This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] [BZ #18433] Check file access/existence before forking.
- From: Rich Felker <dalias at libc dot org>
- To: Alexander Monakov <amonakov at ispras dot ru>
- Cc: Szabolcs Nagy <szabolcs dot nagy at arm dot com>, Carlos O'Donell <carlos at redhat dot com>, navid Rahimi <rahimi dot nv at gmail dot com>, Phil Blundell <pb at pbcl dot net>, "libc-alpha at sourceware dot org" <libc-alpha at sourceware dot org>
- Date: Fri, 18 Sep 2015 19:26:34 -0400
- Subject: Re: [PATCH] [BZ #18433] Check file access/existence before forking.
- Authentication-results: sourceware.org; auth=none
- References: <55F19B66 dot 9050001 at arm dot com> <55F19C50 dot 3010502 at gmail dot com> <1441909606 dot 2948 dot 25 dot camel at pbcl dot net> <CAOUBrm2Kjbk3q+QJACYG24=p1dz60JXimxYG3oRRz2ehpocwkQ at mail dot gmail dot com> <55F299F4 dot 6030907 at arm dot com> <55FC235E dot 6030608 at redhat dot com> <55FC27CB dot 6070602 at arm dot com> <alpine dot LNX dot 2 dot 20 dot 1509181813120 dot 15988 at monopod dot intra dot ispras dot ru> <20150918195305 dot GE17773 at brightrain dot aerifal dot cx> <alpine dot LNX dot 2 dot 20 dot 1509182310390 dot 15988 at monopod dot intra dot ispras dot ru>
On Fri, Sep 18, 2015 at 11:19:56PM +0300, Alexander Monakov wrote:
> On Fri, 18 Sep 2015, Rich Felker wrote:
> > > > i think all use of vfork is invalid c: the compiler can
> > > > spill registers on the stack then in the child clobber
> > > > them, then after vfork returns in the parent the
> > > > clobbered registers are restored breaking the expectations
> > > > of the compiler. (this can break independently of how
> > > > the c code around vfork looks like).
> > >
> > > The same argument applies to setjmp,
> >
> > Not quite. With setjmp, once there's any return from the function
> > where setjmp was called (or call to a function that's known neither to
> > return nor call longjmp or throw an exception), the compiler may
> > rightfully assume that non-reachable data in the setjmp caller is no
> > longer live and clobber it.
> >
> > What makes vfork is special is that the data must be treated as live
> > even when the caller calls _exit.
>
> For the compiler, the relationship between vfork and _exit should be the same
> as between setjmp and longjmp: calling the latter causes the former to return
> a second time.
Yes, I suppose that's a good way to model it. But the returns_twice
attribute does not specify under what conditions the function returns
again, so unless gcc has vfork-specific knowledge attached to the
specific name, I suppose it must just assume everything stays live.
Rich