From nobody Sat Jul 12 09:29:57 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1507579942234620.1811385112251; Mon, 9 Oct 2017 13:12:22 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 919CE356F5; Mon, 9 Oct 2017 20:12:20 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5DDB577703; Mon, 9 Oct 2017 20:12:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id AD0F4410B3; Mon, 9 Oct 2017 20:12:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v99JFEc8008155 for ; Mon, 9 Oct 2017 15:15:14 -0400 Received: by smtp.corp.redhat.com (Postfix) id 814EA61B7B; Mon, 9 Oct 2017 19:15:14 +0000 (UTC) Received: from mx1.redhat.com (ext-mx06.extmail.prod.ext.phx2.redhat.com [10.5.110.30]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7CC24179F8 for ; Mon, 9 Oct 2017 19:15:12 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C97B8356DA for ; Mon, 9 Oct 2017 19:15:10 +0000 (UTC) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id v99J9dqi035670 for ; Mon, 9 Oct 2017 15:15:10 -0400 Received: from e06smtp14.uk.ibm.com (e06smtp14.uk.ibm.com [195.75.94.110]) by mx0b-001b2d01.pphosted.com with ESMTP id 2dg9k4kfj1-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Mon, 09 Oct 2017 15:15:10 -0400 Received: from localhost by e06smtp14.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 9 Oct 2017 20:15:08 +0100 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp14.uk.ibm.com (192.168.101.144) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 9 Oct 2017 20:15:07 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v99JF6BE20381902; Mon, 9 Oct 2017 19:15:06 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 57BFB11C052; Mon, 9 Oct 2017 20:10:42 +0100 (BST) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3365F11C050; Mon, 9 Oct 2017 20:10:42 +0100 (BST) Received: from marc-ibm.boeblingen.de.ibm.com (unknown [9.152.224.184]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 9 Oct 2017 20:10:42 +0100 (BST) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 919CE356F5 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 919CE356F5 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com C97B8356DA Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=none smtp.mailfrom=mhartmay@linux.vnet.ibm.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com C97B8356DA From: Marc Hartmayer To: Libvirt Mailing List Date: Mon, 9 Oct 2017 21:14:56 +0200 In-Reply-To: <20171009191458.17685-1-mhartmay@linux.vnet.ibm.com> References: <20171009191458.17685-1-mhartmay@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 17100919-0016-0000-0000-000004F408D7 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17100919-0017-0000-0000-0000282F0954 Message-Id: <20171009191458.17685-3-mhartmay@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-10-09_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=2 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1710090278 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 205 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Mon, 09 Oct 2017 19:15:11 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Mon, 09 Oct 2017 19:15:11 +0000 (UTC) for IP:'148.163.158.5' DOMAIN:'mx0b-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'mhartmay@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.72 (RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL) 148.163.158.5 mx0b-001b2d01.pphosted.com 148.163.158.5 mx0b-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.30 