FreeBSD src
ff11e8a834
would cause syslogd to eventually kill innocent processes in the system over time (note: not `could' but `would'). Many thanks to my colleague Mirko for digging into the kernel structures and providing me with the debugging framework to find out about the nature of this bug (and to isolate that syslogd was the culprit) in a rather large set of distributed machines at client sites where this happened occasionally. Whenever a child process was no longer responsive, or when syslogd receives a SIGHUP so it closes all its logging file descriptors, for any descriptor that refers to a pipe syslogd enters the data about the old logging child process into a `dead queue', where it is being removed from (and the status of the dead kitten being fetched) upon receipt of a SIGCHLD. However, there's a high probability that the SIGCHLD already arrives before the child's data are actually entered into the dead queue inside the SIGHUP handler, so the SIGCHLD handler has nothing to fetch and remove and simply continues. Whenever this happens, the process'es data remain on the dead queue forever, and since domark() tried to get rid of totally unresponsive children by first sending a SIGTERM and later a SIGKILL, it was only a matter of time until the system had recycled enough PIDs so an innocent process got shot to death. Fix the race by masking SIGHUP and SIGCHLD from both handlers mutually. Add additional bandaids ``just in case'', i. e. don't enter a process into the dead queue if we can't signal it (this should only happen in case it is already dead by that time so we can fetch the status immediately instead of deferring this to the SIGCHLD handler); for the kill(2) inside domark(), check for an error status (/* Can't happen */ :) and remove it from the dead queue in this case (which if it would have been there in the first place would have reduced the problem to a statistically minimal likelihood so i certainly would never have noticed the bug at all :). Mirko also reviewed the fix in priciple (mutual blocking of both signals inside the handlers), but not the actual code. Reviewed by: Mirko Kaffka <mirko@interface-business.de> Approved by: jkh |
||
|---|---|---|
| bin | ||
| contrib | ||
| crypto | ||
| etc | ||
| games | ||
| gnu | ||
| include | ||
| kerberos5 | ||
| kerberosIV | ||
| lib | ||
| libexec | ||
| release | ||
| sbin | ||
| secure | ||
| share | ||
| sys | ||
| tools | ||
| usr.bin | ||
| usr.sbin | ||
| COPYRIGHT | ||
| Makefile | ||
| Makefile.inc1 | ||
| Makefile.upgrade | ||
| README | ||
| UPDATING | ||
This is the top level of the FreeBSD source directory. This file was last revised on: $FreeBSD$ For copyright information, please see the file COPYRIGHT in this directory (additional copyright information also exists for some sources in this tree - please see the specific source directories for more information). The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree, the most commonly used one being ``world'', which rebuilds and installs everything in the FreeBSD system from the source tree except the kernel and the contents of /etc. Please see the top of the Makefile in this directory for more information on the standard build targets and compile-time flags. Building a kernel with config(8) is a somewhat more involved process, documentation for which can be found at: http://www.freebsd.org/handbook/kernelconfig.html And in the config(8) man page. The sample kernel configuration files reside in the sys/i386/conf sub-directory (assuming that you've installed the kernel sources), the file named GENERIC being the one used to build your initial installation kernel. The file LINT contains entries for all possible devices, not just those commonly used, and is meant more as a general reference than an actual kernel configuration file (a kernel built from it wouldn't even run). Source Roadmap: --------------- bin System/User commands. contrib Packages contributed by 3rd parties. crypto Export controlled stuff (see crypto/README). etc Template files for /etc games Amusements. gnu Various commands and libraries under the GNU Public License. Please see gnu/COPYING* for more information. include System include files. kerberosIV Kerberos package. lib System libraries. libexec System daemons. release Release building Makefile & associated tools. sbin System commands. secure DES and DES-related utilities - NOT FOR EXPORT! share Shared resources. sys Kernel sources. tools Utilities for regression testing and miscellaneous tasks. usr.bin User commands. usr.sbin System administration commands. For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see: http://www.freebsd.org/handbook/synching.html