Conversation
Commit 6080aad changed the supervisor poll timeout from 100ms to -1 and removed the per-iteration check_child(), relying solely on POLLHUP from the seccomp listener FD to detect child exit. This hangs when the child exits without a pending notification. This replaces the single-FD poll with two-FD poll: the seccomp listener plus a signalfd for SIGCHLD. The kernel delivers SIGCHLD the instant the child exits, waking poll() without any per-iteration waitpid overhead. Signal mask lifecycle: - Block SIGCHLD before fork() (race-free: no window to lose the signal) - Save/restore the caller's original mask on all parent return paths - Restore in the child before exec() (guest sees clean signal state) The signalfd is owned by supervise_loop with a single goto-cleanup exit path; the mask is owned by kbox_run_supervisor. Also pin AUTO syscall mode to seccomp on all architectures: the aarch64 rewrite fast path hangs for dynamically-linked binaries (separate bug in the rewrite runtime's interpreter dispatch). --syscall-mode=rewrite remains available for explicit use. Close #24 Change-Id: I09bccef6e2ca7a08a34c86b075f3ca9cdfa29b9c
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Commit 6080aad changed the supervisor poll timeout from 100ms to -1 and removed the per-iteration check_child(), relying solely on POLLHUP from the seccomp listener FD to detect child exit. This hangs when the child exits without a pending notification.
This replaces the single-FD poll with two-FD poll: the seccomp listener plus a signalfd for SIGCHLD. The kernel delivers SIGCHLD the instant the child exits, waking poll() without any per-iteration waitpid overhead.
Signal mask lifecycle:
The signalfd is owned by supervise_loop with a single goto-cleanup exit path; the mask is owned by kbox_run_supervisor.
Also pin AUTO syscall mode to seccomp on all architectures: the aarch64 rewrite fast path hangs for dynamically-linked binaries (separate bug in the rewrite runtime's interpreter dispatch).
--syscall-mode=rewrite remains available for explicit use.
Close #24
Change-Id: I09bccef6e2ca7a08a34c86b075f3ca9cdfa29b9c
Summary by cubic
Fixes a supervisor hang when the child exits without a pending seccomp notification by waking poll() with
SIGCHLD. Also pinsAUTOsyscall mode to seccomp to avoid rewrite-path hangs;--syscall-mode=rewriteremains available. Closes #24.Bug Fixes
signalfdforSIGCHLDto wake immediately on child exit, avoiding per-iterationwaitpid().SIGCHLDbeforefork(), then restore the original signal mask in both parent and child; own and clean up thesignalfdin the supervisor loop.Migration
AUTOnow maps to seccomp on all architectures.--syscall-mode=rewriteto force the rewrite path when needed.Written for commit 9cc4b97. Summary will update on new commits.