Maps Dlclose can';如果使用link-static libstdc+创建一个空dso,则无法工作+; 我想用C++支持编译/链接整个STDLBC+到一个SO到独立。因此,我创建了一个空的So文件,其中只包含declareextern“C”void*\uu dso\u handle=0,并导出所有与之链接的符号 -Wl,--whole-archive -Wl,-Bstatic stdc++
并设置链接标志Maps Dlclose can';如果使用link-static libstdc+创建一个空dso,则无法工作+; 我想用C++支持编译/链接整个STDLBC+到一个SO到独立。因此,我创建了一个空的So文件,其中只包含declareextern“C”void*\uu dso\u handle=0,并导出所有与之链接的符号 -Wl,--whole-archive -Wl,-Bstatic stdc++,maps,shared-libraries,gold-linker,Maps,Shared Libraries,Gold Linker,并设置链接标志-nostdlib一切正常,除了调用dlclose()无法将其从内存中取消映射,甚至在dlopen()之后立即调用dlclose()。当我使用命令cat/proc/pid/maps时,它仍然存在 然后我使用LD_DEBUG=binding加载dso文件。我发现它有很多符号绑定到libc.so.6,libstdc++.so.6。我猜当系统将dso文件加载到内存中时,它会将默认函数指针指向dso函数,该函数将stdc+静态链接到dso文件中 我的问题是:是否可以通过dlclose()从
-nostdlib
一切正常,除了调用dlclose()
无法将其从内存中取消映射,甚至在dlopen()
之后立即调用dlclose()
。当我使用命令cat/proc/pid/maps时,它仍然存在
然后我使用LD_DEBUG=binding
加载dso文件。我发现它有很多符号绑定到libc.so.6
,libstdc++.so.6
。我猜当系统将dso文件加载到内存中时,它会将默认函数指针指向dso函数,该函数将stdc+静态链接到dso文件中
我的问题是:是否可以通过dlclose()
从内存中取消映射dso文件?可能系统不支持将函数指针重新绑定到默认地址,因此无法支持通过dlclose()
从内存中卸载库。我说得对吗?或者我能做什么
我还尝试不使用-nostlib
并删除代码extern“C”void*\uu dso\u handle=0
,因此so完全为空,但仍然无法使用dlclose
将其从内存中卸载。我现在不知道
2018年4月25日更新
现在使用gold和-Wl,没有GNUunique可以成功地从内存中卸载库,但在调用dlclose后退出时会导致应用程序崩溃。堆栈如下所示:
#0 0x00007ffff0245bf0 in ?? ()
#1 0x00007ffff70e8a69 in __run_exit_handlers () from /lib64/libc.so.6
#2 0x00007ffff70e8ab5 in exit () from /lib64/libc.so.6
#3 0x00007ffff70d1c0c in __libc_start_main () from /lib64/libc.so.6
#4 0x000000000047a1e5 in _start ()
不知道为什么。我将使用–禁用GNU唯一对象以重试重建GCC。
我做了一个回购样本来复制这个问题
崩溃也存在于使用–禁用GNU unique对象重建的GCC中,即使不使用gold和-Wl,也没有GNU unique来编译和链接它
2018年4月26日更新
. 如果您感兴趣,请查看我的repo,其中包含崩溃和修复的dso项目的源代码,您可以复制和比较更改以及有关编译器和所用链接器选项的修复细节。如果出现任何新问题,将保持更新。在
最后非常感谢@yugr:)
添加一个新的从Chrome提取的工具,看起来是线程安全的,把它放在这里作为备份解决方案。不知道哪一个是最好的
/* $OpenBSD: atexit.c,v 1.14 2007/09/05 20:47:47 chl Exp $ */
/*
* Copyright (c) 2002 Daniel Hartmeier
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <sys/cdefs.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <pthread.h>
extern "C"
{
static pthread_mutex_t gAtExitLock = PTHREAD_MUTEX_INITIALIZER;
void _thread_atexit_lock( void )
{
pthread_mutex_lock( &gAtExitLock );
}
void _thread_atexit_unlock( void )
{
pthread_mutex_unlock( &gAtExitLock );
}
#define _ATEXIT_LOCK() _thread_atexit_lock()
#define _ATEXIT_UNLOCK() _thread_atexit_unlock()
struct atexit {
struct atexit *next; /* next in list */
int ind; /* next index in this table */
int max; /* max entries >= ATEXIT_SIZE */
struct atexit_fn {
void (*cxa_func)(void *);
void *fn_arg; /* argument for CXA callback */
void *fn_dso; /* shared module handle */
} fns[1]; /* the table itself */
};
void *__dso_handle = 0;
struct atexit *__atexit;
/*
* TODO: Read this before upstreaming:
*
* As of Apr 2014 there is a bug regaring function type detection logic in
* Free/Open/NetBSD implementations of __cxa_finalize().
