From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14260
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Radostin Stoyanov <rstoyanov1@gmail.com>
Newsgroups: gmane.linux.lib.musl.general
Subject: seccomp causes pthread_join() to hang
Date: Wed, 26 Jun 2019 00:18:05 +0100
Message-ID: <7e5cec16-6b96-c585-98d4-86cacafbd84e@gmail.com>
Reply-To: musl@lists.openwall.com
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="130315"; mail-complaints-to="usenet@blaine.gmane.org"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.2
Cc: dalias@aerifal.cx
To: musl@lists.openwall.com
Original-X-From: musl-return-14276-gllmg-musl=m.gmane.org@lists.openwall.com Wed Jun 26 01:18:25 2019
Return-path: <musl-return-14276-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.89)
	(envelope-from <musl-return-14276-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1hfuhh-000XhX-ER
	for gllmg-musl@m.gmane.org; Wed, 26 Jun 2019 01:18:21 +0200
Original-Received: (qmail 27837 invoked by uid 550); 25 Jun 2019 23:18:19 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 27803 invoked from network); 25 Jun 2019 23:18:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:subject:cc:message-id:date:user-agent:mime-version
         :content-transfer-encoding:content-language;
        bh=rUVvzVb2zwoKHms44cpb7jMnmxC+CT9MaHlyUJvMHk4=;
        b=arCawaE9OAoLT+VrHYxB4ubHYwRLtV8D+r0H7emWfVcWOxod9geVjjd/uqz0eDhgXL
         wsuweJ7d/eCxTlJw+VsYf6FSE/faIEZ7NaTC1V9xhSA3bjA3pf8VQiRrF/LfQqITce58
         aEOLQsniM4Hu2ic+lhDGMrd8RQ7lS6jmzR6H7vTmGuzaGAgmkeucGnorq49aXwRfTdpL
         FPownxs3YxXlbTiBxcG5bW3Zs8wVXx0MlQrGJ/Kxe+LiLkjUuhCJjvfNt1XNws2RBqun
         XCLrEqx4nGw2Bsjwaz7HdzeNYi+jh8lLeoYfYCWMmR2ZOnlHk1oN4ew3ICG1KDc+dPx8
         YvHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:subject:cc:message-id:date:user-agent
         :mime-version:content-transfer-encoding:content-language;
        bh=rUVvzVb2zwoKHms44cpb7jMnmxC+CT9MaHlyUJvMHk4=;
        b=Mb+1s+g47sI+utNrOzVwC7qsK3kiqI1MAJw40Kz79L/hQ6/Fi8YwSg69QYFy8BW3UC
         wz1aXC32R+JF+JPARVoLmB3QjcqYnI95Pdbf9Zowcp0EPyE2KxAtAQGG39wHlkxh3oYg
         4wO6b3xKZJF9qiKOvaWgm80hcTRjsfFpaWndAyQXLe1nKvGi439Sz+aas0J0OaEF5MkI
         9qqvbwnsP6SGOs5SQoKsnCVa4/Y6TlApYABvAp8z6hDl/W/dnXUiXWckGLd5LgUiuu1d
         8GlFqCY/cXBhz9zGESnI9/ETzqe3fQXEA4ZWi2cDLMYkE/Jj+UlhA7g79DONs7ywtOAL
         3LtA==
X-Gm-Message-State: APjAAAXd2xMcy6H6LYvP6AiEk/JgA01oCd2pK6RrvVmTC8kAWRffQBOj
	cDBBpmQlT4jso05idumAtqQ=
X-Google-Smtp-Source: APXvYqxioBXDRg4UmDr9JbXgB6pAN8gmgt8kMY7uTp7mOCJRv5P9t7WmJ/Xe9VkPngyt18m4X+VMeQ==
X-Received: by 2002:a5d:5452:: with SMTP id w18mr409028wrv.327.1561504687184;
        Tue, 25 Jun 2019 16:18:07 -0700 (PDT)
Content-Language: en-GB
Xref: news.gmane.org gmane.linux.lib.musl.general:14260
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/14260>

Hello,

In the test suite of CRIU [1] we have noticed an interesting bug which 
is caused by commit 8f11e6127fe93093f81a52b15bb1537edc3fc8af ("track all 
live threads in an AS-safe, fully-consistent linked list") [2].

When seccomp is used in a multithreaded application it may cause 
pthread_join() to hang.

This is a minimal application to reproduce the issue:


#include <errno.h>
#include <seccomp.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <pthread.h>
#include <unistd.h>

static void *fn()
{
     scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_KILL);
     if (!ctx) {
         perror("seccomp_init");
         goto err;
     }

     if (seccomp_load(ctx) < 0) {
         perror("seccomp_load");
         goto err;
     }

     /* This should cause SIG_KILL */
     getpid();
err:
     return (void *)1;
}

int main()
{
     pthread_t t1;

     if (pthread_create(&t1, NULL, fn, NULL)) {
         perror("pthread_create");
         return -1;
     }

     if (pthread_join(t1, NULL)) {
         perror("pthread_join");
         return -1;
     }

     return 0;
}


Expected behaviour: Thread t1 should receive SIG_KILL and the main 
thread should return 0.
Actual behaviour: pthread_join() hangs.
Reproducibility: Always
Regression: Yes


This bug can be reproduced with Alpine 3.10 ($ docker run -it 
alpine:3.10 sh).


[1] https://criu.org/
[2] 
https://git.musl-libc.org/cgit/musl/commit/?id=8f11e6127fe93093f81a52b15bb1537edc3fc8af


Kind regards,
Radostin