[SCM] UID Wrapper Repository - branch master updated

Andreas Schneider asn at samba.org
Wed Jun 12 11:30:45 UTC 2024 

The branch, master has been updated
       via  3916f98 uwrap: Fix syscall() with jemalloc to prevent a deadlock
       via  895197e gitlab-ci: Disable ASLR for TSAN
       via  a9b1ca6 gitlab-ci: Adapt config to gitlab changes
      from  c8bf3ae tests: Fix fake socket_wrapper_syscall_valid()

https://git.samba.org/?p=uid_wrapper.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 3916f985e716c865269c1f0a437efdc1aa5cdc87
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 12 11:19:58 2024 +0200

    uwrap: Fix syscall() with jemalloc to prevent a deadlock
    
    This is a workaround to prevent a deadlock in jemalloc calling
    malloc_init() twice. The first allocation call will trigger a
    malloc_init() of jemalloc.  The functions calls syscall(SYS_open, ...)
    so it goes to socket or uid wrapper. In this code path we need to avoid
    any allocation calls. This will prevent the deadlock.
    
    Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Andreas Schneider <asn at samba.org>

commit 895197ece51df1b24ee163aaece1ed2f18812f79
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 12 11:22:41 2024 +0200

    gitlab-ci: Disable ASLR for TSAN
    
    This works around a TSAN issue with newer Linux Kernels (6.x).
    
    See https://github.com/google/sanitizers/issues/1716
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit a9b1ca679a17d9d2d819f8099d7f51a63b2f1dfe
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 12 11:21:12 2024 +0200

    gitlab-ci: Adapt config to gitlab changes
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 .gitlab-ci.yml    | 27 ++++-----------------------
 src/uid_wrapper.c | 45 ++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 48 insertions(+), 24 deletions(-)


Changeset truncated at 500 lines:

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1a4a3b0..3a84a8e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -22,8 +22,6 @@ centos7/x86_64:
       -DPICKY_DEVELOPER=ON
       -DUNIT_TESTING=ON .. &&
       make -j$(nproc) && ctest --output-on-failure
-  tags:
-    - shared
   except:
     - tags
   artifacts:
@@ -42,8 +40,6 @@ fedora/x86_64:
       -DPICKY_DEVELOPER=ON
       -DUNIT_TESTING=ON .. &&
       make -j$(nproc) && ctest --output-on-failure && make install
-  tags:
-    - shared
   except:
     - tags
   artifacts:
@@ -61,8 +57,6 @@ fedora/address-sanitizer:
       -DPICKY_DEVELOPER=ON
       -DUNIT_TESTING=ON .. &&
       make -j$(nproc) && ctest --output-on-failure
-  tags:
-    - shared
   except:
     - tags
   artifacts:
@@ -79,8 +73,6 @@ fedora/undefined-sanitizer:
       -DCMAKE_BUILD_TYPE=UndefinedSanitizer
       -DUNIT_TESTING=ON ..
       && make -j$(nproc) && ctest --output-on-failure
-  tags:
-    - shared
   except:
     - tags
   artifacts:
@@ -93,13 +85,14 @@ fedora/thread-sanitizer:
   stage: analysis
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
   script:
+    # Workaround for TSAN with ASLR on newer kernel
+    # https://github.com/google/sanitizers/issues/1716
     - mkdir -p obj && cd obj && cmake
       -DCMAKE_BUILD_TYPE=ThreadSanitizer
       -DPICKY_DEVELOPER=ON
       -DUNIT_TESTING=ON .. &&
-      make -j$(nproc) && ctest --output-on-failure
-  tags:
-    - shared
+      make -j$(nproc) &&
+      setarch --addr-no-randomize -- ctest --output-on-failure
   except:
     - tags
   artifacts:
@@ -132,8 +125,6 @@ fedora/csbuild:
       --git-commit-range $CI_COMMIT_RANGE
       --color
       --print-current --print-fixed
-  tags:
-    - shared
   except:
     - tags
   artifacts:
@@ -174,8 +165,6 @@ tumbleweed/x86_64/gcc:
       -DPICKY_DEVELOPER=ON
       -DUNIT_TESTING=ON .. &&
       make -j$(nproc) && ctest --output-on-failure
-  tags:
-    - shared
   except:
     - tags
   artifacts:
@@ -194,8 +183,6 @@ tumbleweed/x86_64/gcc7:
       -DPICKY_DEVELOPER=ON
       -DUNIT_TESTING=ON .. &&
       make -j$(nproc) && ctest --output-on-failure
-  tags:
-    - shared
   except:
     - tags
   artifacts:
@@ -214,8 +201,6 @@ tumbleweed/x86_64/clang:
       -DPICKY_DEVELOPER=ON
       -DUNIT_TESTING=ON .. &&
       make -j$(nproc) && ctest --output-on-failure
-  tags:
-    - shared
   except:
     - tags
   artifacts:
@@ -236,8 +221,6 @@ tumbleweed/static-analysis:
       -DPICKY_DEVELOPER=ON
       -DUNIT_TESTING=ON .. &&
       scan-build --status-bugs -o scan make -j$(nproc)
-  tags:
-    - shared
   except:
     - tags
   artifacts:
@@ -255,8 +238,6 @@ ubuntu/x86_64:
       -DPICKY_DEVELOPER=ON
       -DUNIT_TESTING=ON .. &&
       make -j$(nproc) && ctest --output-on-failure
-  tags:
-    - shared
   except:
     - tags
   artifacts:
diff --git a/src/uid_wrapper.c b/src/uid_wrapper.c
index 5b6a82b..4a174e1 100644
--- a/src/uid_wrapper.c
+++ b/src/uid_wrapper.c
@@ -656,6 +656,9 @@ static void *_uwrap_bind_symbol(enum uwrap_lib lib, const char *fn_name)
 			dlsym(RTLD_DEFAULT, #sym_name);                        \
 	}
 