*
* What it is about:
* First of all there are two kind of atexit handlers:
* 1) void handler(void) - this is the regular type
* available for to user via atexit(.) function call.
*
* 2) void internal_handler(void*) - this is the type
* __cxa_atexit() function expects. This handler is used
* by C++ compiler to register static destructor calls.
* Note that calling this function as the handler of type (1)
* results in incorrect this pointer in static d-tors.
*
* What is wrong with BSD implementations:
*
* They use dso argument to identify the handler type. The problem
* with it is dso is also used to identify the handlers associated
* with particular dynamic library and allow __cxa_finalize to call correct
* set of functions on dlclose(). And it cannot identify both.
*
* What is correct way to identify function type?
*
* Consider this:
* 1. __cxa_finalize and __cxa_atexit are part of libc and do not have access to hidden
* &__dso_handle.
* 2. __cxa_atexit has only 3 arguments: function pointer, function argument, dso.
* none of them can be reliably used to pass information about handler type.
* 3. following http://www.codesourcery.com/cxx-abi/abi.html#dso-dtor (3.3.5.3 - B)
* translation of user atexit -> __cxa_atexit(f, NULL, NULL) results in crashes
* on exit() after dlclose() of a library with an atexit() call.
*
* One way to resolve this is to always call second form of handler, which will
* result in storing unused argument in register/stack depending on architecture
* and should not present any problems.
*
* Another way is to make them dso-local in one way or the other.
*/
/*
* Function pointers are stored in a linked list of pages. The list
* is initially empty, and pages are allocated on demand. The first
* function pointer in the first allocated page (the last one in
* the linked list) was reserved for the cleanup function.
*
* Outside the following functions, all pages are mprotect()'ed
* to prevent unintentional/malicious corruption.
*/
/*
* Register a function to be performed at exit or when a shared object
* with the given dso handle is unloaded dynamically. Also used as
* the backend for atexit(). For more info on this API, see:
*
* http://www.codesourcery.com/cxx-abi/abi.html#dso-dtor
*/
int
__cxa_atexit(void (*func)(void *), void *arg, void *dso)
{
struct atexit *p = __atexit;
struct atexit::atexit_fn *fnp;
size_t pgsize = getpagesize();
int ret = -1;
if (pgsize < sizeof(*p))
return (-1);
_ATEXIT_LOCK();
p = __atexit;
if (p != NULL) {
if (p->ind + 1 >= p->max)
p = NULL;
else if (mprotect(p, pgsize, PROT_READ | PROT_WRITE))
goto unlock;
}
if (p == NULL) {
p = (struct atexit *)mmap(NULL, pgsize, PROT_READ | PROT_WRITE,
MAP_ANON | MAP_PRIVATE, -1, 0);
if (p == MAP_FAILED)
goto unlock;
if (__atexit == NULL) {
memset(&p->fns[0], 0, sizeof(p->fns[0]));
p->ind = 1;
} else
p->ind = 0;
p->max = (pgsize - ((char *)&p->fns[0] - (char *)p)) /
sizeof(p->fns[0]);
p->next = __atexit;
__atexit = p;
}
fnp = &p->fns[p->ind++];
fnp->cxa_func = func;
fnp->fn_arg = arg;
fnp->fn_dso = dso;
if (mprotect(p, pgsize, PROT_READ))
goto unlock;
ret = 0;
unlock:
_ATEXIT_UNLOCK();
return (ret);
}
/*
* Call all handlers registered with __cxa_atexit() for the shared
* object owning 'dso'.
* Note: if 'dso' is NULL, then all remaining handlers are called.
*/
void
__cxa_finalize(void *dso)
{
struct atexit *p, *q, *original_atexit;
struct atexit::atexit_fn fn;
int n, pgsize = getpagesize(), original_ind;
static int call_depth;
_ATEXIT_LOCK();
call_depth++;
p = original_atexit = __atexit;
n = original_ind = p != NULL ? p->ind : 0;
while (p != NULL) {
if (p->fns[n].cxa_func != NULL /* not called */
&& (dso == NULL || dso == p->fns[n].fn_dso)) { /* correct DSO */
/*
* Mark handler as having been already called to avoid
* dupes and loops, then call the appropriate function.
*/
fn = p->fns[n];
if (mprotect(p, pgsize, PROT_READ | PROT_WRITE) == 0) {
p->fns[n].cxa_func = NULL;
mprotect(p, pgsize, PROT_READ);
}
_ATEXIT_UNLOCK();
(*fn.cxa_func)(fn.fn_arg);
_ATEXIT_LOCK();
// check for new atexit handlers
if ((__atexit->ind != original_ind) || (__atexit != original_atexit)) {
// need to restart now to preserve correct
// call order - LIFO
p = original_atexit = __atexit;
n = original_ind = p->ind;
continue;
}
}
if (n == 0) {
p = p->next;
n = p != NULL ? p->ind : 0;
} else {
--n;
}
}
--call_depth;
/*
* If called via exit(), unmap the pages since we have now run
* all the handlers. We defer this until calldepth == 0 so that
* we don't unmap things prematurely if called recursively.
