From nobody Tue Mar 21 05:14:00 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PgfsN4MWMz40msw; Tue, 21 Mar 2023 05:14:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PgfsN2cDyz3Kxv; Tue, 21 Mar 2023 05:14:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1679375640; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rDW3sZQOM9DLR5DwtRTHiW3+1ZXn++czw0IfgVk3go8=; b=ZFyH3AblQ1yh0/L+OGCrT4zZQ7zvHoCEeb4pRJ4jEFXCjF7OVzV0FvQju5JA1qcnWoddtk /Nmtfwbp4dUdS0nJ5fDdjOJSrJI/i9Mvy2KFy7fVYBfyMgZs6d3dumWvGua4ou3C7YPzwY BISDiLxfifSsPjgIvR5Wpqkmam0x27XcL+hj0RzF6Rq70aCEBvn1FUn2HMMyOSNIUK5hG/ TuoUVINA1CoT4NPJRx/Q8iWB7UZxulHdJcPwPcY+zMdaFt03DzTb3k97ooqVyMb5VjnGrE 2a8c/YTU8AzW9NUly2FGa3kuRDzxb5dxVad/qYnrHabQFXH/uZchUnv0UP9RbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1679375640; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rDW3sZQOM9DLR5DwtRTHiW3+1ZXn++czw0IfgVk3go8=; b=EEcx1itJ6dD8gg9zRHFOsICcJLUe7cqaOaa+gAq7+snlxlTwGH+I9xmOI1uvBaJK2DPLOf od0euTYqZJjKpDB7776Qv4kdId2ot6TOe6POSXWONCCQygFcL3IFKx46z95JvjLEAN4tCG d+AVorvAJyVM/7QgOyYzNVRuLU/tp5KZUHYqV8IWFMAR4Vd+/+8oDBgwKRmctRnIWpqdnz 8YLJ/M55bayieeNAOiLPLAubE7RuLQqvps2i2zU5NgLz/vgvdPUCVB5g/pNRH8UG5Kl5VL kllLsdTLlb6hrS8wIIdGrNpC0Ijih2jraFR2+BJj+lzIYGdvdXRDEit0nbavhA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1679375640; a=rsa-sha256; cv=none; b=NW1kJKhWR3MZV/Aj82Hm3nusYOjgo4wLI4342iVUPA5bid3Hex9l3CIaSCAMM1V/rAVYax pCQvHP/xuoleTzEhC7bOwrRp1Q0ZdF1XEJ6XBR54SoKC0dJ4QQs7wi2kklx0w8X3ZICgXA RtLR21rEHpQHnagH8eoEXduK3gpHAvvfg5bZT7kOMJxYxRALfQYx/JP25XQOd83tt9zH6E 16Ab6FkJpwZKRKqsZNy1POQYkk8skQBy5n7TUwzH8+9L+dVH1Tus+xocpDCciXYBi9w4n1 aT5aT5mBiDvbcJevaqzZiwqex98tN8xS6n8YSTb8mB4ueG/WF6R1XjbODyChgQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PgfsN1j7sz10SD; Tue, 21 Mar 2023 05:14:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 32L5E0TZ021121; Tue, 21 Mar 2023 05:14:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 32L5E0Ze021120; Tue, 21 Mar 2023 05:14:00 GMT (envelope-from git) Date: Tue, 21 Mar 2023 05:14:00 GMT Message-Id: <202303210514.32L5E0Ze021120@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: 9ee1faeebab5 - main - daemon: move signal setup into a function List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9ee1faeebab594712ed302ea51949410c9744920 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=9ee1faeebab594712ed302ea51949410c9744920 commit 9ee1faeebab594712ed302ea51949410c9744920 Author: Ihor Antonov AuthorDate: 2023-03-21 04:40:04 +0000 Commit: Kyle Evans CommitDate: 2023-03-21 04:40:04 +0000 daemon: move signal setup into a function No functional change intended. Reviewed by: kevans --- usr.sbin/daemon/daemon.c | 142 ++++++++++++++++++++++++++--------------------- 1 file changed, 79 insertions(+), 63 deletions(-) diff --git a/usr.sbin/daemon/daemon.c b/usr.sbin/daemon/daemon.c index 54e2aeea6874..983dbdc7ed8c 100644 --- a/usr.sbin/daemon/daemon.c +++ b/usr.sbin/daemon/daemon.c @@ -83,6 +83,7 @@ struct daemon_state { bool log_reopen; }; +static void setup_signals(struct daemon_state *); static void restrict_process(const char *); static void handle_term(int); static void handle_chld(int); @@ -168,10 +169,40 @@ main(int argc, char *argv[]) sigset_t mask_susp; daemon_state_init(&state); + + /* + * Signal handling logic: + * + * - SIGTERM is masked while there is no child. + * + * - SIGCHLD is masked while reading from the pipe. SIGTERM has to be + * caught, to avoid indefinite blocking on read(). + * + * - Both SIGCHLD and SIGTERM are masked before calling sigsuspend() + * to avoid racing. + * + * - After SIGTERM is recieved and propagated to the child there are + * several options on what to do next: + * - read until EOF + * - read until EOF but only for a while + * - bail immediately + * Currently the third option is used, because otherwise there is no + * guarantee that read() won't block indefinitely if the child refuses + * to depart. To handle the second option, a different approach + * would be needed (procctl()?). + * + * - Child's exit might be detected by receiveing EOF from the pipe. + * But the child might have closed its stdout and stderr, so deamon + * must wait for the SIGCHLD to ensure that the child is actually gone. + */ sigemptyset(&mask_susp); sigemptyset(&mask_read); sigemptyset(&mask_term); sigemptyset(&mask_orig); + sigaddset(&mask_susp, SIGTERM); + sigaddset(&mask_susp, SIGCHLD); + sigaddset(&mask_term, SIGTERM); + sigaddset(&mask_read, SIGCHLD); /* * Supervision