1

I have the simple test program:

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

#include <pthread.h>

#include <linux/seccomp.h>
#include <sys/prctl.h>
#include <sys/syscall.h>

void *do_work(void *args) {
    prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT);
    printf("OK.\n");
}

int main() {
    pthread_t t;
    int ret;
    ret = pthread_create(&t, NULL, do_work, NULL);
    if (ret != 0) {
        printf("Could not create thread, error is %d.\n", ret);
        return 1;
    }
    ret = pthread_join(t, NULL);
    if (ret != 0) {
        printf("Could not join thread, error is %d.\n", ret);
        return 2;
    }
    printf("Program done.\n");
    return 0;
}

This deadlocks without printing anything in Ubuntu 16.04. From reading the documentation on seccomp, it is not obvious to me why this happens. Why does it? Doesn’t SIGKILL kill the entire process?

Petter
  • 37,121
  • 7
  • 47
  • 62

2 Answers2

1

The reason is the printf function.

If you run strace -f on your program (without the prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT); line), you will see that the created thread call the futex system call.

The call to futex is forbidden by seccomp mode, so the thread is killed, so the pthread_join waits indefinitly.

If you replace printf() with write(1,...), the program will behave has expected.

Mathieu
  • 8,840
  • 7
  • 32
  • 45
1

The created thread has a different process ID than the original thread (according to strace). Only the new thread is therefore killed when it violates seccomp. This means deadlock.

Petter
  • 37,121
  • 7
  • 47
  • 62