From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: (qmail 13855 invoked from network); 3 Apr 2020 16:30:17 -0000 Received-SPF: pass (mother.openwall.net: domain of lists.openwall.com designates 195.42.179.200 as permitted sender) receiver=inbox.vuxu.org; client-ip=195.42.179.200 envelope-from= Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with UTF8ESMTPZ; 3 Apr 2020 16:30:17 -0000 Received: (qmail 20153 invoked by uid 550); 3 Apr 2020 16:30:14 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 20132 invoked from network); 3 Apr 2020 16:30:13 -0000 Date: Fri, 3 Apr 2020 12:29:58 -0400 From: Rich Felker To: musl@lists.openwall.com Message-ID: <20200403162958.GC11469@brightrain.aerifal.cx> References: <20200403092854.GY14278@port70.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200403092854.GY14278@port70.net> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [musl] doubt about fork On Fri, Apr 03, 2020 at 11:28:54AM +0200, Szabolcs Nagy wrote: > * guolongqiang [2020-04-03 06:37:44 +0000]: > > Hello, > > I have a problem about multi threads fork. The implement of fork not lock such as stdio file, > > __thread_list_lock, or other global mutexs in musl libc before syscall of SYS_clone, this will > > cause dead lock in child. Is this a bug? > > the standard is pretty clear that the child after fork > in a multi-threaded process can only do async-signal-safe > operations, anything that may lock is not as-safe. > > https://pubs.opengroup.org/onlinepubs/9699919799/functions/fork.html Note that future editions of POSIX might change this by removing the requirement that fork be AS-safe and adding _fork (I may be misremembering the name but it's something like that) to be AS-safe. So it's possible this could change in the future. But for now, indeed, what you can do in the child if a multithreaded process forks is extremely limited. As an aside, musl will continue to track the standards, but personally I'm against any such "improvements" to fork because I'm against fork itself. Use of fork without immediate exec (that could be replaced by posix_spawn or vfork) makes software incompatible with a MMU-less environment and significantly harms security/hardening properties -- all potentially secret data from the parent that hasn't been scrubbed leaks into the child where it might be disclosed later, and the child lacks independent ASLR from the parent (see the classic Android Zygote issue that completely undermined ASLR). It also significantly harms memory usage accounting and performance by requiring that all of the parent's memory usage continue to be charged against the child too even if the child will not use most of it, and by converting all writable pages in both the parent and child to copy-on-write (making next access fault). Modern designs should serialize whatever data the child is actually intending to use and spawn/exec a child that deserializes it. Rich