kern/55386: ksem implementation doesn't allow destroying on another process, causing firefox to leak fds and fail

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/55386: ksem implementation doesn't allow destroying on another process, causing firefox to leak fds and fail
From: coypu%sdf.org@localhost
Date: Sun, 14 Jun 2020 16:05:00 +0000 (UTC)

>Number:         55386
>Category:       kern
>Synopsis:       ksem implementation doesn't allow destroying on another process, causing firefox to leak fds and fail
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jun 14 16:05:00 +0000 2020
>Originator:     coypu
>Release:        NetBSD 9.99.63, NetBSD 9.x
>Organization:
>Environment:
NetBSD planets 9.99.63 NetBSD 9.99.63 (GENERIC) #4: Sun May 24 22:55:24 IDT 2020  fly@planets:/home/fly/obj/sys/arch/amd64/compile/GENERIC amd64

>Description:
Running firefox, you will eventually hit kern.maxfiles, or RLIMIT_NOFILE.
When this happens, Firefox will fail to render elements. Eventually tabs will crash.

If we run firefox as follows:

ktruss -i firefox |grep sem

We will see that many ksem_destroy calls are failing with EINVAL.

  1951    782 firefox  _ksem_destroy               Err#22 EINVAL
  1951    782 firefox  _ksem_destroy(0x70374ac1)   Err#22 EINVAL
  1951    782 firefox  _ksem_post(0x70478b3b)      = 0
  1951    782 firefox  _ksem_destroy               Err#22 EINVAL
  1951    782 firefox  _ksem_destroy(0x70478b3b)   Err#22 EINVAL
  9270   9270 firefox  _ksem_timedwait(0x70341e73, 0x7f7fff1c5d90) = 0
  9270   9270 firefox  _ksem_post(0x70341e73)      = 0
  9270   9270 firefox  _ksem_wait                  = 0
  1951    782 firefox  _ksem_post                  = 0
  1951    782 firefox  _ksem_post(0x705a6971)      = 0
  1951    782 firefox  _ksem_destroy(0x70bce973)   Err#22 EINVAL
  1951    782 firefox  _ksem_destroy               Err#22 EINVAL
  1951    782 firefox  _ksem_post(0x7098485b)      = 0
  1951    782 firefox  _ksem_destroy(0x707c5bdb)   Err#22 EINVAL
  1951    782 firefox  _ksem_destroy(0x7098485b)   Err#22 EINVAL

These end up remaining as open files, so we hit the open file limits.

According to thorpej, the current implementation doesn't allow ksem_destroy'ing a semaphore initialized on another process, but the standard requires this, and Firefox expects it.

We didn't have this problem: pshared semaphores are new.
But newer Firefox has far worse support for non-multiprocess, so avoiding them is very hard.
>How-To-Repeat:

>Fix:

Prev by Date: Re: port-cobalt/55009 (Fatal defects on cobalt panel -> lcdpanelrename)
Next by Date: PR/55386 CVS commit: pkgsrc/www/firefox
Previous by Thread: Re: port-cobalt/55009 (Fatal defects on cobalt panel -> lcdpanelrename)
Next by Thread: PR/55386 CVS commit: pkgsrc/www/firefox
Indexes:

Home | Main Index | Thread Index | Old Index