[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID:
<BY5PR07MB71267C4226724F7C3554EEE1C1F12@BY5PR07MB7126.namprd07.prod.outlook.com>
Date: Fri, 7 Feb 2025 00:29:00 +0000
From: "Zhu, Yifan" <yzhu104@...Rochester.edu>
To: Matthew Parkinson <mattpark@...rosoft.com>,
"libc-coord@...ts.openwall.com" <libc-coord@...ts.openwall.com>
Subject: Re: [EXT] pthread_atfork concurrent semantics
Although wordings in POSIX “kind of” discourage the use of pthread_atfork, I still think this is an issue to be addressed.
Notice that all post-fork operations can be made conforming async-signal-safety. Moreover, the fork itself is not concurrently executed.
Hence, I think this should be a supported situation and the deadlock should be treated as a bug?
Best,
Yifan
Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: Matthew Parkinson <mattpark@...rosoft.com>
Sent: Wednesday, February 5, 2025 5:47:25 PM
To: libc-coord@...ts.openwall.com <libc-coord@...ts.openwall.com>
Cc: Zhu, Yifan <yzhu104@...Rochester.edu>
Subject: [EXT] pthread_atfork concurrent semantics
Hi all,
I have been looking at using pthread_atfork to make snmalloc fork safe, however, I am unsure on the semantics in the concurrent setting, and there are differences in the implementations of libc. Yifan Zhu suggested I post the issue here.
Consider the following scenario with two threads: one is performing a fork, and the other is performing a pthread_atfork. If pthread_atfork returns, should you be guaranteed that the forking thread will execute the atfork handler?
I want this kind of pattern to use a Singleton pattern to install the pthread_atfork on first use, but that requires that pthread_atfork returning to ensure that the handler being install in parallel with a fork, then the fork will use the handler.
I have a small example here:
```
std::mutex m;
void prefork_for_m() {
m.lock();
}
void postfork_for_m() {
m.unlock();
}
void slow_prefork()
{
// Make prefork take a long time to encourage a race
// with a call to pthread_atfork
std::this_thread::sleep_for(std::chrono::milliseconds(500));
}
int main()
{
std::thread([]{
// Sleep to ensure the first handler has been registered.
std::this_thread::sleep_for(std::chrono::milliseconds(200));
pthread_atfork(prefork_for_m, postfork_for_m, postfork_for_m); // (a)
m.lock();
//sleep to allow fork to complete while we are here.
std::this_thread::sleep_for(std::chrono::milliseconds(1000));
m.unlock();
}).detach();
pthread_atfork(slow_prefork, nullptr, nullptr); // (b)
pid_t pid = fork(); // (c)
m.lock(); // (d)
m.unlock();
std::this_thread::sleep_for(std::chrono::milliseconds(1000));
if (pid != 0)
{
wait(nullptr);
}
return 0;
}
```
This example on recent glibc will deadlock the child process at (d). This is because the fork at (c) will execute the handler from (b), and due to the fix "Bug 27054 - pthread_atfork handlers that call pthread_atfork deadlock" (https://urldefense.com/v3/__https://sourceware.org/bugzilla/show_bug.cgi?id=27054__;!!CGUSO5OYRnA7CQ!c-fc1yB1OTi1m0Ytk6KYFdgJH5CffST7LMAJXQmWaTpc_JVmAuGn6N7hGbIh0O5_AfwXIR-jv4MSK-C4t2nwzlveJsY5$ ), this will drop the lock protecting the list. This enables the other thread to install a handler (a), but this is ignored by the fork.
Musl and earlier versions of glibc would prevent the child deadlocking as they hold a lock protecting the list for the entire duration of the fork.
I have filled an issue on glibc (https://urldefense.com/v3/__https://sourceware.org/bugzilla/show_bug.cgi?id=32615__;!!CGUSO5OYRnA7CQ!c-fc1yB1OTi1m0Ytk6KYFdgJH5CffST7LMAJXQmWaTpc_JVmAuGn6N7hGbIh0O5_AfwXIR-jv4MSK-C4t2nwzuMRVELC$ ), but it is unclear to me if this is a bug, or allowed behaviour.
Thanks
Matt
--
Matthew Parkinson
Principal Researcher
Azure Research
Microsoft
mattpark@...rosoft.com
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
