svn commit: r265003 - head/secure/usr.sbin/sshd

Roger Pau Monné royger at FreeBSD.org
Wed Aug 20 15:35:03 UTC 2014 

On 20/08/14 17:28, Bryan Drewery wrote:
> On 8/20/2014 10:19 AM, Roger Pau Monné wrote:
>> On 20/08/14 17:13, Konstantin Belousov wrote:
>>> On Wed, Aug 20, 2014 at 04:41:05PM +0200, Roger Pau Monn?? wrote:
>>>> On 27/04/14 07:28, Konstantin Belousov wrote:
>>>>> Author: kib
>>>>> Date: Sun Apr 27 05:28:14 2014
>>>>> New Revision: 265003
>>>>> URL: http://svnweb.freebsd.org/changeset/base/265003
>>>>>
>>>>> Log:
>>>>>   Fix order of libthr and libc in the global dso list for sshd, by
>>>>>   explicitely linking main binary with -lpthread.  Before, libthr
>>>>>   appeared in the list due to dependency of one of the kerberos libs.
>>>>>   Due to the change in ld(1) behaviour of not copying NEEDED entries
>>>>>   from direct dependencies into the link results, the order becomes
>>>>>   reversed.
>>>>>   
>>>>>   The libthr must appear before libc to properly interpose libc symbols
>>>>>   and provide working rtld locks implementation.  The symptom was sshd
>>>>>   hanging on rtld bind lock during nested symbol binding from a signal
>>>>>   handler.
>>>>>   
>>>>>   Approved by:	des (openssh maintainer)
>>>>>   Sponsored by:	The FreeBSD Foundation
>>>>>   MFC after:	1 week
>>>>>
>>>>> Modified:
>>>>>   head/secure/usr.sbin/sshd/Makefile
>>>>>
>>>>> Modified: head/secure/usr.sbin/sshd/Makefile
>>>>> ==============================================================================
>>>>> --- head/secure/usr.sbin/sshd/Makefile	Sun Apr 27 05:19:01 2014	(r265002)
>>>>> +++ head/secure/usr.sbin/sshd/Makefile	Sun Apr 27 05:28:14 2014	(r265003)
>>>>> @@ -57,6 +57,16 @@ CFLAGS+= -DNONE_CIPHER_ENABLED
>>>>>  DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
>>>>>  LDADD+= -lcrypt -lcrypto -lz
>>>>>  
>>>>> +# Fix the order of NEEDED entries for libthr and libc. The libthr
>>>>> +# needs to interpose libc symbols, leaving the libthr loading as
>>>>> +# dependency of krb causes reversed order and broken interposing. Put
>>>>> +# the threading library last on the linker command line, just before
>>>>> +# the -lc added by a compiler driver.
>>>>> +.if ${MK_KERBEROS_SUPPORT} != "no"
>>>>> +DPADD+= ${LIBPTHREAD}
>>>>> +LDADD+= -lpthread
>>>>> +.endif
>>>>> +
>>>>>  .if defined(LOCALBASE)
>>>>>  CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"
>>>>>  .endif
>>>>
>>>> Hello,
>>>>
>>>> This change makes the following simple test program fail on the second 
>>>> assert. The problem is that sa_handler == SIG_DFL, and sa_flags == 
>>>> SA_SIGINFO, which according to the sigaction(9) man page is not 
>>>> possible. With this change reverted the test is successful.
>>> I do not quite follow.
>>>
>>> What are the relations between sshd and your test program ?
>>> Should the test be run somehow specially ?
>>
>> No, and frankly that's what I don't understand. I compile this simple
>> test with `cc -o test test.c`. It fails with this commit applied, and
>> succeeds without it.
>>
>> Roger.
>>
> 
> Does it fail if you do not connect with ssh?

Right, it works fine from the serial console, fails when executed from ssh.

Roger.

More information about the svn-src-all mailing list