noted by GNATS.

From: Jaakko Heinonen <jh at FreeBSD.org>
To: Arjan van Leeuwen <freebsd-maintainer at opera.com>
Cc: bug-followup at FreeBSD.org, kan at FreeBSD.org, kib at FreeBSD.org
Subject: Re: misc/151861: dlclose() of library causes separately opened
 libraries to unload as well
Date: Tue, 2 Nov 2010 19:36:54 +0200

 On 2010-11-01, Arjan van Leeuwen wrote:
 > Assume we have a library liba.so, containing a function a(), and a
 > library libb.so, containing function b(). liba.so needs functionality
 > from libb.so, so liba.so links in libb.so.
 > 
 > An application doesn't know about the relation between these
 > libraries, but needs to call a() and b(). It dlopen()s libb.so and
 > obtains a pointer to b(), and it dlopen()s liba.so and obtains a
 > pointer to a().
 > 
 > As soon as the application doesn't need a() anymore, it dlclose()s
 > liba.so.
 > 
 > Expected result: the pointer to b() is still valid and can be called
 > Actual result: the pointer to b() has become invalid, even though the
 > application did not dlclose() the handle to libb.so. On calling b(),
 > the application crashes with a segmentation fault.
 > 
 > Extract the attached shar archive and execute 'make test'.
 
 Thank you for providing the test case.
 
 > This will cause a crash on FreeBSD, and will print 'success' on Linux.
 
 There is a problem with reference counting in dlopen(). If an object has
 been loaded by load_needed_objects() its dagmembers list may be empty
 after loading. If the list is empty, the ref_dag() call done for already
 loaded objects in dlopen() doesn't have effect.
 
 Here is a patch to demonstrate the problem. The test passes with the
 patch applied.
 
 %%%
 Index: libexec/rtld-elf/rtld.c
 ===================================================================
 --- libexec/rtld-elf/rtld.c	(revision 214676)
 +++ libexec/rtld-elf/rtld.c	(working copy)
 @@ -2046,7 +2046,10 @@ dlopen(const char *name, int mode)
  	} else {
  
  	    /* Bump the reference counts for objects on this DAG. */
 -	    ref_dag(obj);
 +	    if (STAILQ_EMPTY(&obj->dagmembers))
 +		init_dag(obj);
 +	    else
 +		ref_dag(obj);
  
  	    if (ld_tracing)
  		goto trace;
 %%%
 
 I have cc'd kan@ and kib at . Do you have ideas how to fix this correctly?
 
 -- 
 Jaakko

More information about the freebsd-bugs mailing list