Open Bug 147274 Opened 23 years ago Updated 3 years ago

freeze when helper app reads from stdin (e.g. ghostscript)

Categories

(Firefox :: File Handling, defect)

Product:
Firefox
Component:
File Handling
Platform:
x86
Linux
Type:
defect

Tracking

()

People

(Reporter: gwalla, Unassigned)

References

Details

(Keywords: hang)

Attachments

(2 files, 1 obsolete file)

like this, then
1.68 KB, patch
bzbarsky
: review+
jag+mozilla
: superreview+
Details | Diff | Splinter Review
read from /dev/null unless $debugging = 1
621 bytes, patch
Details | Diff | Splinter Review
When attempting to read a PostScript file from the web using Ghostscript, Mozilla (RC2) froze and the process had to be killed. Closing the ghostscript window does not bring Mozilla back. After killing the wayward Mozilla, starting a new instance of Mozilla works fine. To reproduce: 1) click on a link to a PostScript file 2) in the "Open with application or save" dialog, select "Open with" and choose the ghostscript application (/usr/bin/ghostscript in my system) 3) a ghostscript window will pop up, but Mozilla's windows will cease to repaint until the process is killed I can reproduce this consistently.
Does this only happen with GhostScript or any PS viewer? Does gv work OK? Do you see this both trunk and branch or trunk-only?
and.. what is the ghostscript version?
Can reproduce - current trunk CVS, Linux Download manager for some reason first list the file as downloaded - and then lists it once more - as not started. By that time gs has already spawned and is displaying the .ps file, and repaint stops No CPU usage. killall mozilla-bin doesn't help, had to kill -9 on the first PID in thread, but after this and quitting gs, one remaining mozilla-bin process can't be killed but has to be terminated by exiting the xterm it was started from ("There are stopped jobs") Repeated twice, two different versions of ghostscript, latest being ghostscript-6.52-8 from RH7.3. Fonts are installed OK.
rkaa, is this just a ghostcript problem or also a problem with other viewers? Is this a regression? Could you possibly hunt down when this behavior started if so?
I wonder if this is an old one, really. No problem if i for instance choose kghostview instead. Ghostscript, on the other hand is interactive. When mozilla is started from console and i try to open via moz in gs, i see gs throw a command-prompt in console, with an "enter to continue". Viewing the same file direct with gs, i can then "page" with the enter key, and get a "finished" prompt from where i can "quit". Via Mozilla, the first "continue" prompt appears, but when i hit enter there, i see "Stopped [mozilla]" or thereabouts. No further "paging" possible and Moz is frozen. After i close gs with the X button, that process is still hanging as well. Haven't checked further but this reminds me of bug 62993 and bug 145054
Oh. So the problem is that the app in question tries to read from stdin and stops.... the question is why this stops Mozilla. Could you set the helper to something like "cat" to test whether this is just true in general for any helper app that tries to read from the console? Also, if you foreground the Mozilla process in your terminal, is paging possible?
well.. for fun i tried to open the file with /bin/more. That too causes a full hang and similar ghosted processes, but different from with gs, the downloadmanger didn't start.
OK. I'll take this and check it out; it sounds like any app that blocks on a tty read will hang us -- not good. ;)
Assignee: law → bzbarsky
Keywords: hang
Priority: -- → P1
Target Milestone: --- → mozilla1.1beta
This actually sound like mozilla is running in the background and background processes are not allowed to read or write from the terminal. From the bash docs: "To facilitate the implementation of the user interface to job control, the operating system maintains the notion of a current terminal process group ID. Members of this pro- cess group (processes whose process group ID is equal to the current terminal process group ID) receive keyboard- generated signals such as SIGINT. These processes are said to be in the foreground. Background processes are those whose process group ID differs from the terminal's; such processes are immune to keyboard-generated signals. Only foreground processes are allowed to read from or write to the terminal. Background processes which attempt to read from (write to) the terminal are sent a SIGTTIN (SIGTTOU) signal by the terminal driver, which, unless caught, suspends the process." I have no problem if I run mozilla in the foreground. I don't think there's a real bug here.
The bug is that a _helper_ opening the tty hangs Mozilla. The helper should be getting SIGTTIN and suspending. It sounds like Mozilla is getting the signal as well or something silly like that....
It does look like a problem with running Mozilla as a background process. Running it as "/usr/local/mozilla/mozilla" works fine...ghostscript gets the TTY and pressing enter to turn pages works. Running it as "/usr/local/mozilla/mozilla &" (a background process) causes the problem. However, I still think this is a problem. I run Mozilla from the WindowMaker applications menu, which launches everything in the background (since there is no corresponding TTY). And I shouldn't have to have a useless xterm floating about just so that when I encounter a PostScript file I can read it.
May i ask why you don't use ghostview? I never used ghostscript itself like this before, but it seems it by default lay out multipage documents utterly unreadable (all pages displays->text too small to read)
I don't have ghostview...I'll go get a copy. Still, that doesn't really solve the core issue, which is that Mozilla comes to a screeching halt if you "open with..." any application that uses a TTY when running Mozilla as a background process.
