This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: Reference counting bug in ld-linux.so.2 (2.1.2, 2.1.3, 2.1.9x, et. al.)

To: "Allen Bauer" <kylix_rd at hotmail dot com>, "H . J . Lu" <hjl at lucon dot org>, "Ulrich Drepper" <drepper at cygnus dot com>
Subject: Re: Reference counting bug in ld-linux.so.2 (2.1.2, 2.1.3, 2.1.9x, et. al.)
From: "Allen Bauer" <kylix_rd at hotmail dot com>
Date: Sat, 21 Oct 2000 22:16:56 -0700
Cc: <libc-alpha at sources dot redhat dot com>
References: <OE31bBYcVx7dATNd1Dg00001c3d@hotmail.com> <20001018211621.A23035@lucon.org> <OE40byoxxSQWBLYu7AH00000fc7@hotmail.com> <20001019092649.A27204@lucon.org> <OE9H9BoSTnaNdgxDY6q000016cc@hotmail.com> <20001019112716.A27930@lucon.org> <m3g0lssmvp.fsf@otr.mynet.cygnus.com> <20001019124542.A28451@lucon.org> <OE44f3ednHM3SOlbpH70000001c@hotmail.com>

> I've done some more extensive testing and have found that it looks like
this
> patch introduces the opposite problem.  It seems that I can now induce a
> situation where a shared object can be unloaded too soon.  I will send a
> test case soon that will demonstrate the problem.  I am also looking at a
> potential patch now that I've got a more clear understanding of how the
code
> works.  It appears that the reference counting is not handled in a
> symmetrical fashion.  Reference counts are bumped when the search lists
are
> built regardless of whether or not the object is already mapped into
memory
> by some other implicit load.   The loader then uses the fact that the
search
> list is or is not built to add references to dependent object.  I think
this
> may be the base of the problem.  Reference counts should be managed
> independently from the building of the search list.  I will do some more
> debugging and post my findings.

Attached is a new test case (based on my previous test case) that
demonstrates the new problem I alluded to above.  I also have a patch that
seems to fix it.  Basically, in dl_open_worker, when returning from
_dl_map_object and the search list is already built, the dependent objects'
reference counts must be bumped by one, just like in _dl_close, they must be
decremented even if the object is not going away.  I would post the patch,
except I'm currently working with 2.1.94 (patched RedHat 7.0), along with
2.1.2 and 2.1.3.

 ------
Allen Bauer.
Delphi/C++Builder/Kylix Sr. Staff Engineer.
Delphi/C++Builder/Kylix IDE R&D Manager.
Inprise/Borland Corporation.

new-loader-bug.tar.gz

References:
- Reference counting bug in ld-linux.so.2 (2.1.2, 2.1.3, 2.1.9x, et. al.)
  - From: Allen Bauer
- Re: Reference counting bug in ld-linux.so.2 (2.1.2, 2.1.3, 2.1.9x, et. al.)
  - From: H . J . Lu
- Re: Reference counting bug in ld-linux.so.2 (2.1.2, 2.1.3, 2.1.9x, et. al.)
  - From: Allen Bauer
- Re: Reference counting bug in ld-linux.so.2 (2.1.2, 2.1.3, 2.1.9x, et. al.)
  - From: H . J . Lu
- Re: Reference counting bug in ld-linux.so.2 (2.1.2, 2.1.3, 2.1.9x, et. al.)
  - From: Allen Bauer
- Re: Reference counting bug in ld-linux.so.2 (2.1.2, 2.1.3, 2.1.9x, et. al.)
  - From: H . J . Lu
- Re: Reference counting bug in ld-linux.so.2 (2.1.2, 2.1.3, 2.1.9x, et. al.)
  - From: Ulrich Drepper
- Re: Reference counting bug in ld-linux.so.2 (2.1.2, 2.1.3, 2.1.9x, et. al.)
  - From: H . J . Lu
- Re: Reference counting bug in ld-linux.so.2 (2.1.2, 2.1.3, 2.1.9x, et. al.)
  - From: Allen Bauer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]