From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=5.0 tests=MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RDNS_NONE,
	SPF_PASS autolearn=ham autolearn_force=no version=3.4.2
Received: (qmail 14581 invoked from network); 23 Mar 2020 16:38:44 -0000
Received-SPF:  pass (mother.openwall.net: domain of lists.openwall.com
  designates 195.42.179.200 as permitted sender)
  receiver=inbox.vuxu.org; client-ip=195.42.179.200
  envelope-from=<musl-return-15603-ml=inbox.vuxu.org@lists.openwall.com>
Received: from unknown (HELO mother.openwall.net) (195.42.179.200)
  by inbox.vuxu.org with ESMTP; 23 Mar 2020 16:38:44 -0000
Received: (qmail 27939 invoked by uid 550); 23 Mar 2020 16:38:41 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 27921 invoked from network); 23 Mar 2020 16:38:40 -0000
Date: Mon, 23 Mar 2020 12:38:29 -0400
From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Message-ID: <20200323163829.GR11469@brightrain.aerifal.cx>
References: <CALqoRwx+6LKnB_K-wvFhYTv=pzEYJL31AmraL9jC4wJSobeDiw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CALqoRwx+6LKnB_K-wvFhYTv=pzEYJL31AmraL9jC4wJSobeDiw@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [musl] [Bug] Do not ignore membarrier return code

On Mon, Mar 23, 2020 at 05:10:40PM +0100, Julio Guerra wrote:
> Hello,
> 
> The implementation of dlopen() uses membarrier() (
> https://git.musl-libc.org/cgit/musl/tree/ldso/dynlink.c#n1579) while
> currently forbidden by the default docker seccomp profile.
> 
> I perfectly understand that it's on docker's end and I suggested them to
> add it in this PR <https://github.com/moby/moby/pull/40731> but such a
> critical syscall shouldn't be silently ignored. And it for example leads to
> random segfaults on nodejs. I also saw opened qemu issues related to
> membarrier + alpine.
> 
> dlopen() should therefore fail when membarrier fails (ie. in this case
> when __membarrier(MEMBARRIER_CMD_PRIVATE_EXPEDITED,
> 0) != 0).

At that point it's past the point where failure is possible; making it
possible would be rather nontrivial. But you missed that it can't
fail. musl has a very heavy fallback implemementation for the case
where it's not implemented or somehow fails; see
src/linux/membarrier.c.

However, the reason you're seeing the failure is something of a bug in
musl -- registration of intent to use membarrier is only done on first
pthread_create. That's okay because it's only needed at all if the
process is multithreaded. However, dlopen is calling it
unconditionally even if the process is not multithreaded, and thereby
getting a spurious failure since it wasn't registered yet. It should
just be fixed not to make the fall if it's not multithreaded.

Rich