Bug 1410154 - glibc: Incomplete rollback of dynamic linker state on dlopen failure (NODELETE bug)
Summary: glibc: Incomplete rollback of dynamic linker state on dlopen failure (NODELET...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: glibc
Version: ---
Hardware: All
OS: Linux
medium
medium
Target Milestone: pre-dev-freeze
: 8.1
Assignee: Florian Weimer
QA Contact: qe-baseos-tools-bugs
Sagar Dubewar
URL:
Whiteboard:
: 1500128 (view as bug list)
Depends On: 1393909 1395758
Blocks: 1599298 1679810
TreeView+ depends on / blocked
 
Reported: 2017-01-04 15:34 UTC by Paulo Andrade
Modified: 2021-07-10 14:08 UTC (History)
15 users (show)

Fixed In Version: glibc-2.28-101.el8
Doc Type: Bug Fix
Doc Text:
.Unrelocated and uninitialized shared objects no longer result in failures if `dlopen` fails Previously, if the `dlopen` call failed, the `glibc` dynamic linker did not remove shared objects with the `NODELETE` mark before reporting the error. Consequently, the unrelocated and uninitialized shared objects remained in the process image, eventually resulting in assertion failures or crashes. With this update, the dynamic loader uses a pending `NODELETE` state to remove shared objects upon `dlopen` failure, before marking them as `NODELETE` permanently. As a result, the process does not leave any unrelocated objects behind. Also, lazy binding failures while ELF constructors and destructors run now terminate the process.
Clone Of:
Environment:
Last Closed: 2020-04-28 16:50:14 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)
Proposed patch (151.68 KB, text/plain)
2019-12-09 13:21 UTC, Florian Weimer
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1395758 0 medium CLOSED glibc: incomplete rollback of dynamic linker state on linking failure 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHSA-2020:1828 0 None None None 2020-04-28 16:50:50 UTC
Sourceware 16628 0 P2 RESOLVED Segfault after a binary without pthread dlopen()s a library linked with pthread 2020-10-14 19:46:16 UTC
Sourceware 20839 0 P2 RESOLVED Incomplete rollback of dynamic linker state on linking failure 2020-10-14 19:46:16 UTC
Sourceware 24304 0 P2 RESOLVED Lazy binding failure during ELF constructors/destructors is not fatal 2020-10-14 19:46:16 UTC
Sourceware 25396 0 P2 RESOLVED Failing dlopen can leave behind dangling GL (dl_initfirst) link map pointer 2020-10-14 19:46:16 UTC

Internal Links: 1410163 1748197

Description Paulo Andrade 2017-01-04 15:34:40 UTC
Unsure if it is a samba bug, but it should not crash.

  Steps to reproduce:

* Base 7.3 install
* yum install samba-winbind
* edit /etc/nsswitch.conf to show the following host line:

    hosts:      files wins dns myhostname

* systemctl start winbind
* ping redhat.com

  "Quick fix" could be to have /usr/lib64/samba/ in
LD_LIBRARY_PATH.

  The proper fix would likely to fix libnss_wins.so.2
link. Please let me know if the bug should be reassigned
to samba.

$ ldd /lib64/libnss_wins.so.2
	linux-vdso.so.1 =>  (0x00007ffefcf2d000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f683cd2a000)
	libwbclient.so.0 => /lib64/libwbclient.so.0 (0x00007f683cb1b000)
	libreplace-samba4.so => not found
	libc.so.6 => /lib64/libc.so.6 (0x00007f683c759000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f683d15e000)
	libwinbind-client-samba4.so => /usr/lib64/samba/libwinbind-client-samba4.so (0x00007f683c555000)
	libreplace-samba4.so => /usr/lib64/samba/libreplace-samba4.so (0x00007f683c351000)

Comment 1 Florian Weimer 2017-01-04 15:57:14 UTC
This is both a Samba bug (wrong search path/DSO location) and glibc bug (we should report and error and not crash).

This is fixed upstream.  The fix involves some ld.so cleanup, but should be backportable.

Comment 6 Florian Weimer 2018-11-20 09:35:02 UTC
The first upstream bug (16628) will be fixed in Red Hat Enterprise Linux 8.  The second bug still needs to be fixed upstream.

Comment 7 Carlos O'Donell 2019-10-01 13:10:23 UTC
*** Bug 1500128 has been marked as a duplicate of this bug. ***

Comment 10 Florian Weimer 2019-12-09 13:21:02 UTC
Created attachment 1643297 [details]
Proposed patch

The last three patches still await upstream review.

Comment 18 Florian Weimer 2020-01-16 13:44:20 UTC
Upstream testing revealed that the fix is incomplete. We need to backport the fix for this bug as well: https://sourceware.org/bugzilla/show_bug.cgi?id=25396

Comment 22 Florian Weimer 2020-01-17 02:44:06 UTC
(In reply to Florian Weimer from comment #18)
> Upstream testing revealed that the fix is incomplete. We need to backport
> the fix for this bug as well:
> https://sourceware.org/bugzilla/show_bug.cgi?id=25396

These fixes are included in glibc-2.28-101.el8.

Comment 27 Sagar Dubewar 2020-01-20 05:59:34 UTC
ok. updating the doc_text_flag to +.

Comment 32 Sergey Kolosov 2020-03-16 19:28:23 UTC
Verified with elf/tst-dlopen-nodelete-reloc, elf/tst-initfinilazyfail, 
elf/tst-dlopenfail, elf/tst-dlopenfail-2

Comment 34 errata-xmlrpc 2020-04-28 16:50:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1828


Note You need to log in before you can comment on or make changes to this bug.