Remove all loaded objects if dlopen fails, ignoring NODELETE [BZ #20839]

This introduces a “pending NODELETE” state in the link map, which is
flipped to the persistent NODELETE state late in dlopen, via
activate_nodelete.    During initial relocation, symbol binding
records pending NODELETE state only.  dlclose ignores pending NODELETE
state.  Taken together, this results that a partially completed dlopen
is rolled back completely because new NODELETE mappings are unloaded.

Tested on x86_64-linux-gnu and i386-linux-gnu.

Change-Id: Ib2a3d86af6f92d75baca65431d74783ee0dbc292

1 files changed, 20 insertions, 0 deletions

diff --git a/include/link.h b/include/link.h
index be52b97370..2e771e433a 100644
--- a/include/link.h
+++ b/include/link.h
@@ -79,6 +79,21 @@ struct r_search_path_struct
     int malloced;
   };
 
+/* Type used by the l_nodelete member.  */
+enum link_map_nodelete
+{
+ /* This link map can be deallocated.  */
+ link_map_nodelete_inactive = 0, /* Zero-initialized in _dl_new_object.  */
+
+ /* This link map cannot be deallocated.  */
+ link_map_nodelete_active,
+
+ /* This link map cannot be deallocated after dlopen has succeded.
+    dlopen turns this into link_map_nodelete_active.  dlclose treats
+    this intermediate state as link_map_nodelete_active.  */
+ link_map_nodelete_pending,
+};
+
 
 /* Structure describing a loaded shared object.  The `l_next' and `l_prev'
    members form a chain of all the shared objects loaded at startup.
@@ -203,6 +218,11 @@ struct link_map
 				       freed, ie. not allocated with
 				       the dummy malloc in ld.so.  */
 
+    /* Actually of type enum link_map_nodelete.  Separate byte due to
+       a read in add_dependency in elf/dl-lookup.c outside the loader
+       lock.  Only valid for l_type == lt_loaded.  */
+    unsigned char l_nodelete;
+
 #include <link_map.h>
 
     /* Collected information about own RPATH directories.  */