Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-02 00:57:06 +08:00
|
|
|
/*
|
2013-07-30 03:06:27 +08:00
|
|
|
* Copyright (C) 2011, 2013 Red Hat, Inc.
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-02 00:57:06 +08:00
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
2012-09-21 06:30:55 +08:00
|
|
|
* License along with this library. If not, see
|
2012-07-21 18:06:23 +08:00
|
|
|
* <http://www.gnu.org/licenses/>.
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-02 00:57:06 +08:00
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* When libvirt initializes, it creates a thread local for storing
|
|
|
|
* the last virErrorPtr instance. It also registers a cleanup
|
|
|
|
* callback for the thread local that will be invoked whenever
|
|
|
|
* a thread exits.
|
|
|
|
*
|
|
|
|
* If the libvirt.so library was dlopen()'d and is dlclose()'d
|
|
|
|
* while there is still a thread present, then when that thread
|
|
|
|
* later exits, the libvirt cleanup callback will be invoked.
|
|
|
|
* Unfortunately libvirt.so will no longer be in memory so the
|
|
|
|
* callback SEGVs (if you're lucky), or invokes unlreated
|
|
|
|
* code at the same address as the old callback (if you're
|
|
|
|
* unlucky).
|
|
|
|
*
|
|
|
|
* To fix the problem libvirt is linked '-z nodelete' which
|
|
|
|
* prevents the code being removed from memory at dlclose().
|
|
|
|
*
|
|
|
|
* This test case demonstrates this SEGV scenario. If this
|
|
|
|
* test does not SEGV, then the '-z nodelete' fix is working
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
2013-07-30 03:06:27 +08:00
|
|
|
#define NO_LIBVIRT /* This file intentionally does not link to libvirt */
|
2013-04-16 21:41:44 +08:00
|
|
|
#include "testutils.h"
|
|
|
|
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-02 00:57:06 +08:00
|
|
|
#ifdef linux
|
|
|
|
|
|
|
|
# include <dlfcn.h>
|
|
|
|
# include <pthread.h>
|
|
|
|
# include <stdbool.h>
|
|
|
|
# include <stdio.h>
|
|
|
|
# include <unistd.h>
|
|
|
|
# include <signal.h>
|
|
|
|
|
|
|
|
# include "internal.h"
|
|
|
|
|
|
|
|
pthread_cond_t cond = PTHREAD_COND_INITIALIZER;
|
|
|
|
pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
|
|
|
|
bool running = false;
|
2013-05-16 21:50:58 +08:00
|
|
|
bool failstart = false;
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-02 00:57:06 +08:00
|
|
|
bool quit = false;
|
|
|
|
|
|
|
|
static void *threadMain(void *arg)
|
|
|
|
{
|
2013-05-16 21:50:58 +08:00
|
|
|
int (*startup)(void) = arg;
|
|
|
|
|
|
|
|
if (startup() < 0) {
|
|
|
|
pthread_mutex_lock(&lock);
|
|
|
|
failstart = true;
|
|
|
|
pthread_cond_signal(&cond);
|
|
|
|
} else {
|
|
|
|
pthread_mutex_lock(&lock);
|
|
|
|
running = true;
|
|
|
|
pthread_cond_signal(&cond);
|
|
|
|
}
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-02 00:57:06 +08:00
|
|
|
|
2014-11-13 22:20:43 +08:00
|
|
|
while (!quit)
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-02 00:57:06 +08:00
|
|
|
pthread_cond_wait(&cond, &lock);
|
|
|
|
pthread_mutex_unlock(&lock);
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void sigHandler(int sig)
|
|
|
|
{
|
|
|
|
ignore_value(write(STDERR_FILENO, "FAIL\n", 5));
|
|
|
|
signal(sig, SIG_DFL);
|
|
|
|
raise(sig);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* We're not using the testutils.c main() wrapper because
|
|
|
|
* we don't want 'shunloadtest' itself to link against
|
|
|
|
* libvirt.so. We need to test dlopen()'ing of libvirt.so
|
|
|
|
*/
|
|
|
|
int main(int argc ATTRIBUTE_UNUSED, char **argv)
|
|
|
|
{
|
|
|
|
void (*startup)(void);
|
|
|
|
pthread_t t;
|
|
|
|
void *lib;
|
|
|
|
char *theprogname;
|
|
|
|
|
|
|
|
theprogname = argv[0];
|
|
|
|
if (STRPREFIX(theprogname, "./"))
|
|
|
|
theprogname += 2;
|
|
|
|
|
|
|
|
fprintf(stderr, "TEST: %s\n", theprogname);
|
|
|
|
fprintf(stderr, " .%*s 1 ", 39, "");
|
|
|
|
signal(SIGSEGV, sigHandler);
|
|
|
|
|
2011-12-02 00:33:50 +08:00
|
|
|
if (!(lib = dlopen("./.libs/libshunload.so", RTLD_LAZY))) {
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-02 00:57:06 +08:00
|
|
|
fprintf(stderr, "Cannot load ./.libs/libshunload.so %s\n", dlerror());
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
if (!(startup = dlsym(lib, "shunloadStart"))) {
|
|
|
|
fprintf(stderr, "Cannot find shunloadStart %s\n", dlerror());
|
2014-08-28 18:20:57 +08:00
|
|
|
dlclose(lib);
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-02 00:57:06 +08:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Create a thread which is going to initialize libvirt
|
|
|
|
* and raise an error
|
|
|
|
*/
|
|
|
|
pthread_create(&t, NULL, threadMain, startup);
|
|
|
|
|
|
|
|
/* Wait for the thread to start and call libvirt */
|
|
|
|
pthread_mutex_lock(&lock);
|
2014-11-13 22:20:43 +08:00
|
|
|
while (!running && !failstart)
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-02 00:57:06 +08:00
|
|
|
pthread_cond_wait(&cond, &lock);
|
|
|
|
|
|
|
|
/* Close the shared library (and thus make libvirt.so
|
|
|
|
* non-resident */
|
|
|
|
dlclose(lib);
|
|
|
|
|
|
|
|
/* Tell the thread to quit */
|
|
|
|
quit = true;
|
|
|
|
pthread_cond_signal(&cond);
|
|
|
|
pthread_mutex_unlock(&lock);
|
|
|
|
|
|
|
|
pthread_join(t, NULL);
|
|
|
|
|
|
|
|
/* If we got to here the thread successfully exited without
|
|
|
|
* causing a SEGV !
|
|
|
|
*/
|
|
|
|
|
2013-05-16 21:50:58 +08:00
|
|
|
if (failstart)
|
|
|
|
fprintf(stderr, "FAIL to initialize libvirt\n");
|
|
|
|
else
|
|
|
|
fprintf(stderr, "OK\n");
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-02 00:57:06 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
int main(void)
|
|
|
|
{
|
|
|
|
return EXIT_AM_SKIP;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|