Add a pdvfork system call.
AbandonedPublic
Actions

Authored by theraven on Jul 10 2021, 4:25 PM.

Details

Reviewers

markj
kib
brooks

Group Reviewers

manpages

Summary

Currently, if you wish to make use of process descriptors then you must
use fork and incur the full CoW overhead for the child process, even if
it intends to call execve immediately.

This patch refactors the fork / vfork / pdfork implementations (which
included a lot of copied and pasted logic) into a single function and
implements wrappers for all four combinations of {fork, vfork} behaviour
combined with {fork, pdfork} output types.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 40431
Build 37320: arc lint + arc unit

Event Timeline

theraven created this revision.Jul 10 2021, 4:25 PM

Herald added a reviewer: brooks. · View Herald TranscriptJul 10 2021, 4:25 PM

Herald added a reviewer: manpages. · View Herald Transcript

Herald added a subscriber: imp. · View Herald Transcript

theraven requested review of this revision.Jul 10 2021, 4:25 PM

Harbormaster completed remote builds in B40431: Diff 92049.Jul 10 2021, 4:25 PM

@brooks, this should also be useful for combining CHERI coprocesses with Capsicum (coprocesses are currently created with vfork + coexecve).

pdfork(2) already takes flags, adding PD_VFORK is much better IMO than adding yet another syscall. I think it should go by the route of duplicating needed rfork(2) flags.

Can you split addition of do_pdvfork() vs. pdvfork/PD_VFORK introduction?

I had another note, to not include generated files into review and commit, but if you do PD_VFORK, this is resolved automatically.

This functionality clearly fills a gap, but the provided interface is too low level for applications to call. The code in lib/libc/gen/posix_spawn.c uses various non-standard facilities to handle things like signals correctly. Depending on how this is planned to be used, additional libc code may be useful, but it need not be part of this review.

Of the non-standard facilities used by posix_spawn(), RFSPAWN is a flag for the rfork syscall. It prevents running any signal handler function inherited from the parent and equivalent functionality should probably be added to pdvfork.

sys/sys/procdesc.h
125	This needs `__returns_twice` like vfork/rfork/setjmp. If a `PD_VFORK` flag is added to `pdfork()` instead of adding `pdvfork()`, then `pdfork()` will need to be annotated.
125	The standard syscall stub will not work properly on x86 for this function. The child process pops the return address off the stack and if it is subsequently overwritten, the parent process will jump to nowhere. See for example `lib/libc/amd64/sys/vfork.S`.