socket process is killed because it's trying to load libsoftokn3.so
Categories
(Core :: Networking, task, P3)
Tracking
()
People
(Reporter: kershaw, Unassigned)
Details
(Whiteboard: [necko-triaged])
Stack trace:
Thread 1 "Socket Process" received signal SIGSYS, Bad system call.
__GI___open64_nocancel (file=file@entry=0x7f161f550f00 "/home/kershaw/mozilla-central/objdir/dist/bin/libsoftokn3.so", oflag=oflag@entry=524288)
at ../sysdeps/unix/sysv/linux/open64_nocancel.c:45
45 ../sysdeps/unix/sysv/linux/open64_nocancel.c: No such file or directory.
(gdb) bt
#0 __GI___open64_nocancel (file=file@entry=0x7f161f550f00 "/home/kershaw/mozilla-central/objdir/dist/bin/libsoftokn3.so", oflag=oflag@entry=524288)
at ../sysdeps/unix/sysv/linux/open64_nocancel.c:45
#1 0x00007f1631be20b6 in open_verify
(name=0x7f161f550f00 "/home/kershaw/mozilla-central/objdir/dist/bin/libsoftokn3.so", fbp=fbp@entry=0x7ffe47172980, loader=<optimized out>, whatcode=whatcode@entry=0, mode=mode@entry=-1879048190, found_other_class=found_other_class@entry=0x7ffe4717296f, free_name=true, fd=-1) at dl-load.c:1520
#2 0x00007f1631be3acb in _dl_map_object
(loader=loader@entry=0x7f1631825510, name=name@entry=0x7f161f550ec0 "/home/kershaw/mozilla-central/objdir/dist/bin/libsoftokn3.so", type=type@entry=2, trace_mode=trace_mode@entry=0, mode=mode@entry=-1879048190, nsid=<optimized out>) at dl-load.c:2177
#3 0x00007f1631bedf3b in dl_open_worker (a=a@entry=0x7ffe47172ed0) at dl-open.c:228
#4 0x00007f1631798eb1 in __GI__dl_catch_exception (exception=exception@entry=0x7ffe47172eb0, operate=operate@entry=0x7f1631bedeb0 <dl_open_worker>, args=args@entry=0x7ffe47172ed0)
at dl-error-skeleton.c:196
#5 0x00007f1631bedb2a in _dl_open
(file=0x7f161f550ec0 "/home/kershaw/mozilla-central/objdir/dist/bin/libsoftokn3.so", mode=-2147483646, caller_dlopen=0x7f16316434a2 <PR_LoadLibraryWithFlags+161>, nsid=-2, argc=13, argv=<optimized out>, env=0x7f163142bc00) at dl-open.c:603
#6 0x00007f1631b54258 in dlopen_doit (a=a@entry=0x7ffe471730f0) at dlopen.c:66
#7 0x00007f1631798eb1 in __GI__dl_catch_exception (exception=exception@entry=0x7ffe47173090, operate=operate@entry=0x7f1631b54200 <dlopen_doit>, args=args@entry=0x7ffe471730f0)
at dl-error-skeleton.c:196
#8 0x00007f1631798f4f in __GI__dl_catch_error
(objname=objname@entry=0x7f1631434310, errstring=errstring@entry=0x7f1631434318, mallocedp=mallocedp@entry=0x7f1631434308, operate=operate@entry=0x7f1631b54200 <dlopen_doit>, args=args@entry=0x7ffe471730f0) at dl-error-skeleton.c:215
#9 0x00007f1631b54995 in _dlerror_run (operate=operate@entry=0x7f1631b54200 <dlopen_doit>, args=args@entry=0x7ffe471730f0) at dlerror.c:170
#10 0x00007f1631b542e6 in __dlopen (file=<optimized out>, mode=<optimized out>) at dlopen.c:87
#11 0x00007f16316434a2 in pr_LoadLibraryByPathname (name=0x7f161f550ec0 "/home/kershaw/mozilla-central/objdir/dist/bin/libsoftokn3.so", flags=<optimized out>)
at /home/kershaw/mozilla-central/nsprpub/pr/src/linking/prlink.c:801
#12 PR_LoadLibraryWithFlags (libSpec=..., flags=<optimized out>) at /home/kershaw/mozilla-central/nsprpub/pr/src/linking/prlink.c:404
#13 0x00007f1630b6ff14 in loader_LoadLibInReferenceDir (referencePath=0x7f161f550900 "/home/kershaw/mozilla-central/objdir/dist/bin/libnss3.so", name=0x7f1630ac86c4 "libsoftokn3.so")
at /home/kershaw/mozilla-central/security/nss/lib/util/secload.c:85
#14 0x00007f1630b6fcbe in PORT_LoadLibraryFromOrigin (existingShLibName=<optimized out>, staticShLibFunc=<optimized out>, newShLibName=0x7f1630ac86c4 "libsoftokn3.so")
at /home/kershaw/mozilla-central/security/nss/lib/util/secload.c:151
#15 0x00007f1630b2ae4c in softoken_LoadDSO () at /home/kershaw/mozilla-central/security/nss/lib/pk11wrap/pk11load.c:373
#16 0x00007f1631647123 in PR_CallOnce (once=0x7f1630b4b680 <loadSoftokenOnce>, func=0x7f1630b2ae2e <softoken_LoadDSO>) at /home/kershaw/mozilla-central/nsprpub/pr/src/misc/prinit.c:776
