On Mon, Oct 09, 2017 at 09:14:56PM +0200, Marc Hartmayer wrote:
> This commit fixes the deadlock introduced by commit
> 0980764dee687e8da86dc410c351759867163389. The call getgrouplist() of
> the glibc library isn't safe to be called in between fork and
> exec (see commit 75c125641ac73473ba4b0542524d67a184769c8e).
>
> Signed-off-by: Marc Hartmayer <mhartmay@xxxxxxxxxxxxxxxxxx>
> Fixes: 0980764dee68 ("util: share code between virExec and virCommandExec")
> Reviewed-by: Bjoern Walk <bwalk@xxxxxxxxxxxxxxxxxx>
> Reviewed-by: Boris Fiuczynski <fiuczy@xxxxxxxxxxxxxxxxxx>
> ---
> src/lxc/lxc_container.c | 12 +++++++++++-
> src/util/vircommand.c | 25 ++++++++++++++-----------
> src/util/vircommand.h | 2 +-
> tests/commandtest.c | 15 ++++++++++-----
> 4 files changed, 36 insertions(+), 18 deletions(-)
>
> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> index ec6d6a86b0b6..1f220c602b0a 100644
> --- a/src/lxc/lxc_container.c
> +++ b/src/lxc/lxc_container.c
> @@ -2182,6 +2182,8 @@ static int lxcContainerChild(void *data)
> virDomainFSDefPtr root;
> virCommandPtr cmd = NULL;
> int hasReboot;
> + gid_t *groups = NULL;
> + int ngroups;
>
> if (NULL == vmDef) {
> virReportError(VIR_ERR_INTERNAL_ERROR,
> @@ -2297,6 +2299,13 @@ static int lxcContainerChild(void *data)
> goto cleanup;
> }
>
> + /* TODO is it safe to call it here or should this call be moved in
> + * front of the clone() as otherwise there might be a risk for a
> + * deadlock */
Yes, clone() is equiv to fork() so it needs to be before clone()
> + if ((ngroups = virGetGroupList(virCommandGetUID(cmd), virCommandGetGID(cmd),
> + &groups)) < 0)
> + goto cleanup;
> +
> ret = 0;
> cleanup:
> VIR_FREE(ttyPath);
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
