Bug 664783

Summary: race condition in radvd pidfile creation
Product: Red Hat Enterprise Linux 6 Reporter: Laine Stump <laine>
Component: radvdAssignee: Pavel Šimerda (pavlix) <psimerda>
Status: CLOSED WONTFIX QA Contact: qe-baseos-daemons
Severity: high Docs Contact:
Priority: low    
Version: 6.0CC: ppisar, thozza
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: http://lists.litech.org/pipermail/radvd-devel-l/2012-April/000704.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 811997 (view as bug list) Environment:
Last Closed: 2016-07-21 13:13:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 836160    
Attachments:
Description Flags
Reproducer
none
Upsteam patch ported to 1.6 none

Description Laine Stump 2010-12-21 16:18:41 UTC 
radvd uses daemonize() to daemonize itself, then creates its pidfile afterwards. This means that the process that exec'ed radvd will get back control before the pidfile has been created and/or populated, which could lead to a race condition.

This creates a problem for libvirt, which attempts to run an instance of radvd and determine its pid (for later termination) by immediately reading the pidfile. The pidfile isn't yet created when libvirtd gets back control after waitpid'ing for the radvd process, so it fails to learn the pid.

Instead of using daemonize() and creating the pidfile from the child process, radvd should do the fork manually, then create the pidfile in the parent, prior to exiting.
Comment 1 Laine Stump 2010-12-21 16:28:52 UTC 
Actually it's been pointed out to me that the pidfile is *created* by the parent process, but written to by the child, after daemonize is called. So the process that exec's radvd will always find the file, but it may not yet have anything in it.
Comment 3 RHEL Program Management 2011-01-07 15:51:18 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
Comment 4 Petr Pisar 2012-04-05 13:36:11 UTC 
Reproducer (unreliable as for all races):

$ radvd; kill -n 0 $(</var/run/radvd.pid)
Comment 5 Petr Pisar 2012-04-05 13:44:50 UTC 
Actually radvd in RHEL-6 stores PID into /var/run/radvd/radvd.pid.
Comment 6 Petr Pisar 2012-04-12 11:32:45 UTC 
Upstream has fixed this issue by using libdaemon with the following patch set:

commit 1cda2ef33f505be34e690d1b7a1e5eac632819af
Author: Petr Písař <ppisar>
Date:   Wed Apr 11 13:52:24 2012 +0200

    Use pkg-config to discover libdaemon

commit 4ff814023cf62e59a6048a2cc57c62e0664d3c56
Author: Petr Písař <ppisar>
Date:   Thu Apr 5 15:24:22 2012 +0200

    Use libdaemon for daemonization
    
    The libc daemon(3) function suffers from race bewtween exiting parent
    and saving PID into a file.
    
    Using libdaemon library one can avoid this race and can simplify PID
    file manipulation.
    
    The only difference against older implementation is, the PID file will
    be inspected, created, and removed only if daemonization is requested.
Comment 7 Petr Pisar 2012-04-12 13:22:08 UTC 
Created attachment 577068 [details]
Reproducer

Use positional arguments to select executable, timeout, and PID file location.
Comment 8 Petr Pisar 2012-04-13 09:52:40 UTC 
Created attachment 577285 [details]
Upsteam patch ported to 1.6
Comment 9 Petr Pisar 2012-04-13 09:55:43 UTC 
Notice for testers: radvd-1.6 requires enabled global (all device) IPv6 forwarding and a valid configuration file. One can use veth interface pair instead of real ethernet to not jam real network.
Comment 10 RHEL Program Management 2012-09-07 04:59:29 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 11 RHEL Program Management 2013-10-14 01:13:08 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 15 Pavel Šimerda (pavlix) 2016-07-21 13:13:17 UTC 
Red Hat Enterprise Linux version 6 is entering the Production 2 phase of its lifetime and this bug doesn't meet the criteria for it, i.e. only high severity issues will be fixed. Please see https://access.redhat.com/support/policy/updates/errata/ for further information.

This issue is fixed in Red Hat Enterprise Linux version 7.