From owner-freebsd-bugs@FreeBSD.ORG Thu Dec 4 00:30:02 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2DDEE1065675 for ; Thu, 4 Dec 2008 00:30:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0BAC08FC20 for ; Thu, 4 Dec 2008 00:30:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mB40U1iS098896 for ; Thu, 4 Dec 2008 00:30:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mB40U16H098895; Thu, 4 Dec 2008 00:30:01 GMT (envelope-from gnats) Resent-Date: Thu, 4 Dec 2008 00:30:01 GMT Resent-Message-Id: <200812040030.mB40U16H098895@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Nate Eldredge Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 124D71065672 for ; Thu, 4 Dec 2008 00:27:41 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 0232E8FC20 for ; Thu, 4 Dec 2008 00:27:41 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id mB40Rest094486 for ; Thu, 4 Dec 2008 00:27:40 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id mB40ReG7094485; Thu, 4 Dec 2008 00:27:40 GMT (envelope-from nobody) Message-Id: <200812040027.mB40ReG7094485@www.freebsd.org> Date: Thu, 4 Dec 2008 00:27:40 GMT From: Nate Eldredge To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: bin/129405: tcsh vfork bugs X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Dec 2008 00:30:02 -0000 >Number: 129405 >Category: bin >Synopsis: tcsh vfork bugs >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Dec 04 00:30:00 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Nate Eldredge >Release: 7.0-RELEASE >Organization: >Environment: FreeBSD vulcan.lan 7.0-RELEASE-p5 FreeBSD 7.0-RELEASE-p5 #14: Sun Oct 5 11:20:57 PDT 2008 nate@vulcan.lan:/usr/obj/usr/src/sys/VULCAN amd64 >Description: tcsh has a number of bugs related to its misuse of vfork(). Currently it uses vfork() when starting subshells; under some conditions these subshells may modify global state before exiting or exec'ing. These modifications don't make sense in the parent shell (in some cases they include pointers to the subshell's stack) so various bad things happen when the parent returns. Running tcsh/csh with -F causes it to use fork() instead of vfork(). This is associated with a minor performance penalty, but fixes these problems. The following PRs are presumably related to this problem, since using -F has been reported to cause them to go away. bin/41297 bin/52746 bin/125185 amd64/128259 bin/129378 >How-To-Repeat: See the above mentioned PRs. >Fix: As a workaround, run csh with -F. As a permanent fix, make -F the default. A patch is attached which does this. It was made against 7.0-RELEASE-p5 which uses tcsh 6.15.00 but probably will apply to other versions. I reported this upstream but received no response. Patch attached with submission follows: diff -ur tcsh.orig/sh.c src/contrib/tcsh/sh.c --- tcsh.orig/sh.c 2007-10-16 09:18:39.000000000 -0700 +++ src/contrib/tcsh/sh.c 2008-12-03 16:11:53.000000000 -0800 @@ -89,8 +89,8 @@ int do_logout = 0; #endif /* TESLA */ - -int use_fork = 0; /* use fork() instead of vfork()? */ +/* Using vfork() has several bugs, so use fork() instead */ +int use_fork = 1; /* use fork() instead of vfork()? */ /* * Magic pointer values. Used to specify other invalid conditions aside @@ -908,9 +908,8 @@ case 'F': /* * This will cause children to be created using fork instead of - * vfork. + * vfork. That is now the default, so this has no effect. */ - use_fork = 1; break; case ' ': diff -ur tcsh.orig/tcsh.man src/contrib/tcsh/tcsh.man --- tcsh.orig/tcsh.man 2008-07-10 10:07:27.000000000 -0700 +++ src/contrib/tcsh/tcsh.man 2008-12-03 16:11:36.000000000 -0800 @@ -133,7 +133,8 @@ command hashing, and thus starts faster. .TP 4 .B \-F -The shell uses \fIfork\fR(2) instead of \fIvfork\fR(2) to spawn processes. (+) +The shell uses \fIfork\fR(2) instead of \fIvfork\fR(2) to spawn processes. +This is now the default on FreeBSD so this option has no effect. (+) .TP 4 .B \-i The shell is interactive and prompts for its top-level input, even if >Release-Note: >Audit-Trail: >Unformatted: