diff options
| author | Bryan Drewery <bdrewery@FreeBSD.org> | 2016-12-13 18:05:14 +0000 |
|---|---|---|
| committer | Bryan Drewery <bdrewery@FreeBSD.org> | 2016-12-13 18:05:14 +0000 |
| commit | 9d9b69b3732314d3900c104cd1d1bc54c2d057a7 (patch) | |
| tree | 922dabb9d0f630dd93d42df62870eeb2ae911ee4 | |
| parent | 37472174e03c5d89b5b788a8b8f8a0b9b78728f5 (diff) | |
| download | src-9d9b69b3732314d3900c104cd1d1bc54c2d057a7.tar.gz src-9d9b69b3732314d3900c104cd1d1bc54c2d057a7.zip | |
Take write lock for rtld_bind before modifying obj_list in dl_iterate_phdr().
This avoids a race with readers such as dladdr(3)/dlinfo(3)/dlsym(3) and
the atexit(3) handler. This race was introduced in r294373.
Reviewed by: markj, kib, kan
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
Notes
Notes:
svn path=/head/; revision=310025
| -rw-r--r-- | libexec/rtld-elf/rtld.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c index ce152f8157ff..ec33d87888d7 100644 --- a/libexec/rtld-elf/rtld.c +++ b/libexec/rtld-elf/rtld.c @@ -3549,7 +3549,7 @@ dl_iterate_phdr(__dl_iterate_hdr_callback callback, void *param) error = 0; wlock_acquire(rtld_phdr_lock, &phdr_lockstate); - rlock_acquire(rtld_bind_lock, &bind_lockstate); + wlock_acquire(rtld_bind_lock, &bind_lockstate); for (obj = globallist_curr(TAILQ_FIRST(&obj_list)); obj != NULL;) { TAILQ_INSERT_AFTER(&obj_list, obj, &marker, next); rtld_fill_dl_phdr_info(obj, &phdr_info); @@ -3557,7 +3557,7 @@ dl_iterate_phdr(__dl_iterate_hdr_callback callback, void *param) error = callback(&phdr_info, sizeof phdr_info, param); - rlock_acquire(rtld_bind_lock, &bind_lockstate); + wlock_acquire(rtld_bind_lock, &bind_lockstate); obj = globallist_next(&marker); TAILQ_REMOVE(&obj_list, &marker, next); if (error != 0) { |