mode is enabled if one of the following options are used: @@ -312,57 +343,20 @@ main(int argc, char *argv[]) pidfile_write(state.parent_pidfh); if (state.supervision_enabled) { - struct sigaction act_term = { 0 }; - struct sigaction act_chld = { 0 }; - struct sigaction act_hup = { 0 }; - - /* Avoid PID racing with SIGCHLD and SIGTERM. */ - act_term.sa_handler = handle_term; - sigemptyset(&act_term.sa_mask); - sigaddset(&act_term.sa_mask, SIGCHLD); - - act_chld.sa_handler = handle_chld; - sigemptyset(&act_chld.sa_mask); - sigaddset(&act_chld.sa_mask, SIGTERM); - - act_hup.sa_handler = handle_hup; - sigemptyset(&act_hup.sa_mask); - - /* Block these when avoiding racing before sigsuspend(). */ - sigaddset(&mask_susp, SIGTERM); - sigaddset(&mask_susp, SIGCHLD); - /* Block SIGTERM when we lack a valid child PID. */ - sigaddset(&mask_term, SIGTERM); - /* - * When reading, we wish to avoid SIGCHLD. SIGTERM - * has to be caught, otherwise we'll be stuck until - * the read() returns - if it returns. - */ - sigaddset(&mask_read, SIGCHLD); /* Block SIGTERM to avoid racing until we have forked. */ if (sigprocmask(SIG_BLOCK, &mask_term, &mask_orig)) { warn("sigprocmask"); daemon_terminate(&state); } - if (sigaction(SIGTERM, &act_term, NULL) == -1) { - warn("sigaction"); - daemon_terminate(&state); - } - if (sigaction(SIGCHLD, &act_chld, NULL) == -1) { - warn("sigaction"); - daemon_terminate(&state); - } + + setup_signals(&state); + /* * Try to protect against pageout kill. Ignore the * error, madvise(2) will fail only if a process does * not have superuser privileges. */ (void)madvise(NULL, 0, MADV_PROTECT); - if (state.log_reopen && state.output_fd >= 0 && - sigaction(SIGHUP, &act_hup, NULL) == -1) { - warn("sigaction"); - daemon_terminate(&state); - } restart: if (pipe(state.pipe_fd)) { err(1, "pipe"); @@ -419,9 +413,9 @@ restart: /* * else: pid > 0 * fork succeeded, this is the parent branch, this can only happen when - * supervision is enabled + * supervision is enabled. * - * Unblock SIGTERM after we know we have a valid child PID to signal. + * Unblock SIGTERM - now there is a valid child PID to signal to. */ if (sigprocmask(SIG_UNBLOCK, &mask_term, NULL)) { warn("sigprocmask"); @@ -431,28 +425,7 @@ restart: state.pipe_fd[1] = -1; setproctitle("%s[%d]", state.title, (int)pid); - /* - * As we have closed the write end of pipe for parent process, - * we might detect the child's exit by reading EOF. The child - * might have closed its stdout and stderr, so we must wait for - * the SIGCHLD to ensure that the process is actually gone. - */ for (;;) { - /* - * We block SIGCHLD when listening, but SIGTERM we accept - * so the read() won't block if we wish to depart. - * - * Upon receiving SIGTERM, we have several options after - * sending the SIGTERM to our child: - * - read until EOF - * - read until EOF but only for a while - * - bail immediately - * - * We go for the third, as otherwise we have no guarantee - * that we won't block indefinitely if the child refuses - * to depart. To handle the second option, a different - * approach would be needed (procctl()?) - */ if (child_gone && state.child_eof) { break; } @@ -516,6 +489,49 @@ daemon_sleep(time_t secs, long nsecs) } } +/* + * Setup SIGTERM, SIGCHLD and SIGHUP handlers. + * To avoid racing SIGCHLD with SIGTERM corresponding + * signal handlers mask the other signal. + */ +static void +setup_signals(struct daemon_state *state) +{ + struct sigaction act_term = { 0 }; + struct sigaction act_chld = { 0 }; + struct sigaction act_hup = { 0 }; + + /* Setup SIGTERM */ + act_term.sa_handler = handle_term; + sigemptyset(&act_term.sa_mask); + sigaddset(&act_term.sa_mask, SIGCHLD); + if (sigaction(SIGTERM, &act_term, NULL) == -1) { + warn("sigaction"); + daemon_terminate(state); + } + + /* Setup SIGCHLD */ + act_chld.sa_handler = handle_chld; + sigemptyset(&act_chld.sa_mask); + sigaddset(&act_chld.sa_mask, SIGTERM); + if (sigaction(SIGCHLD, &act_chld, NULL) == -1) { + warn("sigaction"); + daemon_terminate(state); + } + + /* Setup SIGHUP if configured */ + if (!state->log_reopen || state->output_fd < 0) { + return; + } + + act_hup.sa_handler = handle_hup; + sigemptyset(&act_hup.sa_mask); + if (sigaction(SIGHUP, &act_hup, NULL) == -1) { + warn("sigaction"); + daemon_terminate(state); + } +} + static void open_pid_files(struct daemon_state *state) {