From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202412 header.b=RNNxpZqD; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 5302D5A004E for ; Wed, 11 Dec 2024 01:27:07 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202412; t=1733876810; bh=9kzeaACnYjgaoW7Zi+vL6wls4C4PgKvKToYSA7zR7Cw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=RNNxpZqD2FdVlr2OVmjTPbK/KZaYEescTG2owVtZj8OZZ4SieT08POyCdMo+uCfjZ t5TnK7aGCGAgQWH5BqcvVLxqgM+cV0hc1zdWYOJj6ZZ6BM5NU7DAyVRlIoROQBKOfM 1toFdl4xVELrDhg4Wjslcve3H5bX8zrpwUp6/if/SLyy9lqsjF8o7xFDVn/L8dHxF+ agyvlKiaabMJhr2DRSytmJcWiQFk3iTNdDUOwIXtljVXLFP5Y/obc9UwBD5b4/N/GR CXB31O9E1Mv6OqpeoatN2T16IqFgMkOE6qknJ5LE0yKMdUJ4CS54pDKMhmfv3GhtDl /A8UH7cOd7X8w== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4Y7Gcp708gz4wcy; Wed, 11 Dec 2024 11:26:50 +1100 (AEDT) Date: Wed, 11 Dec 2024 11:26:46 +1100 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH] treewide: Dodge dynamic memory allocation in strerror() from glibc > 2.40 Message-ID: References: <20241210232909.1034903-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3fnKRJ0KmK1e5tgY" Content-Disposition: inline In-Reply-To: <20241210232909.1034903-1-sbrivio@redhat.com> Message-ID-Hash: NDOHDBRB6NQIHRBOYKC6YN7E7FH7B6ZU X-Message-ID-Hash: NDOHDBRB6NQIHRBOYKC6YN7E7FH7B6ZU X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, Paul Holzinger X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --3fnKRJ0KmK1e5tgY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 11, 2024 at 12:29:09AM +0100, Stefano Brivio wrote: > With glibc commit 25a5eb4010df ("string: strerror, strsignal cannot > use buffer after dlmopen (bug 32026)"), strerror() now needs, at least > on x86, the getrandom() and brk() system calls, in order to fill in > the locale-translated error message. But getrandom() and brk() are not > allowed by our seccomp profiles. >=20 > This became visible on Fedora Rawhide with the "podman login and > logout" Podman tests, defined at test/e2e/login_logout_test.go in the > Podman source tree, where pasta would terminate upon printing error > descriptions (at least the ones related to the SO_ERROR queue for > spliced connections). >=20 > Avoid dynamic memory allocation by calling strerrordesc_np() instead, > which is a GNU function returning a static, untranslated version of > the error description. If it's not available, keep calling strerror(), > which at that point should be simple enough as to be usable (at least, > that's currently the case for musl). >=20 > Reported-by: Paul Holzinger > Link: https://github.com/containers/podman/issues/24804 > Analysed-by: Paul Holzinger > Signed-off-by: Stefano Brivio In the short term, this seems like a reasonable fix, except for one detail. Generally '_' prefixed names are reserved for "the system", meaning libc in practice. So I don't think __strerror() is a good choice for our interposed function name. If we can keep the