Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 12 Dec 1998 19:32:09 -0800
From:      Don Lewis <Don.Lewis@tsc.tdk.com>
To:        Matthew Dillon <dillon@apollo.backplane.com>, Don Lewis <Don.Lewis@tsc.tdk.com>
Cc:        Peter Edwards <peter.edwards@isocor.ie>, Archie Cobbs <archie@whistle.com>, freebsd-current@FreeBSD.ORG
Subject:   Re: inetd: realloc/free bug
Message-ID:  <199812130332.TAA23232@salsa.gv.tsc.tdk.com>
In-Reply-To: Matthew Dillon <dillon@apollo.backplane.com> "Re: inetd: realloc/free bug" (Dec 12,  5:58pm)
next in thread | previous in thread | raw e-mail | index | archive | help 
On Dec 12,  5:58pm, Matthew Dillon wrote:
} Subject: Re: inetd: realloc/free bug

} :Your patch also doesn't eliminate all the race conditions.  When
} :a signal handler is invoked, it blocks reception of the signal that
} :triggered it, but not the reception of other signals, so it is possible
} 
}     Sure it does.  Look at the code.  Line 410 or so of inetd.c

You appear to be correct.

} :Oh yeah, there is another race condition that I've never seen mentioned.
} :In the case of TCP services where we do something like
} :	ctrl = accept(...);
} :	pid = fork();
} :	if (pid == 0) {
} :		fiddle with fds
} :		exec(...);
} :	}
} :	close(ctrl);
} :there is a problem if the child process runs, writes a bunch of data
} :to the socket and exits before the parent process executes the close().
} :If this happens, the close() in the parent can hang for an indefinite
} :period of time, until the client consumes the buffered data on the socket.
} :I fixed this in BIND 4.x a few years ago using a pipe to synchronize
} 
}     I'm not sure I follow.  close() on a socket descriptor does not block.

In the case of BIND, close() blocks because SO_LINGER is set.  As long
as nothing run from inetd does this, we're probably OK.  The reason that
BIND uses SO_LINGER is:
        /* kernels that map pages for IO end up failing if the pipe is full
         * at exit and we take away the final buffer.  this is really a kernel
         * bug but it's harmless on systems that are not broken, so...
         */

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812130332.TAA23232>