about summary refs log tree commit diff
diff options
context:
space:
mode:
authorKane York <kanepyork@gmail.com>2020-07-24T02·10-0700
committerkanepyork <rikingcoding@gmail.com>2020-07-24T22·16+0000
commitbd770907034609dcdb927c3a75b6a98eff4f23e7 (patch)
treeae8ac85322ebf8bbf67ffd38ce91db50f7359b6e
parent388b5f1abe8947978592d9778a5669e634b6e552 (diff)
fix(3p/nix): do not call vfork r/1457
The use of vfork() in Nix is entirely illegal. Quote:

If the process created by vfork() returns from the function in which vfork() was
called, or calls any other function before successfully calling _exit() or
one of the exec*() family of functions, the behavior is undefined.

-- Linux man-pages, release 5.05

Add a TODO to use the higher-performance variants of clone() on Linux when it
is available.

Change-Id: I42370e1568ad6e2d00d70d0b66c8aded8f1288bb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1418
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: Alyssa Ross <hi@alyssa.is>
-rw-r--r--third_party/nix/src/libstore/build.cc3
-rw-r--r--third_party/nix/src/libutil/util.cc28
-rw-r--r--third_party/nix/src/libutil/util.hh1
-rw-r--r--third_party/nix/src/nix-daemon/nix-daemon.cc1
4 files changed, 12 insertions, 21 deletions
diff --git a/third_party/nix/src/libstore/build.cc b/third_party/nix/src/libstore/build.cc
index da35388d855a..74db67e862a7 100644
--- a/third_party/nix/src/libstore/build.cc
+++ b/third_party/nix/src/libstore/build.cc
@@ -2342,8 +2342,6 @@ void DerivationGoal::startBuilder() {
 
     userNamespaceSync.create();
 
-    options.allowVfork = false;
-
     Pid helper = startProcess(
         [&]() {
           /* Drop additional groups here because we can't do it
@@ -2443,7 +2441,6 @@ void DerivationGoal::startBuilder() {
 #endif
   {
   fallback:
-    options.allowVfork = !buildUser && !drv->isBuiltin();
     pid = startProcess([&]() { runChild(); }, options);
   }
 
diff --git a/third_party/nix/src/libutil/util.cc b/third_party/nix/src/libutil/util.cc
index bb6a17e03047..b97624e58dbb 100644
--- a/third_party/nix/src/libutil/util.cc
+++ b/third_party/nix/src/libutil/util.cc
@@ -859,7 +859,6 @@ void killUser(uid_t uid) {
      fork a process, switch to uid, and send a mass kill. */
 
   ProcessOptions options;
-  options.allowVfork = false;
 
   Pid pid = startProcess(
       [&]() {
@@ -897,16 +896,19 @@ void killUser(uid_t uid) {
 
 //////////////////////////////////////////////////////////////////////
 
-/* Wrapper around vfork to prevent the child process from clobbering
-   the caller's stack frame in the parent. */
-static pid_t doFork(bool allowVfork, const std::function<void()>& fun)
-    __attribute__((noinline));
-static pid_t doFork(bool allowVfork, const std::function<void()>& fun) {
+/*
+ * Please note that it is not legal for this function to call vfork().  If the
+ * process created by vfork() returns from the function in which vfork() was
+ * called, or calls any other function before successfully calling _exit() or
+ * one of the exec*() family of functions, the behavior is undefined.
+ */
+static pid_t doFork(const std::function<void()>& fun) __attribute__((noinline));
+static pid_t doFork(const std::function<void()>& fun) {
 #ifdef __linux__
-  pid_t pid = allowVfork ? vfork() : fork();
-#else
-  pid_t pid = fork();
+  // TODO(kanepyork): call clone() instead for faster forking
 #endif
+
+  pid_t pid = fork();
   if (pid != 0) {
     return pid;
   }
@@ -938,7 +940,7 @@ pid_t startProcess(std::function<void()> fun, const ProcessOptions& options) {
     }
   };
 
-  pid_t pid = doFork(options.allowVfork, wrapper);
+  pid_t pid = doFork(wrapper);
   if (pid == -1) {
     throw SysError("unable to fork");
   }
@@ -1012,12 +1014,6 @@ void runProgram2(const RunOptions& options) {
   }
 
   ProcessOptions processOptions;
-  // vfork implies that the environment of the main process and the fork will
-  // be shared (technically this is undefined, but in practice that's the
-  // case), so we can't use it if we alter the environment
-  if (options.environment) {
-    processOptions.allowVfork = false;
-  }
 
   /* Fork. */
   Pid pid = startProcess(
diff --git a/third_party/nix/src/libutil/util.hh b/third_party/nix/src/libutil/util.hh
index ede83164de2e..0fa15f745c86 100644
--- a/third_party/nix/src/libutil/util.hh
+++ b/third_party/nix/src/libutil/util.hh
@@ -232,7 +232,6 @@ struct ProcessOptions {
   std::string errorPrefix = "error: ";
   bool dieWithParent = true;
   bool runExitHandlers = false;
-  bool allowVfork = true;
 };
 
 pid_t startProcess(std::function<void()> fun,
diff --git a/third_party/nix/src/nix-daemon/nix-daemon.cc b/third_party/nix/src/nix-daemon/nix-daemon.cc
index 1f49788ae573..2570179d42f1 100644
--- a/third_party/nix/src/nix-daemon/nix-daemon.cc
+++ b/third_party/nix/src/nix-daemon/nix-daemon.cc
@@ -1051,7 +1051,6 @@ static void daemonLoop(char** argv) {
       options.errorPrefix = "unexpected Nix daemon error: ";
       options.dieWithParent = false;
       options.runExitHandlers = true;
-      options.allowVfork = false;
       startProcess(
           [&]() {
             fdSocket = -1;