From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.2 required=3.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 52BC81FA29 for ; Wed, 25 Jan 2023 10:18:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=80x24.org; s=selector1; t=1674641916; bh=yC/Cbe31dnb9U2p9PlMb1xbUzqB8E/Dp44HEytrOCAw=; h=From:To:Subject:Date:In-Reply-To:References:From; b=UdkHVrbi/6/ckXUkguJYxqmOKF393GkawJqcdzZY+ZThB5aTLBN8cUWFhRrNSiz4v YYSblxpfdQ5eYNWS1kMNFqVn7D/7yd5er5CTryhZDlxOnrEfUmC83sVQ+4rZjNlXT2 9ASIoOevcxQGx3UGMjQBsBVYxqcvmHjfl7TX8bVE= From: Eric Wong To: meta@public-inbox.org Subject: [PATCH 2/4] process_pipe: warn hackers off using it for bidirectional pipes Date: Wed, 25 Jan 2023 10:18:33 +0000 Message-Id: <20230125101835.882567-3-e@80x24.org> In-Reply-To: <20230125101835.882567-1-e@80x24.org> References: <20230125101835.882567-1-e@80x24.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: While most uses of ->DESTROY happens in a predictable order in long-lived daemons, process teardown on exit is chaotic and not subject to ordering guarantees, so we must keep both ends of a `git cat-file --batch*' pipe at the same level in the object hierarchy. Drop an old Carp import while I'm in the area. --- lib/PublicInbox/Git.pm | 1 + lib/PublicInbox/ProcessPipe.pm | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/PublicInbox/Git.pm b/lib/PublicInbox/Git.pm index ff3ac40f..a3813bf2 100644 --- a/lib/PublicInbox/Git.pm +++ b/lib/PublicInbox/Git.pm @@ -156,6 +156,7 @@ sub _bidi_pipe { $self->{$err} = $fh; $rdr->{2} = $fh; } + # see lib/PublicInbox/ProcessPipe.pm for why we don't use that here my ($in_r, $p) = popen_rd(\@cmd, undef, $rdr); awaitpid($self->{$pid} = $p, undef); $self->{"$pid.owner"} = $$; diff --git a/lib/PublicInbox/ProcessPipe.pm b/lib/PublicInbox/ProcessPipe.pm index 068631c6..1bc792c4 100644 --- a/lib/PublicInbox/ProcessPipe.pm +++ b/lib/PublicInbox/ProcessPipe.pm @@ -1,10 +1,12 @@ # Copyright (C) all contributors # License: AGPL-3.0+ -# a tied handle for auto reaping of children tied to a pipe, see perltie(1) +# a tied handle for auto reaping of children tied to a read-only pipe, see perltie(1) +# DO NOT use this as-is for bidirectional pipes/sockets (e.g. in PublicInbox::Git), +# both ends of the pipe must be at the same level of the Perl object hierarchy +# to ensure orderly destruction. package PublicInbox::ProcessPipe; use v5.12; -use Carp qw(carp); use PublicInbox::DS qw(awaitpid); sub waitcb { # awaitpid callback