From: ebiederm@xmission.com (Eric W. Biederman)
To: Rich Felker <dalias@libc.org>
Cc: Alistair Francis <alistair.francis@wdc.com>,
libc-alpha@sourceware.org, arnd@arndb.de,
adhemerval.zanella@linaro.org, fweimer@redhat.com,
palmer@sifive.com, macro@wdc.com, zongbox@gmail.com,
alistair23@gmail.com
Subject: Re: [RFC v3 03/23] sysdeps/wait: Use waitid if avaliable
Date: Sun, 21 Jul 2019 06:59:09 -0500 [thread overview]
Message-ID: <87ftmzd2eq.fsf@xmission.com> (raw)
In-Reply-To: <20190721042032.GA3423@brightrain.aerifal.cx> (Rich Felker's message of "Sun, 21 Jul 2019 00:20:32 -0400")
Rich Felker <dalias@libc.org> writes:
> On Sun, Jul 21, 2019 at 12:03:10AM -0400, Rich Felker wrote:
>> On Tue, Jul 16, 2019 at 05:08:48PM -0700, Alistair Francis wrote:
>> > If the waitid syscall is avaliable let's use that as waitpid
>> > and wait4 aren't always avaliable (they aren't avaliable on RV32).
>> >
>> > Unfortunately waitid is substantially differnt to waitpid and wait4, so
>> > the conversion ends up being complex.
>> >
>> > Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
>> > ---
>> > ChangeLog | 3 ++
>> > sysdeps/unix/sysv/linux/wait.c | 39 ++++++++++++++++--
>> > sysdeps/unix/sysv/linux/waitpid.c | 46 ++++++++++++++++++++++
>> > sysdeps/unix/sysv/linux/waitpid_nocancel.c | 45 +++++++++++++++++++++
>> > 4 files changed, 130 insertions(+), 3 deletions(-)
>> > [...]
>> >
>> > weak_alias (__libc_wait, __wait)
>> > diff --git a/sysdeps/unix/sysv/linux/waitpid.c b/sysdeps/unix/sysv/linux/waitpid.c
>> > index f0897574c0..7d4e0bb77d 100644
>> > --- a/sysdeps/unix/sysv/linux/waitpid.c
>> > +++ b/sysdeps/unix/sysv/linux/waitpid.c
>> > @@ -20,12 +20,58 @@
>> > #include <sysdep-cancel.h>
>> > #include <stdlib.h>
>> > #include <sys/wait.h>
>> > +#include <unistd.h>
>> >
>> > __pid_t
>> > __waitpid (__pid_t pid, int *stat_loc, int options)
>> > {
>> > #ifdef __NR_waitpid
>> > return SYSCALL_CANCEL (waitpid, pid, stat_loc, options);
>> > +#elif defined(__NR_waitid)
>> > + __pid_t ret;
>> > + idtype_t idtype = P_PID;
>> > + siginfo_t infop;
>> > +
>> > + if (pid < -1) {
>> > + idtype = P_PGID;
>> > + pid *= -1;
>> > + } else if (pid == -1) {
>> > + idtype = P_ALL;
>> > + } else if (pid == 0) {
>> > + idtype = P_PGID;
>> > + pid = getpgrp();
>> > + }
>> > +
>> > + options |= WEXITED;
>> > +
>> > + ret = SYSCALL_CANCEL (waitid, idtype, pid, &infop, options, NULL);
>>
>> This emulation has a fundamental race condition. Between getpgrp and
>> waitid, a signal handler may perform setpgrp, setsid, and/or fork in
>> ways that cause the wrong pgid to be passed to the waitid syscall.
>> There is no way around this because you cannot block signals for the
>> interval, since signals must be able to interrupt the waitid syscall.
>>
>> Unless there's some trick I'm missing here, the kernel folks' removal
>> of the wait4 syscall is just a bug in the kernel that they need to
>> fix. It also makes it impossible to implement the wait4 function,
>> since there's no way to get rusage for the exited process.
>
> Reportedly (via Stefan O'Rear just now) there was a similar kernel bug
> introduced in 161550d74c07303ffa6187ba776f62df5a906a21 that makes
> wait4 fail to honor pgrp changes that happen while already in the
> syscall (e.g. performed on the caller by another thread or even
> another process).
I could not find the report from Stefan O'Rear.
Does that result in actual problems for programs or is this a
theoretical race noticed upon code review?
> But the race condition here in userspace is even
> more egregious I think, since it violates the contract in a case where
> there is a clear observable order between the pgrp change and the
> blocking wait -- for instance, the signal handler could change pgrp
> of itself and a child process, and then whether or not the signal
> handler had executed before the waitpid, the waitpid should catch the
> child's exit. But with the above race, it fails to.
Definitely a bigger issue. I believe posix requires waitpid is required
to be signal safe.
