Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 10 Mar 2020 20:47:29 -0400
From: Rich Felker <dalias@...c.org>
To: Pirmin Walthert <pirmin.walthert@...om.ch>, musl@...ts.openwall.com
Subject: Re: Re: FYI: some observations when testing next-gen malloc

On Tue, Mar 10, 2020 at 11:06:57AM +0100, Szabolcs Nagy wrote:
> * Pirmin Walthert <pirmin.walthert@...om.ch> [2020-03-10 10:44:46 +0100]:
> > Am 09.03.20 um 19:55 schrieb Szabolcs Nagy:
> > > * Pirmin Walthert <pirmin.walthert@...om.ch> [2020-03-09 19:14:59 +0100]:
> > > > Am 09.03.20 um 18:12 schrieb Rich Felker:
> > > > > It's not described very rigorously, but effectively it's in an async
> > > > > signal context and can only call functions which are AS-safe.
> > > > > 
> > > > > A future version of the standard is expected to drop the requirement
> > > > > that fork itself be async-signal-safe, and may thereby add
> > > > > requirements to synchronize against some or all internal locks so that
> > > > > the child can inherit a working context. But the right solution here is
> > > > > always to stop using fork without exec.
> > > > > 
> > > > > Rich
> > > > Well, I have now changed the code a bit to make sure that no
> > > > async-signal-unsafe command is being executed before execl. Things I've
> > > > removed:
> > > > 
> > > > a call to cap_from_text, cap_set_proc and cap_free has been removed as well
> > > > as sched_setscheduler. Now the only thing being executed before execl in the
> > > > child process is closefrom()
> > > 
> > > closefrom is not as-safe.
> > > 
> > > i think it reads /proc/self/fd directory to close fds.
> > > (haven't checked the specific asterisk version)
> > > opendir calls malloc so it can deadlock.
> > > 
> > Indeed I am not able to reproduce the problem any longer with a modified
> > version of asterisk. What I've changed is:
> > 
> > Removed some code that sets the capabilities after fork() (with
> > cap_from_text, cap_set_proc, cap_free) and closefrom replaced with a thumb
> > loop over all possible fds up to sysconf(_SC_OPEN_MAX). With this
> > modification the fd closing procedure with max open files set to 21471 now
> > needs 7ms instead of 70ns (so a slowdown by times 100), however this is not
> > critical in our environment...
> > 
> > Will discuss the findings with the asterisk developers.
> > 
> > Thanks for your hints!
> 
> good.
> 
> ideally they would use close-on-exec fds and then
> you don't need such ugliness.
> 
> please don't drop the list from replies.

While indeed the right thing is not to do is a closefrom/closeall hack
at all, if you really can't fix the fd leaks and need to, there is a
fast but safe version that doesn't require listing /proc/self/fd.
Instead, call poll() with a large array of pollfd with .events = 0 for
each element, and zero timeout, and check the .revents of each for
POLLNVAL. This will tell you with very few syscalls (probably just 1)
which file descriptors are open.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.