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Cc: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= , Marc Hartmayer Subject: [libvirt] [RFC PATCH 2/4] util: Fix deadlock across fork() X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Mon, 09 Oct 2017 20:12:21 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This commit fixes the deadlock introduced by commit 0980764dee687e8da86dc410c351759867163389. The call getgrouplist() of the glibc library isn't safe to be called in between fork and exec (see commit 75c125641ac73473ba4b0542524d67a184769c8e). Signed-off-by: Marc Hartmayer Fixes: 0980764dee68 ("util: share code between virExec and virCommandExec") Reviewed-by: Bjoern Walk Reviewed-by: Boris Fiuczynski --- src/lxc/lxc_container.c | 12 +++++++++++- src/util/vircommand.c | 25 ++++++++++++++----------- src/util/vircommand.h | 2 +- tests/commandtest.c | 15 ++++++++++----- 4 files changed, 36 insertions(+), 18 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index ec6d6a86b0b6..1f220c602b0a 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -2182,6 +2182,8 @@ static int lxcContainerChild(void *data) virDomainFSDefPtr root; virCommandPtr cmd =3D NULL; int hasReboot; + gid_t *groups =3D NULL; + int ngroups; =20 if (NULL =3D=3D vmDef) { virReportError(VIR_ERR_INTERNAL_ERROR, @@ -2297,6 +2299,13 @@ static int lxcContainerChild(void *data) goto cleanup; } =20 + /* TODO is it safe to call it here or should this call be moved in + * front of the clone() as otherwise there might be a risk for a + * deadlock */ + if ((ngroups =3D virGetGroupList(virCommandGetUID(cmd), virCommandGetG= ID(cmd), + &groups)) < 0) + goto cleanup; + ret =3D 0; cleanup: VIR_FREE(ttyPath); @@ -2307,7 +2316,7 @@ static int lxcContainerChild(void *data) if (ret =3D=3D 0) { VIR_DEBUG("Executing init binary"); /* this function will only return if an error occurred */ - ret =3D virCommandExec(cmd); + ret =3D virCommandExec(cmd, groups, ngroups); } =20 if (ret !=3D 0) { @@ -2317,6 +2326,7 @@ static int lxcContainerChild(void *data) virGetLastErrorMessage()); } =20 + VIR_FREE(groups); virCommandFree(cmd); return ret; } diff --git a/src/util/vircommand.c b/src/util/vircommand.c index fba73ca18eac..41a61da49f82 100644 --- a/src/util/vircommand.c +++ b/src/util/vircommand.c @@ -465,15 +465,10 @@ virCommandHandshakeChild(virCommandPtr cmd) } =20 static int -virExecCommon(virCommandPtr cmd) +virExecCommon(virCommandPtr cmd, gid_t *groups, int ngroups) { - gid_t *groups =3D NULL; - int ngroups; int ret =3D -1; =20 - if ((ngroups =3D virGetGroupList(cmd->uid, cmd->gid, &groups)) < 0) - goto cleanup; - if (cmd->uid !=3D (uid_t)-1 || cmd->gid !=3D (gid_t)-1 || cmd->capabilities || (cmd->flags & VIR_EXEC_CLEAR_CAPS)) { VIR_DEBUG("Setting child uid:gid to %d:%d with caps %llx", @@ -495,7 +490,6 @@ virExecCommon(virCommandPtr cmd) ret =3D 0; =20 cleanup: - VIR_FREE(groups); return ret; } =20 @@ -519,6 +513,8 @@ virExec(virCommandPtr cmd) const char *binary =3D NULL; int ret; struct sigaction waxon, waxoff; + gid_t *groups =3D NULL; + int ngroups; =20 if (cmd->args[0][0] !=3D '/') { if (!