Eric
next prev parent reply other threads:[~2019-07-21 11:59 UTC|newest]
Thread overview: 127+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-17 0:08 [RFC v3 00/23] RISC-V glibc port for the 32-bit Alistair Francis
2019-07-17 0:08 ` [RFC v3 01/23] sysdeps/nanosleep: Use clock_nanosleep_time64 if avaliable Alistair Francis
2019-07-17 5:16 ` Florian Weimer
2019-07-19 17:25 ` Alistair Francis
2019-07-20 14:24 ` Stepan Golosunov
2019-07-22 21:14 ` Alistair Francis
2019-07-17 0:08 ` [RFC v3 02/23] sysdeps/gettimeofday: Use clock_gettime64 " Alistair Francis
2019-07-17 7:09 ` Florian Weimer
2019-07-20 3:20 ` Rich Felker
2019-07-25 20:54 ` Joseph Myers
2019-07-17 12:43 ` Lukasz Majewski
2019-07-17 12:48 ` Lukasz Majewski
2019-07-19 22:26 ` Alistair Francis
2019-07-17 0:08 ` [RFC v3 03/23] sysdeps/wait: Use waitid " Alistair Francis
2019-07-17 5:31 ` Florian Weimer
2019-07-19 17:49 ` Alistair Francis
2019-07-22 15:58 ` Florian Weimer
2019-07-22 21:02 ` Alistair Francis
2019-07-21 4:03 ` Rich Felker
2019-07-21 4:20 ` Rich Felker
2019-07-21 11:59 ` Eric W. Biederman [this message]
2019-07-21 22:59 ` Rich Felker
2019-07-21 7:57 ` Arnd Bergmann
2019-07-21 12:15 ` Eric W. Biederman
2019-07-21 12:28 ` Christian Brauner
2019-07-21 14:30 ` Arnd Bergmann
2019-07-21 15:45 ` Eric W. Biederman
2019-07-21 17:05 ` Arnd Bergmann
2019-07-21 17:16 ` Linus Torvalds
2019-07-21 21:40 ` Eric W. Biederman
2019-07-21 23:23 ` Rich Felker
2019-07-23 0:00 ` Eric W. Biederman
2019-07-23 8:12 ` Arnd Bergmann
2019-07-23 8:28 ` Christian Brauner
2019-07-23 8:45 ` Arnd Bergmann
2019-07-25 0:04 ` Alistair Francis
2019-07-25 4:40 ` Rich Felker
2019-07-25 13:15 ` Arnd Bergmann
2019-07-25 16:06 ` Christian Brauner
2019-07-25 17:14 ` Eric W. Biederman
2019-07-25 17:30 ` Christian Brauner
2019-08-13 22:22 ` Alistair Francis
2019-08-13 23:11 ` Rich Felker
2019-08-14 5:07 ` Christian Brauner
2019-08-14 11:38 ` [PATCH v1 0/1] waitid: process group enhancement christian.brauner
2019-08-14 11:38 ` [PATCH v1 1/1] waitid: Add support for waiting for the current process group christian.brauner
2019-08-14 12:29 ` Oleg Nesterov
2019-08-14 12:45 ` Christian Brauner
2019-08-14 12:50 ` Oleg Nesterov
2019-08-14 12:53 ` Christian Brauner
2019-08-14 13:07 ` [PATCH v2 0/1] waitid: process group enhancement Christian Brauner
2019-08-14 13:07 ` [PATCH v2 1/1] waitid: Add support for waiting for the current process group Christian Brauner
2019-08-14 14:19 ` Oleg Nesterov
2019-08-14 14:35 ` Christian Brauner
2019-08-14 15:27 ` Oleg Nesterov
2019-08-14 15:30 ` Christian Brauner
2019-08-14 15:43 ` [PATCH v3 0/1] waitid: process group enhancement Christian Brauner
2019-08-14 15:44 ` [PATCH v3 1/1] waitid: Add support for waiting for the current process group Christian Brauner
2019-08-14 16:09 ` Oleg Nesterov
2019-08-14 16:15 ` Christian Brauner
2019-08-14 16:34 ` Christian Brauner
2019-08-14 16:55 ` Rich Felker
2019-08-14 17:02 ` Christian Brauner
2019-08-14 17:06 ` Linus Torvalds
2019-08-14 18:00 ` Rich Felker
2019-08-14 20:50 ` Christian Brauner
2019-08-14 15:58 ` [PATCH v3 0/1] waitid: process group enhancement Rich Felker
2019-08-14 16:13 ` Christian Brauner
2019-07-26 23:35 ` [RFC v3 03/23] sysdeps/wait: Use waitid if avaliable Alistair Francis
2019-07-17 0:08 ` [RFC v3 04/23] sysdeps/clock_gettime: Use clock_gettime64 " Alistair Francis
2019-07-17 5:38 ` Florian Weimer
2019-07-17 8:04 ` Arnd Bergmann
2019-07-17 8:44 ` Florian Weimer
2019-07-17 9:10 ` Arnd Bergmann
