Merge pull request #2162 from brauner/2018-02-10/remove_openpty_lock

lxclock: remove atfork handlers

.travis.yml

@@ -18,7 +18,7 @@ before_install:
  - echo -n | openssl s_client -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca-
  - sudo add-apt-repository ppa:ubuntu-lxc/daily -y
  - sudo apt-get update -qq
- - sudo apt-get install -qq libapparmor-dev libcap-dev libseccomp-dev python3-dev python3-setuptools docbook2x libgnutls-dev liblua5.2-dev libselinux1-dev libcgmanager-dev
+ - sudo apt-get install -qq libapparmor-dev libcap-dev libseccomp-dev python3-dev python3-setuptools docbook2x libgnutls-dev liblua5.2-dev libselinux1-dev
 script:
  - ./autogen.sh
  - rm -Rf build

configure.ac

@@ -305,45 +305,6 @@ AM_COND_IF([ENABLE_SECCOMP],
 		])
 	])
 
-# cgmanager
-AC_ARG_ENABLE([cgmanager],
-	[AC_HELP_STRING([--enable-cgmanager], [enable cgmanager support [default=auto]])],
-	[], [enable_cgmanager=auto])
-
-if test "x$enable_cgmanager" = "xauto" ; then
-	AC_CHECK_LIB([cgmanager],[cgmanager_create],[enable_cgmanager=yes],[enable_cgmanager=no],[-lnih -lnih-dbus -ldbus-1])
-fi
-AM_CONDITIONAL([ENABLE_CGMANAGER], [test "x$enable_cgmanager" = "xyes"])
-
-AM_COND_IF([ENABLE_CGMANAGER],
-	[PKG_CHECK_MODULES([CGMANAGER], [libcgmanager])
-	PKG_CHECK_MODULES([NIH], [libnih >= 1.0.2])
-	PKG_CHECK_MODULES([NIH_DBUS], [libnih-dbus >= 1.0.0])
-	PKG_CHECK_MODULES([DBUS], [dbus-1 >= 1.2.16])
-	])
-
-AC_MSG_CHECKING(for get_pid_cgroup_abs_sync)
-save_LIBS=$LIBS
-AC_SEARCH_LIBS([cgmanager_get_pid_cgroup_abs_sync], [cgmanager], [have_abs_cgroups=yes], [have_abs_cgroups=no], [-lnih -lnih-dbus -ldbus-1])
-LIBS=$save_LIBS
-if test "x$have_abs_cgroups" = "xyes"; then
-	AC_DEFINE([HAVE_CGMANAGER_GET_PID_CGROUP_ABS_SYNC], 1, [Have cgmanager_get_pid_cgroup_abs_sync])
-	AC_MSG_RESULT([yes])
-else
-	AC_MSG_RESULT([no])
-fi
-
-AC_MSG_CHECKING(for cgmanager_list_controllers)
-save_LIBS=$LIBS
-AC_SEARCH_LIBS([cgmanager_list_controllers_sync], [cgmanager], [have_list_controllers=yes], [have_list_controllers=no], [-lnih -lnih-dbus -ldbus-1])
-LIBS=$save_LIBS
-if test "x$have_list_controllers" = "xyes"; then
-	AC_DEFINE([HAVE_CGMANAGER_LIST_CONTROLLERS], 1, [Have cgmanager_list_controllers])
-	AC_MSG_RESULT([yes])
-else
-	AC_MSG_RESULT([no])
-fi
-
 AC_MSG_CHECKING(for static libcap)
 # Check for static libcap, make sure the function checked for differs from the
 # the one checked below so the cache doesn't give a wrong answer
@@ -664,7 +625,6 @@ AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat ge
 
 # Check for some functions
 AC_CHECK_LIB(pthread, main)
-AC_CHECK_FUNCS(pthread_atfork)
 AC_CHECK_FUNCS(statvfs)
 AC_CHECK_LIB(util, openpty)
 AC_CHECK_FUNCS([openpty hasmntopt setmntent endmntent utmpxname])
@@ -965,7 +925,6 @@ Security features:
  - Linux capabilities: $enable_capabilities
  - seccomp: $enable_seccomp
  - SELinux: $enable_selinux
- - cgmanager: $enable_cgmanager
 
