[systemd-devel] [PATCH 2/7] logind: close races on user and session states during login

Lennart Poettering lennart at poettering.net
Fri Feb 7 07:48:39 PST 2014


On Thu, 06.02.14 21:37, Djalal Harouni (tixxdz at opendz.org) wrote:

I think this one I fixed by adding a new "stopping" variable. Could you check?

> Currently the user and session states are not stable, they are affected
> by several races during login:
> 
> 1) session state:
>    To get the session state the function session_get_state() is used.
> 
> Opening state:
> At login the D-Bus CreateSession() method will call session_start() which
> calls user_start() and session_start_scope() to queue the scope job and
> set the session->scope_job
> 
>    =>  session_get_state() == SESSION_OPENING   (correct)
> 
> Then execution will continue from session_send_create() which is called
> by the D-Bus match_job_removed() signal. math_job_removed() will check if
> this is the session scope and if this is the previously queued scope job.
> If so it will clear the session->scope_job
> 
>    =>  session_get_state() == SESSION_CLOSING   (incorrect)
>                               (session closing since fifo_fd == -1)
> 
> So scope job has finished and scope was created successfully, later the
> session_send_create_reply() will wait for the session scope *and* the
> user service to be successfully created.
> 
>   /* user service is still pending */
>   if (s->scope_job || s->user->service_job))
>      return 0
> 
>    =>  session_get_state() == SESSION_CLOSING   (incorrect)
> 
>   else
>      session_create_fifo()    /* fifo_fd finally created */
> 
>    =>  session_get_state() == SESSION_ACTIVE   (correct)
> 
> To sum it up, current state during login:
> "SESSION_OPENING"=>"SESSION_CLOSING"x2=>"SESSION_ACTIVE"
> 
> To fix the session state and remove the two incorrect SESSION_CLOSING,
> we do not clear up the "session->scope_job" when we detect that this is
> the session scope, we setup a temporary variable "scope_job" that will
> get the current value of "session->scope_job" and update it if
> necessary.
> 
> Add a new "active" variable to check if the session scope and user
> service jobs are still being created.
> 
> Update session_jobs_replay() and session_send_create_reply() function to
> receive the "opening" variable as an argument, so it will still wait for
> the scope and service jobs to finish before creating the session fifo.
> 
> The "session->scope_job" will be cleared when session_jobs_reply()
> finishes. This ensures that the state will just go from:
> "SESSION_OPENING" => "SESSION_ACTIVE"
> 
> 2) user state:
>    To get the user state the function user_get_state() is used.
> 
> I'll add that the user_get_state() and session_get_state() do not have
> the same logic when it comes to sessions, this will just add ambiguity.
> user_get_state() calls session_is_active() before checking
> session_get_state(), and session_is_active() will return true right from
> the start since the logic is set during D-Bus CreateSession(). This will
> we be fixed in the followup patches.
> 
> Opening state:
> At login we have session_start() which calls user_start()
> 
> here we already:
> 
>    =>  user_get_state() == USER_ACTIVE   (incorrect)
>                            (not fixed in this patch)
> 
> user_start() calls:
> user_start_slice() queue the slice and set user->slice_job
> user_start_service() queue the service and set user->service_job
> 
>    =>  user_get_state() == USER_OPENING   (correct)
> 
> Then execution will continue from session_send_create() which is called
> by the D-Bus match_job_removed() signal. math_job_removed() will check if
> these are the user service and slice and if they are the previously queued
> jobs. If so it will clear the: user->service_job and user->slice_job
> 
>    =>  user_get_state() == USER_ACTIVE   (incorrect)
>                  (incorrect since the fifo_fd has not been created,
>                   here the state should stay USER_OPENING)
> 
> Later when the user service is created successfully,
> session_send_create_reply() will also wait for the session scope to be
> created. If so then session_send_create_reply() will continue and call
> session_create_fifo()
> 
>    =>  user_get_state() == USER_ACTIVE   (correct)
>                            (fifo_fd was created)
> 
> To fix this, we use the same logic as used to fix session states. In
> order to remove the incorrect state when the fifo_fd is not created but
> the state shows USER_ACTIVE, we do not clear the "user->service_job" and
> "user->slice_job" right away, we store the state in a temporary variable
> "service_job" and update it later if we detect that this is the user
> service.
> 
> The new "active" variable will be used to check if the session scope and
> user service are still being created. If so we'll wait for the next
> match_job_removed() signal and continue, otherwise we proceed with
> session_jobs_reply() and session_send_create_reply() in order to notify
> clients.
> ---
>  src/login/logind-dbus.c         | 44 ++++++++++++++++++++++++++++++-----------
>  src/login/logind-session-dbus.c |  8 +++++---
>  src/login/logind-session.h      |  2 +-
>  3 files changed, 39 insertions(+), 15 deletions(-)
> 
> diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
> index 7b050fb..0560707 100644
> --- a/src/login/logind-dbus.c
> +++ b/src/login/logind-dbus.c
> @@ -1919,7 +1919,9 @@ const sd_bus_vtable manager_vtable[] = {
>          SD_BUS_VTABLE_END
>  };
>  
> -static int session_jobs_reply(Session *s, const char *unit, const char *result) {
> +/* session_jobs_reply() calls session_send_create_reply() to
> + * notify client that they are able to login now. */
> +static int session_jobs_reply(Session *s, const char *unit, const char *result, bool opening) {
>          int r = 0;