(binary =3D binarystr =3D virFindFileInPath(cmd->args[0]))) { @@ -589,6 +585,9 @@ virExec(virCommandPtr cmd) childerr =3D null; } =20 + if ((ngroups =3D virGetGroupList(cmd->uid, cmd->gid, &groups)) < 0) + goto cleanup; + pid =3D virFork(); =20 if (pid < 0) @@ -756,7 +755,7 @@ virExec(virCommandPtr cmd) } # endif =20 - if (virExecCommon(cmd) < 0) + if (virExecCommon(cmd, groups, ngroups) < 0) goto fork_error; =20 if (virCommandHandshakeChild(cmd) < 0) @@ -799,6 +798,7 @@ virExec(virCommandPtr cmd) should never jump here on error */ =20 VIR_FREE(binarystr); + VIR_FREE(groups); =20 /* NB we don't virReportError() on any failures here because the code which jumped here already raised @@ -2167,6 +2167,8 @@ virCommandProcessIO(virCommandPtr cmd) /** * virCommandExec: * @cmd: command to run + * @groups: array of supplementary group IDs used for the command + * @ngroups: number of group IDs in @groups * * Exec the command, replacing the current process. Meant to be called * in the hook after already forking / cloning, so does not attempt to @@ -2176,7 +2178,7 @@ virCommandProcessIO(virCommandPtr cmd) * Will not return on success. */ #ifndef WIN32 -int virCommandExec(virCommandPtr cmd) +int virCommandExec(virCommandPtr cmd, gid_t *groups, int ngroups) { if (!cmd ||cmd->has_error =3D=3D ENOMEM) { virReportOOMError(); @@ -2188,7 +2190,7 @@ int virCommandExec(virCommandPtr cmd) return -1; } =20 - if (virExecCommon(cmd) < 0) + if (virExecCommon(cmd, groups, ngroups) < 0) return -1; =20 execve(cmd->args[0], cmd->args, cmd->env); @@ -2199,7 +2201,8 @@ int virCommandExec(virCommandPtr cmd) return -1; } #else -int virCommandExec(virCommandPtr cmd ATTRIBUTE_UNUSED) +int virCommandExec(virCommandPtr cmd ATTRIBUTE_UNUSED, gid_t *groups ATTRI= BUTE_UNUSED, + int ngroups ATTRIBUTE_UNUSED) { /* Mingw execve() has a broken signature. Disable this * function until gnulib fixes the signature, since we diff --git a/src/util/vircommand.h b/src/util/vircommand.h index b401d7b238d7..d59278cf5f6c 100644 --- a/src/util/vircommand.h +++ b/src/util/vircommand.h @@ -173,7 +173,7 @@ void virCommandWriteArgLog(virCommandPtr cmd, =20 char *virCommandToString(virCommandPtr cmd) ATTRIBUTE_RETURN_CHECK; =20 -int virCommandExec(virCommandPtr cmd) ATTRIBUTE_RETURN_CHECK; +int virCommandExec(virCommandPtr cmd, gid_t *groups, int ngroups) ATTRIBUT= E_RETURN_CHECK; =20 int virCommandRun(virCommandPtr cmd, int *exitstatus) ATTRIBUTE_RETURN_CHECK; diff --git a/tests/commandtest.c b/tests/commandtest.c index 1f6f16bcde73..7d73f638a2e2 100644 --- a/tests/commandtest.c +++ b/tests/commandtest.c @@ -1070,6 +1070,9 @@ static int test25(const void *unused ATTRIBUTE_UNUSED) int rv =3D 0; ssize_t tries =3D 100; pid_t pid; + gid_t *groups =3D NULL; + int ngroups; + virCommandPtr cmd =3D virCommandNew("some/nonexistent/binary"); =20 if (pipe(pipeFD) < 0) { fprintf(stderr, "Unable to create pipe\n"); @@ -1081,6 +1084,10 @@ static int test25(const void *unused ATTRIBUTE_UNUSE= D) goto cleanup; } =20 + if ((ngroups =3D virGetGroupList(virCommandGetUID(cmd), virCommandGetG= ID(cmd), + &groups)) < 0) + goto cleanup; + /* Now, fork and try to exec a nonexistent binary. */ pid =3D virFork(); if (pid < 0) { @@ -1090,11 +1097,7 @@ static int test25(const void *unused ATTRIBUTE_UNUSE= D) =20 if (pid =3D=3D 0) { /* Child */ - virCommandPtr cmd =3D virCommandNew("some/nonexistent/binary"); - - rv =3D virCommandExec(cmd); - - virCommandFree(cmd); + rv =3D virCommandExec(cmd, groups, ngroups); =20 if (safewrite(pipeFD[1], &rv, sizeof(rv)) < 0) fprintf(stderr, "Unable to write to pipe\n"); @@ -1129,6 +1132,8 @@ static int test25(const void *unused ATTRIBUTE_UNUSED) cleanup: VIR_FORCE_CLOSE(pipeFD[0]); VIR_FORCE_CLOSE(pipeFD[1]); + VIR_FREE(groups); + virCommandFree(cmd); return ret; } =20 --=20 2.5.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list