This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] linux: spawni.c: simplify error reporting to parent
- From: Rich Felker <dalias at libc dot org>
- To: Rasmus Villemoes <rv at rasmusvillemoes dot dk>
- Cc: libc-alpha at sourceware dot org, Florian Weimer <fw at deneb dot enyo dot de>, Adhemerval Zanella <adhemerval dot zanella at linaro dot org>, Joseph Myers <joseph at codesourcery dot com>
- Date: Wed, 28 Sep 2016 10:14:15 -0400
- Subject: Re: [PATCH] linux: spawni.c: simplify error reporting to parent
- Authentication-results: sourceware.org; auth=none
- References: <email@example.com> <firstname.lastname@example.org>
On Tue, Sep 20, 2016 at 11:01:00PM +0200, Rasmus Villemoes wrote:
> Using VFORK already ensures that the parent does not run until the
> child has either exec'ed succesfully or called _exit. Hence we don't
> need to read from a CLOEXEC pipe to ensure proper synchronization - we
> just make explicit use of the fact the the child and parent run in the
> same VM, so the child can write an error code to a field of the
> posix_spawn_args struct instead of sending it through a pipe.
> To ensure that this mechanism really works, the parent initializes the
> field to -1 and the child writes 0 before execing.
> This eliminates some annoying bookkeeping that is necessary to avoid
> the file actions from clobbering the write end of the pipe, and
> getting rid of the pipe creation in the first place means fewer system
> calls (four in the parent, usually one in the child) and fewer
> chanches for the spawn to fail (e.g. if we're close to EMFILE).
This is a bad idea for at least one reason: running under strace seems
to cause vfork _not_ to wait in the parent, leading to stack
clobbering and runaway wrong code execution. I have not tested lately
so I don't have a recipe to reproduce it, but I know this was one of
the motivations for musl's use of a pipe.