On 2/1/21 4:33 PM, Shengjing Zhu wrote:
On Mon, Feb 1, 2021 at 11:22 PM Detlef Vollmann <d...@vollmann.ch> wrote:
On 2/1/21 3:56 AM, Shengjing Zhu wrote:
On Sun, Jan 31, 2021 at 11:07:09PM +0100, Detlef Vollmann wrote:
Package: docker.io
Version: 20.10.2+dfsg1-2
Severity: minor
X-Debbugs-Cc: d...@vollmann.ch
Dear Maintainer,
* What led up to the situation?
On system startup, dockerd starts a container with a single
S/390 binary. Via binfmt this starts qemu-s390x-static with this
binary, and that segfaults:
kernel: check[2481]: segfault at 2346320 ip 000000000043afa0 sp
00007ffdb3fc62c8 error 4 in qemu-s390x-static[401000+2b0000]
The segfault is in qemu-s390x-static, thus it's more likely a bug in qemu.
While I agree that a segfault is not the best way to react
to a precondition that's not met, the problem with dockerd is that
dockerd is calling it without providing the precondition
(which I assume is a mounted /proc).
I don't think so. In the container you don't need to mount binfmt.
For example
$ docker run --rm -it --platform arm64 alpine sh -c 'ldd; mount|grep proc'
musl libc (aarch64)
Version 1.2.2
Dynamic Program Loader
Usage: /lib/ld-musl-aarch64.so.1 [options] [--] pathname
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
proc on /proc/bus type proc (ro,relatime)
proc on /proc/fs type proc (ro,relatime)
proc on /proc/irq type proc (ro,relatime)
proc on /proc/sys type proc (ro,relatime)
proc on /proc/sysrq-trigger type proc (ro,relatime)
tmpfs on /proc/asound type tmpfs (ro,relatime)
tmpfs on /proc/acpi type tmpfs (ro,relatime)
tmpfs on /proc/kcore type tmpfs (rw,nosuid,size=65536k,mode=755)
tmpfs on /proc/keys type tmpfs (rw,nosuid,size=65536k,mode=755)
tmpfs on /proc/timer_list type tmpfs (rw,nosuid,size=65536k,mode=755)
tmpfs on /proc/sched_debug type tmpfs (rw,nosuid,size=65536k,mode=755)
It runs an arm64 image, with qemu-user-static. I only register the
binfmt on the host. In the container it doesn't have.
That's correct, you don't need to mount binfmt.
But you need to mount /proc.
qemu-s390x-static opens /proc/sys/vm/mmap_min_addr and I suspect
it segfaults because it can't open it.
I might be wrong, but then I don't know why it segfaults
inside the container but not outside.
BTW, I'm still not really clear why dockerd starts an S/390
binary at all. It doesn't do that for any other (foreign)
architecture.
I think it's the script in the image. Especially what is the `check`
binary? Who calls it?
If your image doesn't have that, then maybe you have some custom hooks
on the host.
No. Sorry if my bug report was not clear about this.
I don't have any docker images to start at system boot.
And I have no S/390 binaries.
But I saw the segfault in my boot log and was interested
who causes this.
The way I tracked it down was by replacing the qemu-s390x-static
with my own binary that just did a sleep, so that after boot I
could login and find and examine the process.
And the root of this process only contains a single file 'check'.
dockerd starts it completely on its own.
My suspicion was that it wants to find out whether the host
can handle S/390 binaries at all.
Detlef