interface the same and use macro shannigans to interpose it would be nice if we can keep it as 'strerror()' through most of the code. I think this is possible - see the clang tidy workarounds at the bottom of util.h for example. Otherwise I guess 'strerror_()' or 'passt_strerror()', ugly as those are. Longer term, it's not awesome to be ignoring the locale. Could we use the XSI compliant strerror_r() version to get translated messages somewhat portably and without allocation? > --- > conf.c | 10 +++++----- > icmp.c | 4 ++-- > log.c | 2 +- > netlink.c | 2 +- > pasta.c | 22 +++++++++++----------- > tcp.c | 22 +++++++++++----------- > tcp_splice.c | 16 ++++++++-------- > udp.c | 5 +++-- > udp_flow.c | 8 ++++---- > util.c | 6 +++--- > util.h | 32 ++++++++++++++++++++++++++++++++ > 11 files changed, 81 insertions(+), 48 deletions(-) >=20 > diff --git a/conf.c b/conf.c > index eaa7d99..6d03111 100644 > --- a/conf.c > +++ b/conf.c > @@ -365,7 +365,7 @@ mode_conflict: > die("Port forwarding mode '%s' conflicts with previous mode", optarg); > bind_fail: > die("Failed to bind port %u (%s) for option '-%c %s', exiting", > - i, strerror(-ret), optname, optarg); > + i, __strerror(-ret), optname, optarg); > bind_all_fail: > die("Failed to bind any port for '-%c %s', exiting", optname, optarg); > } > @@ -655,7 +655,7 @@ static unsigned int conf_ip4(unsigned int ifi, struct= ip4_ctx *ip4) > &ip4->guest_gw); > if (rc < 0) { > debug("Couldn't discover IPv4 gateway address: %s", > - strerror(-rc)); > + __strerror(-rc)); > return 0; > } > } > @@ -665,7 +665,7 @@ static unsigned int conf_ip4(unsigned int ifi, struct= ip4_ctx *ip4) > &ip4->addr, &ip4->prefix_len, NULL); > if (rc < 0) { > debug("Couldn't discover IPv4 address: %s", > - strerror(-rc)); > + __strerror(-rc)); > return 0; > } > } > @@ -729,7 +729,7 @@ static unsigned int conf_ip6(unsigned int ifi, struct= ip6_ctx *ip6) > rc =3D nl_route_get_def(nl_sock, ifi, AF_INET6, &ip6->guest_gw); > if (rc < 0) { > debug("Couldn't discover IPv6 gateway address: %s", > - strerror(-rc)); > + __strerror(-rc)); > return 0; > } > } > @@ -738,7 +738,7 @@ static unsigned int conf_ip6(unsigned int ifi, struct= ip6_ctx *ip6) > IN6_IS_ADDR_UNSPECIFIED(&ip6->addr) ? &ip6->addr : NULL, > &prefix_len, &ip6->our_tap_ll); > if (rc < 0) { > - debug("Couldn't discover IPv6 address: %s", strerror(-rc)); > + debug("Couldn't discover IPv6 address: %s", __strerror(-rc)); > return 0; > } > =20 > diff --git a/icmp.c b/icmp.c > index f514dbc..bb0e30b 100644 > --- a/icmp.c > +++ b/icmp.c > @@ -85,7 +85,7 @@ void icmp_sock_handler(const struct ctx *c, union epoll= _ref ref) > =20 > n =3D recvfrom(ref.fd, buf, sizeof(buf), 0, &sr.sa, &sl); > if (n < 0) { > - flow_err(pingf, "recvfrom() error: %s", strerror(errno)); > + flow_err(pingf, "recvfrom() error: %s", __strerror(errno)); > return; > } > =20 > @@ -301,7 +301,7 @@ int icmp_tap_handler(const struct ctx *c, uint8_t