commit 1e1ecea62e899acb58c3fdf3b320a0833ddd0dff

Author: H.J. Lu <hjl.tools@gmail.com>

Date:   Thu Sep 30 10:29:17 2021 -0700

    elf: Replace nsid with args.nsid [BZ #27609]

    commit ec935dea6332cb22f9881cd1162bad156173f4b0

    Author: Florian Weimer <fweimer@redhat.com>

    Date:   Fri Apr 24 22:31:15 2020 +0200

        elf: Implement __libc_early_init

    has

    @@ -856,6 +876,11 @@ no more namespaces available for dlmopen()"));

       /* See if an error occurred during loading.  */

       if (__glibc_unlikely (exception.errstring != NULL))

         {

    +      /* Avoid keeping around a dangling reference to the libc.so link

    +   map in case it has been cached in libc_map.  */

    +      if (!args.libc_already_loaded)

    +  GL(dl_ns)[nsid].libc_map = NULL;

    +

    do_dlopen calls _dl_open with nsid == __LM_ID_CALLER (-2), which calls

    dl_open_worker with args.nsid = nsid.  dl_open_worker updates args.nsid

    if it is __LM_ID_CALLER.  After dl_open_worker returns, it is wrong to

    use nsid.

    Replace nsid with args.nsid after dl_open_worker returns.  This fixes

    BZ #27609.

diff --git a/elf/dl-open.c b/elf/dl-open.c

index 661a2172d1789b26..b5a4da04907d8d29 100644

--- a/elf/dl-open.c

+++ b/elf/dl-open.c

@@ -916,7 +916,7 @@ no more namespaces available for dlmopen()"));

       /* Avoid keeping around a dangling reference to the libc.so link

 	 map in case it has been cached in libc_map.  */

       if (!args.libc_already_loaded)

-	GL(dl_ns)[nsid].libc_map = NULL;

+	GL(dl_ns)[args.nsid].libc_map = NULL;

       /* Remove the object from memory.  It may be in an inconsistent

 	 state if relocation failed, for example.  */