svn commit: r310422 - head/libexec/rtld-elf

[Mark Johnston]

Author: markj
Date: Thu Dec 22 17:44:27 2016
New Revision: 310422
URL: https://svnweb.freebsd.org/changeset/base/310422

Log:
  rtld: Fix a couple of bugs around the unloading of ELF filters.
  
  - Pass the correct object to unload_filtees().
  - Use a marker to restart iteration after unload_filtees() has returned.
    It calls dlclose() and may recursively remove entries from the global
    object list, so TAILQ_FOREACH_SAFE is not sufficient.
  
  Reviewed by:	kib
  MFC after:	2 weeks
  Sponsored by:	Dell EMC Isilon

Modified:
  head/libexec/rtld-elf/rtld.c

Modified: head/libexec/rtld-elf/rtld.c
==============================================================================
--- head/libexec/rtld-elf/rtld.c	Thu Dec 22 17:41:32 2016	(r310421)
+++ head/libexec/rtld-elf/rtld.c	Thu Dec 22 17:44:27 2016	(r310422)
@@ -90,6 +90,7 @@ static const char *gethints(bool);
 static void hold_object(Obj_Entry *);
 static void unhold_object(Obj_Entry *);
 static void init_dag(Obj_Entry *);
+static void init_marker(Obj_Entry *);
 static void init_pagesizes(Elf_Auxinfo **aux_info);
 static void init_rtld(caddr_t, Elf_Auxinfo **);
 static void initlist_add_neededs(Needed_Entry *, Objlist *);
@@ -1829,6 +1830,14 @@ init_dag(Obj_Entry *root)
     root->dag_inited = true;
 }
 
+static void
+init_marker(Obj_Entry *marker)
+{
+
+	bzero(marker, sizeof(*marker));
+	marker->marker = true;
+}
+
 Obj_Entry *
 globallist_curr(const Obj_Entry *obj)
 {
@@ -3566,8 +3575,7 @@ dl_iterate_phdr(__dl_iterate_hdr_callbac
 	RtldLockState bind_lockstate, phdr_lockstate;
 	int error;
 
-	bzero(&marker, sizeof(marker));
-	marker.marker = true;
+	init_marker(&marker);
 	error = 0;
 
 	wlock_acquire(rtld_phdr_lock, &phdr_lockstate);
@@ -4419,7 +4427,7 @@ trace_loaded_objects(Obj_Entry *obj)
 static void
 unload_object(Obj_Entry *root)
 {
-	Obj_Entry *obj, *obj1;
+	Obj_Entry marker, *obj, *next;
 
 	assert(root->refcount == 0);
 
@@ -4430,7 +4438,8 @@ unload_object(Obj_Entry *root)
 	unlink_object(root);
 
 	/* Unmap all objects that are no longer referenced. */
-	TAILQ_FOREACH_SAFE(obj, &obj_list, next, obj1) {
+	for (obj = TAILQ_FIRST(&obj_list); obj != NULL; obj = next) {
+		next = TAILQ_NEXT(obj, next);
 		if (obj->marker || obj->refcount != 0)
 			continue;
 		LD_UTRACE(UTRACE_UNLOAD_OBJECT, obj, obj->mapbase,
@@ -4444,7 +4453,16 @@ unload_object(Obj_Entry *root)
 		TAILQ_REMOVE(&obj_list, obj, next);
 		obj_count--;
 
-		unload_filtees(root);
+		if (obj->filtees_loaded) {
+			if (next != NULL) {
+				init_marker(&marker);
+				TAILQ_INSERT_BEFORE(next, &marker, next);
+				unload_filtees(obj);
+				next = TAILQ_NEXT(&marker, next);
+				TAILQ_REMOVE(&obj_list, &marker, next);
+			} else
+				unload_filtees(obj);
+		}
 		release_object(obj);
 	}
 }