[BusyBox] [gemorin at debian.org: Bug#212764: 2 race conditions in init implementation]

Vladimir N. Oleynik dzo at simtreas.ru
Fri Oct 3 09:53:03 UTC 2003


Bastian and Guillaume

> Subject: Bug#212764: 2 race conditions in init implementation
> Date: Thu, 25 Sep 2003 17:41:58 -0400
> From: Guillaume Morin <gemorin at debian.org>
> To: Debian Bug Tracking System <submit at bugs.debian.org>
> 
> Package: busybox-cvs
> Version: 0.60.99.cvs20030819-3 (not installed)
> Severity: important
> Tags: patch
> 
> Hi,
> 
> I have found two races conditions in the run() function of busybox's
> init implementation (static pid_t run(const struct init_action *a)).
> 
> The runtime behavior is that the call to wait in waitfor() blocks
> forever. I can easily reproduce it on SMP system. Actually, it should
> only easily reproducable on 2 processors systems.
> 
> - 1st race condition
> 
> around line 450
>         sigemptyset(&nmask);
>         sigaddset(&nmask, SIGCHLD);
>         sigprocmask(SIG_BLOCK, &nmask, &omask);
> 
>         if ((pid = fork()) == 0) {
> 		/* exec the command here  and exit*/
> 	}
> 
> 	sigprocmask(SIG_SETMASK, &omask, NULL);
> 	return pid;
> 
> 	/* the parent will call wait() after returning */
> 
> There is a race here. If the child exits before the SIGCHLD is
> unblocked, wait() will block forever.

Really?!
WHY?
We blocked, not ignored SIGCHLD. If sigchld raised then signal pending
before unblocked. We don`t loses this signal.


> I have fixed the bug by replacing the wait() call in waitfor() with a
> waitpid() call and handle the error.
> 
> - 2nd race condition

And same point.

This code full equivalent from real sysvinit package.
Please consultating from sysvinit bugtracing system.


Glenn,

I recomended restore previous version from CVS before realy
demonstrating problem.


--w
vodz




More information about the busybox mailing list