Page MenuHomeFreeBSD
Differential D26116

Fix several issues with process group orphanage.
ClosedPublic
Actions

Authored by kib on Aug 18 2020, 8:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Jan 11, 4:22 AM
Unknown Object (File)
Fri, Jan 3, 10:50 PM
Unknown Object (File)
Sat, Dec 21, 12:00 AM
Unknown Object (File)
Nov 30 2024, 1:29 AM
Unknown Object (File)
Nov 19 2024, 3:19 PM
Unknown Object (File)
Oct 26 2024, 7:54 PM
Unknown Object (File)
Oct 20 2024, 3:28 PM
Unknown Object (File)
Oct 3 2024, 8:56 PM
View All 88 Files
Subscribers
emaste
imp
kevans
mjg
pho

Details

Reviewers
jilles
Commits
rS364495: Fix several issues with process group orphanage.
Summary

This started as exploration for the reasons for r361967/r362910 assertion failures. Then Peter Holm was able to narrow down the problem to very easy reproduction with timeout(1) which pointed to the big issue with reaping.

There seems to be a lot of problems with calculation of pg_jobs which directs SIGHUP/SIGCONT delivery for orphaned process group:

  1. Re-calculation of the orphaned status for children of exiting parent was wrong, but mostly unnoticed when all children were reparented to init(8). When child can be reparented to a different process which could affect the child' job control state, it was not properly accounted for in pg_jobc.
  2. Lockless check for exiting process' parent process group is racy because nothing prevents the parent from changing its group membership.
  3. Exited process is left in the process group, until waited. This affects other calculations of pg_jobc.

Split handling of job control status on process changing its process group, and process exiting. Calculate increments and decrements for pg_jobs by exact checking the orphanage instead of assuming process group membership for children and parent. Move the call to killjobc() later under the proctree_lock. Mark exiting process in killjobc() with a new flag P_TREE_GRPEXITED and skip it for all pg_jobc calculations after the flag is set.

Add checker that independently recalculates pg_jobc value and compares it with the memoized process group state. This is enabled under INVARIANTS.

Tested by: pho

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib created this revision.Aug 18 2020, 8:40 PM
Herald added a subscriber: imp. · View Herald TranscriptAug 18 2020, 8:40 PM
kib requested review of this revision.Aug 18 2020, 8:40 PM
Harbormaster completed remote builds in B33059: Diff 75972.Aug 18 2020, 8:40 PM
kib added a subscriber: mjg.Aug 18 2020, 8:41 PM
kevans added a subscriber: kevans.Aug 18 2020, 8:53 PM
kevans added inline comments.
sys/kern/kern_proc.c
689 ↗(On Diff #75972)

These aren't defined for !INVARIANTS builds

emaste added a subscriber: emaste.Aug 18 2020, 8:59 PM
kib updated this revision to Diff 75976.Aug 18 2020, 9:19 PM
kib marked an inline comment as done.

Hide checkers calls under INVARIANTS.

Harbormaster completed remote builds in B33061: Diff 75976.Aug 18 2020, 9:19 PM
jilles accepted this revision.Aug 22 2020, 4:31 PM
jilles added inline comments.
sys/kern/kern_exit.c
436 ↗(On Diff #75976)

This call may unlock and relock proctree_lock, which appears safe at this time but restricts changes that can be made here.

sys/kern/kern_proc.c
865 ↗(On Diff #75976)

typo

This revision is now accepted and ready to land.Aug 22 2020, 4:31 PM
kib marked 2 inline comments as done.Aug 22 2020, 5:20 PM
kib added inline comments.
sys/kern/kern_exit.c
436 ↗(On Diff #75976)

Yes, with the current code there was a race when short-circuiting killjobc, since parent can change its group after or during the check. With this code organization, race should be gone.

I tried to avoid dropping the lock by postponing revoke of the ctty devfs vnode after proctree_lock is dropped, but then it comes in interlock with process lock and then process spinlock till the thread is finally removed from CPU. I do not think it is safe to postpone revoke after exit(2) is signalling children. So I do not see a better code organization.

But I added a comment there.

kib updated this revision to Diff 76088.Aug 22 2020, 5:21 PM
kib marked an inline comment as done.

Add comment about placement of killjobc().
Fix typo.

This revision now requires review to proceed.Aug 22 2020, 5:21 PM
Harbormaster completed remote builds in B33105: Diff 76088.Aug 22 2020, 5:21 PM
This revision was not accepted when it landed; it landed in state Needs Review.Aug 22 2020, 9:32 PM
Closed by commit rS364495: Fix several issues with process group orphanage. (authored by kib). · Explain Why
This revision was automatically updated to reflect the committed changes.
kib added a commit: rS364495: Fix several issues with process group orphanage..
des mentioned this in D27871: Rework jobc handling..Fri, Jan 3, 7:26 PM

Revision Contents
Changeset List

PathSize
head/
sys/
kern/
7 lines
159 lines
sys/
2 lines

Diff 76095

View Options

head/sys/kern/kern_exit.c

Loading...
View Options

head/sys/kern/kern_proc.c

Loading...
View Options

head/sys/sys/proc.h

Loading...