From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ot1-x329.google.com (mail-ot1-x329.google.com [IPv6:2607:f8b0:4864:20::329]) by sourceware.org (Postfix) with ESMTPS id 335843858D38 for ; Thu, 22 Sep 2022 16:56:43 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 335843858D38 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-ot1-x329.google.com with SMTP id e24-20020a05683013d800b0065be336b8feso1361670otq.8 for ; Thu, 22 Sep 2022 09:56:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date; bh=uO9+le2v/8laboEtq32uyAMkCwjEaLnxT0qAvCIcTaU=; b=h3lbu/HbiFaaxBqcRDbc+e5gWSTT40u/Kes8S8CaE4MWbPB2TPz+nniifbn4jVTC8W QZ904e1/yo7x4njns6k5v0JqfpNI0sIZyWIMAbnA0+yE6574/3VCGgp9VPkDS3LcbIcL EtNUHnfUJ02hKblvKuA0+IJqiiNXKqHg7VpEZmYicevdz5+irY34pzNJ9jB/Nu+6SoZG E+SKGrZK+syp29zFEhBfjDl3VFyqG6loNTY+kZo0yBDyKNRdIW/6QbtMniOpMbKV38Qw WOUTmteV2In8NPWmr8En8hLrUWZwfOn6hheQl/mAs9HhawRPuBC8/UGV5LYPfXQ4DoiH eaVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date; bh=uO9+le2v/8laboEtq32uyAMkCwjEaLnxT0qAvCIcTaU=; b=uYR/taYUlMWYO9HGVC1ix+fLVc/OPjYt3vSvPnS26BDLiCaGmsL1E1n8Nxpl1fgzaj CuIQ9LZpdk4h8PFV/CmiBtyvxdD1fAfazry9eZ6VnBBBm/CZe39AhBJP67g9o7yr3bgj /gaOAhCrOYPKTfKrTeVROWAuH56cZLL6JBh9a8ApqRGjQaOlQwunjNhCrKWvATwwJ5+W rOJLjovP4x/22dmgEFgzDDt91B0ck3gOKMZrg8Nd0aSh5GBDg0PhvvuJGUIoomfMWQHR pjEg5c9s7Mx24k0T4aMe/GDmS9oyOo0sIQNppQwgRscdlQvw58AcnguTXBRQei0uUHLo 4Jzw== X-Gm-Message-State: ACrzQf3joI+0RpOplHUssRnVOw80HAQMjoREYfvpYY59b0NUC4iEK4N+ zDSRVfaBPwmS8b9+tAl/dW6fng== X-Google-Smtp-Source: AMsMyM67LZcxQYIXkDppJLa22Ew2mOIwpUzZkg1CnITE1Tv0OQWDaLNO5HjDX6NxxFgia9dbKQgcRw== X-Received: by 2002:a9d:7a8e:0:b0:655:e0a9:b3c6 with SMTP id l14-20020a9d7a8e000000b00655e0a9b3c6mr2178380otn.367.1663865802410; Thu, 22 Sep 2022 09:56:42 -0700 (PDT) Received: from ?IPV6:2804:1b3:a7c1:c266:202e:f71c:c0e7:6b4e? ([2804:1b3:a7c1:c266:202e:f71c:c0e7:6b4e]) by smtp.gmail.com with ESMTPSA id g20-20020a056870a71400b0011e73536301sm3470409oam.52.2022.09.22.09.56.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 22 Sep 2022 09:56:42 -0700 (PDT) Message-ID: Date: Thu, 22 Sep 2022 13:56:39 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.3.0 Subject: Re: posix_spawn: parent can get stuck in uninterruptible sleep if child receives SIGTSTP early enough Content-Language: en-US To: Florian Weimer Cc: Adhemerval Zanella Netto via Libc-help , Rain References: <2921668c-773e-465d-9480-0abb6f979bf9@www.fastmail.com> <7727e4de-a8da-1e6b-4d7c-68a132750996@linaro.org> <64917a2f-788b-4695-b799-63bbb8a4873f@www.fastmail.com> <87tu64w33v.fsf@oldenburg.str.redhat.com> <7c356365-34db-cc00-bb92-0e55e7a89118@linaro.org> <877d27vbdx.fsf@oldenburg.str.redhat.com> <5bcba9d3-7bdd-1855-afb7-1f9d63014842@linaro.org> <87leqbmwkl.fsf@oldenburg.str.redhat.com> From: Adhemerval Zanella Netto Organization: Linaro In-Reply-To: <87leqbmwkl.fsf@oldenburg.str.redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 22/09/22 09:18, Florian Weimer wrote: > * Adhemerval Zanella Netto: > >> On 13/09/22 07:04, Florian Weimer wrote: >>> * Adhemerval Zanella Netto: >>> >>>> On 22/08/22 15:21, Florian Weimer wrote: >>>>> * Adhemerval Zanella Netto via Libc-help: >>>>> >>>>>> Right, my mistake. I understood the issue better now, although I am >>>>>> still puzzled why SIGTSTP is only being triggered on sigprocmask (sing >>>>>> default action is still to stop PROCESS). >>>>> >>>>> I think it's a maskable stop, not an unmaskable one, like SIGSTOP. >>>> >>>> Yeah, we do block the signal on parent (internal_signal_block_all). >>>> >>>>> >>>>> This looks a vfork-specific bug that can't happen with fork. I don't >>>>> see how to fix it in a generic fashion because we can't unblock SIGTSTP >>>>> and launch the new process in an atomic fashion. >>>> >>>> We might ask for a new clone3 field to define the default signal mask on >>>> process start (and thus omit the final sigprocmask before execve). >>> >>> It might already possible to fix this using io_uring. Unfortunately, I >>> didn't attend the LPC presentation. >> >> Is there anything that prevents to avoid using CLONE_VFORK? The code already >> uses a allocated stack and do synchronizes with waitpid. > > Assuming there is a way to create a thread which gets replaced by execve > only (instead the whole process), this won't work because we have to > block all signals for the new thread (it must not be visible to > application code, and signal handlers must not run on it), and we can't > unblock those signals prior to execve. With vfork, we can unblock them > after changing the signal handler disposition to SIG_DFL (preventing the > handler execution), but per-thread signal handlers have been removed > from Linux. So even if we somehow could prevent the termination signal > from beign sent to the whole process (and not just the fake thread), we > still have a gap. But we already block all internal signals with internal_signal_block_all prior clone call and it does not use CLONE_SIGHAND on the clone call. Also, independently of CLONE_SIGHAND, the calling process and child still have distinct signal masks. Recall for posix_spawn we do not use CLONE_THREAD, so per-thread signal handlers does not apply here. Doing some tests, the main problem is in fact how to synchronize the deallocation of the stack, since without CLONE_VFORK there is no way to advertise on a success call when execve has been called. But I agree that even without CLONE_VFORK we still have a small window, between the sigprocmask and execve, that the signal might act upon the child.