2 fork on steroids to avoid SIGCHLD and waitpid
4 Copyright (C) Stefan Metzmacher 2010
5 Copyright (C) Ralph Boehme 2017
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "system/wait.h"
23 #include "system/filesys.h"
24 #include "system/network.h"
25 #include "lib/util/samba_util.h"
26 #include "lib/util/sys_rw.h"
27 #include "lib/util/tfork.h"
28 #include "lib/util/debug.h"
40 * This is how the process hierarchy looks like:
61 #ifdef HAVE_VALGRIND_HELGRIND_H
62 #include <valgrind/helgrind.h>
64 #ifndef ANNOTATE_BENIGN_RACE_SIZED
65 #define ANNOTATE_BENIGN_RACE_SIZED(obj, size, description)
68 #define TFORK_ANNOTATE_BENIGN_RACE(obj) \
69 ANNOTATE_BENIGN_RACE_SIZED( \
70 (obj), sizeof(*(obj)), \
71 "no race, serialized by tfork_[un]install_sigchld_handler");
74 * The resulting (private) state per tfork_create() call, returned as a opaque
75 * handle to the caller.
79 * This is returned to the caller with tfork_event_fd()
84 * This is used in the caller by tfork_status() to read the worker exit
85 * status and to tell the waiter to exit by closing the fd.
94 * Internal per-thread state maintained while inside tfork.
104 * A global state that synchronizes access to handling SIGCHLD and waiting for
107 struct tfork_signal_state
{
112 pthread_mutex_t mutex
;
116 * pid of the waiter child. This points at waiter_pid in either struct
117 * tfork or struct tfork_state, depending on who called
118 * tfork_install_sigchld_handler().
120 * When tfork_install_sigchld_handler() is called the waiter_pid is
121 * still -1 and only set later after fork(), that's why this is must be
122 * a pointer. The signal handler checks this.
126 struct sigaction oldact
;
130 static struct tfork_signal_state signal_state
;
133 static pthread_once_t tfork_global_is_initialized
= PTHREAD_ONCE_INIT
;
134 static pthread_key_t tfork_global_key
;
136 static struct tfork_state
*global_state
;
139 static void tfork_sigchld_handler(int signum
, siginfo_t
*si
, void *p
);
142 static void tfork_global_destructor(void *state
)
144 anonymous_shared_free(state
);
148 static int tfork_acquire_sighandling(void)
153 ret
= pthread_mutex_lock(&signal_state
.mutex
);
158 while (!signal_state
.available
) {
159 ret
= pthread_cond_wait(&signal_state
.cond
,
160 &signal_state
.mutex
);
166 signal_state
.available
= false;
168 ret
= pthread_mutex_unlock(&signal_state
.mutex
);
177 static int tfork_release_sighandling(void)
182 ret
= pthread_mutex_lock(&signal_state
.mutex
);
187 signal_state
.available
= true;
189 ret
= pthread_cond_signal(&signal_state
.cond
);
191 pthread_mutex_unlock(&signal_state
.mutex
);
195 ret
= pthread_mutex_unlock(&signal_state
.mutex
);
205 static void tfork_atfork_prepare(void)
209 ret
= pthread_mutex_lock(&signal_state
.mutex
);
213 static void tfork_atfork_parent(void)
217 ret
= pthread_mutex_unlock(&signal_state
.mutex
);
222 static void tfork_atfork_child(void)
227 ret
= pthread_mutex_unlock(&signal_state
.mutex
);
230 ret
= pthread_key_delete(tfork_global_key
);
233 ret
= pthread_key_create(&tfork_global_key
, tfork_global_destructor
);
237 * There's no data race on the cond variable from the signal state, we
238 * are writing here, but there are no readers yet. Some data race
239 * detection tools report a race, but the readers are in the parent
242 TFORK_ANNOTATE_BENIGN_RACE(&signal_state
.cond
);
245 * There's no way to destroy a condition variable if there are waiters,
246 * pthread_cond_destroy() will return EBUSY. Just zero out memory and
247 * then initialize again. This is not backed by POSIX but should be ok.
249 ZERO_STRUCT(signal_state
.cond
);
250 ret
= pthread_cond_init(&signal_state
.cond
, NULL
);
254 if (signal_state
.pid
!= NULL
) {
256 ret
= sigaction(SIGCHLD
, &signal_state
.oldact
, NULL
);
260 ret
= pthread_sigmask(SIG_SETMASK
, &signal_state
.oldset
, NULL
);
262 ret
= sigprocmask(SIG_SETMASK
, &signal_state
.oldset
, NULL
);
266 signal_state
.pid
= NULL
;
269 signal_state
.available
= true;
272 static void tfork_global_initialize(void)
277 pthread_atfork(tfork_atfork_prepare
,
281 ret
= pthread_key_create(&tfork_global_key
, tfork_global_destructor
);
284 ret
= pthread_mutex_init(&signal_state
.mutex
, NULL
);
287 ret
= pthread_cond_init(&signal_state
.cond
, NULL
);
291 * In a threaded process there's no data race on t->waiter_pid as
292 * we're serializing globally via tfork_acquire_sighandling() and
293 * tfork_release_sighandling().
295 TFORK_ANNOTATE_BENIGN_RACE(&signal_state
.pid
);
298 signal_state
.available
= true;
301 static struct tfork_state
*tfork_global_get(void)
303 struct tfork_state
*state
= NULL
;
309 state
= (struct tfork_state
*)pthread_getspecific(tfork_global_key
);
311 state
= global_state
;
317 state
= (struct tfork_state
*)anonymous_shared_allocate(
318 sizeof(struct tfork_state
));
324 ret
= pthread_setspecific(tfork_global_key
, state
);
326 anonymous_shared_free(state
);
333 static void tfork_global_free(void)
335 struct tfork_state
*state
= NULL
;
341 state
= (struct tfork_state
*)pthread_getspecific(tfork_global_key
);
343 state
= global_state
;
350 ret
= pthread_setspecific(tfork_global_key
, NULL
);
355 anonymous_shared_free(state
);
359 * Only one thread at a time is allowed to handle SIGCHLD signals
361 static int tfork_install_sigchld_handler(pid_t
*pid
)
364 struct sigaction act
;
367 ret
= tfork_acquire_sighandling();
372 assert(signal_state
.pid
== NULL
);
373 signal_state
.pid
= pid
;
375 act
= (struct sigaction
) {
376 .sa_sigaction
= tfork_sigchld_handler
,
377 .sa_flags
= SA_SIGINFO
,
380 ret
= sigaction(SIGCHLD
, &act
, &signal_state
.oldact
);
386 sigaddset(&set
, SIGCHLD
);
388 ret
= pthread_sigmask(SIG_UNBLOCK
, &set
, &signal_state
.oldset
);
390 ret
= sigprocmask(SIG_UNBLOCK
, &set
, &signal_state
.oldset
);
399 static int tfork_uninstall_sigchld_handler(void)
403 signal_state
.pid
= NULL
;
405 ret
= sigaction(SIGCHLD
, &signal_state
.oldact
, NULL
);
411 ret
= pthread_sigmask(SIG_SETMASK
, &signal_state
.oldset
, NULL
);
413 ret
= sigprocmask(SIG_SETMASK
, &signal_state
.oldset
, NULL
);
419 ret
= tfork_release_sighandling();
427 static void tfork_sigchld_handler(int signum
, siginfo_t
*si
, void *p
)
429 if ((signal_state
.pid
!= NULL
) &&
430 (*signal_state
.pid
!= -1) &&
431 (si
->si_pid
== *signal_state
.pid
))
437 * Not our child, forward to old handler
439 if (signal_state
.oldact
.sa_flags
& SA_SIGINFO
) {
440 signal_state
.oldact
.sa_sigaction(signum
, si
, p
);
444 if (signal_state
.oldact
.sa_handler
== SIG_IGN
) {
447 if (signal_state
.oldact
.sa_handler
== SIG_DFL
) {
450 signal_state
.oldact
.sa_handler(signum
);
453 static pid_t
tfork_start_waiter_and_worker(struct tfork_state
*state
,
458 int status_sp_caller_fd
= -1;
459 int status_sp_waiter_fd
= -1;
460 int event_pipe_caller_fd
= -1;
461 int event_pipe_waiter_fd
= -1;
462 int ready_pipe_caller_fd
= -1;
463 int ready_pipe_worker_fd
= -1;
479 ret
= socketpair(AF_UNIX
, SOCK_STREAM
, 0, p
);
483 set_close_on_exec(p
[0]);
484 set_close_on_exec(p
[1]);
485 status_sp_caller_fd
= p
[0];
486 status_sp_waiter_fd
= p
[1];
490 close(status_sp_caller_fd
);
491 close(status_sp_waiter_fd
);
494 set_close_on_exec(p
[0]);
495 set_close_on_exec(p
[1]);
496 event_pipe_caller_fd
= p
[0];
497 event_pipe_waiter_fd
= p
[1];
502 close(status_sp_caller_fd
);
503 close(status_sp_waiter_fd
);
504 close(event_pipe_caller_fd
);
505 close(event_pipe_waiter_fd
);
508 set_close_on_exec(p
[0]);
509 set_close_on_exec(p
[1]);
510 ready_pipe_worker_fd
= p
[0];
511 ready_pipe_caller_fd
= p
[1];
515 close(status_sp_caller_fd
);
516 close(status_sp_waiter_fd
);
517 close(event_pipe_caller_fd
);
518 close(event_pipe_waiter_fd
);
519 close(ready_pipe_caller_fd
);
520 close(ready_pipe_worker_fd
);
527 * In a threaded process there's no data race on
528 * state->waiter_pid as we're serializing globally via
529 * tfork_acquire_sighandling() and tfork_release_sighandling().
