Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200814221446.GQ3265@brightrain.aerifal.cx>
Date: Fri, 14 Aug 2020 18:14:46 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Restrictions on child context after multithreaded fork

On Sat, Aug 15, 2020 at 12:02:01AM +0200, Florian Weimer wrote:
> * Rich Felker:
> 
> > In case we do want to follow a direction of trying to provide some
> > degree of relaxation of restrictions on the child (taking the liberty
> > of POSIX-future drop of fork's AS-safety requirement), I did a quick
> > survey of libc-internal locks, and found:
> 
> pthread_once is another source of problems, although there seem to be
> few users in musl.

Indeed, there are a few internal uses of pthread_once and public
locking functions that I missed (I only checked internal LOCK()). So
at least the following are also involved:

- timer_create (will go away once I rip out signal-based SIGEV_THREAD
  and implement SIGEV_THREAD timers entirely in userspace)
- aio (I'm not sure it's worth considering since it's probably another
  area that's impossible to make safe to use in forked context)
- newlocale
- pthread_mutexattr_setprotocol
- pthread_mutexattr_setrobust

For the most part, I believe the "once" operations performed in these
are essentially idempotent, so it would probably suffice to have them
just provide "reset" code that zeros the once object in the child if
needed.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.