Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 Mar 2020 12:38:29 -0400
From: Rich Felker <>
Subject: Re: [Bug] Do not ignore membarrier return code

On Mon, Mar 23, 2020 at 05:10:40PM +0100, Julio Guerra wrote:
> Hello,
> The implementation of dlopen() uses membarrier() (
> while
> currently forbidden by the default docker seccomp profile.
> I perfectly understand that it's on docker's end and I suggested them to
> add it in this PR <> but such a
> critical syscall shouldn't be silently ignored. And it for example leads to
> random segfaults on nodejs. I also saw opened qemu issues related to
> membarrier + alpine.
> dlopen() should therefore fail when membarrier fails (ie. in this case
> 0) != 0).

At that point it's past the point where failure is possible; making it
possible would be rather nontrivial. But you missed that it can't
fail. musl has a very heavy fallback implemementation for the case
where it's not implemented or somehow fails; see

However, the reason you're seeing the failure is something of a bug in
musl -- registration of intent to use membarrier is only done on first
pthread_create. That's okay because it's only needed at all if the
process is multithreaded. However, dlopen is calling it
unconditionally even if the process is not multithreaded, and thereby
getting a spurious failure since it wasn't registered yet. It should
just be fixed not to make the fall if it's not multithreaded.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.