Date: Fri, 10 Aug 2012 10:16:04 +0800 From: David Xu <davidxu@freebsd.org> To: Jilles Tjoelker <jilles@stack.nl> Cc: Konstantin Belousov <kostikbel@gmail.com>, freebsd-hackers@freebsd.org Subject: Re: system() using vfork() or posix_spawn() and libthr Message-ID: <50246EE4.9090409@freebsd.org> In-Reply-To: <20120809105648.GA79814@stack.nl> References: <20120730102408.GA19983@stack.nl> <20120730105303.GU2676@deviant.kiev.zoral.com.ua> <20120805215432.GA28704@stack.nl> <20120806082535.GI2676@deviant.kiev.zoral.com.ua> <20120809105648.GA79814@stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2012/08/09 18:56, Jilles Tjoelker wrote: > On Mon, Aug 06, 2012 at 11:25:35AM +0300, Konstantin Belousov wrote: >> On Sun, Aug 05, 2012 at 11:54:32PM +0200, Jilles Tjoelker wrote: >>> On Mon, Jul 30, 2012 at 01:53:03PM +0300, Konstantin Belousov wrote: >>>> On Mon, Jul 30, 2012 at 12:24:08PM +0200, Jilles Tjoelker wrote: >>>>> People sometimes use system() from large address spaces where it would >>>>> improve performance greatly to use vfork() instead of fork(). > >>>>> A simple approach is to change fork() to vfork(), although I have not >>>>> tried this. It seems safe enough to use sigaction and sigprocmask system >>>>> calls in the vforked process. > >>>>> Alternatively, we can have posix_spawn() do the vfork() with signal >>>>> changes. This avoids possible whining from compilers and static >>>>> analyzers about using vfork() in system.c. However, I do not like the >>>>> tricky code for signals and that it adds lines of code. > >>>>> This is lightly tested. > >>>> It is interesting to note that for some time our vfork(2) no longer >>>> stops the whole forked process (parent), only the forking thread is >>>> waiting for the child exit or exec. I am not sure is this point >>>> important for system(3), but determined code can notice the difference >>>> from the fork->vfork switch. > >>> Neither fork nor vfork call thread_single(SINGLE_BOUNDARY), so this is >>> not a difference. >> It is the difference, because vforked child shares parent address space. > >>> Thread singling may be noticeable from a failing execve() (but only in >>> the process doing execve()) and in the rare case of rfork() without >>> RFPROC. > >> No, other running threads in parent affect vforked child till exec or exit. >> In fact, I would classify this as bug, but not a serious one. > > There are some ugly ways this parallel execution is depended on. If the > vforked child calls sigaction() while another thread is also in > sigaction() for that signal, the vforked child needs to wait for the > other thread to release the lock. > > This uses a per-process lock to synchronize threads in different > processes, which may not work properly. > > If the vforked child is killed (such as by SIGKILL) while holding the > lock, the parent is not killed but its _thr_sigact is damaged. > > These problems could be avoided in libthr by skipping the lock in > _sigaction() if a signal action is being set to SIG_DFL or SIG_IGN and > the old action is not queried. In those cases, _thr_sigact is not > touched so no lock is required. This change also helps applications, > provided they call sigaction() and not signal(). > > Alternatively, posix_spawn() and system() could use the sigaction system > call directly, bypassing libthr (if present). However, this will not > help applications that call vfork() and sigaction() themselves (such as > a shell that wants to implement ...& using vfork()). > > posix_spawn() likely still needs some adjustment so that having it reset > all signals (sigfillset()) to the default action will not cause it to > [EINVAL] because libthr does not allow changing SIGTHR's disposition. > > Index: lib/libthr/thread/thr_sig.c > =================================================================== > --- lib/libthr/thread/thr_sig.c (revision 238970) > +++ lib/libthr/thread/thr_sig.c (working copy) > @@ -519,8 +519,16 @@ > return (-1); > } > > - if (act) > + if (act) { > newact = *act; > + /* > + * Short-circuit cases where we do not touch _thr_sigact. > + * This allows performing these safely in a vforked child. > + */ > + if ((newact.sa_handler == SIG_DFL || > + newact.sa_handler == SIG_IGN)&& oact == NULL) > + return (__sys_sigaction(sig,&newact, NULL)); > + } > > __sys_sigprocmask(SIG_SETMASK,&_thr_maskset,&oldset); > _thr_rwl_wrlock(&_thr_sigact[sig-1].lock); > Your patch is better than nothing, I don't object. The problem is visble to you, but there is also invisible user - rtld. If a symbol is never used in parent process, but now it is used in a vforked child, the rtld will be involved, if the child is killed, the rtld's data structure may be in inconsistent state, such as locking or link list etcs... I think this problem might be a non-fixable problem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50246EE4.9090409>