| Message ID | 87mtbt5sxi.fsf@oldenburg.str.redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | elf: Initialize libc_map to NULL on namespace creation | expand |
* Florian Weimer via Libc-alpha: > It seems that a stale libc_map value will be used (and not > overwritten) by a dlmopen after a dlclose that has deallocated > the namespace. This may not be visible easily because the libc > link map can be allocated at the same address. > > Fixes commit ec935dea6332cb22f9881cd1162bad156173f4b0 ("elf: > Implement __libc_early_init"). The new version is here: [PATCH] elf: Call __libc_early_init for reused namespaces (bug 29528) <https://sourceware.org/pipermail/libc-alpha/2022-August/141696.html> Thanks, Florian
diff --git a/elf/dl-open.c b/elf/dl-open.c index dcc24130fe..582095a7fa 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -850,6 +850,10 @@ no more namespaces available for dlmopen()")); ++GL(dl_nns); } + /* Clear any potential dangling libc link map references. */ + GL(dl_ns)[nsid].libc_map = NULL; + GL(dl_ns)[nsid].libc_map_early_init = NULL; + _dl_debug_update (nsid)->r_state = RT_CONSISTENT; } /* Never allow loading a DSO in a namespace which is empty. Such
It seems that a stale libc_map value will be used (and not overwritten) by a dlmopen after a dlclose that has deallocated the namespace. This may not be visible easily because the libc link map can be allocated at the same address. Fixes commit ec935dea6332cb22f9881cd1162bad156173f4b0 ("elf: Implement __libc_early_init"). --- elf/dl-open.c | 4 ++++ 1 file changed, 4 insertions(+) base-commit: 6f85dbf102ad7982409ba0fe96886caeb6389fef