+/* JEMALLOC: This tells uid_wrapper if it should handle syscall() */
+static bool uwrap_handle_syscall;
+
 /* DO NOT call this function during library initialization! */
 static void __uwrap_bind_symbol_all_once(void)
 {
@@ -699,6 +702,8 @@ static void __uwrap_bind_symbol_all_once(void)
 #endif
 	uwrap_bind_symbol_libpthread(pthread_create);
 	uwrap_bind_symbol_libpthread(pthread_exit);
+
+	uwrap_handle_syscall = true;
 }
 
 static void uwrap_bind_symbol_all(void)
@@ -863,7 +868,27 @@ static long int libc_vsyscall(long int sysno, va_list va)
 	long int rc;
 	int i;
 
-	uwrap_bind_symbol_all();
+	/*
+	 * JEMALLOC:
+	 *
+	 * This is a workaround to prevent a deadlock in jemalloc calling
+	 * malloc_init() twice. The first allocation call will trigger a
+	 * malloc_init() of jemalloc. The functions calls syscall(SYS_open, ...)
+	 * so it goes to socket or uid wrapper. In this code path we need to
+	 * avoid any allocation calls. This will prevent the deadlock.
+	 *
+	 * We also need to avoid dlopen() as that would trigger the recursion
+	 * into malloc_init(), so we use dlsym(RTLD_NEXT), until we reached
+	 * swrap_constructor() or any real socket call at that time
+	 * swrap_bind_symbol_all() will replace the function pointer again after
+	 * dlopen of libc.
+	 */
+	if (uwrap_handle_syscall) {
+		uwrap_bind_symbol_all();
+	} else if (uwrap.libc.symbols._libc_syscall.obj == NULL) {
+		uwrap.libc.symbols._libc_syscall.obj = dlsym(RTLD_NEXT,
+							     "syscall");
+	}
 
 	for (i = 0; i < 8; i++) {
 		args[i] = va_arg(va, long int);
@@ -2708,6 +2733,21 @@ long int syscall (long int sysno, ...)
 
 	va_start(va, sysno);
 
+	/*
+	 * JEMALLOC:
+	 *
+	 * This is a workaround to prevent a deadlock in jemalloc calling
+	 * malloc_init() twice. The first allocation call will trigger a
+	 * malloc_init() of jemalloc. The functions calls syscall(SYS_open, ...)
+	 * so it goes to socket or uid wrapper. In this code path we need to
+	 * avoid any allocation calls. This will prevent the deadlock.
+	 */
+	if (!uwrap_handle_syscall) {
+		rc = libc_vsyscall(sysno, va);
+		va_end(va);
+		return rc;
+	}
+
 	/*
 	 * We need to check for uwrap related syscall numbers before calling
 	 * uid_wrapper_enabled() otherwise we'd deadlock during the freebsd libc
@@ -2821,6 +2861,9 @@ void uwrap_constructor(void)
 	 * for main process.
 	 */
 	uwrap_init();
+
+	/* Let socket_wrapper handle syscall() */
+	uwrap_handle_syscall = true;
 }
 
 /****************************


-- 
UID Wrapper Repository

More information about the samba-cvs mailing list