From: duchangbin <changbin.du@huawei.com>
To: Mauro Carvalho Chehab <mchehab@kernel.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: duchangbin <changbin.du@huawei.com>, Jonathan Corbet <corbet@lwn.net>
Subject: Re: [PATCH] tools: jobserver: Add validation for jobserver tokens to ensure valid '+' characters
Date: Mon, 5 Jan 2026 08:22:35 +0000 [thread overview]
Message-ID: <f1755f03f74e4e4ba8a0a91c9da1a74f@huawei.com> (raw)
In-Reply-To: <20251225062622.1500046-1-changbin.du@huawei.com>
Kindly ping for this fix. This patch resolves the issue where kernel compilation
gets stuck in certain situations.
On Thu, Dec 25, 2025 at 02:26:22PM +0800, Changbin Du wrote:
> Add validation for jobserver tokens to prevent infinite loops on invalid fds
> When using GNU Make's jobserver feature in kernel builds, a bug in MAKEFLAGS
> propagation caused "--jobserver-auth=3,4" to reference an unintended file
> descriptor (Here, fd 3 was inherited from a shell command that opened
> "/etc/passwd" instead of a valid pipe). This led to infinite loops in
> jobserver-exec's os.read() calls due to empty or corrupted tokens. (The
> version of my make is 4.3)
>
> $ ls -l /proc/self/fd
> total 0
> lrwx------ 1 changbin changbin 64 Dec 25 13:03 0 -> /dev/pts/1
> lrwx------ 1 changbin changbin 64 Dec 25 13:03 1 -> /dev/pts/1
> lrwx------ 1 changbin changbin 64 Dec 25 13:03 2 -> /dev/pts/1
> lr-x------ 1 changbin changbin 64 Dec 25 13:03 3 -> /etc/passwd
> lr-x------ 1 changbin changbin 64 Dec 25 13:03 4 -> /proc/1421383/fd
>
> The modified code now explicitly validates tokens:
> 1. Rejects empty reads (prevents infinite loops on EOF)
> 2. Checks all bytes are '+' characters (catches fd reuse issues)
> 3. Raises ValueError with clear diagnostics for debugging
> This ensures robustness against invalid jobserver configurations, even when
> external tools (like make) incorrectly pass non-pipe file descriptors.
>
> Signed-off-by: Changbin Du <changbin.du@huawei.com>
> ---
> tools/lib/python/jobserver.py | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/tools/lib/python/jobserver.py b/tools/lib/python/jobserver.py
> index a24f30ef4fa8..88d005f96bed 100755
> --- a/tools/lib/python/jobserver.py
> +++ b/tools/lib/python/jobserver.py
> @@ -91,6 +91,8 @@ class JobserverExec:
> while True:
> try:
> slot = os.read(self.reader, 8)
> + if not slot or any(c != b'+'[0] for c in slot):
> + raise ValueError("empty or unexpected token from jobserver")
> self.jobs += slot
> except (OSError, IOError) as e:
> if e.errno == errno.EWOULDBLOCK:
> --
> 2.43.0
>
--
Cheers,
Changbin Du
next prev parent reply other threads:[~2026-01-05 8:22 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-25 6:26 [PATCH] tools: jobserver: Add validation for jobserver tokens to ensure valid '+' characters Changbin Du
2026-01-05 8:22 ` duchangbin [this message]
2026-01-05 15:35 ` Jonathan Corbet
2026-01-06 21:52 ` Jonathan Corbet
2026-01-07 8:11 ` duchangbin
2026-01-07 9:29 ` Mauro Carvalho Chehab
2026-01-07 10:42 ` Mauro Carvalho Chehab
2026-01-07 10:54 ` Mauro Carvalho Chehab
2026-01-08 2:58 ` duchangbin
2026-01-08 8:24 ` Mauro Carvalho Chehab
2026-01-08 10:01 ` duchangbin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f1755f03f74e4e4ba8a0a91c9da1a74f@huawei.com \
--to=changbin.du@huawei.com \
--cc=corbet@lwn.net \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mchehab@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox