From: He X <xw897002528@gmail.com>
To: musl@lists.openwall.com
Subject: Re: getrlimit failed (chromium on musl)
Date: Sat, 28 Jan 2017 14:00:59 +0800 [thread overview]
Message-ID: <CAPG2z0_Vgo94xkO_6eVXGcMxHmmC6Da614gcJUKXh=JL743+qQ@mail.gmail.com> (raw)
In-Reply-To: <CAJDAfTBFuLuqxcRxsrFzme1eObnJmJshyLmkfBVpepmiwfj8ow@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3483 bytes --]
After patched, chromium segfault three times in two days, e.g. when i try
to upload a file in a baiduyun, crash when i click the upload button, and
suddenly crashed twice, when --disable-sandbox, no crashing:
[65422.256448] chromium[12257]: segfault at 3c1 ip 00007f69e30e075c sp
00007ffe5442efc0 error 4 in libc.so[7f69e30b9000+a1000]
strace output(should be this one):
13:52:37.479810 prlimit64(0, RLIMIT_NOFILE, {rlim_cur=4*1024,
rlim_max=4*1024}, NULL) = 0
13:52:37.479835 futex(0x7f98cbc02b6c, FUTEX_WAKE_PRIVATE, 1) = 1
13:52:37.479862 futex(0x7f98cbc02b4c, FUTEX_WAIT_PRIVATE, 4294967295, NULL)
= 0
13:52:37.479961 rt_sigreturn({mask=[]}) = 61
13:52:37.479982 wait4(29341, NULL, 0, NULL) = ? ERESTARTSYS (To be
restarted if SA_RESTART is set)
13:52:37.851264 wait4(29341, NULL, 0, NULL) = ? ERESTARTSYS (To be
restarted if SA_RESTART is set)
13:52:42.127096 wait4(29341, NULL, 0, NULL) = ? ERESTARTSYS (To be
restarted if SA_RESTART is set)
13:53:23.970709 wait4(29341, <unfinished ...>) = ?
13:53:30.693847 +++ killed by SIGSEGV +++
This patch is a bit dangerous, though it indeed solved the problem, i think
EPERM is needed. Modifying musl is a better way, but is that correct?
2017-01-27 8:41 GMT+08:00 Alba Pompeo <albapompeo@gmail.com>:
> The patch worked.
> Many thanks Samuel.
> I hope they fix it upstream too for the future.
> Sadly Chromium still needs some patches to compile and work on musl.
>
>
>
> On Wed, Jan 18, 2017 at 2:13 PM, Alba Pompeo <albapompeo@gmail.com> wrote:
> > Ran strace -f.
> >
> > [pid 13354] prlimit64(0, RLIMIT_NOFILE, NULL, {rlim_cur=1024,
> > rlim_max=4*1024}) = 0
> > [pid 13350] clone(child_stack=NULL, flags=CLONE_NEWUSER|SIGCHLD) = -1
> > EPERM (Operation not permitted)
> > [pid 13354] clone(child_stack=NULL,
> > flags=CLONE_NEWPID|CLONE_NEWNET|SIGCHLD) = -1 EPERM (Operation not
> > permitted)
> > [pid 13354] writev(2, [{iov_base=" but failed: errno = Operation
> > n"..., iov_len=45}, {iov_base=NULL, iov_len=0}], 2 but failed: errno =
> > Operation not permitted
> >
> > So the patch from Samuel should be a real solution.
> >
> > Thanks.
> >
> >
> >
> > On Wed, Jan 18, 2017 at 1:51 PM, Samuel Holland <samuel@sholland.org>
> wrote:
> >> On 01/18/17 08:08, Alba Pompeo wrote:
> >>>
> >>> Hi.
> >>>
> >>> Running chromium on a musl system spams this message.
> >>>
> >>> getrlimit(RLIMIT_NOFILE) failed
> >>>
> >>> Any idea how to figure out what's wrong?
> >>
> >>
> >> The problem is that the sandbox blocks prlimit64 with EPERM, but musl
> >> only falls back to getrlimit on ENOSYS. The diff below will fix the
> >> error. From the linked bug, the only reason it is blocked in the first
> >> place is ChromeOS, and this change should be fine even there.
> >>
> >> ---
> >> chromium-55.0.2883.75/content/common/sandbox_linux/bpf_
> renderer_policy_linux.cc.orig
> >> +++
> >> chromium-55.0.2883.75/content/common/sandbox_linux/bpf_
> renderer_policy_linux.cc
> >> @@ -88,7 +88,7 @@ ResultExpr RendererProcessPolicy::EvaluateSyscall(int
> >> sysno) const {
> >> case __NR_sched_setscheduler:
> >> return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno);
> >> case __NR_prlimit64:
> >> - return Error(EPERM); // See crbug.com/160157.
> >> + return Error(ENOSYS); // See crbug.com/160157.
> >> default:
> >> // Default on the content baseline policy.
> >> return SandboxBPFBasePolicy::EvaluateSyscall(sysno);
> >>
> >>> Thanks.
> >>
> >>
> >> Regards,
> >> Samuel
> >>
>
[-- Attachment #2: Type: text/html, Size: 4780 bytes --]
next prev parent reply other threads:[~2017-01-28 6:00 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-18 14:08 Alba Pompeo
2017-01-18 14:18 ` Rich Felker
2017-01-18 15:18 ` Alba Pompeo
2017-01-18 15:56 ` Rich Felker
2017-01-18 15:51 ` Samuel Holland
2017-01-18 16:13 ` Alba Pompeo
2017-01-27 0:41 ` Alba Pompeo
2017-01-28 6:00 ` He X [this message]
2017-01-28 13:14 ` Szabolcs Nagy
2017-01-28 19:45 ` Samuel Holland
2017-01-28 20:59 ` Rich Felker
2017-01-29 4:54 ` He X
2017-01-29 23:13 ` Samuel Holland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPG2z0_Vgo94xkO_6eVXGcMxHmmC6Da614gcJUKXh=JL743+qQ@mail.gmail.com' \
--to=xw897002528@gmail.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).