PR 224503: rpcbind: Do not use signal-unsafe functions in SIGTERM handler
ClosedPublic

Authored by cem on Jan 1 2018, 9:40 PM.

Details

Summary

syslog(), routines used in write_warmstart(), and exit(3) are all signal-unsafe. Disable the former two (which are already off by default after r317168) and convert the latter to an _exit(2) to make rpcbind exit safely on signal delivery.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
cem created this revision.Jan 1 2018, 9:40 PM
markj added a comment.EditedJan 1 2018, 9:53 PM

The _exit() bit looks right to me.

Note that warmstart has always been off by default (not just as of r317168), and this change effectively renders the feature useless, so if you're going to touch it you might as well just delete it entirely (or fix it :)).

kib added a subscriber: kib.Jan 1 2018, 9:59 PM

This change makes the WARMSTART option non-functional.

Proper fix would be to set a flag in the signal handler and check for it in my_svc_run() loop, doing the dump of the rpc registrations in the context of the main loop.

cem added a comment.Jan 1 2018, 10:16 PM
In D13728#287214, @kib wrote:

This change makes the WARMSTART option non-functional.

Proper fix would be to set a flag in the signal handler and check for it in my_svc_run() loop, doing the dump of the rpc registrations in the context of the main loop.

That's fine, if that's the only place we care about detecting exiting on such signal.

cem updated this revision to Diff 37384.Jan 2 2018, 12:09 AM

Move shutdown code to main loop and use signal-safe flag to induce shutdown.

kib accepted this revision.Jan 2 2018, 12:24 AM
This revision is now accepted and ready to land.Jan 2 2018, 12:24 AM
markj accepted this revision.Jan 2 2018, 12:30 AM
This revision was automatically updated to reflect the committed changes.