Re: dlopen after dlclose crash

2014-08-19 Thread Philip Guenther 
On Mon, Aug 18, 2014 at 7:33 AM, Henri Kemppainen  wrote:

> Hi, I encountered this problem while trying an application that uses SDL2.
> It turns out that SDL2 opens, closes, and reopens some shared objects from
> the X11 sets.  And doing that in the specific order it does, one of the
> eventual dlopen calls will crash.  Here's a minimal test case:

...

> There are some other combinations of shared objects that will also result
> in
> the same crash.  It can be worked around by changing the order in which
> they
> are opened or closed (changing both works too).  Nothing in the man page
> suggests to me that the order should be critical, so this looks like a bug.
>

Yep.


I might dig deeper once I find the time, but perhaps someone already
> familiar with the code might want to take a look at it before I waste a
> week on it ;-)
>

The issue is the change in ld.so/library_subr.c rev 1.34.  If you back that
change out, the crash disappears.

The problem is that no one makes changes to the linkages inside ld.so out
of boredom: there was some previous program that crashed without that
change, but the details weren't documented or preserved in a regress/
program.  I've made a couple stabs at reproducing the original program so
that we can be sure to keep it fixed when fixing this, but haven't been
able to pin down a case where the committed change solved the problem.  If
you can figure that out, I would gladly buy you a beer or three.  Elsewise
we're reaching the point where we back that change out and wait for someone
complain...  :-(

Philip Guenther

dlopen after dlclose crash

2014-08-18 Thread Henri Kemppainen 
Hi, I encountered this problem while trying an application that uses SDL2.
It turns out that SDL2 opens, closes, and reopens some shared objects from
the X11 sets.  And doing that in the specific order it does, one of the
eventual dlopen calls will crash.  Here's a minimal test case:

$ ls -ctlah /usr/X11R6/lib/libX{cursor,randr}.so*
-rw-r--r--  1 root  wheel  47.2K Aug 16 19:57 /usr/X11R6/lib/libXrandr.so.7.0
-rw-r--r--  1 root  wheel  49.2K Aug 16 19:57 /usr/X11R6/lib/libXcursor.so.5.0
-rw-r--r--  1 root  wheel  43.0K Jun 30  2013 /usr/X11R6/lib/libXrandr.so.6.2
-rw-r--r--  1 root  wheel  47.6K Jun 30  2013 /usr/X11R6/lib/libXcursor.so.4.0

$ cat test.c
#include 

main() {
void *a, *b;
int flag = RTLD_NOW|RTLD_LOCAL;

a = dlopen("libXcursor.so", flag);
b = dlopen("libXrandr.so", flag);
dlclose(a);
dlclose(b);
dlopen("libXcursor.so", flag);
return 0;
}

$ cc test.c

$ ./a.out   
  
Bus error (core dumped) 

$ gdb a.out a.out.core 
[ .. snip .. ]
#0  _dl_cache_grpsym_list (object=0x110be2bb7400) at
  /usr/src/libexec/ld.so/library_subr.c:555

warning: Source file is more recent than executable.

555 _dl_link_grpsym(n->data, 0);
(gdb) p n
$1 = (struct dep_node *) 0xdfdfdfdfdfdfdfdf

(gdb) bt
#0  _dl_cache_grpsym_list (object=0x110be2bb7400)
at /usr/src/libexec/ld.so/library_subr.c:555
#1  0x110ba94082fd in _dl_cache_grpsym_list (object=0x110c140a0c00)
at /usr/src/libexec/ld.so/library_subr.c:558
#2  0x110ba94082fd in _dl_cache_grpsym_list (object=0x110c140a0800)
at /usr/src/libexec/ld.so/library_subr.c:558
#3  0x110ba9403267 in _dl_load_dep_libs (object=0x110c140a0800, flags=1,
  booting=0)
at /usr/src/libexec/ld.so/loader.c:347
#4  0x110ba9405f99 in dlopen (libname=0x110921800dff "libXcursor.so",
  flags=Variable "flags" is not available.)
at /usr/src/libexec/ld.so/dlfcn.c:107
#5  0x110921700dda in main () from /tmp/a.out

---


There are some other combinations of shared objects that will also result in
the same crash.  It can be worked around by changing the order in which they
are opened or closed (changing both works too).  Nothing in the man page
suggests to me that the order should be critical, so this looks like a bug.

I might dig deeper once I find the time, but perhaps someone already
familiar with the code might want to take a look at it before I waste a
week on it ;-)

-Henri

OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1047068672 (998MB)
avail mem = 1010466816 (963MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf0760 (31 entries)
bios0: vendor American Megatrends Inc. version "0201" date 02/10/2010
bios0: ASUSTeK Computer INC. 1001PX
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG ECDT OEMB HPET GSCI SSDT
acpi0: wakeup devices P0P1(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU N450 @ 1.66GHz, 2333.32 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF
cpu0: 512KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 166MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.0.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Atom(TM) CPU N450 @ 1.66GHz, 1666.48 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF
cpu1: 512KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 1, remapped to apid 2
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiec0 at acpi0
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 4 (P0P4)
acpiprt2 at acpi0: bus 2 (P0P5)
acpiprt3 at acpi0: bus -1 (P0P6)
acpiprt4 at acpi0: bus 1 (P0P7)
acpicpu0 at acpi0: C2, C1, PSS
acpicpu1 at acpi0: C2, C1, PSS
acpitz0 at acpi0: critical temperature is 98 degC
acpibat0 at acpi0: BAT0 model "1001PX" serial   type LION oem "ASUS"
acpiac0 at acpi0: AC unit online
acpiasus0 at acpi0
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibtn2 at acpi0: PWRB
cpu0: Enhanced SpeedStep 2333 MHz: speeds: 1667, 1333, 1000 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x00
vga1 at pci0 dev 2 function 0 "Intel Pineview Video"