#17 0x00007f1630b2a9df in secmod_LoadPKCS11Module (mod=0x7f16314a4c20, oldModule=0x7ffe47173380) at /home/kershaw/mozilla-central/security/nss/lib/pk11wrap/pk11load.c:422
#18 0x00007f1630b35f9d in SECMOD_LoadModule
(modulespec=0x7f163141c5e0 "name=\"NSS Internal Module\" parameters=\"configdir='' certPrefix='' keyPrefix='' secmod='' flags=readOnly,noCertDB,noModDB,forceOpen,optimizeSpace updatedir='' updateCertPrefix='' updateKeyPrefix='' upd"..., parent=0x0, recurse=1) at /home/kershaw/mozilla-central/security/nss/lib/pk11wrap/pk11pars.c:1840
#19 0x00007f1630b0669a in nss_InitModules
(configdir=0x7f1630acab6d "", certPrefix=<optimized out>, keyPrefix=0x7f161f5523f8 "\345\345\345\345\345\345\345\345", secmodName=0x7f1630acab6d "", updateDir=0x7f161f552440 '\345' <repeats 16 times>, "\063", updCertPrefix=0x7f161f552448 "\345\345\345\345\345\345\345\345\063", updKeyPrefix=<optimized out>, updateID=<optimized out>, updateName=<optimized out>, configName=<--Type <RET> for more, q to quit, c to continue without paging--
optimized out>, configStrings=<optimized out>, pwRequired=<optimized out>, readOnly=<optimized out>, noCertDB=<optimized out>, noModDB=<optimized out>, forceOpen=<optimized out>, optimizeSpace=<optimized out>, isContextInit=<optimized out>) at /home/kershaw/mozilla-central/security/nss/lib/nss/nssinit.c:464
#20 nss_Init
(configdir=0x7f1630acab6d "", certPrefix=<optimized out>, keyPrefix=0x7f161f5523f8 "\345\345\345\345\345\345\345\345", secmodName=<optimized out>, updateDir=0x7f161f552440 '\345' <repeats 16 times>, "\063", updCertPrefix=<optimized out>, updKeyPrefix=0x7f1630acab6d "", updateID=0x7f1630acab6d "", updateName=0x7f1630acab6d "", initContextPtr=0x0, initParams=0x0, readOnly=1, noCertDB=1, noModDB=1, forceOpen=1, noRootInit=1, optimizeSpace=1, noSingleThreadedModules=0, allowAlreadyInitializedModules=0, dontFinalizeModules=0)
at /home/kershaw/mozilla-central/security/nss/lib/nss/nssinit.c:689
#21 0x00007f1630b06b25 in NSS_NoDB_Init (configdir=<optimized out>) at /home/kershaw/mozilla-central/security/nss/lib/nss/nssinit.c:950
Apparently, socket process is not allowed to load a so
file due to sandboxing, but it seems that NSS
needs some so
files to work normally.
I am not sure if we can adjust sandobxing rules or make NSS
work without loading some libraries.
Reporter | ||
Comment 1•5 years ago
|
||
Dana,
What do you think? Is libsoftokn3.so
(could be more .so
files) really necessary for NSS in socket process? Is it possible to make NSS work without those .so
files?
Thanks.
![]() |
||
Comment 2•5 years ago
|
||
libsoftokn3.so
is the software implementation of a PKCS#11 token that NSS uses to do cryptography, so NSS does need to load it to work.
Reporter | ||
Comment 3•5 years ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #2)
libsoftokn3.so
is the software implementation of a PKCS#11 token that NSS uses to do cryptography, so NSS does need to load it to work.
Thanks for the reply, Dana. I guess we can only add this file to the sandboxing white list.
:gcp, is this something that the sandboxing team can help?
Thanks.
Comment 4•5 years ago
|
||
You'll have to whitelist the dir where the files live. But it's weird that you get this error, as we already include the Firefox binaries dir: https://searchfox.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#709
Running with MOZ_SANDBOX_LOGGING=1 may reveal if there's a mismatch.
Updated•5 years ago
|
Updated•5 years ago
|
Reporter | ||
Comment 5•5 years ago
|
||
(In reply to Gian-Carlo Pascutto [:gcp] from comment #4)
You'll have to whitelist the dir where the files live. But it's weird that you get this error, as we already include the Firefox binaries dir: https://searchfox.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#709
Running with MOZ_SANDBOX_LOGGING=1 may reveal if there's a mismatch.
Actually, I was trying to debug the issue in bug 1640612 and I attached gdb
to socket process and saw the crash in comment #0.
Without gdb
, this crash disappears, so maybe this is caused by gdb
or something else.
Description
•