 Bindings:
  - lua: $enable_lua
@@ -983,13 +942,3 @@ Debugging:
 Paths:
  - Logs in configpath: $enable_configpath_log
 EOF
-
-if test "x$ac_cv_func_pthread_atfork" = "xno" ; then
-cat << EOF
-
-WARNING: Threading not supported on your platform
-
-	You are compiling LXC for bionic target which lacks certain threading related functionality used by LXC API (like pthread_atfork).
-	Please note that, because of the missing functionality, multithreaded usage of LXC API cause some problems.
-EOF
-fi

src/lxc/Makefile.am

@@ -136,10 +136,6 @@ liblxc_la_SOURCES = \
 	\
 	$(LSM_SOURCES)
 
-if ENABLE_CGMANAGER
-liblxc_la_SOURCES += cgroups/cgmanager.c
-endif
-
 if IS_BIONIC
 liblxc_la_SOURCES += \
 	../include/ifaddrs.c ../include/ifaddrs.h \
@@ -182,10 +178,6 @@ if ENABLE_APPARMOR
 AM_CFLAGS += -DHAVE_APPARMOR
 endif
 
-if ENABLE_CGMANAGER
-AM_CFLAGS += -DHAVE_CGMANAGER
-endif
-
 if ENABLE_SELINUX
 AM_CFLAGS += -DHAVE_SELINUX
 endif
@@ -209,11 +201,6 @@ liblxc_la_LDFLAGS = \
 
 liblxc_la_LIBADD = $(CAP_LIBS) $(SELINUX_LIBS) $(SECCOMP_LIBS)
 
-if ENABLE_CGMANAGER
-liblxc_la_LIBADD += $(CGMANAGER_LIBS) $(DBUS_LIBS) $(NIH_LIBS) $(NIH_DBUS_LIBS)
-liblxc_la_CFLAGS += $(CGMANAGER_CFLAGS) $(DBUS_CFLAGS) $(NIH_CFLAGS) $(NIH_DBUS_CFLAGS)
-endif
-
 bin_SCRIPTS = cmd/lxc-checkconfig \
 	      cmd/lxc-update-config
 

src/lxc/attach.c

@@ -1242,13 +1242,10 @@ int lxc_attach(const char *name, const char *lxcpath,
 		return -1;
 	}
 
-	/* Create intermediate subprocess, three reasons:
-	 *       1. Runs all pthread_atfork handlers and the child will no
-	 *          longer be threaded (we can't properly setns() in a threaded
-	 *          process).
-	 *       2. We can't setns() in the child itself, since we want to make
+	/* Create intermediate subprocess, two reasons:
+	 *       1. We can't setns() in the child itself, since we want to make
 	 *          sure we are properly attached to the pidns.
-	 *       3. Also, the initial thread has to put the attached process
+	 *       2. Also, the initial thread has to put the attached process
 	 *          into the cgroup, which we can only do if we didn't already
 	 *          setns() (otherwise, user namespaces will hate us).
 	 */

src/lxc/cgroups/cgfs.c

@@ -103,7 +103,6 @@ struct cgroup_mount_point {
  *                      hierarchies
  *
  * Note this is the per-process info tracked by the cgfs_ops.
- * This is not used with cgmanager.
  */
 struct cgroup_process_info {
 	struct cgroup_process_info *next;

src/lxc/cgroups/cgfsng.c

@@ -26,8 +26,7 @@
  * cgroup backend.  The original cgfs.c was designed to be as flexible
  * as possible.  It would try to find cgroup filesystems no matter where
  * or how you had them mounted, and deduce the most usable mount for
- * each controller.  It also was not designed for unprivileged use, as
- * that was reserved for cgmanager.
+ * each controller.
  *
  * This new implementation assumes that cgroup filesystems are mounted
  * under /sys/fs/cgroup/clist where clist is either the controller, or

src/lxc/lxclock.c

@@ -317,23 +317,6 @@ void process_unlock(void)
 	unlock_mutex(&thread_mutex);
 }
 
-/* One thread can do fork() while another one is holding a mutex.
- * There is only one thread in child just after the fork(), so no one will ever release that mutex.
- * We setup a "child" fork handler to unlock the mutex just after the fork().
- * For several mutex types, unlocking an unlocked mutex can lead to undefined behavior.
- * One way to deal with it is to setup "prepare" fork handler
- * to lock the mutex before fork() and both "parent" and "child" fork handlers
- * to unlock the mutex.
- * This forbids doing fork() while explicitly holding the lock.
- */
-#ifdef HAVE_PTHREAD_ATFORK
-__attribute__((constructor))
-static void process_lock_setup_atfork(void)
-{
-	pthread_atfork(process_lock, process_unlock, process_unlock);
-}
-#endif
-
 int container_mem_lock(struct lxc_container *c)
 {
 	return lxclock(c->privlock, 0);