Expect goes crazy... spinning cpu in kill_pgrp

Dave Korn dave.korn.cygwin@googlemail.com
Wed Oct 21 20:08:00 GMT 2009

Dave Korn wrote:

>   I'm experimenting with this.  It's not a full solution, it needs to do
> something a bit cleverer about /proc, but it should avoid the crashes.  

  No, not quite of course: there's still a trival TOCTOU race in, e.g.:

>       _pinfo *p = pids[i];
>       if (!p->exists () || ISSTATE(p, PID_EXECED))
> 	continue;

>       /* Is it a process we want to kill?  */
>       if ((pid == 0 && (p->pgid != myself->pgid || p->ctty != myself->ctty)) ||
> 	  (pid > 1 && p->pgid != pid) ||
> 	  (si.si_signo < 0 && NOTSTATE (p, PID_STOPPED)))
> 	continue;

  Argh.  We could move those data members into the redir stub so it won't
crash if it touches them.  But there are still likely to be race conditions
anyway, e.g. if we decide in that if() condition to kill the pid, then it
might still go to state PID_EXECED between the if() and when kill() gets to do
its stuff anyway.  Hmm.


