d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Take write lock for rtld_bind before modifying obj_list in dl_iterate_phdr().

Browse Source 
This avoids a race with readers such as dladdr(3)/dlinfo(3)/dlsym(3) and
the atexit(3) handler.  This race was introduced in r294373.

Reviewed by:	markj, kib, kan
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
This commit is contained in:
Bryan Drewery 2016-12-13 18:05:14 +00:00
parent 37472174e0
commit 9d9b69b373
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libexec/rtld-elf/rtld.c
View File

@ -3549,7 +3549,7 @@ dl_iterate_phdr(__dl_iterate_hdr_callback callback, void *param)
error = 0; error = 0;
wlock_acquire(rtld_phdr_lock, &phdr_lockstate); wlock_acquire(rtld_phdr_lock, &phdr_lockstate);
rlock_acquire(rtld_bind_lock, &bind_lockstate); wlock_acquire(rtld_bind_lock, &bind_lockstate);
for (obj = globallist_curr(TAILQ_FIRST(&obj_list)); obj != NULL;) { for (obj = globallist_curr(TAILQ_FIRST(&obj_list)); obj != NULL;) {
TAILQ_INSERT_AFTER(&obj_list, obj, &marker, next); TAILQ_INSERT_AFTER(&obj_list, obj, &marker, next);
rtld_fill_dl_phdr_info(obj, &phdr_info); rtld_fill_dl_phdr_info(obj, &phdr_info);
@ -3557,7 +3557,7 @@ dl_iterate_phdr(__dl_iterate_hdr_callback callback, void *param)
error = callback(&phdr_info, sizeof phdr_info, param); error = callback(&phdr_info, sizeof phdr_info, param);
rlock_acquire(rtld_bind_lock, &bind_lockstate); wlock_acquire(rtld_bind_lock, &bind_lockstate);
obj = globallist_next(&marker); obj = globallist_next(&marker);
TAILQ_REMOVE(&obj_list, &marker, next); TAILQ_REMOVE(&obj_list, &marker, next);
if (error != 0) { if (error != 0) {