[RTEMS Project] #3194: RTL Infinite Loop Condition after dlopen() tries to resolve leftover external references

RTEMS trac trac at rtems.org
Sun Oct 15 13:46:29 UTC 2017 

#3194: RTL Infinite Loop Condition after dlopen() tries to resolve leftover
external references
--------------------------+--------------------------------
 Reporter:  Kevin Gordon  |      Owner:  (none)
     Type:  defect        |     Status:  new
 Priority:  normal        |  Milestone:  4.11.3
Component:  lib/dl        |    Version:  4.11
 Severity:  major         |   Keywords:  RTL dlclose dlopen
--------------------------+--------------------------------
 If a module is loaded via dlopen() with unresolved external reference(s)
 to both data and code and the module is subsequently unloaded via
 dlclose(), the next dlopen() of a different module will go into an
 infinite loop in rtems_rtl_chain_iterate() because the local variable
 "node" is NULL and there is no check for NULL, while trying to resolve an
 apparently left-over external reference from the first module.

 Architecture is sparc-leon3 using both the RTEMS 4.11.1 public release and
 rtems master @f043b9bd3bf25626fb1a311dd7fa041eacc68adc with rtems-source-
 builder @55f2d69e9b67cde23d61375fa34ef5b0f04a985d.

 This bug can be demonstrated by compiling the attached module-0.c and
 module-1.c files to ELF .o files, loading module-1.o first with dlopen(),
 unloading module-1 with dlclose(), and then loading module-0.o with
 dlopen().

 Note there is not an infinite loop condition in RTL if there are only
 unresolved external reference(s) to code, in this case module0Function0()
 from module-1, however there is a related error in RTL because there's an
 attempt to resolve the external references made to resources in module-1
 when module-0.o is loaded, even after module-1 is unloaded.

 It appears in general as though the external references to
 shared_resource_0[ ] and module0Function0() are **not** removed from RTL
 symbol resolution data structures.

 The related bug can be demonstrated by commenting-out the extern reference
 to shared_resource_0[ ] in module-1.c and the use of shared_resource_0[ ]
 in module1Function1(). After module-1.o is loaded and then unloaded, upon
 loading module-0.o a full RTL trace reveals resolution of module0function0
 when that unresolved symbol should have been removed when module-1 was
 unloaded:

 ...
 rtl: unresolv: global resolve
 rtl: unresolv: lookup: 1: module0Function0
 rtl: unresolv: found: module0Function0

--
Ticket URL: <http://devel.rtems.org/ticket/3194>
RTEMS Project <http://www.rtems.org/>
RTEMS Project

More information about the bugs mailing list