unblock and unignore SIGPIPE
Blocked and ignored signals -- but not caught signals -- are inherited across exec. Some callers with sloppy signal-handling behavior can call git with SIGPIPE blocked or ignored, even non-deterministically. When SIGPIPE is blocked or ignored, several git commands can run indefinitely, ignoring EPIPE returns from write() calls, even when the process that called them has gone away. Our specific case involved a pipe of git diff-tree output to a script that reads a limited amount of diff data. In an ideal world, git would never be called with SIGPIPE blocked or ignored. But in the real world, several real potential callers, including Perl, Apache, and Unicorn, sometimes spawn subprocesses with SIGPIPE ignored. It is easier and more productive to harden git against this mistake than to clean it up in every potential parent process. Signed-off-by: Patrick Reynolds <patrick.reynolds@github.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
96db324a73
commit
7559a1be8a
22
git.c
22
git.c
@ -592,6 +592,26 @@ static int run_argv(int *argcp, const char ***argv)
|
|||||||
return done_alias;
|
return done_alias;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Many parts of Git have subprograms communicate via pipe, expect the
|
||||||
|
* upstream of a pipe to die with SIGPIPE when the downstream of a
|
||||||
|
* pipe does not need to read all that is written. Some third-party
|
||||||
|
* programs that ignore or block SIGPIPE for their own reason forget
|
||||||
|
* to restore SIGPIPE handling to the default before spawning Git and
|
||||||
|
* break this carefully orchestrated machinery.
|
||||||
|
*
|
||||||
|
* Restore the way SIGPIPE is handled to default, which is what we
|
||||||
|
* expect.
|
||||||
|
*/
|
||||||
|
static void restore_sigpipe_to_default(void)
|
||||||
|
{
|
||||||
|
sigset_t unblock;
|
||||||
|
|
||||||
|
sigemptyset(&unblock);
|
||||||
|
sigaddset(&unblock, SIGPIPE);
|
||||||
|
sigprocmask(SIG_UNBLOCK, &unblock, NULL);
|
||||||
|
signal(SIGPIPE, SIG_DFL);
|
||||||
|
}
|
||||||
|
|
||||||
int main(int argc, char **av)
|
int main(int argc, char **av)
|
||||||
{
|
{
|
||||||
@ -611,6 +631,8 @@ int main(int argc, char **av)
|
|||||||
*/
|
*/
|
||||||
sanitize_stdfds();
|
sanitize_stdfds();
|
||||||
|
|
||||||
|
restore_sigpipe_to_default();
|
||||||
|
|
||||||
git_setup_gettext();
|
git_setup_gettext();
|
||||||
|
|
||||||
trace_command_performance(argv);
|
trace_command_performance(argv);
|
||||||
|
@ -27,4 +27,26 @@ test_expect_success !MINGW 'signals are propagated using shell convention' '
|
|||||||
test_expect_code 143 git sigterm
|
test_expect_code 143 git sigterm
|
||||||
'
|
'
|
||||||
|
|
||||||
|
large_git () {
|
||||||
|
for i in $(test_seq 1 100)
|
||||||
|
do
|
||||||
|
git diff --cached --binary || return
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
test_expect_success 'create blob' '
|
||||||
|
test-genrandom foo 16384 >file &&
|
||||||
|
git add file
|
||||||
|
'
|
||||||
|
|
||||||
|
test_expect_success 'a constipated git dies with SIGPIPE' '
|
||||||
|
OUT=$( ((large_git; echo $? 1>&3) | :) 3>&1 )
|
||||||
|
test "$OUT" -eq 141
|
||||||
|
'
|
||||||
|
|
||||||
|
test_expect_success 'a constipated git dies with SIGPIPE even if parent ignores it' '
|
||||||
|
OUT=$( ((trap "" PIPE; large_git; echo $? 1>&3) | :) 3>&1 )
|
||||||
|
test "$OUT" -eq 141
|
||||||
|
'
|
||||||
|
|
||||||
test_done
|
test_done
|
||||||
|
Loading…
Reference in New Issue
Block a user