From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id 7176E3858284 for ; Mon, 10 Oct 2022 13:45:30 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 7176E3858284 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1665409530; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=+sTGiB3fjJkgYs00jZrIDI8DALIzGFcFtE6mALkoEUA=; b=HY2jpdxhfrtdE0tclcty9c1MotB5TlTSzrG4EoODz0nAqz65nmt6PHJxtF8l2HxyA5KpCM mhTxswTntxg/HaJCT2C8IQ7skCuawzIZsHZd+7lapOmBWzQh1lp5+Wm6E4QDCqKLTbhd2y HUkx0qTH1MxrIPGuQZh+0HzUVeTsWHs= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-548-VFc2QcHlP7WTXUWjbhHxxQ-1; Mon, 10 Oct 2022 09:45:29 -0400 X-MC-Unique: VFc2QcHlP7WTXUWjbhHxxQ-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A5A7B29AA39C; Mon, 10 Oct 2022 13:45:28 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.39.192.124]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BB9C1C2C8D5; Mon, 10 Oct 2022 13:45:27 +0000 (UTC) From: Florian Weimer To: Adhemerval Zanella Netto Cc: Adhemerval Zanella Netto via Libc-help , Rain Subject: Re: posix_spawn: parent can get stuck in uninterruptible sleep if child receives SIGTSTP early enough References: <2921668c-773e-465d-9480-0abb6f979bf9@www.fastmail.com> <7727e4de-a8da-1e6b-4d7c-68a132750996@linaro.org> <64917a2f-788b-4695-b799-63bbb8a4873f@www.fastmail.com> <87tu64w33v.fsf@oldenburg.str.redhat.com> <7c356365-34db-cc00-bb92-0e55e7a89118@linaro.org> <877d27vbdx.fsf@oldenburg.str.redhat.com> <5bcba9d3-7bdd-1855-afb7-1f9d63014842@linaro.org> <87leqbmwkl.fsf@oldenburg.str.redhat.com> <87leqb1f9j.fsf@oldenburg.str.redhat.com> <88e5f61f-253d-5e2a-a0bd-39beff55c82c@linaro.org> Date: Mon, 10 Oct 2022 15:45:26 +0200 In-Reply-To: <88e5f61f-253d-5e2a-a0bd-39beff55c82c@linaro.org> (Adhemerval Zanella Netto's message of "Thu, 22 Sep 2022 16:14:19 -0300") Message-ID: <87pmezztah.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain X-Spam-Status: No, score=-5.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: * Adhemerval Zanella Netto: > On 22/09/22 14:38, Florian Weimer wrote: >> * Adhemerval Zanella Netto: >> >>> On 22/09/22 09:18, Florian Weimer wrote: >>>>> Is there anything that prevents to avoid using CLONE_VFORK? The code already >>>>> uses a allocated stack and do synchronizes with waitpid. >>>> >>>> Assuming there is a way to create a thread which gets replaced by execve >>>> only (instead the whole process), this won't work because we have to >>>> block all signals for the new thread (it must not be visible to >>>> application code, and signal handlers must not run on it), and we can't >>>> unblock those signals prior to execve. With vfork, we can unblock them >>>> after changing the signal handler disposition to SIG_DFL (preventing the >>>> handler execution), but per-thread signal handlers have been removed >>>> from Linux. So even if we somehow could prevent the termination signal >>>> from beign sent to the whole process (and not just the fake thread), we >>>> still have a gap. >>> >>> But we already block all internal signals with internal_signal_block_all >>> prior clone call and it does not use CLONE_SIGHAND on the clone call. >>> Also, independently of CLONE_SIGHAND, the calling process and child still >>> have distinct signal masks. Recall for posix_spawn we do not use >>> CLONE_THREAD, so per-thread signal handlers does not apply here. >> >> This only works because we restore SIG_DFL before unblocking signals in >> the new process. And that depends on a separate set of signal handlers. >> >>> Doing some tests, the main problem is in fact how to synchronize >>> the deallocation of the stack, since without CLONE_VFORK there is no way >>> to advertise on a success call when execve has been called. >>> >>> But I agree that even without CLONE_VFORK we still have a small window, >>> between the sigprocmask and execve, that the signal might act upon the >>> child. >> >> And that window shouldn't exist in the current implementation. > > But that's the main issue described in this first message, isn't? The child > unblocks signals by calling sigprocmask, SIGTSTP is delivered to the child, > but since clone hasn't exited due CLONE_VFORK, it remains stuck in clone > until child receives SIGCONT. Yes, we do it this way to avoid a different bug, and trade it for another. > I think to actually fix it we need a execve/execveat where the signal mask > is set atomically, so SIGTSTP is sent to the spawned process instead of > the libc helper one. Right, I don't see a way around that. I don't think switching back to fork by default is really an option. The impact on latency is much worse than with vfork. Thanks, Florian