Prevent a deadlock when user namespace setup fails

Observed on Centos 7 when user namespaces are disabled: DerivationGoal::startBuilder() throws an exception, ~DerivationGoal() waits for the child process to exit, but the child process hangs forever in drainFD(userNamespaceSync.readSide.get()) in DerivationGoal::runChild(). Not sure why the SIGKILL doesn't get through. Issue #4092.
author: Eelco Dolstra <edolstra@gmail.com> 2020-10-06 18:52:46 +0200
committer: Eelco Dolstra <edolstra@gmail.com> 2020-10-06 18:57:23 +0200
commit: d761485010cc9d071da17a5d90cf4126a4bf499d (patch)
tree: b19f2a335debafd3792c7ff73cd4834bb68db9c3 /src
parent: ad143c5b3b7e713b89f0437ce17c20ac642ca530 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 87e01a378..9497e7b3e 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2686,6 +2686,12 @@ void DerivationGoal::startBuilder()
 
         userNamespaceSync.readSide = -1;
 
+        /* Close the write side to prevent runChild() from hanging
+           reading from this. */
+        Finally cleanup([&]() {
+            userNamespaceSync.writeSide = -1;
+        });
+
         pid_t tmp;
         if (!string2Int<pid_t>(readLine(builderOut.readSide.get()), tmp)) abort();
         pid = tmp;
@@ -2712,7 +2718,6 @@ void DerivationGoal::startBuilder()
 
         /* Signal the builder that we've updated its user namespace. */
         writeFull(userNamespaceSync.writeSide.get(), "1");
-        userNamespaceSync.writeSide = -1;
 
     } else
 #endif
author	Eelco Dolstra <edolstra@gmail.com>	2020-10-06 18:52:46 +0200
committer	Eelco Dolstra <edolstra@gmail.com>	2020-10-06 18:57:23 +0200
commit	d761485010cc9d071da17a5d90cf4126a4bf499d (patch)
tree	b19f2a335debafd3792c7ff73cd4834bb68db9c3 /src
parent	ad143c5b3b7e713b89f0437ce17c20ac642ca530 (diff)