facebook / hhvm

A virtual machine for executing programs written in Hack.

Home Page:https://hhvm.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

hh_client error on Debian images: daemon_stubs.c: caml_disable_ASLR: failed to set personality

MurzNN opened this issue · comments

Describe the bug
I have an error on Debian images when trying to launch the hh_client:

# hh_client 
error: daemon_stubs.c: caml_disable_ASLR: failed to set personality

It's reproducible on Debian 10 and 11 Docker images.

Standalone code, or other way to reproduce the problem
Steps to reproduce the behavior:

  1. Get the Debian 11 Docker image: docker run -it debian:11 bash
  2. Install the hhvm:
apt-get update && apt-get install -y apt-transport-https software-properties-common gnupg && apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xB4112585D386EB94 && add-apt-repository -y https://dl.hhvm.com/debian && apt-get update && apt-get install -y hhvm
  1. Launch the hh_client:

Expected behavior
All should work well.

Actual behavior
The error is thrown:

# hh_client 
error: daemon_stubs.c: caml_disable_ASLR: failed to set personality

By the way, the hhvm launches well without errors:

$ hhvm -m server -vServer.AllowRunAsRoot=1
set_mempolicy: Operation not permitted
Failed to hugify the .text section

Environment

  • Operating system

Ubuntu 23.10 as a host system, Debian 11 inside Docker container.

  • Installation method

'apt-get with dl.hhvm.com repository'

  • HHVM Version

$ hhvm --version
set_mempolicy: Operation not permitted
HipHop VM 4.172.1 (rel) (non-lowptr)
Compiler: 1674162730_422511890
Repo schema: 91835e79df9f5e16bf2efa9ec6f02ef7a742386c

Additional context
It works well on Ubuntu Docker images.

The same is on Ubuntu 22.04 image, even with the new packaged packages from https://hhvm.com/blog/2022/08/30/experimenting-with-universal-deb-packages.html

Looking to sources:

fprintf(stderr, "error: daemon_stubs.c: caml_disable_ASLR: failed to set personality\n");

this error can be workarounded by setting the HHVM_DISABLE_PERSONALITY env variable to 1:

HHVM_DISABLE_PERSONALITY=1 hh_client

But what's the proper fix?

Hi, I thought I'd chime in.
I reported this issue when it originally surfaced in 4.139. When running in docker, some Linux capabilities are locked down. When running on bare Linux, hhvm uses them to unlock more performance. These env vars are a way to make hhvm not attempt these operations. They are also set in the official docker image. They apply to the whole container, not just individual commands. You might want to copy paste these lines from the docketfile. These env vars are the proper fix.

hhvm/hhvm-docker@c36523f

You may want to have a quick look and make sure you are also setting the numa env var. Thank you for creating such a detailed GH Issue. This made it really easy to confirm what problem you were running in to.

I am closing this issue as Answered.