|
|
dc3ed5 |
From a028743f5c88dd7c27c102c34535f25b42ea2c5f Mon Sep 17 00:00:00 2001
|
|
|
dc3ed5 |
From: Kyle Walker <kwalker@redhat.com>
|
|
|
dc3ed5 |
Date: Mon, 23 Apr 2018 13:07:37 -0400
|
|
|
dc3ed5 |
Subject: [PATCH] Backport of:
|
|
|
dc3ed5 |
https://bugs.freedesktop.org/attachment.cgi?id=138819
|
|
|
dc3ed5 |
|
|
|
dc3ed5 |
Signed-off-by: Kyle Walker <kwalker@redhat.com>
|
|
|
dc3ed5 |
---
|
|
|
dc3ed5 |
src/polkitbackend/polkitbackendjsauthority.c | 76 +++++++++++++++++++++++++++-
|
|
|
dc3ed5 |
1 file changed, 74 insertions(+), 2 deletions(-)
|
|
|
dc3ed5 |
|
|
|
dc3ed5 |
diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c
|
|
|
dc3ed5 |
index 39ed718..fd1dbfd 100644
|
|
|
dc3ed5 |
--- a/src/polkitbackend/polkitbackendjsauthority.c
|
|
|
dc3ed5 |
+++ b/src/polkitbackend/polkitbackendjsauthority.c
|
|
|
dc3ed5 |
@@ -83,6 +83,13 @@ struct _PolkitBackendJsAuthorityPrivate
|
|
|
dc3ed5 |
GMutex rkt_timeout_pending_mutex;
|
|
|
dc3ed5 |
gboolean rkt_timeout_pending;
|
|
|
dc3ed5 |
|
|
|
dc3ed5 |
+ /* avoid zombies by reap child in a new thread */
|
|
|
dc3ed5 |
+ GThread *child_reaper_thread;
|
|
|
dc3ed5 |
+ GMutex crt_init_mutex;
|
|
|
dc3ed5 |
+ GCond crt_init_cond;
|
|
|
dc3ed5 |
+ GMainContext *crt_context;
|
|
|
dc3ed5 |
+ GMainLoop *crt_loop;
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
/* A list of JSObject instances */
|
|
|
dc3ed5 |
GList *scripts;
|
|
|
dc3ed5 |
};
|
|
|
dc3ed5 |
@@ -124,6 +131,7 @@ enum
|
|
|
dc3ed5 |
/* ---------------------------------------------------------------------------------------------------- */
|
|
|
dc3ed5 |
|
|
|
dc3ed5 |
static gpointer runaway_killer_thread_func (gpointer user_data);
|
|
|
dc3ed5 |
+static gpointer child_reaper_thread_func (gpointer user_data);
|
|
|
dc3ed5 |
|
|
|
dc3ed5 |
static GList *polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority,
|
|
|
dc3ed5 |
PolkitSubject *caller,
|
|
|
dc3ed5 |
@@ -461,6 +469,18 @@ polkit_backend_js_authority_constructed (GObject *object)
|
|
|
dc3ed5 |
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object);
|
|
|
dc3ed5 |
gboolean entered_request = FALSE;
|
|
|
dc3ed5 |
|
|
|
dc3ed5 |
+ g_mutex_init (&authority->priv->crt_init_mutex);
|
|
|
dc3ed5 |
+ g_cond_init (&authority->priv->crt_init_cond);
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
+ authority->priv->child_reaper_thread = g_thread_new ("reap-child-thread",
|
|
|
dc3ed5 |
+ child_reaper_thread_func,
|
|
|
dc3ed5 |
+ authority);
|
|
|
dc3ed5 |
+ /* wait for child_reaper_thread to set up its GMainContext */
|
|
|
dc3ed5 |
+ g_mutex_lock (&authority->priv->crt_init_mutex);
|
|
|
dc3ed5 |
+ while (authority->priv->crt_context == NULL)
|
|
|
dc3ed5 |
+ g_cond_wait (&authority->priv->crt_init_cond, &authority->priv->crt_init_mutex);
|
|
|
dc3ed5 |
+ g_mutex_unlock (&authority->priv->crt_init_mutex);
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
authority->priv->rt = JS_NewRuntime (8L * 1024L * 1024L);
|
|
|
dc3ed5 |
if (authority->priv->rt == NULL)
|
|
|
dc3ed5 |
goto fail;
|
|
|
dc3ed5 |
