#3194 new defect

RTL Infinite Loop Condition after dlopen() tries to resolve leftover external references

Reported by: Kevin Gordon Owned by:
Priority: normal Milestone: Indefinite
Component: lib/dl Version: 4.11
Severity: major Keywords: RTL dlclose dlopen
Cc: Blocked By:
Blocking:

Description

If a module is loaded via dlopen() with unresolved external reference(s) to both data and code and the module is subsequently unloaded via dlclose(), the next dlopen() of a different module will go into an infinite loop in rtems_rtl_chain_iterate() because the local variable "node" is NULL and there is no check for NULL, while trying to resolve an apparently left-over external reference from the first module.

Architecture is sparc-leon3 using both the RTEMS 4.11.1 public release and rtems master @f043b9bd3bf25626fb1a311dd7fa041eacc68adc with rtems-source-builder @55f2d69e9b67cde23d61375fa34ef5b0f04a985d.

This bug can be demonstrated by compiling the attached module-0.c and module-1.c files to ELF .o files, loading module-1.o first with dlopen(), unloading module-1 with dlclose(), and then loading module-0.o with dlopen().

Note there is not an infinite loop condition in RTL if there are only unresolved external reference(s) to code, in this case module0Function0() from module-1, however there is a related error in RTL because there's an attempt to resolve the external references made to resources in module-1 when module-0.o is loaded, even after module-1 is unloaded.

It appears in general as though the external references to shared_resource_0[ ] and module0Function0() are not removed from RTL symbol resolution data structures.

The related bug can be demonstrated by commenting-out the extern reference to shared_resource_0[ ] in module-1.c and the use of shared_resource_0[ ] in module1Function1(). After module-1.o is loaded and then unloaded, upon loading module-0.o a full RTL trace reveals resolution of module0function0 when that unresolved symbol should have been removed when module-1 was unloaded:

...
rtl: unresolv: global resolve
rtl: unresolv: lookup: 1: module0Function0
rtl: unresolv: found: module0Function0

Attachments (2)

module-1.c (615 bytes) - added by Kevin Gordon on Oct 15, 2017 at 1:48:14 PM.
module-0.c (373 bytes) - added by Kevin Gordon on Oct 15, 2017 at 1:48:26 PM.

Download all attachments as: .zip

Change History (4)

Changed on Oct 15, 2017 at 1:48:14 PM by Kevin Gordon

Attachment: module-1.c added

Changed on Oct 15, 2017 at 1:48:26 PM by Kevin Gordon

Attachment: module-0.c added

comment:1 Changed on Feb 5, 2018 at 4:42:53 AM by Chris Johns

Milestone: 4.11.3Indefinite

Requires funding.

comment:2 Changed on Nov 22, 2018 at 2:17:35 AM by Chris Johns <chrisj@…>

In 8e7c72a7/rtems:

libdl: Reindex unresolved names after removing used records.

Updates #3194

Note: See TracTickets for help on using tickets.