From: Markus Wichmann <nullplan@gmx.net>
To: musl@lists.openwall.com
Subject: Re: [musl] [bug] Ctrl-Z when process is doing posix_spawn makes the process hard to kill
Date: Sat, 18 Jan 2025 21:16:58 +0100 [thread overview]
Message-ID: <Z4wMOhFmeB-bfg1-@voyager> (raw)
In-Reply-To: <20250118111702.GM10433@brightrain.aerifal.cx>
Hi all,
here is my understanding of the bug first.
1. Foreground process calls posix_spawn without the POSIX_SPAWN_SETSID
or POSIX_SPAWN_SETPGROUP flags (either of those prevent the bug).
2. User presses terminal suspend character between the parent process
masking signals and the child process execing the target program.
3. Kernel sends SIGTSTP to foreground process group.
4. SIGTSTP is blocked in parent process, so parent process does not
stop. Parent process is blocked in trying to read the pipe to the child,
though.
5. Child process unblocks signals before calling exec(), thereby
unblocking SIGTSTP and stopping.
6. User has an issue mainly because parent process never acts on SIGTSTP
and stops (which is why the shell's wait() call never returns).
Looking at the ingredients of the problem, it seems that unblocking
signals before reading the pipe would be the simplest way out of this
pickle. We cannot avoid blocking signals before calling clone() to spawn
the child with blocked signals, and they cannot be unblocked in exec(),
because all exec() functions pass on the signal mask, but the parent
could read the pipe with unblocked signals.
The code for reading the pipe and waiting for the child process
obviously would need to account for the possibility of EINTR, and there
is a possibility the pipe FD would escape to fork-without-exec in a
signal handler. That could be helped with FD_CLOFORK emulation in libc,
though (keep track of CLOFORK FDs in an FD set and close them all in
_Fork()), since FD_CLOFORK is not in the kernel, sadly.
Or else you could tell applications that weird things happen if you fork
in a signal handler without execing (that's weird usage, anyway).
Ciao,
Markus
next prev parent reply other threads:[~2025-01-18 20:17 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-16 23:14 Askar Safin
2025-01-17 6:37 ` Rich Felker
2025-01-17 6:46 ` Rich Felker
2025-01-17 17:55 ` Askar Safin
2025-01-18 9:51 ` Florian Weimer
2025-01-18 10:23 ` Rich Felker
2025-01-18 11:13 ` Florian Weimer
2025-01-18 20:58 ` Askar Safin
2025-01-18 11:17 ` Rich Felker
2025-01-18 20:16 ` Markus Wichmann [this message]
2025-01-19 3:18 ` Rich Felker
2025-01-18 20:52 ` Askar Safin
2025-01-22 21:45 ` Askar Safin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z4wMOhFmeB-bfg1-@voyager \
--to=nullplan@gmx.net \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).