@@ -585,6 +605,15 @@ polkit_backend_js_authority_finalize (GObject *object)
|
|
|
dc3ed5 |
g_free (authority->priv->dir_monitors);
|
|
|
dc3ed5 |
g_strfreev (authority->priv->rules_dirs);
|
|
|
dc3ed5 |
|
|
|
dc3ed5 |
+ g_mutex_clear (&authority->priv->crt_init_mutex);
|
|
|
dc3ed5 |
+ g_cond_clear (&authority->priv->crt_init_cond);
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
+ /* shut down the child reaper thread */
|
|
|
dc3ed5 |
+ g_assert (authority->priv->crt_loop != NULL);
|
|
|
dc3ed5 |
+ g_main_loop_quit (authority->priv->crt_loop);
|
|
|
dc3ed5 |
+ g_thread_join (authority->priv->child_reaper_thread);
|
|
|
dc3ed5 |
+ g_assert (authority->priv->crt_loop == NULL);
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
JS_BeginRequest (authority->priv->cx);
|
|
|
dc3ed5 |
JS_RemoveObjectRoot (authority->priv->cx, &authority->priv->js_polkit);
|
|
|
dc3ed5 |
JS_RemoveObjectRoot (authority->priv->cx, &authority->priv->js_global);
|
|
|
dc3ed5 |
@@ -1360,6 +1389,7 @@ get_signal_name (gint signal_number)
|
|
|
dc3ed5 |
|
|
|
dc3ed5 |
typedef struct
|
|
|
dc3ed5 |
{
|
|
|
dc3ed5 |
+ PolkitBackendJsAuthority *authority;
|
|
|
dc3ed5 |
GMainLoop *loop;
|
|
|
dc3ed5 |
GAsyncResult *res;
|
|
|
dc3ed5 |
} SpawnData;
|
|
|
dc3ed5 |
@@ -1379,7 +1409,7 @@ js_polkit_spawn (JSContext *cx,
|
|
|
dc3ed5 |
unsigned js_argc,
|
|
|
dc3ed5 |
jsval *vp)
|
|
|
dc3ed5 |
{
|
|
|
dc3ed5 |
- /* PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx)); */
|
|
|
dc3ed5 |
+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx));
|
|
|
dc3ed5 |
JSBool ret = JS_FALSE;
|
|
|
dc3ed5 |
JSObject *array_object;
|
|
|
dc3ed5 |
gchar *standard_output = NULL;
|
|
|
dc3ed5 |
@@ -1424,6 +1454,8 @@ js_polkit_spawn (JSContext *cx,
|
|
|
dc3ed5 |
JS_free (cx, s);
|
|
|
dc3ed5 |
}
|
|
|
dc3ed5 |
|
|
|
dc3ed5 |
+ data.authority = authority;
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
context = g_main_context_new ();
|
|
|
dc3ed5 |
loop = g_main_loop_new (context, FALSE);
|
|
|
dc3ed5 |
|
|
|
dc3ed5 |
@@ -1540,6 +1572,8 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
|
|
|
dc3ed5 |
|
|
|
dc3ed5 |
typedef struct
|
|
|
dc3ed5 |
{
|
|
|
dc3ed5 |
+ PolkitBackendJsAuthority *authority;
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
GSimpleAsyncResult *simple; /* borrowed reference */
|
|
|
dc3ed5 |
GMainContext *main_context; /* may be NULL */
|
|
|
dc3ed5 |
|
|
|
dc3ed5 |
@@ -1572,11 +1606,43 @@ utils_child_watch_from_release_cb (GPid pid,
|
|
|
dc3ed5 |
gint status,
|
|
|
dc3ed5 |
gpointer user_data)
|
|
|
dc3ed5 |
{
|
|
|
dc3ed5 |
+ g_print("Child(pid: %d) has been reaped!\n", pid);
|
|
|
dc3ed5 |
+}
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
+/* ---------------------------------------------------------------------------------------------------- */
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
+static gpointer
|
|
|
dc3ed5 |
+child_reaper_thread_func (gpointer user_data)
|
|
|
dc3ed5 |
+{
|
|
|
dc3ed5 |
+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (user_data);
