Bug#1128916: rumur: FTBFS with glibc 2.43 on arm64, issue with 2MB THP

Mon, 02 Mar 2026 11:55:39 -0800 

Hi Matthew,

On 2026-03-01 23:03, Aurelien Jarno wrote:
> Hi Matthew,
> 
> On 2026-02-26 18:04, Matthew Fernandez wrote:
> > Upstream patch:
> > 
> >   https://github.com/Smattr/rumur/pull/307
> > 
> > Please feel free to either review inline on Github or email me feedback
> > out-of-band.
> 
> As it seems that probing a file in /sys causes more issues than 
> expected, alternative issues are studied to enable THP by default on 
> arm64. This is the currently proposed patch:
> 
> https://inbox.sourceware.org/libc-alpha/pawpr08mb8982eeff3d3c7a2b3db803d683...@pawpr08mb8982.eurprd08.prod.outlook.com/
> 
> Unfortunately it fixes everything except rumur, which now fails in a 
> different way. I'll try to debug that and report back. In the meantime 
> it's probably a good idea to hold on the PR.

I have debugged the issue, the root issue is the same, that is the 
seccomp filter has to be updated. More precisely madvise need to be 
allowed in all cases alongside mmap, instead of only when running 
multithreaded. This is the patch I tested instead of the previous one:

--- rumur-2025.08.31.orig/rumur/resources/header.c
+++ rumur-2025.08.31/rumur/resources/header.c
@@ -266,6 +266,10 @@ static void sandbox(void) {
         BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_munmap, 0, 1),
         BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
 #endif
+#ifdef __NR_madvise
+        BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_madvise, 0, 1),
+        BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+#endif
 
     /* If we're running multithreaded, enable syscalls used by pthreads. */
 #ifdef __NR_clone
@@ -293,11 +297,6 @@ static void sandbox(void) {
         BPF_STMT(BPF_RET | BPF_K,
                  THREADS > 1 ? SECCOMP_RET_ALLOW : SECCOMP_RET_TRAP),
 #endif
-#ifdef __NR_madvise
-        BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_madvise, 0, 1),
-        BPF_STMT(BPF_RET | BPF_K,
-                 THREADS > 1 ? SECCOMP_RET_ALLOW : SECCOMP_RET_TRAP),
-#endif
 #ifdef __NR_mprotect
         BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_mprotect, 0, 1),
         BPF_STMT(BPF_RET | BPF_K,

So I guess we need to wait the decision on the upstream glibc side to 
know which seccomp filter update has to be used.

Regards
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
[email protected]                     http://aurel32.net

Reply via email to