This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] [BZ #18433] Check file access/existence before forking.
- From: Zack Weinberg <zackw at panix dot com>
- To: Szabolcs Nagy <szabolcs dot nagy at arm dot com>
- Cc: Florian Weimer <fweimer at redhat dot com>, navid Rahimi <rahimi dot nv at gmail dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Fri, 18 Sep 2015 12:52:21 -0400
- Subject: Re: [PATCH] [BZ #18433] Check file access/existence before forking.
- Authentication-results: sourceware.org; auth=none
- References: <55F19819 dot 3010601 at gmail dot com> <ACDB9D4B-30B6-46C1-9286-5F03594CEACC at panix dot com> <CAOUBrm3oeUVDM-q4VFP08gjEkD2UFaz0Xfq1oGBW+m76rDRu+A at mail dot gmail dot com> <CAKCAbMiYkywWeSiJ5jkH7r8eYMSOWFmYDsjEN3k5ZaTPEeJGXw at mail dot gmail dot com> <55F29C54 dot 5010809 at redhat dot com> <CAKCAbMgoVi6MygLG+7Higntpvum+LC4Z5gBH7CgO+iiFvfCLTA at mail dot gmail dot com> <55F6D3F4 dot 3080703 at arm dot com> <20150915220207 dot GC20252 at vapier dot lan> <55F929B4 dot 3080303 at arm dot com>
On Wed, Sep 16, 2015 at 4:35 AM, Szabolcs Nagy <szabolcs.nagy@arm.com> wrote:
> On 15/09/15 23:02, Mike Frysinger wrote:
>> On 14 Sep 2015 15:04, Szabolcs Nagy wrote:
>>> On 11/09/15 22:01, Zack Weinberg wrote:
>>>> On Fri, Sep 11, 2015 at 5:18 AM, Florian Weimer wrote:
>>>>> We need to move people off fork and clone to posix_spawn. If it is
>>>>> missing functionality, we should add it.
>>>>
>>>> ... I honestly have no idea why you say that.
>>>
>>> because fork has issues [...]
>>
>> how does posix_spawn magically fix these things ? it still calls
>> fork internally [...]
>
> the api is such that user code is not run with a copy of the
> address space in the child so an implementation without fork
> is possible (that's the point of this api). [...] (of course the kinds
> of actions before exec are limited by the api so it's not always
> useful/simple).
So that means migrating to posix_spawn doesn't fix anything until a
better kernel API exists, so developer effort should go into _that_,
and then applications should migrate directly to the new kernel API,
not to posix_spawn.
(I actually have a design sketched out in my head; unfortunately I
have neither the time nor the kernel programming experience to get it
done. The fundamental idea is a new process state, "egg," in which
the process has a PID and a task_struct assigned but does not have an
address space and cannot execute instructions. There are a bunch of
new system calls to set the kernel state of an egg -- open file
descriptors and the like -- and a modified execve() that loads a
program into an egg and sets it going.)
zw