1410154 – glibc: Incomplete rollback of dynamic linker state on dlopen failure (NODELETE bug)

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1410154 - glibc: Incomplete rollback of dynamic linker state on dlopen failure (NODELETE bug)

Summary: glibc: Incomplete rollback of dynamic linker state on dlopen failure (NODELET...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	glibc
Sub Component:
Version:	---
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	pre-dev-freeze
Target Release:	8.1
Assignee:	Florian Weimer
QA Contact:	qe-baseos-tools-bugs
Docs Contact:	Sagar Dubewar
URL:
Whiteboard:
Duplicates (1):	1500128 (view as bug list)
Depends On:	1393909 1395758
Blocks:	1599298 1679810
TreeView+	depends on / blocked

Reported:	2017-01-04 15:34 UTC by Paulo Andrade
Modified:	2023-07-18 14:30 UTC (History)
CC List:	15 users (show)
Fixed In Version:	glibc-2.28-101.el8
Doc Type:	Bug Fix
Doc Text:	.Unrelocated and uninitialized shared objects no longer result in failures if `dlopen` fails Previously, if the `dlopen` call failed, the `glibc` dynamic linker did not remove shared objects with the `NODELETE` mark before reporting the error. Consequently, the unrelocated and uninitialized shared objects remained in the process image, eventually resulting in assertion failures or crashes. With this update, the dynamic loader uses a pending `NODELETE` state to remove shared objects upon `dlopen` failure, before marking them as `NODELETE` permanently. As a result, the process does not leave any unrelocated objects behind. Also, lazy binding failures while ELF constructors and destructors run now terminate the process.
Clone Of:
Environment:
Last Closed:	2020-04-28 16:50:14 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Proposed patch (deleted) 2019-12-09 13:21 UTC, Florian Weimer	no flags	Details
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1395758	medium	CLOSED	glibc: incomplete rollback of dynamic linker state on linking failure	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHSA-2020:1828	None	None	None	2020-04-28 16:50:50 UTC
Sourceware	16628	P2	RESOLVED	Segfault after a binary without pthread dlopen()s a library linked with pthread	2020-10-14 19:46:16 UTC
Sourceware	20839	P2	RESOLVED	Incomplete rollback of dynamic linker state on linking failure	2020-10-14 19:46:16 UTC
Sourceware	24304	P2	RESOLVED	Lazy binding failure during ELF constructors/destructors is not fatal	2020-10-14 19:46:16 UTC
Sourceware	25396	P2	RESOLVED	Failing dlopen can leave behind dangling GL (dl_initfirst) link map pointer	2020-10-14 19:46:16 UTC

Internal Links: 1410163 1748197

Description Paulo Andrade 2017-01-04 15:34:40 UTC

Unsure if it is a samba bug, but it should not crash.

  Steps to reproduce:

* Base 7.3 install
* yum install samba-winbind
* edit /etc/nsswitch.conf to show the following host line:

    hosts:      files wins dns myhostname

* systemctl start winbind
* ping redhat.com

  "Quick fix" could be to have /usr/lib64/samba/ in
LD_LIBRARY_PATH.

  The proper fix would likely to fix libnss_wins.so.2
link. Please let me know if the bug should be reassigned
to samba.

$ ldd /lib64/libnss_wins.so.2
	linux-vdso.so.1 =>  (0x00007ffefcf2d000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f683cd2a000)
	libwbclient.so.0 => /lib64/libwbclient.so.0 (0x00007f683cb1b000)
	libreplace-samba4.so => not found
	libc.so.6 => /lib64/libc.so.6 (0x00007f683c759000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f683d15e000)
	libwinbind-client-samba4.so => /usr/lib64/samba/libwinbind-client-samba4.so (0x00007f683c555000)
	libreplace-samba4.so => /usr/lib64/samba/libreplace-samba4.so (0x00007f683c351000)

Comment 1 Florian Weimer 2017-01-04 15:57:14 UTC

This is both a Samba bug (wrong search path/DSO location) and glibc bug (we should report and error and not crash).

This is fixed upstream.  The fix involves some ld.so cleanup, but should be backportable.

Comment 6 Florian Weimer 2018-11-20 09:35:02 UTC

The first upstream bug (16628) will be fixed in Red Hat Enterprise Linux 8.  The second bug still needs to be fixed upstream.

Comment 7 Carlos O'Donell 2019-10-01 13:10:23 UTC

*** Bug 1500128 has been marked as a duplicate of this bug. ***

Comment 10 Florian Weimer 2019-12-09 13:21:02 UTC

Created attachment 1643297 [details]
Proposed patch

The last three patches still await upstream review.

Comment 18 Florian Weimer 2020-01-16 13:44:20 UTC

Upstream testing revealed that the fix is incomplete. We need to backport the fix for this bug as well: https://sourceware.org/bugzilla/show_bug.cgi?id=25396

Comment 22 Florian Weimer 2020-01-17 02:44:06 UTC

(In reply to Florian Weimer from comment #18)
> Upstream testing revealed that the fix is incomplete. We need to backport
> the fix for this bug as well:
> https://sourceware.org/bugzilla/show_bug.cgi?id=25396

These fixes are included in glibc-2.28-101.el8.

Comment 27 Sagar Dubewar 2020-01-20 05:59:34 UTC

ok. updating the doc_text_flag to +.

Comment 32 Sergey Kolosov 2020-03-16 19:28:23 UTC

Verified with elf/tst-dlopen-nodelete-reloc, elf/tst-initfinilazyfail, 
elf/tst-dlopenfail, elf/tst-dlopenfail-2

Comment 34 errata-xmlrpc 2020-04-28 16:50:14 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1828

Note You need to log in before you can comment on or make changes to this bug.