From: Denys Vlasenko <dvlasenk@redhat.com>
To: dash@vger.kernel.org, Herbert Xu <herbert@gondor.apana.org.au>
Subject: Looking at "int vforked" in signal handler is racy
Date: Sat, 9 Aug 2025 15:29:06 +0200 [thread overview]
Message-ID: <dadfa485-b5ee-30d7-7154-362cf2eb04cd@redhat.com> (raw)
struct job *vforkexec(union node *n, char **argv, const char *path, int idx)
{
struct job *jp;
int pid;
jp = makejob(1);
sigblockall(NULL);
vforked++;
<<<< Parent can get a signal here.
pid = vfork();
if (!pid) {
forkchild(jp, n, FORK_FG);
sigclearmask();
shellexec(argv, path, idx);
/* NOTREACHED */
}
<<<< Parent can get a signal here. The window is in fact not that small:
<<<< in the child, execve() syscall is rather complex (needs to tear down memory
<<<< mappings, which causes TLB invalidation) and takes time.
<<<< all this time parent is blocked and does not execute,
<<<< so it don't yet reach the next line:
vforked = 0;
sigclearmask();
Signal handler:
void
onsig(int signo)
{
if (vforked)
return;
^^^^^^^^^^ this assumes we dot signal in the vforked child,
but it may be false! We may be in the parent!
How to solve this.... at any given time,
there are only two processes which share address space via vfork,
all other possibly existing copies of shell processes (such as
the grandparent shell if the parent is a subshell) have a
separate address space.
So, in signal handler, we are in three possible situations:
* we don't have a "vfork sibling" at all (we aren't after vfork)
* we are after vfork and we are parent: need to handle the signal
* we are after vfork and we are child: must not mess up the parent's
address space, thus do NOT handle the signal
(or else it can e.g. set intpending = 1 *in the parent too*!)
I see this solution:
vfork_parent_pid = getpid();
have_vfork_sibling = 1;
pid = vfork();
if (!pid) { child ops; NORETURN; }
have_vfork_sibling = 0;
void
onsig(int signo)
{
if (after_vfork && getpid() != vfork_parent_pid)
/* We are vfork child, DO NOT MODIFY ANY VARIABLES! */
return;
next reply other threads:[~2025-08-09 13:29 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-09 13:29 Denys Vlasenko [this message]
2025-08-09 13:42 ` Looking at "int vforked" in signal handler is racy Denys Vlasenko
2025-08-09 13:52 ` Harald van Dijk
2025-08-10 19:33 ` Denys Vlasenko
2025-08-10 22:20 ` Harald van Dijk
2025-08-11 5:00 ` Herbert Xu
2025-08-11 12:58 ` Harald van Dijk
2025-08-22 1:32 ` Harald van Dijk
2025-08-24 2:39 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dadfa485-b5ee-30d7-7154-362cf2eb04cd@redhat.com \
--to=dvlasenk@redhat.com \
--cc=dash@vger.kernel.org \
--cc=herbert@gondor.apana.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox