On Monday, June 06, 2011 13:00:50 Mike Frysinger wrote: > On Monday, June 06, 2011 04:51:29 Andreas Schwab wrote: > > Paweł Sikora writes: > > > git bisect shows first bad commit: > > > > > > 4bff6e0175ed195871f4e01cc4c4c33274b8f6e3 is the first bad commit > > > commit 4bff6e0175ed195871f4e01cc4c4c33274b8f6e3 > > > Author: Andreas Schwab > > > Date: Fri Feb 25 20:49:48 2011 -0500 > > > > > > Fix memory leak in dlopen with RTLD_NOLOAD. > > > > See and > > for the > > original, working patches. > > thanks, i'm seeing basically the same crash with the mpd server (music > daemon) in case it's helpful to someone else, this is the patch i'm using -mike partially revert 4bff6e0175ed195871f4e01cc4c4c33274b8f6e3 http://sourceware.org/ml/libc-alpha/2011-06/msg00006.html --- a/elf/dl-libc.c +++ b/elf/dl-libc.c @@ -279,6 +279,10 @@ libc_freeres_fn (free_mem) if (! old->dont_free) free (old); } + + /* Free the initfini dependency list. */ + if (l->l_free_initfini) + free (l->l_initfini); } if (__builtin_expect (GL(dl_ns)[ns]._ns_global_scope_alloc, 0) != 0 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2240,6 +2240,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", lnp->dont_free = 1; lnp = lnp->next; } + l->l_free_initfini = 0; if (l != &GL(dl_rtld_map)) _dl_relocate_object (l, l->l_scope, GLRO(dl_lazy) ? RTLD_LAZY : 0, --- a/elf/dl-close.c +++ b/elf/dl-close.c @@ -119,17 +119,8 @@ _dl_close_worker (struct link_map *map) if (map->l_direct_opencount > 0 || map->l_type != lt_loaded || dl_close_state != not_pending) { - if (map->l_direct_opencount == 0) - { - if (map->l_type == lt_loaded) - dl_close_state = rerun; - else if (map->l_type == lt_library) - { - struct link_map **oldp = map->l_initfini; - map->l_initfini = map->l_orig_initfini; - _dl_scope_free (oldp); - } - } + if (map->l_direct_opencount == 0 && map->l_type == lt_loaded) + dl_close_state = rerun; /* There are still references to this object. Do nothing more. */ if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0)) --- a/elf/dl-deps.c +++ b/elf/dl-deps.c @@ -478,6 +478,7 @@ _dl_map_object_deps (struct link_map *map, nneeded * sizeof needed[0]); atomic_write_barrier (); l->l_initfini = l_initfini; + l->l_free_initfini = 1; } /* If we have no auxiliary objects just go on to the next map. */ @@ -662,6 +663,7 @@ Filters not supported with LD_TRACE_PRELINKING")); l_initfini[nlist] = NULL; atomic_write_barrier (); map->l_initfini = l_initfini; + map->l_free_initfini = 1; if (l_reldeps != NULL) { atomic_write_barrier ();diff --git a/include/link.h b/include/link.h @@ -686,5 +686,5 @@ Filters not supported with LD_TRACE_PRELINKING")); _dl_scope_free (old_l_reldeps); } if (old_l_initfini != NULL) - map->l_orig_initfini = old_l_initfini; + _dl_scope_free (old_l_initfini); --- a/include/link.h +++ b/include/link.h @@ -192,6 +192,9 @@ struct link_map during LD_TRACE_PRELINKING=1 contains any DT_SYMBOLIC libraries. */ + unsigned int l_free_initfini:1; /* Nonzero if l_initfini can be + freed, ie. not allocated with + the dummy malloc in ld.so. */ /* Collected information about own RPATH directories. */ struct r_search_path_struct l_rpath_dirs; @@ -240,9 +240,6 @@ struct link_map /* List of object in order of the init and fini calls. */ struct link_map **l_initfini; - /* The init and fini list generated at startup, saved when the - object is also loaded dynamically. */ - struct link_map **l_orig_initfini; /* List of the dependencies introduced through symbol binding. */ struct link_map_reldeps