531 TFORK_ANNOTATE_BENIGN_RACE(&state
->waiter_pid
);
533 state
->waiter_pid
= pid
;
535 close(status_sp_waiter_fd
);
536 close(event_pipe_waiter_fd
);
537 close(ready_pipe_worker_fd
);
539 set_blocking(event_pipe_caller_fd
, false);
542 * wait for the waiter to get ready.
544 nread
= sys_read(status_sp_caller_fd
, &c
, sizeof(char));
545 if (nread
!= sizeof(char)) {
550 * Notify the worker to start.
552 nwritten
= sys_write(ready_pipe_caller_fd
,
553 &(char){0}, sizeof(char));
554 if (nwritten
!= sizeof(char)) {
555 close(ready_pipe_caller_fd
);
558 close(ready_pipe_caller_fd
);
560 *_event_fd
= event_pipe_caller_fd
;
561 *_status_fd
= status_sp_caller_fd
;
567 /* cleanup sigchld_handler */
568 tfork_atfork_child();
572 * The "waiter" child.
574 setproctitle("tfork waiter process");
575 CatchSignal(SIGCHLD
, SIG_DFL
);
577 close(status_sp_caller_fd
);
578 close(event_pipe_caller_fd
);
579 close(ready_pipe_caller_fd
);
583 state
->waiter_errno
= errno
;
591 close(status_sp_waiter_fd
);
592 close(event_pipe_waiter_fd
);
595 * Wait for the caller to give us a go!
597 nread
= sys_read(ready_pipe_worker_fd
, &c
, sizeof(char));
598 if (nread
!= sizeof(char)) {
601 close(ready_pipe_worker_fd
);
605 state
->worker_pid
= pid
;
607 close(ready_pipe_worker_fd
);
610 * We're going to stay around until child2 exits, so lets close all fds
611 * other then the pipe fd we may have inherited from the caller.
613 * Dup event_sp_waiter_fd and status_sp_waiter_fd onto fds 0 and 1 so we
614 * can then call closefrom(2).
616 if (event_pipe_waiter_fd
> 0) {
619 if (status_sp_waiter_fd
== 0) {
624 fd
= dup2(event_pipe_waiter_fd
, dup_fd
);
625 } while ((fd
== -1) && (errno
== EINTR
));
627 state
->waiter_errno
= errno
;
628 kill(state
->worker_pid
, SIGKILL
);
629 state
->worker_pid
= -1;
632 event_pipe_waiter_fd
= fd
;
635 if (status_sp_waiter_fd
> 1) {
637 fd
= dup2(status_sp_waiter_fd
, 1);
638 } while ((fd
== -1) && (errno
== EINTR
));
640 state
->waiter_errno
= errno
;
641 kill(state
->worker_pid
, SIGKILL
);
642 state
->worker_pid
= -1;
645 status_sp_waiter_fd
= fd
;
650 /* Tell the caller we're ready */
651 nwritten
= sys_write(status_sp_waiter_fd
, &(char){0}, sizeof(char));
652 if (nwritten
!= sizeof(char)) {
660 ret
= waitpid(pid
, &status
, 0);
661 } while ((ret
== -1) && (errno
== EINTR
));
668 * This writes the worker child exit status via our internal socketpair
669 * so the tfork_status() implementation can read it from its end.
