DAOS-14826 client: reserve low fds

[wiliamhuang]

Features: pil4dfs

Reserve low fd to avoid daos network contexts use them.
Fix a corner case in fstatat() to mimic libc and add unit test.
Rely on libc dup2() to get desired fd to avoid error "failed to get the desired fd in dup2()".
Use atomic APIs to access daos_inited.
Move pthread_atfork() inside locked region to avoid multiple execution.
Call glibc chdir() to update process's cwd in kernel state.
Introduce fd duplication reference count to handle complex situation

Add a unit test to make sure daos does not use low fd.

Before requesting gatekeeper:

• Two review approvals and any prior change requests have been resolved.
• Testing is complete and all tests passed or there is a reason documented in the PR why it should be force landed and forced-landing tag is set.
• Features: (or Test-tag*) commit pragma was used or there is a reason documented that there are no appropriate tags for this PR.
• Commit messages follows the guidelines outlined here.
• Any tests skipped by the ticket being addressed have been run and passed in the PR.

Gatekeeper:

• You are the appropriate gatekeeper to be landing the patch.
• The PR has 2 reviews by people familiar with the code, including appropriate watchers.
• Githooks were used. If not, request that user install them and check copyright dates.
• Checkpatch issues are resolved. Pay particular attention to ones that will show up on future PRs.
• All builds have passed. Check non-required builds for any new compiler warnings.
• Sufficient testing is done. Check feature pragmas and test tags and that tests skipped for the ticket are run and now pass with the changes.
• If applicable, the PR has addressed any potential version compatibility issues.
• Check the target branch. If it is master branch, should the PR go to a feature branch? If it is a release branch, does it have merge approval in the JIRA ticket.
• Extra checks if forced landing is requested
  • Review comments are sufficiently resolved, particularly by prior reviewers that requested changes.
  • No new NLT or valgrind warnings. Check the classic view.
  • Quick-build or Quick-functional is not used.
• Fix the commit message upon landing. Check the standard here. Edit it to create a single commit. If necessary, ask submitter for a new summary.

[github-actions]

Bug-tracker data:
Ticket title is 'hang in configure with libpil4dfs.so loaded'
Status is 'In Review'
Labels: 'intercept_lib'
https://daosio.atlassian.net/browse/DAOS-14826

[ashleypittman]

Didn't you say you had a working test for the low fd issue? It would be good to see that included alongside the code.

[ashleypittman]

Looking at this existing code it doesn't appear thread-safe in the case of two threads entering this code-path concurrently, not a regression but it would be good to add locking to this at the same time.

[wiliamhuang]

Yes. We were aware of this possible issue. daos_init() uses lock already. query_path() is called in many intercepted functions. We hoped to avoid lock if possible.

[ashleypittman]

A lock here isn't going to make any difference to performance and should only be needed in the contended case anyway. Without one there's potential for daos_init() to be called multiple times but daos_fini() only being called once leading to resource leaks and incorrect tidyup.

[wiliamhuang]

In case daos_init() is called more than one time, daos_init_cnt has the count. daos_fini() will be called daos_init_cnt times in destruction phase.

[ashleypittman]

It looks like you've re-worked this code since yesterday but it's still not thread safe although as you daos_fini() does look like it'll be called the correct number of times.

pthread_atfork() wants to be called precisely once, and if you're using the daos_inited boolean in this manner then you need to access it atomically.

[wiliamhuang]

Thank you! Moved pthread_atfork() into the locked region. Could you please check again?

[ashleypittman]

What's wrong with opening "/"?

Presumably this code can only get here after the hooks have been installed so perhaps it would be better to call the redirected open directly?

[wiliamhuang]

I agree. "/" should work too.
You are right. libc_open() should work here. I will change it in next commit. Thank you!

[ashleypittman]

Is this related to the commit message? Same applies for the rest of the code changes in this file.

[wiliamhuang]

This is a corner case of fstatat(). dirfd is allowed to be a fd of a regular file.
Yes. There are probably a few places where we need to handle flags. I added a comment here to make sure I will not forget it in future.

[wiliamhuang]

Didn't you say you had a working test for the low fd issue? It would be good to see that included alongside the code.

Yes. The test bash script needs some code in exec interception to pass. I will put the test case over there. fd 0, 1, and 2 are preserved after exec(). We need to handle such issue in #13519. We also probably need to close all fds higher than 2.

[ashleypittman]

Didn't you say you had a working test for the low fd issue? It would be good to see that included alongside the code.

Yes. The test bash script needs some code in exec interception to pass. I will put the test case over there. fd 0, 1, and 2 are preserved after exec(). We need to handle such issue in #13519. We also probably need to close all fds higher than 2.