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
+ g_mutex_lock (&authority->priv->crt_init_mutex);
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
+ authority->priv->crt_context = g_main_context_new ();
|
|
|
dc3ed5 |
+ authority->priv->crt_loop = g_main_loop_new (authority->priv->crt_context, FALSE);
|
|
|
dc3ed5 |
+ g_main_context_push_thread_default (authority->priv->crt_context);
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
+ /* Signal the main thread that we're done constructing */
|
|
|
dc3ed5 |
+ g_cond_signal (&authority->priv->crt_init_cond);
|
|
|
dc3ed5 |
+ g_mutex_unlock (&authority->priv->crt_init_mutex);
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
+ g_main_loop_run (authority->priv->crt_loop);
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
+ g_main_context_pop_thread_default (authority->priv->crt_context);
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
+ g_main_loop_unref (authority->priv->crt_loop);
|
|
|
dc3ed5 |
+ authority->priv->crt_loop = NULL;
|
|
|
dc3ed5 |
+ g_main_context_unref (authority->priv->crt_context);
|
|
|
dc3ed5 |
+ authority->priv->crt_context = NULL;
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
+ return NULL;
|
|
|
dc3ed5 |
}
|
|
|
dc3ed5 |
|
|
|
dc3ed5 |
+/* ---------------------------------------------------------------------------------------------------- */
|
|
|
dc3ed5 |
static void
|
|
|
dc3ed5 |
utils_spawn_data_free (UtilsSpawnData *data)
|
|
|
dc3ed5 |
{
|
|
|
dc3ed5 |
+ PolkitBackendJsAuthority *authority = data->authority;
|
|
|
dc3ed5 |
if (data->timeout_source != NULL)
|
|
|
dc3ed5 |
{
|
|
|
dc3ed5 |
g_source_destroy (data->timeout_source);
|
|
|
dc3ed5 |
@@ -1604,12 +1670,17 @@ utils_spawn_data_free (UtilsSpawnData *data)
|
|
|
dc3ed5 |
* Avoid taking a references to ourselves. but note that we need
|
|
|
dc3ed5 |
* to pass the GSource so we can nuke it once handled.
|
|
|
dc3ed5 |
*/
|
|
|
dc3ed5 |
+
|
|
|
dc3ed5 |
+ /* avoid zombies by reaping child in a new thread
|
|
|
dc3ed5 |
+ * add source to reap thread context
|
|
|
dc3ed5 |
+ */
|
|
|
dc3ed5 |
+ GMainContext *reap_context = authority->priv->crt_context;
|
|
|
dc3ed5 |
source = g_child_watch_source_new (data->child_pid);
|
|
|
dc3ed5 |
g_source_set_callback (source,
|
|
|
dc3ed5 |
(GSourceFunc) utils_child_watch_from_release_cb,
|
|
|
dc3ed5 |
source,
|
|
|
dc3ed5 |
(GDestroyNotify) g_source_destroy);
|
|
|
dc3ed5 |
- g_source_attach (source, data->main_context);
|
|
|
dc3ed5 |
+ g_source_attach (source, reap_context);
|
|
|
dc3ed5 |
g_source_unref (source);
|
|
|
dc3ed5 |
data->child_pid = 0;
|
|
|
dc3ed5 |
}
|
|
|
dc3ed5 |
@@ -1776,6 +1847,7 @@ utils_spawn (const gchar *const *argv,
|
|
|
dc3ed5 |
GError *error;
|
|
|
dc3ed5 |
|
|
|
dc3ed5 |
data = g_slice_new0 (UtilsSpawnData);
|
|
|
dc3ed5 |
+ data->authority = ((SpawnData *)user_data)->authority;
|
|
|
dc3ed5 |
data->timeout_seconds = timeout_seconds;
|
|
|
dc3ed5 |
data->simple = g_simple_async_result_new (NULL,
|
|
|
dc3ed5 |
callback,
|
|
|
dc3ed5 |
--
|
|
|
dc3ed5 |
2.14.3
|
|
|
dc3ed5 |
|