Bug 2712 – "mlockall(): Function not implemented" reported to system.log on OS X Snow Leopard

NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p8 was released on 02 June 2016 and addresses 1 high- and 4 low-severity security issues, 4 bugfixes, and contains other improvements over 4.2.8p7.

Please see the NTP Security Notice for vulnerability and mitigation details.

Bug 2712 - "mlockall(): Function not implemented" reported to system.log on OS X Snow Leopard

Summary:

"mlockall(): Function not implemented" reported to system.log on OS X Snow Le...

Status:	RESOLVED WORKSFORME

Product:	ntp
Classification:	Unclassified
Component:	ntpd
Version:	4.2.8
Platform:	Macintosh MacOS X

Importance:	P5 normal
Target Milestone:	---
Assigned To:	Harlan Stenn

URL:
Whiteboard:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-12-29 04:04 UTC by xyzzy
Modified:	2014-12-29 10:58 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description xyzzy 2014-12-29 04:04:22 UTC

After building and installing ntp 4.2.8 I am seeing the following message in my
10.6.7 (OS X Snow Leopard) system.log:

mlockall(): Function not implemented

Why is this being reported?  mlockall() is a valid call in Snow Leopard. 
Should this be considered a non-serious warning?  Should it even be reported to
the system log?  Why is it happening?

Comment 1 xyzzy 2014-12-29 04:26:06 UTC

I'd like to add this log message is not unique to my build and my Snow Leopard
environment.  Others have confirmed similar results.  See my post (xyzzy-xyzzy)
and the following posts in the the Apple Discussions:

https://discussions.apple.com/thread/6739506?start=30&tstart=0

A copy of a typical system.log file is also shown in that thread.  There are
other "mysterious" log entries as well (KOD?) but they are probably separate
issues from the one I am reporting here.

Comment 2 Harlan Stenn 2014-12-29 04:31:54 UTC

The only place in the code that we call mlockall() is line 800 of
ntpd/ntpd.c .

The call did not return the expected value for success, 0, so we
reported the error condition that we got back from the system.

Comment 3 xyzzy 2014-12-29 05:15:59 UTC

Yes, I know where it was coming from (and I mention that further down in that
apple discussions thread).  But WHY is it happening?  And is it serious enough
to be concerned?

Note, while mlockall(MCL_CURRENT|MCL_FUTURE) is a valid call (I think) I cannot
understand why it should report an error on Snow Leopard (maybe other OS X's as
well, but I can't verify that).  Maybe there are some restrictions on when you
can use a mlockall(), some protocol needs to be followed, or perhaps under
certain conditions upon which ntpd is invoked as a process.  I don't know
enough about mlockall() to understand it.

Comment 4 xyzzy 2014-12-29 05:44:06 UTC

I wrote a little test for mlockall():

#include <stdio.h>
#include <sys/mman.h>
#include <errno.h>
#include <string.h>

int main()
{
    int i, e;
    i = mlockall(MCL_CURRENT|MCL_FUTURE);
    e = errno;
    fprintf(stderr, "mlockall(MCL_CURRENT|MCL_FUTURE) returned %d (errno = %d
[%s])\n", i, e, strerror(e));
    return (i);
}

Here's what it prints:

mlockall(MCL_CURRENT|MCL_FUTURE) returned -1 (errno = 78 [Function not
implemented])

And it doesn't matter if the test is run in user space or under sudo.  So
mlockall() does indeed fail in Snow Leopard :-(  The question now is what can
be done about it?  As I asked earlier does it really matter that the mlockall()
doesn't lock ntpd's pages?  Why does configure think mlockall() is available
when apparently it isn't?  Should the ntp build be changed to handle such
cases?

Comment 5 Harlan Stenn 2014-12-29 07:26:30 UTC

Apparently, on that release of the OS the mlockall() function is
provided (so we detect it and believe we can call it) but the system
doesn't actually implement the appropriate functionality, so it returns
-1, with an errno of ENOSYS (function not implemented).

Comment 6 xyzzy 2014-12-29 08:18:51 UTC

So basically this means that I have to "manually" change config.h after running
configure to redefine HAVE_MLOCKALL to 0 if I really want to suppress the log
messages.

I still think configure should be a little smarter when testing for mlockall()
to test its error return and define HAVE_MLOCKALL to 0 itself in config.h. 

Do I reason correctly that all the mlockall() was trying to do in ntpd was
prevent its process pages from being swapped out so that without it all that
results is a little less efficiency?  Thus the log messages could be safely
ignored without worry?

Comment 7 Harlan Stenn 2014-12-29 09:15:28 UTC

If somebody Knows a particular series of a given OS will NEVER support a
function like this we can suppress checking for it.  Otherwise, if it might
show up in a later version and the current binary might run there, then many
would argue that we want the call to be in there so an upgrade will just "do
the right thing".

We generally don't test to be sure things like this work, for two reasons.  One
is the one just given, and the other is we cannot run "executable" tests in
cross-compile environments, so the testing gets way uglier.  Three reasons. 
There are three ...  The third being it takes longer, and configure already
takes a very long time to execute.

I'm going to mark this as RESOLVED/WORKSFORME; if you disagree please feel free
to re-open this, perhaps after more discussion (perhaps on hackers@ or
questions@) so we can know how we should proceed.

Comment 8 xyzzy 2014-12-29 09:43:56 UTC

I guess I can agree with you on the configure stuff.

But I still wish you would answer my questions I posed in my last update to
this thread.  I'll repeat them again here (slightly edited) for your
convenience...

Do I reason correctly that all the mlockall() was trying to do in ntpd was
prevent its process pages from being swapped out so that without it all that
results is a little less efficiency?  Thus the log messages could be safely
ignored without worry?  And its my choice if I want to suppress the log message
by me setting HAVE_MLOCKALL to 0 in config.h?

Comment 9 Harlan Stenn 2014-12-29 10:58:05 UTC

ntpd will mlockall() if available so that it can better synchronize the time on
your computer.

If you put:

 rlimit memlock 0

into your ntp.conf file that should also disable this.

Or you could #undef HAVE_MLOCKALL in config.h (#define'ing it to 0 probably
won't work).