On 06/07/2012 12:51 AM, Michal Privoznik wrote:
On 07.06.2012 01:37, Eric Blake wrote:
> Similar to commit 858c247, the parent process should close it's
> copy of the end of the pipe given to the child; otherwise, if there
> is an extreme bug where the parent thinks the child reported an
> error and is waiting for the message to go along with it, but the
> child thinks it reported success and is waiting for the parent
> to acknowledge the success, we would get into deadlock.
>
> Thankfully, I don't think this deadlock is possible without at
> least one other bug in the code, but I did see exactly that sort
> of situation prior to commit da831af - if a double close bug in
> the parent causes the parent to read the wrong fd, it might assume
> the child failed, even though the child really sent success if
> only the parent had read from the correct location.
>
ACK
I decided the commit message was confusing, so I updated it before pushing:
There is a theoretical problem of an extreme bug where we can get
into deadlock due to command handshaking. Thanks to a pair of pipes,
we have a situation where the parent thinks the child reported an
error and is waiting for a message from the child to explain the
error; but at the same time the child thinks it reported success
and is waiting for the parent to acknowledge the success; so both
processes are now blocked.
Thankfully, I don't think this deadlock is possible without at
least one other bug in the code, but I did see exactly that sort
of situation prior to commit da831af - I saw a backtrace where a
double close bug in the parent caused the parent to read from the
wrong fd and assume the child failed, even though the child really
sent success.
This potential deadlock is not quite like commit 858c247 (a deadlock
due to multiple readers on one pipe preventing a write from completing),
although the solution is similar - always close unused pipe fds before
blocking, rather than after.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library
http://libvirt.org