pif= , sa_family_t af, > pif_sockaddr(c, &sa, &sl, PIF_HOST, &tgt->eaddr, 0); > if (sendto(pingf->sock, pkt, l4len, MSG_NOSIGNAL, &sa.sa, sl) < 0) { > flow_dbg(pingf, "failed to relay request to socket: %s", > - strerror(errno)); > + __strerror(errno)); > } else { > flow_dbg(pingf, > "echo request to socket, ID: %"PRIu16", seq: %"PRIu16, > diff --git a/log.c b/log.c > index 239c8ce..c0eae4f 100644 > --- a/log.c > +++ b/log.c > @@ -322,7 +322,7 @@ void logmsg_perror(int pri, const char *format, ...) > vlogmsg(false, false, pri, format, ap); > va_end(ap); > =20 > - logmsg(true, true, pri, ": %s", strerror(errno_copy)); > + logmsg(true, true, pri, ": %s", __strerror(errno_copy)); > } > =20 > /** > diff --git a/netlink.c b/netlink.c > index 4aba2a3..983f45b 100644 > --- a/netlink.c > +++ b/netlink.c > @@ -320,7 +320,7 @@ unsigned int nl_get_ext_if(int s, sa_family_t af) > } > =20 > if (status < 0) > - warn("netlink: RTM_GETROUTE failed: %s", strerror(-status)); > + warn("netlink: RTM_GETROUTE failed: %s", __strerror(-status)); > =20 > if (defifi) { > if (ndef > 1) { > diff --git a/pasta.c b/pasta.c > index 96dacc3..d3fb36c 100644 > --- a/pasta.c > +++ b/pasta.c > @@ -296,7 +296,7 @@ void pasta_ns_conf(struct ctx *c) > rc =3D nl_link_set_flags(nl_sock_ns, 1 /* lo */, IFF_UP, IFF_UP); > if (rc < 0) > die("Couldn't bring up loopback interface in namespace: %s", > - strerror(-rc)); > + __strerror(-rc)); > =20 > /* Get or set MAC in target namespace */ > if (MAC_IS_ZERO(c->guest_mac)) > @@ -305,7 +305,7 @@ void pasta_ns_conf(struct ctx *c) > rc =3D nl_link_set_mac(nl_sock_ns, c->pasta_ifi, c->guest_mac); > if (rc < 0) > die("Couldn't set MAC address in namespace: %s", > - strerror(-rc)); > + __strerror(-rc)); > =20 > if (c->pasta_conf_ns) { > unsigned int flags =3D IFF_UP; > @@ -332,7 +332,7 @@ void pasta_ns_conf(struct ctx *c) > =20 > if (rc < 0) { > die("Couldn't set IPv4 address(es) in namespace: %s", > - strerror(-rc)); > + __strerror(-rc)); > } > =20 > if (c->ip4.no_copy_routes) { > @@ -346,7 +346,7 @@ void pasta_ns_conf(struct ctx *c) > =20 > if (rc < 0) { > die("Couldn't set IPv4 route(s) in guest: %s", > - strerror(-rc)); > + __strerror(-rc)); > } > } > =20 > @@ -355,13 +355,13 @@ void pasta_ns_conf(struct ctx *c) > &c->ip6.addr_ll_seen); > if (rc < 0) { > warn("Can't get LL address from namespace: %s", > - strerror(-rc)); > + __strerror(-rc)); > } > =20 > rc =3D nl_addr_set_ll_nodad(nl_sock_ns, c->pasta_ifi); > if (rc < 0) { > warn("Can't set nodad for LL in namespace: %s", > - strerror(-rc)); > + __strerror(-rc)); > } > =20 > /* We dodged DAD: re-enable neighbour solicitations */ > @@ -382,7 +382,7 @@ void pasta_ns_conf(struct ctx *c) > =20 > if (rc < 0) { > die("Couldn't set IPv6 address(es) in namespace: %s", > - strerror(-rc)); > + __strerror(-rc)); > } > =20 > if (c->ip6.no_copy_routes) { > @@ -397,7 +397,7 @@ void pasta_ns_conf(struct ctx *c) > =20 > if (rc < 0) { > die("Couldn't set IPv6 route(s) in guest: %s", > - strerror(-rc)); > + __strerror(-rc)); > } > } > } > @@ -446,18 +446,18 @@ void pasta_netns_quit_init(const struct ctx *c) > return; > =20 > if ((dir_fd =3D open(c->netns_dir, O_CLOEXEC | O_RDONLY)) < 0) > - die("netns dir open: %s, exiting", strerror(errno)); > + die("netns dir open: %s, exiting", __strerror(errno)); > =20 > if (fstatfs(dir_fd, &s) || s.f_type =3D=3D DEVPTS_SUPER_MAGIC = || > s.f_type =3D=3D PROC_SUPER_MAGIC || s.f_type =3D=3D SYSFS_MAGIC) > try_inotify =3D false; > =20 > if (try_inotify && (fd =3D inotify_init1(flags)) < 0) > - warn("inotify_init1(): %s, use a timer", strerror(errno)); > + warn("inotify_init1(): %s, use a timer", __strerror(errno)); > =20 > if (fd >=3D 0 && inotify_add_watch(fd, c->netns_dir, IN_DELETE) < 0) { > warn("inotify_add_watch(): %s, use a timer", > - strerror(errno)); > + __strerror(errno)); > close(fd); > fd =3D -1; > } > diff --git a/tcp.c b/tcp.c > index 1872ccb..640b25a 100644 > --- a/tcp.c > +++ b/tcp.c > @@ -516,7 +516,7 @@ static void tcp_timer_ctl(const struct ctx *c, struct= tcp_tap_conn *conn) > fd =3D timerfd_create(CLOCK_MONOTONIC, 0); > if (fd =3D=3D -1 || fd > FD_REF_MAX) { > flow_dbg(conn, "failed to get timer: %s", > - strerror(errno)); > + __strerror(errno)); > if (fd > -1) > close(fd); > conn->timer =3D -1; > @@ -526,7 +526,7 @@ static void tcp_timer_ctl(const struct ctx *c, struct= tcp_tap_conn *conn) > =20 > if (epoll_ctl(c->epollfd, EPOLL_CTL_ADD, conn->timer, &ev)) { > flow_dbg(conn, "failed to add timer: %s", > - strerror(errno)); > + __strerror(errno)); > close(conn->timer); > conn->timer =3D -1; > return; > @@ -551,7 +551,7 @@ static void tcp_timer_ctl(const struct ctx *c, struct= tcp_tap_conn *conn) > (unsigned long long)it.it_value.tv_nsec / 1000 / 1000); > =20 > if (timerfd_settime(conn->timer, 0, &it, NULL)) > - flow_err(conn, "failed to set timer: %s", strerror(errno)); > + flow_err(conn, "failed to set timer: %s", __strerror(errno)); > } > =20 > /** > @@ -1307,7 +1307,7 @@ int tcp_conn_sock(const struct ctx *c, sa_family_t = af) > return s; > =20 > err("TCP: Unable to open socket for new connection: %s", > - strerror(-s)); > + __strerror(-s)); > return -1; > } > =20 > @@ -1360,7 +1360,7 @@ static void tcp_bind_outbound(const struct ctx *c, > flow_dbg(conn, > "Can't bind TCP outbound socket to %s:%hu: %s", > inany_ntop(&tgt->oaddr, sstr, sizeof(sstr)), > - tgt->oport, strerror(errno)); > + tgt->oport, __strerror(errno)); > } > } > =20 > @@ -1371,7 +1371,7 @@ static void tcp_bind_outbound(const struct ctx *c, > strlen(c->ip4.ifname_out))) { > flow_dbg(conn, "Can't bind IPv4 TCP socket to" > " interface %s: %s", c->ip4.ifname_out, > - strerror(errno)); > + __strerror(errno)); > } > } > } else if (bind_sa.sa_family =3D=3D AF_INET6) { > @@ -1381,7 +1381,7 @@ static void tcp_bind_outbound(const struct ctx *c, > strlen(c->ip6.ifname_out))) { > flow_dbg(conn, "Can't bind IPv6 TCP socket to" > " interface %s: %s", c->ip6.ifname_out, > - strerror(errno)); > + __strerror(errno)); > } > } > } > @@ -2113,7 +2113,7 @@ void tcp_timer_handler(const struct ctx *c, union e= poll_ref ref) > * and we just set the timer to a new point in the future: discard it. > */ > if (timerfd_gettime(conn->timer, &check_armed)) > - flow_err(conn, "failed to read timer: %s", strerror(errno)); > + flow_err(conn, "failed to read timer: %s", __strerror(errno)); > =20 > if (check_armed.it_value.tv_sec || check_armed.it_value.tv_nsec) > return; > @@ -2154,7 +2154,7 @@ void tcp_timer_handler(const struct ctx *c, union e= poll_ref ref) > */ > if (timerfd_settime(conn->timer, 0, &new, &old)) > flow_err(conn, "failed to set timer: %s", > - strerror(errno)); > + __strerror(errno)); > =20 > if (old.it_value.tv_sec =3D=3D ACT_TIMEOUT) { > flow_dbg(conn, "activity timeout"); > @@ -2422,13 +2422,13 @@ static void tcp_sock_refill_init(const struct ctx= *c) > int rc =3D tcp_sock_refill_pool(c, init_sock_pool4, AF_INET); > if (rc < 0) > warn("TCP: Error refilling IPv4 host socket pool: %s", > - strerror(-rc)); > + __strerror(-rc)); > } > if (c->ifi6) { > int rc =3D tcp_sock_refill_pool(c, init_sock_pool6, AF_INET6); > if (rc < 0) > warn("TCP: Error refilling IPv6 host socket pool: %s", > - strerror(-rc)); > + __strerror(-rc)); > } > } > =20 > diff --git a/tcp_splice.c b/tcp_splice.c > index 93f8bce..d35bfd5 100644 > --- a/tcp_splice.c > +++ b/tcp_splice.c > @@ -160,7 +160,7 @@ static int tcp_splice_epoll_ctl(const struct ctx *c, > if (epoll_ctl(c->epollfd, m, conn->s[0], &ev[0]) || > epoll_ctl(c->epollfd, m, conn->s[1], &ev[1])) { > int ret =3D -errno; > - flow_err(conn, "ERROR on epoll_ctl(): %s", strerror(errno)); > + flow_err(conn, "ERROR on epoll_ctl(): %s", __strerror(errno)); > return ret; > } > =20 > @@ -314,7 +314,7 @@ static int tcp_splice_connect_finish(const struct ctx= *c, > if (conn->pipe[sidei][0] < 0) { > if (pipe2(conn->pipe[sidei], O_NONBLOCK | O_CLOEXEC)) { > flow_err(conn, "cannot create %d->%d pipe: %s", > - sidei, !sidei, strerror(errno)); > + sidei, !sidei, __strerror(errno)); > conn_flag(c, conn, CLOSING); > return -EIO; > } > @@ -370,7 +370,7 @@ static int tcp_splice_connect(const struct ctx *c, st= ruct tcp_splice_conn *conn) > if (connect(conn->s[1], &sa.sa, sl)) { > if (errno !=3D EINPROGRESS) { > flow_trace(conn, "Couldn't connect socket for splice: %s", > - strerror(errno)); > + __strerror(errno)); > return -errno; > } > =20 > @@ -469,10 +469,10 @@ void tcp_splice_sock_handler(struct ctx *c, union e= poll_ref ref, > rc =3D getsockopt(ref.fd, SOL_SOCKET, SO_ERROR, &err, &sl); > if (rc) > flow_err(conn, "Error retrieving SO_ERROR: %s", > - strerror(errno)); > + __strerror(errno)); > else > flow_trace(conn, "Error event on socket: %s", > - strerror(err)); > + __strerror(err)); > =20 > goto close; > } > @@ -551,7 +551,7 @@ eintr: > &lowat, sizeof(lowat))) { > flow_trace(conn, > "Setting SO_RCVLOWAT %i: %s", > - lowat, strerror(errno)); > + lowat, __strerror(errno)); > } else { > conn_flag(c, conn, lowat_set_flag); > conn_flag(c, conn, lowat_act_flag); > @@ -696,13 +696,13 @@ static int tcp_sock_refill_ns(void *arg) > int rc =3D tcp_sock_refill_pool(c, ns_sock_pool4, AF_INET); > if (rc < 0) > warn("TCP: Error refilling IPv4 ns socket pool: %s", > - strerror(-rc)); > + __strerror(-rc)); > } > if (c->ifi6) { > int rc =3D tcp_sock_refill_pool(c, ns_sock_pool6, AF_INET6); > if (rc < 0) > warn("TCP: Error refilling IPv6 ns socket pool: %s", > - strerror(-rc)); > + __strerror(-rc)); > } > =20 > return 0; > diff --git a/udp.c b/udp.c > index c89f031..0154a1a 100644 > --- a/udp.c > +++ b/udp.c > @@ -453,7 +453,7 @@ static int udp_sock_recverr(int s) > =20 > /* TODO: When possible propagate and otherwise handle errors */ > debug("%s error on UDP socket %i: %s", > - str_ee_origin(ee), s, strerror(ee->ee_errno)); > + str_ee_origin(ee), s, __strerror(ee->ee_errno)); > =20 > return 1; > } > @@ -492,7 +492,8 @@ int udp_sock_errs(const struct ctx *c, int s, uint32_= t events) > } > =20 > if (err) { > - debug("Unqueued error on UDP socket %i: %s", s, strerror(err)); > + debug("Unqueued error on UDP socket %i: %s", s, > + __strerror(err)); > n_err++; > } > =20 > diff --git a/udp_flow.c b/udp_flow.c > index c8fdb5f..627cc15 100644 > --- a/udp_flow.c > +++ b/udp_flow.c > @@ -95,7 +95,7 @@ static flow_sidx_t udp_flow_new(const struct ctx *c, un= ion flow *flow, > if (uflow->s[INISIDE] < 0) { > flow_err(uflow, > "Couldn't duplicate listening socket: %s", > - strerror(errno)); > + __strerror(errno)); > goto cancel; > } > } > @@ -115,14 +115,14 @@ static flow_sidx_t udp_flow_new(const struct ctx *c= , union flow *flow, > if (uflow->s[TGTSIDE] < 0) { > flow_dbg(uflow, > "Couldn't open socket for spliced flow: %s", > - strerror(errno)); > + __strerror(errno)); > goto cancel; > } > =20 > if (flowside_connect(c, uflow->s[TGTSIDE], tgtpif, tgt) < 0) { > flow_dbg(uflow, > "Couldn't connect flow socket: %s", > - strerror(errno)); > + __strerror(errno)); > goto cancel; > } > =20 > @@ -144,7 +144,7 @@ static flow_sidx_t udp_flow_new(const struct ctx *c, = union flow *flow, > } else if (errno !=3D EAGAIN) { > flow_err(uflow, > "Unexpected error discarding datagrams: %s", > - strerror(errno)); > + __strerror(errno)); > } > } > =20 > diff --git a/util.c b/util.c > index 55cae3f..386bf76 100644 > --- a/util.c > +++ b/util.c > @@ -90,7 +90,7 @@ int sock_l4_sa(const struct ctx *c, enum epoll_type typ= e, > =20 > ret =3D -errno; > if (fd < 0) { > - warn("L4 socket: %s", strerror(-ret)); > + warn("L4 socket: %s", __strerror(-ret)); > return ret; > } > =20 > @@ -162,7 +162,7 @@ int sock_l4_sa(const struct ctx *c, enum epoll_type t= ype, > =20 > if (type =3D=3D EPOLL_TYPE_TCP_LISTEN && listen(fd, 128) < 0) { > ret =3D -errno; > - warn("TCP socket listen: %s", strerror(-ret)); > + warn("TCP socket listen: %s", __strerror(-ret)); > close(fd); > return ret; > } > @@ -171,7 +171,7 @@ int sock_l4_sa(const struct ctx *c, enum epoll_type t= ype, > ev.data.u64 =3D ref.u64; > if (epoll_ctl(c->epollfd, EPOLL_CTL_ADD, fd, &ev) =3D=3D -1) { > ret =3D -errno; > - warn("L4 epoll_ctl: %s", strerror(-ret)); > + warn("L4 epoll_ctl: %s", __strerror(-ret)); > return ret; > } > =20 > diff --git a/util.h b/util.h > index 41bbd60..b766dc1 100644 > --- a/util.h > +++ b/util.h > @@ -274,6 +274,38 @@ static inline bool mod_between(unsigned x, unsigned = i, unsigned j, unsigned m) > =20 > void raw_random(void *buf, size_t buflen); > =20 > +/* > + * Starting from glibc 2.40.9000 and commit 25a5eb4010df ("string: strer= ror, > + * strsignal cannot use buffer after dlmopen (bug 32026)"), strerror() n= eeds > + * getrandom(2) and brk(2) as it allocates memory for the locale-transla= ted > + * error description, but our seccomp profiles forbid both. > + * > + * Use the __strerror() wrapper instead, calling into strerrordesc_np() = to get > + * a static untranslated string. It's a GNU implementation, but also def= ined by > + * bionic. > + * > + * If strerrordesc_np() is not defined (e.g. musl), call strerror(). C l= ibraries > + * not defining strerrordesc_np() are expected to provide strerror() > + * implementations that are simple enough for us to call. > + */ > +__attribute__ ((weak)) const char *strerrordesc_np(int errnum); > + > +/** > + * __strerror() - strerror() wrapper calling strerrordesc_np() if availa= ble > + * @errnum: Error code > + * > + * Return: error description string > + */ > +static inline const char *__strerror(int errnum) > +{ > + if (strerrordesc_np) > + return strerrordesc_np(errnum); > + > + return strerror(errnum); > +} > + > +#define strerror(x) @ "Don't call strerror() directly, use __strerror() = instead" > + > /* > * Workarounds for https://github.com/llvm/llvm-project/issues/58992 > * --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --3fnKRJ0KmK1e5tgY Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmdY3DQACgkQzQJF27ox 2GeAsg//QKQo3KyCJ1CC98i/JVuW7cUdLud1MEuJ7axedfxbznsddJgFP470fEeT 2iWKTSQK40b1FRYH8FB/uPMscPsKiXjXyueqslkw6Q5Juz6wVWAwTUHV3B2eRKHm TCm03m5sJ+/zPMLImCpTzp6D3P/8YB2q2f7rnID8y/QzCeZpgbXYx9x1er6rmnN0 DuUT+Cro4r0qC073Y/3qoYIE/5I3YhuAaApcT/AM4c2KIuvs2V6ArwAriD7c0yqh pNV1HYaN/4XL+XXtv25eCcFq1T8/+pjJUbh844JJSy/YLfvvDvHzUMQO3758xBdk GmvjympCBtvIQxxDW2TXpZIpKWeUymg4bC0eq+2Bv7EGdypzDEjohgTdw6aF6kl5 US3c4OIH2s0q6tnfUQDTqfoqtkxRbxTmehvpArMSPjs3Ie2GAgMvCNNmavKbozQn lMqCUG6uvlZaFeot37Vu+R8GviIZR3P9BUVt/I8RzIsjgRhNBJTZkDo+sJuq6gOF BOfnjjZkl33YJ6PtWCt2TekkMtG4irOtV5W/EL+sfAfcRJyat1x2hRDjT2RPHdnv v8Css0fCDcrgdyfMFScVe0dKZzgTl4+JD1m1/Ee09O+wgfu1kloCpSlIwQCbtHmR rscQwxqUuLH/9/gJR3WlwYlO+CzryZg8ai/fkWkWFf7Avdm61sM= =ebG2 -----END PGP SIGNATURE----- --3fnKRJ0KmK1e5tgY--