Date: Mon, 23 Mar 2020 12:38:29 -0400 From: Rich Felker <dalias@...c.org> To: musl@...ts.openwall.com Subject: Re: [Bug] Do not ignore membarrier return code On Mon, Mar 23, 2020 at 05:10:40PM +0100, Julio Guerra wrote: > Hello, > > The implementation of dlopen() uses membarrier() ( > https://git.musl-libc.org/cgit/musl/tree/ldso/dynlink.c#n1579) while > currently forbidden by the default docker seccomp profile. > > I perfectly understand that it's on docker's end and I suggested them to > add it in this PR <https://github.com/moby/moby/pull/40731> but such a > critical syscall shouldn't be silently ignored. And it for example leads to > random segfaults on nodejs. I also saw opened qemu issues related to > membarrier + alpine. > > dlopen() should therefore fail when membarrier fails (ie. in this case > when __membarrier(MEMBARRIER_CMD_PRIVATE_EXPEDITED, > 0) != 0). At that point it's past the point where failure is possible; making it possible would be rather nontrivial. But you missed that it can't fail. musl has a very heavy fallback implemementation for the case where it's not implemented or somehow fails; see src/linux/membarrier.c. However, the reason you're seeing the failure is something of a bug in musl -- registration of intent to use membarrier is only done on first pthread_create. That's okay because it's only needed at all if the process is multithreaded. However, dlopen is calling it unconditionally even if the process is not multithreaded, and thereby getting a spurious failure since it wasn't registered yet. It should just be fixed not to make the fall if it's not multithreaded. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.