"examples/*@.service: sockets MUST be NonBlocking"

user/dev discussion of public-inbox itself
 help / color / mirror / code / Atom feed

Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download mbox.gz: |

* [PATCH 0/2] warn on inheriting blocking sockets
@ 2019-06-30 22:19  5% Eric Wong
  0 siblings, 0 replies; 2+ results
From: Eric Wong @ 2019-06-30 22:19 UTC (permalink / raw)
  To: meta

A followup to https://public-inbox.org/meta/20190630074146.GA16199@dcvr/
("examples/*@.service: sockets MUST be NonBlocking")

1/2 is a long-needed cleanup patch, 2/2 is what matters to users.
Yeah, I'm shocked it's taken as long as it has to notice this
oversight, I completely missed that systemd would clear O_NONBLOCK
before spawning new instances.

I kinda wish accept4 would take SOCK_DONTWAIT (and maybe
SOCK_MUSTWAIT), but I also don't want to bloat the kernel
even more.

Eric Wong (2):
  tests: common tcp_server and unix_server helpers
  daemon: warn on inheriting blocking listeners

 lib/PublicInbox/Daemon.pm   | 10 +++++++++-
 lib/PublicInbox/Listener.pm |  1 -
 t/common.perl               | 21 +++++++++++++++++++++
 t/git-http-backend.t        |  9 +--------
 t/httpd-corner.t            | 15 ++-------------
 t/httpd-https.t             |  9 +--------
 t/httpd.t                   | 10 +---------
 t/nntpd-tls.t               | 11 ++---------
 t/nntpd.t                   | 10 ++--------
 t/perf-nntpd.t              |  9 +--------
 t/v2mirror.t                |  8 +-------
 t/v2writable.t              |  9 +--------
 t/www_listing.t             |  9 +--------
 13 files changed, 43 insertions(+), 88 deletions(-)

-- 
EW


^ permalink raw reply	[relevance 5%]

* [PATCH] examples/*@.service: sockets MUST be NonBlocking
@ 2019-06-30  7:41  7% Eric Wong
  0 siblings, 0 replies; 2+ results
From: Eric Wong @ 2019-06-30  7:41 UTC (permalink / raw)
  To: meta

For users running multiple (-nntpd@1, -nntpd@2) instances of
either -httpd or -nntpd via systemd to implement zero-downtime
restarts; it's possible for a listen socket to become blocking
for a moment during an accept syscall and cause a daemons to
get stuck in a blocking accept() during
PublicInbox::Listener::event_step (event_read in previous
versions).

Since O_NONBLOCK is a file description flag, systemd clearing
O_NONBLOCK momentarily (before PublicInbox::Listener::new
re-enables it) creates a window for another instance of our
daemon to get stuck in accept().

cf. systemd.service(5)
---
  Additional warnings and tests for this race coming;
  but I need food + sleep.

  I kinda wished I'd pushed for accept4(..., SOCK_DONTWAIT):
  https://lore.kernel.org/lkml/20150513023712.GA4206@dcvr.yhbt.net/

 examples/public-inbox-httpd@.service | 5 +++++
 examples/public-inbox-nntpd@.service | 5 +++++
 examples/unsubscribe-psgi@.service   | 5 +++++
 3 files changed, 15 insertions(+)

diff --git a/examples/public-inbox-httpd@.service b/examples/public-inbox-httpd@.service
index 56117ef..e811da4 100644
--- a/examples/public-inbox-httpd@.service
+++ b/examples/public-inbox-httpd@.service
@@ -20,7 +20,12 @@ ExecStartPre = /bin/mkdir -p -m 1777 /tmp/.pub-inline
 ExecStart = /usr/local/bin/public-inbox-httpd \
 -1 /var/log/public-inbox/httpd.out.log
 StandardError = syslog
+
+# NonBlocking is REQUIRED to avoid a race condition if running
+# simultaneous services
+NonBlocking = true
 Sockets = public-inbox-httpd.socket
+
 KillSignal = SIGQUIT
 User = nobody
 Group = nogroup
diff --git a/examples/public-inbox-nntpd@.service b/examples/public-inbox-nntpd@.service
index 62202c2..a879841 100644
--- a/examples/public-inbox-nntpd@.service
+++ b/examples/public-inbox-nntpd@.service
@@ -20,7 +20,12 @@ ExecStartPre = /bin/mkdir -p -m 1777 /tmp/.pub-inline
 ExecStart = /usr/local/bin/public-inbox-nntpd \
 -1 /var/log/public-inbox/nntpd.out.log
 StandardError = syslog
+
+# NonBlocking is REQUIRED to avoid a race condition if running
+# simultaneous services
+NonBlocking = true
 Sockets = public-inbox-nntpd.socket
+
 KillSignal = SIGQUIT
 User = nobody
 Group = nogroup
diff --git a/examples/unsubscribe-psgi@.service b/examples/unsubscribe-psgi@.service
index acc29e8..c8721fb 100644
--- a/examples/unsubscribe-psgi@.service
+++ b/examples/unsubscribe-psgi@.service
@@ -12,7 +12,12 @@ After = unsubscribe-psgi.socket
 # any PSGI server ought to work,
 # but public-inbox-httpd supports socket activation like unsubscribe.milter
 ExecStart = /usr/local/bin/public-inbox-httpd -W0 /etc/unsubscribe.psgi
+
+# NonBlocking is REQUIRED to avoid a race condition if running
+# simultaneous services
+NonBlocking = true
 Sockets = unsubscribe-psgi.socket
+
 # we need to modify the mlmmj spool
 User = mlmmj
 KillMode = process
-- 
EW


^ permalink raw reply related	[relevance 7%]

Results 1-2 of 2 | reverse | options above

-- pct% links below jump to the message on this page, permalinks otherwise --
2019-06-30  7:41  7% [PATCH] examples/*@.service: sockets MUST be NonBlocking Eric Wong
2019-06-30 22:19  5% [PATCH 0/2] warn on inheriting blocking sockets Eric Wong
Code repositories for project(s) associated with this public inbox

	https://80x24.org/public-inbox.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).