*/
if (dso == NULL && call_depth == 0) {
for (p = __atexit; p != NULL; ) {
q = p;
p = p->next;
munmap(q, pgsize);
}
__atexit = NULL;
}
_ATEXIT_UNLOCK();
}
/*
* Register the cleanup function
*/
void
__atexit_register_cleanup(void (*func)(void))
{
struct atexit *p;
size_t pgsize = getpagesize();
if (pgsize < sizeof(*p))
return;
_ATEXIT_LOCK();
p = __atexit;
while (p != NULL && p->next != NULL)
p = p->next;
if (p == NULL) {
p = (struct atexit *)mmap(NULL, pgsize, PROT_READ | PROT_WRITE,
MAP_ANON | MAP_PRIVATE, -1, 0);
if (p == MAP_FAILED)
goto unlock;
p->ind = 1;
p->max = (pgsize - ((char *)&p->fns[0] - (char *)p)) /
sizeof(p->fns[0]);
p->next = NULL;
__atexit = p;
} else {
if (mprotect(p, pgsize, PROT_READ | PROT_WRITE))
goto unlock;
}
p->fns[0].cxa_func = (void (*)(void*))func;
p->fns[0].fn_arg = NULL;
p->fns[0].fn_dso = NULL;
mprotect(p, pgsize, PROT_READ);
unlock:
_ATEXIT_UNLOCK();
}
}
这适用于ld bfd
,但不适用于gold
。原因是gold为所有版本包装符号,因此对memcpy
的调用变成了对\uuuwrap\umemcpy
的调用,从而导致无限递归。有关更多详细信息,请参阅。但就我而言,即使我使用\uuuwrap\umemcpy
和\uuureal\umemcpy
它也不起作用,仍然会产生无限的安全感。最后通过memmove实现uu wrap_memcpy修复了它
#include <string.h>
#ifdef __cplusplus
extern "C" {
#endif
void *__wrap_memcpy(void *dest, const void *src, size_t n)
{
return memmove(dest, src, n);
}
#ifdef __cplusplus
}
#endif
#包括
#ifdef_uucplusplus
外部“C”{
#恩迪夫
空*\uuuuuu包装\uuMemcpy(空*目的地,常数空*src,大小)
{
返回memmove(dest、src、n);
}
#ifdef_uucplusplus
}
#恩迪夫
因此,它包含包装的memcpy
,并独立于stdc+库
静态链接stdc+库中的内存泄漏问题更详细的信息是。最可能的是libstdc++包含一些
STB\u GNU\u UNIQUE
符号,如果使用该符号,将阻止卸载包含的库(有关详细信息和示例,请参阅或)
根据您的用例,有几种方法可以解决此问题,例如
- 使用
编译以隐藏所有libstdc++符号,然后使用-fvisibility=hidden
手动注释必须从库中导出的符号(也可以使用链接器脚本,但这不允许编译器优化代码)\uuuu属性(可见性(“默认”))
- 使用gold并使用
-Wl,-no gnu unique编译
- 使用
,并将其用于编译库构建自定义GCC——禁用gnu唯一对象
-fvisibility=hidden
而不是版本脚本。它通常更简单,使用范围更广,并且允许编译器更好地优化代码。我尝试使用--version脚本,但无法导出以std::
开头的符号。脚本如下:{global:*basic_istream*;*basic_ostream*;std:*;*cxa*;local:*}
然后我尝试了-fvisibility=hidden
,但它仍然导出所有符号,无法从内存中卸载。@TQ.Liu我建议在问题中添加gcc命令,否则无法诊断。我使用cmake3构建项目。构建脚本是set(COMPILE_-PARAM-COMPILE_-FLAGS“${ARCH_-FLAGS}-fPIC-msse-msse2-msse3-Wl,-z,defs”)set(LINK_-PARAM-LINK_-FLAGS“${ARCH_-FLAGS}${LINK_-FLAGS}-nostlib-Wl,--no未定义的-Wl-version-script=${CMAKE_-CURRENT\u-SOURCE DIR/test.expmap”)
#include <string.h>
/* some systems do not have newest memcpy@@GLIBC_2.14 - stay with old good one */
asm (".symver memcpy, memcpy@GLIBC_2.2.5");
void *__wrap_memcpy(void *dest, const void *src, size_t n)
{
return memcpy(dest, src, n);
}
#include <string.h>
#ifdef __cplusplus
extern "C" {
#endif
void *__wrap_memcpy(void *dest, const void *src, size_t n)
{
return memmove(dest, src, n);
}
#ifdef __cplusplus
}
#endif