New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BUG: compatibility with openmp #93
Comments
NOTE: I haven't looked at your test case yet, I'm just guessing based on your well-written description Considering the multi-threaded nature of this, have you tried setting the |
I did not set |
Okay, I just wanted to mention it; it sounds like you are doing things correctly (setting the filter before spawning new threads). I'll have to take a closer look, but I may not get a chance to do that very soon. |
A confirmation that I am not doing things blatantly wrong is good enough for me. Take your time! |
In the single-threaded example, In the multi-threaded example, I have not worked much with openmp, but there seems to be some discussion [1, 2, 3, ...] on signals in parallel blocks. Ultimately it looks like a difficult problem that you would be best to avoid. It seems like there are a couple potential easy solutions:
|
@drakenclimber so it sounds like the problem is really just openmp making additional syscalls that may not normally be part of the filter? Or is that missing a larger point? |
@drakenclimber Thank you very much for investing your time. Waiting for a dead thread explains the symptoms. To give more context: I write scientific code, thus I like to keep things simple with OpenMP. However, I also want to protect my users from themselves. Thus if my program does anything out of the ordinary, just nuke it. I am guessing, what I ultimately want to achieve is to just kill the process (#96) with a somewhat reasonable error message. What value should I use for errno in |
@pcmoore - kinda. But I think the bigger issue is that openmp does not handle signals gracefully inside of its parallel construct. I would guess this is by design. @kloetzl - No worries - you can totally stick with OpenMP. It looks like others in the OpenMP community are doing something like the following:
As for what errno should tl;dr - Detect the problem in the parallel loop, but wait to handle it until after the loop completes. You may need to add extra defensive coding within the loop due to a failing syscall. |
The thing is, |
Ahhh... gotcha. I would have to look through the glibc code to be sure, but I would be willing to hazard the following guesses:
Long story short, glibc should not suppress any error code, but it could return a different error code instead |
I'm trying to keep up with you guys, but I fear my lack of background with OpenMP has me a bit behind ... based on the comments above it looks like |
@drakenclimber ooh, patches? I love patches :) Thanks guys. |
I can confirm that |
Thanks for the confirmation @kloetzl. Yes, writing proper tests can be tedious, but it's important. Just as important as the code it test IMHO. I'm looking forward to the PR from @drakenclimber, we can discuss things a bit more once that code is published. |
I'm doing some |
Thanks for reminding me, I tested a bit on my end. This issue is mostly fixed, with a small snag. The program no longer hangs in limbo when an invalid syscall is encountered, yay! With |
Ah, yes, I'm not sure there is much we can about the signal handler getting overwritten in libseccomp, sorry about that. Thanks for letting us know the rest of it worked! |
The non-deterministic nature of multi-threading makes this one hard to debug, but I think, I have arrived at a rather reproducible test case seccomp_omp.c.gz. Compile the program with
-O0 -ggdb -fopenmp
.If we execute it with just one thread and let it do the forbidden syscall, the program dies as expected.
However, given more threads it just ceases to function.
The program doesn't get killed, it just stops doing anything, at all. I am at a loss what happened to the SIGSYS signal, and why it doesn't get handled?
This might not be a libseccomp issue at all, but I am not proficient enough with seccomp, signals and the threading system in general to debug the root cause. Hope you can make some sense of it.
The text was updated successfully, but these errors were encountered: