Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id 9E2BD3E626; Wed, 16 May 2012 20:41:59 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id q4H0fxYP026250; Wed, 16 May 2012 20:41:59 -0400 Received: from mailhub-dmz-3.mit.edu (MAILHUB-DMZ-3.MIT.EDU [18.9.21.42]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id q4H0fwHE026247 for ; Wed, 16 May 2012 20:41:58 -0400 Received: from dmz-mailsec-scanner-2.mit.edu (DMZ-MAILSEC-SCANNER-2.MIT.EDU [18.9.25.13]) by mailhub-dmz-3.mit.edu (8.13.8/8.9.2) with ESMTP id q4H0er0j029987; Wed, 16 May 2012 20:41:57 -0400 X-Auditid: 1209190d-b7fbf6d0000008ba-64-4fb4495591b7 Authentication-Results: symauth.service.identifier Received: from permutation-city.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 09.02.02234.55944BF4; Wed, 16 May 2012 20:41:57 -0400 (EDT) Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 0268C20464; Wed, 16 May 2012 20:37:39 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 6694844B1; Wed, 16 May 2012 20:41:37 -0400 (EDT) From: Sam Hartman To: krb5-bugs@MIT.EDU Subject: gssapi mechanism glue dlcloses objects potentially after they are already unloaded Date: Wed, 16 May 2012 20:41:37 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrJIsWRWlGSWpSXmKPExsXiKnlERjfUc4u/wfrDJhbH531itWh4eJzd gcmj6cxR5gDGKC6blNSczLLUIn27BK6Mo31r2Qom8Fb86D3F1MB4m6uLkZNDQsBE4sbT2Wwg NqOAkcTuc69YIeJiEhfurQeKc3EICbxglDj9aRIThLObSeLW0gNgHUICdRKbP39gAbHZBNQl Fv25DhYXERCVePn3GFicWUBE4vCbB8wgtrBAtMSn+43sIDaLgKrEs9+9jCA2L5B97eA0Zghb UOLkzCdQvVoSN/69ZJrAyDcLSWoWktQCRqZVjLIpuVW6uYmZOcWpybrFyYl5ealFukZ6uZkl eqkppZsYgWElxCnJu4Px3UGlQ4wCHIxKPLwBpzb7C7EmlhVX5h5ilORgUhLl3eW+xV+ILyk/ pTIjsTgjvqg0J7X4EKMEB7OSCG+ULFCONyWxsiq1KB8mJc3BoiTOq6r1zk9IID2xJDU7NbUg tQgmy8TBfohRhoNDSYJ3lwdQt2BRanpqRVpmTgmyGk4QwQWyhgdozWyQQt7igsTc4sx0iKJT jLocBz8tusYoxJKXn5cqJc67HKRIAKQoozQPbhgsRVxilJUS5mVkYGAQ4gG6BhgIqPKvGMWB ASDMOx9kCk9mXgncpldARzABHVGWuwnkiJJEhJRUA2PpufROo/2m8i+OaVa1rFm9+YR1v1H8 qcM64iILed2nKtp5u/LvKn//9MBV3cXyFqGn/snWXly8rc70TJS09X4Gox1p3JJ5MeklG5Mv pnUoWl+ZFM/c1+rz+kczl/qiZ17rfOZcscpkVfHYUanuYSeYZCtucqH4+QpRVZniYzGb3iYZ st+frMRSnJFoqMVcVJwIACoJzEUMAwAA CC: hartmans@MIT.EDU X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu X-RT-Original-Encoding: us-ascii Content-Length: 1643 moonshot has consistently gotten a linker error on Linux at process exit time. I traced it with a debugger today and figured out what seems to be going on. exit calls the library finalization functions for loaded libraries. That calls gssint_mechglue_fini. If PROGRAM_EXITING() returns false (which it always does) that calls freeMechList() which indirectly calls dlclose on loaded objects. Unfortunately, moonshot depends circularly on libgssapi_krb5. The linker chooses to break this dependency by finalizing moonshot first. Then when we call dlclose, we get: Inconsistency detected by ld.so: dl-close.c: 743: _dl_close: Assertion `map->l_i nit_called' failed! This is arguably a linker bug. A few observations: 1) It would be nice to have a better definition of PROGRAM_EXITING for glibc platforms. 2) There are reasonably good reasons for GSS mechanisms to call into libgssapi_krb5 even though they are loaded by it. Finally, I suspect that gssint_mechglue_fini may tend to be useless if a mechanism that calls into the mechglue is loaded. Consider what happens. The cases where fini matters is where the gss library would like to be unloaded. So, an application dlopens a plugin that loads gssapi_krb5. That eventually opens moonshot, which creates a second reference to libgssapi_krb5. The application dlcloses the plugin, removing one reference to libgssapi_krb5. The linker really needs to garbage collect or otherwise walk the graph in order to determine that it can get rid of the moonshot-gssapi subgraph. So on Linux, it looks a lot like this code crashes at process exit and is likely to be useless otherwise.