From 09478d55fe1a21f8c55902399df84d13867e71be Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Wed, 11 Dec 2024 00:13:39 +0100 Subject: treewide: Dodge dynamic memory allocation in strerror() from glibc > 2.40 With glibc commit 25a5eb4010df ("string: strerror, strsignal cannot use buffer after dlmopen (bug 32026)"), strerror() now needs, at least on x86, the getrandom() and brk() system calls, in order to fill in the locale-translated error message. But getrandom() and brk() are not allowed by our seccomp profiles. This became visible on Fedora Rawhide with the "podman login and logout" Podman tests, defined at test/e2e/login_logout_test.go in the Podman source tree, where pasta would terminate upon printing error descriptions (at least the ones related to the SO_ERROR queue for spliced connections). Avoid dynamic memory allocation by calling strerrordesc_np() instead, which is a GNU function returning a static, untranslated version of the error description. If it's not available, keep calling strerror(), which at that point should be simple enough as to be usable (at least, that's currently the case for musl). Reported-by: Paul Holzinger Link: https://github.com/containers/podman/issues/24804 Analysed-by: Paul Holzinger Signed-off-by: Stefano Brivio Reviewed-by: David Gibson Tested-by: Paul Holzinger --- conf.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'conf.c') diff --git a/conf.c b/conf.c index 97d8beb..df2b016 100644 --- a/conf.c +++ b/conf.c @@ -365,7 +365,7 @@ mode_conflict: die("Port forwarding mode '%s' conflicts with previous mode", optarg); bind_fail: die("Failed to bind port %u (%s) for option '-%c %s', exiting", - i, strerror(-ret), optname, optarg); + i, strerror_(-ret), optname, optarg); bind_all_fail: die("Failed to bind any port for '-%c %s', exiting", optname, optarg); } @@ -655,7 +655,7 @@ static unsigned int conf_ip4(unsigned int ifi, struct ip4_ctx *ip4) &ip4->guest_gw); if (rc < 0) { debug("Couldn't discover IPv4 gateway address: %s", - strerror(-rc)); + strerror_(-rc)); return 0; } } @@ -665,7 +665,7 @@ static unsigned int conf_ip4(unsigned int ifi, struct ip4_ctx *ip4) &ip4->addr, &ip4->prefix_len, NULL); if (rc < 0) { debug("Couldn't discover IPv4 address: %s", - strerror(-rc)); + strerror_(-rc)); return 0; } } @@ -729,7 +729,7 @@ static unsigned int conf_ip6(unsigned int ifi, struct ip6_ctx *ip6) rc = nl_route_get_def(nl_sock, ifi, AF_INET6, &ip6->guest_gw); if (rc < 0) { debug("Couldn't discover IPv6 gateway address: %s", - strerror(-rc)); + strerror_(-rc)); return 0; } } @@ -738,7 +738,7 @@ static unsigned int conf_ip6(unsigned int ifi, struct ip6_ctx *ip6) IN6_IS_ADDR_UNSPECIFIED(&ip6->addr) ? &ip6->addr : NULL, &prefix_len, &ip6->our_tap_ll); if (rc < 0) { - debug("Couldn't discover IPv6 address: %s", strerror(-rc)); + debug("Couldn't discover IPv6 address: %s", strerror_(-rc)); return 0; } -- cgit v1.2.3