1410154 – glibc: Incomplete rollback of dynamic linker state on dlopen failure (NODELETE bug)

Bug 1410154 - glibc: Incomplete rollback of dynamic linker state on dlopen failure (NODELETE bug)

Summary: glibc: Incomplete rollback of dynamic linker state on dlopen failure (NODELET...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	glibc
Sub Component:
Version:	---
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	pre-dev-freeze
Target Release:	8.1
Assignee:	Florian Weimer
QA Contact:	qe-baseos-tools-bugs
Docs Contact:	Sagar Dubewar
URL:
Whiteboard:
Duplicates (1):	1500128 (view as bug list)
Depends On:	1393909 1395758
Blocks:	1599298 1679810
TreeView+	depends on / blocked

Reported:	2017-01-04 15:34 UTC by Paulo Andrade
Modified:	2021-09-17 12:07 UTC (History)
CC List:	15 users (show)
Fixed In Version:	glibc-2.28-101.el8
Doc Type:	Bug Fix
Doc Text:	.Unrelocated and uninitialized shared objects no longer result in failures if `dlopen` fails Previously, if the `dlopen` call failed, the `glibc` dynamic linker did not remove shared objects with the `NODELETE` mark before reporting the error. Consequently, the unrelocated and uninitialized shared objects remained in the process image, eventually resulting in assertion failures or crashes. With this update, the dynamic loader uses a pending `NODELETE` state to remove shared objects upon `dlopen` failure, before marking them as `NODELETE` permanently. As a result, the process does not leave any unrelocated objects behind. Also, lazy binding failures while ELF constructors and destructors run now terminate the process.
Clone Of:
Environment:
Last Closed:	2020-04-28 16:50:14 UTC
Type:	Bug
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)
Proposed patch (151.68 KB, text/plain) 2019-12-09 13:21 UTC, Florian Weimer	no flags	Details
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1395758	medium	CLOSED	glibc: incomplete rollback of dynamic linker state on linking failure	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHSA-2020:1828	None	None	None	2020-04-28 16:50:50 UTC
Sourceware	16628	P2	RESOLVED	Segfault after a binary without pthread dlopen()s a library linked with pthread	2020-10-14 19:46:16 UTC
Sourceware	20839	P2	RESOLVED	Incomplete rollback of dynamic linker state on linking failure	2020-10-14 19:46:16 UTC
Sourceware	24304	P2	RESOLVED	Lazy binding failure during ELF constructors/destructors is not fatal	2020-10-14 19:46:16 UTC
Sourceware	25396	P2	RESOLVED	Failing dlopen can leave behind dangling GL (dl_initfirst) link map pointer	2020-10-14 19:46:16 UTC

Internal Links: 1410163 1748197

Description Paulo Andrade 2017-01-04 15:34:40 UTC

Unsure if it is a samba bug, but it should not crash.

  Steps to reproduce:

* Base 7.3 install
* yum install samba-winbind
* edit /etc/nsswitch.conf to show the following host line:

    hosts:      files wins dns myhostname

* systemctl start winbind
* ping redhat.com

  "Quick fix" could be to have /usr/lib64/samba/ in
LD_LIBRARY_PATH.

  The proper fix would likely to fix libnss_wins.so.2
link. Please let me know if the bug should be reassigned
to samba.

$ ldd /lib64/libnss_wins.so.2
	linux-vdso.so.1 =>  (0x00007ffefcf2d000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f683cd2a000)
	libwbclient.so.0 => /lib64/libwbclient.so.0 (0x00007f683cb1b000)
	libreplace-samba4.so => not found
	libc.so.6 => /lib64/libc.so.6 (0x00007f683c759000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f683d15e000)
	libwinbind-client-samba4.so => /usr/lib64/samba/libwinbind-client-samba4.so (0x00007f683c555000)
	libreplace-samba4.so => /usr/lib64/samba/libreplace-samba4.so (0x00007f683c351000)

Comment 1 Florian Weimer 2017-01-04 15:57:14 UTC

This is both a Samba bug (wrong search path/DSO location) and glibc bug (we should report and error and not crash).

This is fixed upstream.  The fix involves some ld.so cleanup, but should be backportable.

Comment 6 Florian Weimer 2018-11-20 09:35:02 UTC

The first upstream bug (16628) will be fixed in Red Hat Enterprise Linux 8.  The second bug still needs to be fixed upstream.

Comment 7 Carlos O'Donell 2019-10-01 13:10:23 UTC

*** Bug 1500128 has been marked as a duplicate of this bug. ***

Comment 10 Florian Weimer 2019-12-09 13:21:02 UTC

Created attachment 1643297 [details]
Proposed patch

The last three patches still await upstream review.

Comment 18 Florian Weimer 2020-01-16 13:44:20 UTC

Upstream testing revealed that the fix is incomplete. We need to backport the fix for this bug as well: https://sourceware.org/bugzilla/show_bug.cgi?id=25396

Comment 22 Florian Weimer 2020-01-17 02:44:06 UTC

(In reply to Florian Weimer from comment #18)
> Upstream testing revealed that the fix is incomplete. We need to backport
> the fix for this bug as well:
> https://sourceware.org/bugzilla/show_bug.cgi?id=25396

These fixes are included in glibc-2.28-101.el8.

Comment 27 Sagar Dubewar 2020-01-20 05:59:34 UTC

ok. updating the doc_text_flag to +.

Comment 32 Sergey Kolosov 2020-03-16 19:28:23 UTC

Verified with elf/tst-dlopen-nodelete-reloc, elf/tst-initfinilazyfail, 
elf/tst-dlopenfail, elf/tst-dlopenfail-2

Comment 34 errata-xmlrpc 2020-04-28 16:50:14 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1828

Note You need to log in before you can comment on or make changes to this bug.