>  
>          assert(s);
> @@ -1929,12 +1931,12 @@ static int session_jobs_reply(Session *s, const char *unit, const char *result)
>                  return r;
>  
>          if (streq(result, "done"))
> -                r = session_send_create_reply(s, NULL);
> +                r = session_send_create_reply(s, NULL, opening);
>          else {
>                  _cleanup_bus_error_free_ sd_bus_error e = SD_BUS_ERROR_NULL;
>  
>                  sd_bus_error_setf(&e, BUS_ERROR_JOB_FAILED, "Start job for unit %s failed with '%s'", unit, result);
> -                r = session_send_create_reply(s, &e);
> +                r = session_send_create_reply(s, &e, opening);
>          }
>  
>          return r;
> @@ -1973,22 +1975,46 @@ int match_job_removed(sd_bus *bus, sd_bus_message *message, void *userdata, sd_b
>  
>          session = hashmap_get(m->session_units, unit);
>          if (session) {
> +                bool active, scope_job = !!session->scope_job;
>  
> -                if (streq_ptr(path, session->scope_job)) {
> +                /* Set to false if the scope job has finished */
> +                if (streq_ptr(path, session->scope_job))
> +                        scope_job = false;
> +
> +                /* If the session scope and the user service are still
> +                 * being created this will be set to true, otherwise
> +                 * it will be false */
> +                active = scope_job || !!session->user->service_job;
> +                session_jobs_reply(session, unit, result, active);
> +
> +                if (!scope_job) {
> +                        /* Clean this up after session_jobs_reply() */
>                          free(session->scope_job);
>                          session->scope_job = NULL;
>                  }
>  
> -                session_jobs_reply(session, unit, result);
> -
>                  session_save(session);
>                  session_add_to_gc_queue(session);
>          }
>  
>          user = hashmap_get(m->user_units, unit);
>          if (user) {
> +                bool active, service_job = !!user->service_job;
> +
> +                /* Set to false if the user service has finished */
> +                if (streq_ptr(path, user->service_job))
> +                        service_job = false;
> +
> +                LIST_FOREACH(sessions_by_user, session, user->sessions) {
> +                        /* If the session scope and the user service are
> +                         * still being created this will be set to true,
> +                         * otherwise it will be false */
> +                        active = service_job || !!session->scope_job;
> +                        session_jobs_reply(session, unit, result, active);
> +                }
>  
> -                if (streq_ptr(path, user->service_job)) {
> +                if (!service_job) {
> +                        /* Clean this up after session_jobs_reply() */
>                          free(user->service_job);
>                          user->service_job = NULL;
>                  }
> @@ -1998,10 +2024,6 @@ int match_job_removed(sd_bus *bus, sd_bus_message *message, void *userdata, sd_b
>                          user->slice_job = NULL;
>                  }
>  
> -                LIST_FOREACH(sessions_by_user, session, user->sessions) {
> -                        session_jobs_reply(session, unit, result);
> -                }
> -
>                  user_save(user);
>                  user_add_to_gc_queue(user);
>          }
> diff --git a/src/login/logind-session-dbus.c b/src/login/logind-session-dbus.c
> index 7ee4956..54db864 100644
> --- a/src/login/logind-session-dbus.c
> +++ b/src/login/logind-session-dbus.c
> @@ -641,7 +641,7 @@ int session_send_lock_all(Manager *m, bool lock) {
>          return r;
>  }
>  
> -int session_send_create_reply(Session *s, sd_bus_error *error) {
> +int session_send_create_reply(Session *s, sd_bus_error *error, bool opening) {
>          _cleanup_bus_message_unref_ sd_bus_message *c = NULL;
>          _cleanup_close_ int fifo_fd = -1;
>          _cleanup_free_ char *p = NULL;
> @@ -650,12 +650,12 @@ int session_send_create_reply(Session *s, sd_bus_error *error) {
>  
>          /* This is called after the session scope and the user service
>           * were successfully created, and finishes where
> -         * bus_manager_create_session() left off. */
> +         * method_create_session() left off. */
>  
>          if (!s->create_message)
>                  return 0;
>  
> -        if (!sd_bus_error_is_set(error) && (s->scope_job || s->user->service_job))
> +        if (!sd_bus_error_is_set(error) && opening)
>                  return 0;
>  
>          c = s->create_message;
> @@ -664,6 +664,8 @@ int session_send_create_reply(Session *s, sd_bus_error *error) {
>          if (error)
>                  return sd_bus_reply_method_error(c, error);
>  
> +        /* At this stage the session scope and the user service
> +         * were successfully created */
>          fifo_fd = session_create_fifo(s);
>          if (fifo_fd < 0)
>                  return fifo_fd;
> diff --git a/src/login/logind-session.h b/src/login/logind-session.h
> index 7bf1932..ebe3902 100644
> --- a/src/login/logind-session.h
> +++ b/src/login/logind-session.h
> @@ -152,7 +152,7 @@ int session_send_changed(Session *s, const char *properties, ...) _sentinel_;
>  int session_send_lock(Session *s, bool lock);
>  int session_send_lock_all(Manager *m, bool lock);
>  
> -int session_send_create_reply(Session *s, sd_bus_error *error);
> +int session_send_create_reply(Session *s, sd_bus_error *error, bool opening);
>  
>  const char* session_state_to_string(SessionState t) _const_;
>  SessionState session_state_from_string(const char *s) _pure_;


Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list