671 nwritten
= sys_write(status_sp_waiter_fd
, &status
, sizeof(status
));
672 if (nwritten
== -1) {
673 if (errno
!= EPIPE
&& errno
!= ECONNRESET
) {
677 * The caller exitted and didn't call tfork_status().
681 if (nwritten
!= sizeof(status
)) {
686 * This write to the event_fd returned by tfork_event_fd() and notifies
687 * the caller that the worker child is done and he may now call
690 nwritten
= sys_write(event_pipe_waiter_fd
, &(char){0}, sizeof(char));
691 if (nwritten
!= sizeof(char)) {
696 * Wait for our parent (the process that called tfork_create()) to
697 * close() the socketpair fd in tfork_status().
699 * Again, the caller might have exitted without calling tfork_status().
701 nread
= sys_read(status_sp_waiter_fd
, &c
, 1);
703 if (errno
== EPIPE
|| errno
== ECONNRESET
) {
715 static int tfork_create_reap_waiter(pid_t waiter_pid
)
720 if (waiter_pid
== -1) {
724 kill(waiter_pid
, SIGKILL
);
727 pid
= waitpid(waiter_pid
, &waiter_status
, 0);
728 } while ((pid
== -1) && (errno
== EINTR
));
729 assert(pid
== waiter_pid
);
734 struct tfork
*tfork_create(void)
736 struct tfork_state
*state
= NULL
;
737 struct tfork
*t
= NULL
;
743 ret
= pthread_once(&tfork_global_is_initialized
,
744 tfork_global_initialize
);
749 tfork_global_initialize();
752 state
= tfork_global_get();
756 *state
= (struct tfork_state
) {
758 .waiter_errno
= ECANCELED
,
762 t
= malloc(sizeof(struct tfork
));
768 *t
= (struct tfork
) {
775 ret
= tfork_install_sigchld_handler(&state
->waiter_pid
);
780 pid
= tfork_start_waiter_and_worker(state
,
795 * In a threaded process there's no data race on t->waiter_pid as
796 * we're serializing globally via tfork_acquire_sighandling() and
797 * tfork_release_sighandling().
799 TFORK_ANNOTATE_BENIGN_RACE(&t
->waiter_pid
);
802 t
->worker_pid
= state
->worker_pid
;
809 if (t
->status_fd
!= -1) {
812 if (t
->event_fd
!= -1) {
816 ret
= tfork_create_reap_waiter(state
->waiter_pid
);
824 ret
= tfork_uninstall_sigchld_handler();
835 pid_t
tfork_child_pid(const struct tfork
*t
)
837 return t
->worker_pid
;
840 int tfork_event_fd(struct tfork
*t
)
842 int fd
= t
->event_fd
;
844 assert(t
->event_fd
!= -1);
850 int tfork_status(struct tfork
**_t
, bool wait
)
852 struct tfork
*t
= *_t
;
864 set_blocking(t
->status_fd
, true);
866 nread
= sys_read(t
->status_fd
, &status
, sizeof(int));
868 set_blocking(t
->status_fd
, false);
870 nread
= read(t
->status_fd
, &status
, sizeof(int));
872 ((errno
== EAGAIN
) || (errno
== EWOULDBLOCK
) || errno
== EINTR
)) {
877 if (nread
!= sizeof(int)) {
881 ret
= tfork_install_sigchld_handler(&t
->waiter_pid
);
887 * This triggers process exit in the waiter.
888 * We write to the fd as well as closing it, as any tforked sibling
889 * processes will also have the writable end of this socket open.
894 nwritten
= sys_write(t
->status_fd
, &(char){0}, sizeof(char));
895 if (nwritten
!= sizeof(char)) {
903 pid
= waitpid(t
->waiter_pid
, &waiter_status
, 0);
904 } while ((pid
== -1) && (errno
== EINTR
));
905 assert(pid
== t
->waiter_pid
);
907 if (t
->event_fd
!= -1) {
916 ret
= tfork_uninstall_sigchld_handler();
922 int tfork_destroy(struct tfork
**_t
)
924 struct tfork
*t
= *_t
;
932 kill(t
->worker_pid
, SIGKILL
);
934 ret
= tfork_status(_t
, true);