On Sat, Feb 13, 2016 at 09:10:30PM -0800, Philip Guenther wrote: > On Sat, Feb 13, 2016 at 12:31 PM, Michal Mazurek <[email protected]> wrote: > > When compiling a program that calls pledge(2) with "-pg" the resulting > > binary will execute seemingly fine, but at the very end die with: > > Abort trap (core dumped) > > I think the problem lies in a call to profil(2). > > > > Is this a bug or a feature? > > Seems like a bug. _mcleanup() is invoked via the atexit() in gcrt0.o > (c.f. lib/csu/crt0.c) I would said "feature" instead of bug :)
In fact, I don't think a pledged program should not be profiled... Profiling is for developpment code, and pledge is more for production-code. If profiling is needed, pledge(2) should be disabled: 1. by commenting the pledge(2) call 2. by adding `#define pledge(pr,pa) 0' after unistd.h include 3. by passing -D'pledge(pr,pa)=_nopledge' as compiler option (but I am unsure if it makes a use of uninitialized variable or if compiler initialize it to 0 alone). Eventually is it acceptable to provide an unistd.h that mask pledge(2) (and issue a #warning) when compiling with -pg ? > Fixing things so this works will require at least two things: > 1) pledge will need to always permit profil(NULL,0,0,0) for the > moncontrol(0) performed by _mcleanup() > 2) pledge will need to permit opening and writing to "gmon.out" > (ignore the $PROFDIR stuff) if and only if profil() had been used. > > (The fallback code to use setitimer() if sysctl() fails seems > pointless: when would that fail and setitimer() succeed?) For a having a profiled program pledged it would need parts of: - "stdio" : issetugid(), getpid(), write(), close(), munmap() - "cpath" : open(O_CREAT) and profil(2) It is doable if we require at least "stdio" for profiling to work. else it is too intrusive (require all previous syscall to be declared PLEDGE_ALWAYS in `pledge_syscalls' array, and having a `pledge_profil' call in each of them). Additionnally, the fact to ignore $PROFDIR stuff would be more complex: userland has no way to know the running program is pledged or not. -- Sebastien Marie