2019-07-17 15:16 ` Florian Weimer
2019-07-18 7:38 ` Arnd Bergmann
2019-07-18 8:18 ` Florian Weimer
2019-07-18 9:14 ` Arnd Bergmann
2019-07-18 18:10 ` Adhemerval Zanella
2019-07-19 21:03 ` Alistair Francis
2019-07-17 7:03 ` Andreas Schwab
2019-07-17 12:37 ` Lukasz Majewski
2019-07-17 0:08 ` [RFC v3 05/23] sysdeps/timespec_get: " Alistair Francis
2019-07-17 5:08 ` Florian Weimer
2019-07-17 7:59 ` Arnd Bergmann
2019-07-17 8:11 ` Florian Weimer
2019-07-17 8:23 ` Arnd Bergmann
2019-07-17 8:41 ` Florian Weimer
2019-07-17 8:54 ` Arnd Bergmann
2019-07-25 20:14 ` Joseph Myers
2019-07-17 12:22 ` Lukasz Majewski
2019-07-17 0:08 ` [RFC v3 06/23] Documentation for the RISC-V 32-bit port Alistair Francis
2019-07-17 0:08 ` [RFC v3 07/23] RISC-V: Use 64-bit time_t and off_t for RV32 and RV64 Alistair Francis
2019-07-17 8:27 ` Arnd Bergmann
2019-07-17 22:39 ` Alistair Francis
2019-07-18 7:41 ` Arnd Bergmann
2019-07-18 17:36 ` Alistair Francis
2019-07-19 6:44 ` Arnd Bergmann
2019-07-19 17:02 ` Alistair Francis
2019-07-17 0:09 ` [RFC v3 08/23] RISC-V: define __NR_futex as __NR_futex_time64 for 32-bit Alistair Francis
2019-07-17 0:09 ` [RFC v3 09/23] RISC-V: define __NR_* as __NR_*_time64/64 " Alistair Francis
2019-07-17 0:09 ` [RFC v3 10/23] RISC-V: define __NR_clock_getres as __NR_*_time64 " Alistair Francis
2019-07-17 0:09 ` [RFC v3 11/23] RISC-V: define __vdso_clock_getres as __vdso_clock_getres_time64 " Alistair Francis
2019-07-17 0:09 ` [RFC v3 12/23] RISC-V: define __vdso_clock_gettime as __vdso_clock_gettime64 " Alistair Francis
2019-07-17 8:16 ` Arnd Bergmann
2019-07-19 17:15 ` Alistair Francis
2019-07-17 0:09 ` [RFC v3 13/23] RISC-V: Use 64-bit timespec in clock_gettime vdso calls Alistair Francis
2019-07-17 8:13 ` Arnd Bergmann
2019-07-17 0:09 ` [RFC v3 14/23] RISC-V: Support dynamic loader for the 32-bit Alistair Francis
2019-07-17 0:09 ` [RFC v3 15/23] RISC-V: Add path of library directories " Alistair Francis
2019-07-17 12:20 ` Florian Weimer
2019-07-17 0:09 ` [RFC v3 16/23] RISC-V: The ABI implementation " Alistair Francis
2019-07-17 0:09 ` [RFC v3 17/23] RISC-V: Hard float support for the 32 bit Alistair Francis
2019-07-17 0:09 ` [RFC v3 18/23] RISC-V: Regenerate ULPs of RISC-V Alistair Francis
2019-07-17 0:09 ` [RFC v3 19/23] RISC-V: Add ABI lists Alistair Francis
2019-07-17 0:09 ` [RFC v3 20/23] RISC-V: Build Infastructure for the 32-bit Alistair Francis
2019-07-17 0:09 ` [RFC v3 21/23] RISC-V: Fix llrint and llround missing exceptions on RV32 Alistair Francis
2019-07-17 12:22 ` Florian Weimer
2019-07-17 22:32 ` Alistair Francis
2019-07-17 0:09 ` [RFC v3 22/23] Add RISC-V 32-bit target to build-many-glibcs.py Alistair Francis
2019-07-17 0:09 ` [RFC v3 23/23] RISC-V: Use 64-bit vdso syscalls Alistair Francis
2019-07-17 5:33 ` Florian Weimer
2019-07-17 8:02 ` Arnd Bergmann
2019-07-17 22:23 ` Alistair Francis
2019-07-17 23:42 ` Alistair Francis
2019-07-18 0:01 ` Alistair Francis
2019-07-19 17:14 ` [RFC v3 00/23] RISC-V glibc port for the 32-bit Alistair Francis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/libc/involved.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ftmzd2eq.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=adhemerval.zanella@linaro.org \
--cc=alistair.francis@wdc.com \
--cc=alistair23@gmail.com \
--cc=arnd@arndb.de \
--cc=dalias@libc.org \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=macro@wdc.com \
--cc=palmer@sifive.com \
--cc=zongbox@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).