That link and some of the code in this PR is for the execv issue, but most of the code in this PR and the commit message relate to the low FD issue. Do you have a test for the low FD issue and can you include it in this PR.

[wiliamhuang]

That link and some of the code in this PR is for the execv issue, but most of the code in this PR and the commit message relate to the low FD issue. Do you have a test for the low FD issue and can you include it in this PR.

Just added a unit test to make sure daos does not use low fd. Thank you!

[daosbuild1]

Test stage Functional on EL 8.8 completed with status UNSTABLE. https://build.hpdd.intel.com/job/daos-stack/job/daos//view/change-requests/job/PR-13532/7/testReport/

[wiliamhuang]

@ashleypittman @mlawsonca Could you please review? Thank you very much!

[mchaarawi]

is this env documented somewhere?

[wiliamhuang]

It is not in our document. Normally users do not need to set it. Default value 10 will be used.

[mchaarawi]

ok well if users don't need to set it then i do not see why it needs to be an env variable..
if it needs to, then we should document it in the IL readme, and also consider changing it's name D_ and DAOS are repetitive.
maybe call it DAOS_RESERVE_MIN_FD? other suggestion welcome

[wiliamhuang]

ok. We can just use a hard-coded value for now. We add an env later if necessary. Thank you!

[mchaarawi]

sorry, I am not against making this an env variable. im just saying that an env variable needs to be documented somewhere if we need to ask users to play with it. otherwise only the dev (you) knows about it and what it does.

[wiliamhuang]

Thank you! Understood. We can use hardcoded value to make our code simpler and decrease the number of env users need to deal with. Originally, I thought bash script can use arbitrary fd. An env may be helpful if a larger value is needed. However, it could be very hard for a regular user to figure out the situation. I will add a warning in dup2() if a fd pointing to "socket:[xxxx]" or "anon_inode:[eventpoll]" is closed, so it would help for debugging related issues.

[mchaarawi]

i don't understand why we need nested locks now

[wiliamhuang]

ok. I will rearrange the code to avoid nested locks. Thank you!

[mchaarawi]

why is this needed for the entire block? isn't this just needed internally for consume_low_fd()?

[wiliamhuang]

You are right. I will move the lock inside consume_low_fd(). Thank you!

[mchaarawi]

well my point was just that if you already added a lock on top (not sure if that one is needed), do you need this one too?

[mchaarawi]

actually nevemind that comment was for the next lock not the lock_global

[mchaarawi]

im not sure i understand what you are doing here, nor i understand this commit message:
"Also fix a corner case in fstatat() to mimic libc. Rely on libc dup2() to get desired fd to avoid error
"failed to get the desired fd in dup2()"."

what is the corner case being fixed? can you be more clear. if this corner case is fixed, can you add a test for the corner case? thanks.

[wiliamhuang]

dirfd is allowed to be a fd of a regular file. I did not expect such situation. ok. I will add a unit test for this corner case.

[wiliamhuang]

I am trying to add the corner case in dfuse unit test. Looks libioil has the same issue.

[wiliamhuang]

Sorry. False alarm. Used wrong flag in fstatat().

[mchaarawi]

is it blocked or reserved?

[wiliamhuang]

Maybe "reserved" is a little better.

[mchaarawi]

not a big deal, but if a repush is needed, better to rename that to lock_reserve_fd

[wiliamhuang]

Thank you! I will fix it if I need a repush.

[mchaarawi]

i guess i don't understand what a warning is supposed to do. how can we end up in this situation?

[wiliamhuang]

This message is mainly for debugging. Not sure whether this is always related to real issues, especially for an application uses network. Shall I use D_DEBUG() instead?
If a bash script uses larger fd (e.g., 15) directly, this piece of code will be triggered.

[ashleypittman]

For what it's worth the ioil code is at https://github.com/daos-stack/daos/blob/master/src/client/dfuse/il/int_posix.c#L741-L797

It just uses a hard-coded value of 10 and does no checking. It also uses dup for all but the first fd and does it all in one function rather than using globals.

[ashleypittman]

I'd of expected O_PATH|O_DIRECTORY here but maybe it's not required?

[wiliamhuang]

Yes. "O_PATH|O_DIRECTORY" works too. I can use it to match the code in other places. Thank you!

[ashleypittman]

I don't like this and it will be expensive, particularly on something like dfuse where readlink has to do a full path walk.

The low fds issue is one we need to work around but we don't want to compromise the performance of the whole library to do so. I also don't see that if there ever was an error here that it would be restricted to the dup2 call so I think this check is expensive and not helpful.

[wiliamhuang]

ok. I can remove this check for now. Thank you!

[ashleypittman]

I still don't see the relevance of this change? Is it to do with low fds and required for the new test to pass or is it addressing another issue?

[wiliamhuang]

This is fixing a bug I recently identified. This change is needed to pass the new test of running bash script that uses low fd directly. The new test is added in the PR for exec() interception. bash opens a file on DFS then calls dup2(fake_fd, 5) to get a low fd 5, then call dup2(5, 1) to let fd 1 point to the file on DFS. After that, bash calls exec() to run "cat" to write to the file on DFS.

#! /bin/sh

exec 5>config.log {
cat <<EOF

EOF
} >&5

[ashleypittman]

Should that test be in this PR or does this PR depend on the exec PR then?

[wiliamhuang]

Right. The above is added in the exec PR. It requires the new code there.

[daosbuild1]

Test stage Build DEB on Ubuntu 20.04 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-13532/18/execution/node/283/log

[daosbuild1]

Test stage Build RPM on EL 9 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-13532/19/execution/node/356/log

[daosbuild1]

Test stage Build RPM on Leap 15.5 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-13532/19/execution/node/286/log

[daosbuild1]

Test stage Build RPM on EL 8 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-13532/19/execution/node/371/log

[daosbuild1]

Test stage Build DEB on Ubuntu 20.04 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-13532/19/execution/node/272/log

[daosbuild1]

Test stage NLT on EL 8.8 completed with status UNSTABLE. https://build.hpdd.intel.com/job/daos-stack/job/daos//view/change-requests/job/PR-13532/18/testReport/

[daosbuild1]

Test stage NLT on EL 8.8 completed with status UNSTABLE. https://build.hpdd.intel.com/job/daos-stack/job/daos//view/change-requests/job/PR-13532/20/testReport/

[ashleypittman]

@ashleypittman With the latest commit, b1bf1e9, your bash test seems showing same behavior with and without libpil4dfs. Please try it and let me know. Thank you!

I can confirm that my test now runs and passes, It looks like the remaining issues were in the dup() code from your change?

There is one error I'm getting from pil4dfs during this operation which you should look at but once that's resolved then I think this PR might be complete.

src/client/dfuse/pil4dfs/int_dfs.c:1525 free_fd() dfs_release() failed: 22 (Invalid argument)

There are some IO requests to dfuse during the test, I assume this is down to the getcwd handling although I also see two opens and two reads - we can deal with that elsewhere though.

[wiliamhuang]

I can confirm that my test now runs and passes, It looks like the remaining issues were in the dup() code from your change?

Yes. One situation in dup2() was not implemented previously. Also glibc chdir() is needed to update the current working directory before exec(), so we always call glibc chdir inside chdir() and fchdir() now.

There is one error I'm getting from pil4dfs during this operation which you should look at but once that's resolved then I think this PR might be complete.

src/client/dfuse/pil4dfs/int_dfs.c:1525 free_fd() dfs_release() failed: 22 (Invalid argument)

Thank you! I will look into this issue.

There are some IO requests to dfuse during the test, I assume this is down to the getcwd handling although I also see two opens and two reads - we can deal with that elsewhere though.

chdir()/fchdir() will be passed through to dfuse. exec() also needs dfuse.

[daosbuild1]

Test stage Functional Hardware Medium Verbs Provider completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-13532/22/execution/node/1503/log

[wiliamhuang]

src/client/dfuse/pil4dfs/int_dfs.c:1525 free_fd() dfs_release() failed: 22 (Invalid argument)

I just pushed a commit to introduce fd duplication reference count to handle complex situations. This issue is resolved in my local test. Could you please give it a try? Thank you!

[ashleypittman]

src/client/dfuse/pil4dfs/int_dfs.c:1525 free_fd() dfs_release() failed: 22 (Invalid argument)

I just pushed a commit to introduce fd duplication reference count to handle complex situations. This issue is resolved in my local test. Could you please give it a try? Thank you!

Much better thank you. I updated the test to perform a write between the first and second close of the duplicated fd and was seeing a segfault before this latest revision, not it's passing successfully.

[wiliamhuang]

Much better thank you. I updated the test to perform a write between the first and second close of the duplicated fd and was seeing a segfault before this latest revision, not it's passing successfully.

@ashleypittman Thanks a lot for your testing and update!

[wiliamhuang]

@mchaarawi Could you please review the latest changes? Thank you!

[daosbuild1]

Test stage Functional Hardware Large completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-13532/24/execution/node/1638/log

[mchaarawi]

my comment can be addressed in the next PR.

[mchaarawi]

some comments need to be added here as to how O_APPEND is being handled.

[wiliamhuang]

ok. I will add comments in my another PR. Thank you!

[wiliamhuang]

The failure in hardware tests are not related to libpil4dfs.