diff options
| author | Kornilios Kourtis <kornilios@gmail.com> | 2024-08-15 17:22:35 +0200 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-08-20 19:04:57 +0200 |
| commit | 7ac58157ca67ab001307f1fd72e0cc7c0c4e846a (patch) | |
| tree | 2e6b00344c3e63292b43fb062616792c49277eba /src | |
| parent | tests: Don't override QemuKvm= value if TEST_NO_KVM=0 (diff) | |
| download | systemd-7ac58157ca67ab001307f1fd72e0cc7c0c4e846a.tar.xz systemd-7ac58157ca67ab001307f1fd72e0cc7c0c4e846a.zip | |
process-util: handle pidfd_spawn() returning E2BIG
In some kernels (specifically, 5.4) even though the clone3 syscall is
supported, setting CLONE_INTO_CGROUP is not. The error message returned
in this case is E2BIG.
If posix_spawn_wrapper encounters this error, it does not retry, and
cannot spawn any programs in said kernels.
This commit adds a check for the E2BIG error and retries pidfd_spawn()
without the POSIX_SPAWN_SETCGROUP flag.
If we encounter an E2BIG error, and the pidfd_spawn() succeeds after
removing the POSIX_SPAWN_SETCGROUP flag, then we cache the result so
that we do not retry every time.
Originally, this issue was reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077204.
Signed-off-by: Kornilios Kourtis <kornilios@gmail.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/basic/process-util.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/src/basic/process-util.c b/src/basic/process-util.c index e5dbd6f72d..a247b5a0b2 100644 --- a/src/basic/process-util.c +++ b/src/basic/process-util.c @@ -2059,9 +2059,10 @@ int posix_spawn_wrapper( _unused_ _cleanup_(posix_spawnattr_destroyp) posix_spawnattr_t *attr_destructor = &attr; #if HAVE_PIDFD_SPAWN + static bool setcgroup_supported = true; _cleanup_close_ int cgroup_fd = -EBADF; - if (cgroup) { + if (cgroup && setcgroup_supported) { _cleanup_free_ char *resolved_cgroup = NULL; r = cg_get_path_and_check( @@ -2095,6 +2096,19 @@ int posix_spawn_wrapper( _cleanup_close_ int pidfd = -EBADF; r = pidfd_spawn(&pidfd, path, NULL, &attr, argv, envp); + if (r == E2BIG && FLAGS_SET(flags, POSIX_SPAWN_SETCGROUP)) { + /* Some kernels (e.g., 5.4) support clone3 but they do not support CLONE_INTO_CGROUP. + * Retry pidfd_spawn() after removing the flag. */ + flags &= ~POSIX_SPAWN_SETCGROUP; + r = posix_spawnattr_setflags(&attr, flags); + if (r != 0) + return -r; + r = pidfd_spawn(&pidfd, path, NULL, &attr, argv, envp); + /* if pidfd_spawn was successful after removing SPAWN_CGROUP, + * mark setcgroup_supported as false so that we do not retry every time */ + if (r == 0) + setcgroup_supported = false; + } if (r == 0) { r = pidref_set_pidfd_consume(ret_pidref, TAKE_FD(pidfd)); if (r < 0) @@ -2113,10 +2127,12 @@ int posix_spawn_wrapper( /* Compiled on a newer host, or seccomp&friends blocking clone3()? Fallback, but need to change the * flags to remove the cgroup one, which is what redirects to clone3() */ - flags &= ~POSIX_SPAWN_SETCGROUP; - r = posix_spawnattr_setflags(&attr, flags); - if (r != 0) - return -r; + if (FLAGS_SET(flags, POSIX_SPAWN_SETCGROUP)) { + flags &= ~POSIX_SPAWN_SETCGROUP; + r = posix_spawnattr_setflags(&attr, flags); + if (r != 0) + return -r; + } #endif pid_t pid; |