> It sounds like Mozilla is getting the signal as well or something > silly like that.... Quite right. Mozilla and all its child processes share the same tty so they're in the same process group. The kernel can't know which of these processes are actually interested in tty activity so it sends a signal to all of them. The default handler just stops the process. You have to actively express disinterest. This isn't just a mozilla problem. I see it occasionally when I do "./configure &" and one of the little test programs talks to the tty. I suggest just adding a relnote. "Fixing" this is hard. BTW, most distributions already have "gv" which works quite well.
> The kernel can't know which of these processes are actually interested in tty > activity Um? What about just looking at the PID of the process making the open() call? I'm having a hard time believing that the whole setup is as braindead as that.... Even if fixing this is hard, we still want to try and fix it, imo. A workaround for this is to mark ghostscript as "needsterminal" (and wait for that to work).
> Um? What about just looking at the PID of the process making the open() > call? stdin is already open . > I'm having a hard time believing that the whole setup is as braindead > as that.... I'm not. See the glibc docs on job control for some of the flavor of the problem. > Even if fixing this is hard, we still want to try and fix it, imo. The problem is figuring out what the correct "fix" is. > A workaround for this is to mark ghostscript as "needsterminal" (and > wait for that to work). Which won't do much for the next program with the same problem. You still need a relnote.
I agree that a relnote is good. That should be taken to the 1.0 relnote bug. Tenthumbs, will the "close on exec" bug you filed recently affect this problem in any way? Is there any reason Mozilla itself should be reading from stdin? If not, possible things to try would be: 1) Close stdin at startup (this makes it impossible to pass the stdin file descriptor to child processes, unfortunately) 2) Having the startup script start Mozilla with stding redirected from /dev/null or something. This may lead to odd behavior by gs (as it attempts to read /dev/null and possibly gets an infinite stream of 0s). 3) Just catching the signal in question and ignoring it (this could be done by the appshell so that embedding clients are not affected).
Despite the fact that I make a lot of fun of unix, most of the rules are there for a reason. If a background process could read from the terminal then it could silently capture keystrokes like, say, a password. A Bad Thing so it's not allowed. The close-on exec thing (bug 147659) is about closing everything except stdin, stdout, and stderr. Mozilla shouldn't mess with stdin, etc. I can easily imagine a helper app that would want to talk to the terminal. Maybe it wants a password before continuing, maybe something else. As for the possibilities, 1) I'm sure there are plenty of apps out there that consider the inability to read from stdin a fatal error. I can see all the bugs about "my helper won't work with mozilla but it works with [browser of choice]." Do you want to spend the time verifying which apps work? 2) There are any number of semi-broken apps that react weirdly when stdin is closed. They often do go into infinite loops. Actually, neither 1) or 2) do any good because any app can open the magic /dev/tty. Think that password reading app again. 3) So maybe you now can't read at all from the terminal. Can't get that pesky password. More bugs about broken mozilla. BTW, do you know which signal handlers are reset on a fork-and-exec? Do you know that for all unix-like platforms? What's to prevent an app from restoring default signal handlers? See the problem? If the thing that launches mozilla does something odd then I say it's broken, not mozilla.
If an app restores default signal handlers, would that not only affect the app and not Mozilla proper? Garth, what happens if you try to use ghostscript as a helper in other browsers, out of curiousity?
Netscape 4.78, with ghostscript set as the handler for applicatin/postscript and *.ps. Clicking on a link to a PostScript file causes the ghostscript window to briefly appear, then disappear, and a dialog to appear. The title is "Netscape: subprocess diagnostics (stdout/stderr)" and the body is as follows: "GNU Ghostscript 6.51 (2001-03-28) Copyright (C) 2001 artofcode LLC, Benicia, CA. All rights reserved. This software comes with NO WARRANTY: see the file COPYING for details. Loading NimbusRomNo9L-Regu font from /usr/share/fonts/default/Type1/n021003l.pfb... 2362024 982784 1622424 328124 0 done. Loading NimbusSanL-Regu font from /usr/share/fonts/default/Type1/n019003l.pfb... 2639936 1238459 1642520 335588 0 done. GS> [OK]" It appears that Netscape catches the TTY output of ghostscript and displays it in a dialog, but kills the subprocess when it tries to read from stdin. So it doesn't display the PS file, but it also doesn't freeze Netscape.
Ah, right. Netscape actually redirects stdin and stdout, which it can do because it doesn't spew shit to stdout all the time like Mozilla does.... I'm semi-tempted to try and replicate the Netscape behavior. I would rather have helpers not work than have the browser hang.
> I'm semi-tempted to try and replicate the Netscape behavior. I would > rather have helpers not work than have the browser hang. Unless you're willing to install prefs to undo this, resist the temptation. After you've seen 20 or more dialogs from a helper, it gets really boring. There's also no spec on what constitutes an "acceptable" helper (I'm not sure there can or should be) so implicitly rejecting helpers seems rude. Also, mozilla's inability to pass parameters to helpers makes this worse. Now, if you could redirect stdin/stdout/stderr on a per-helper basis that might be nice.
futuring pending any clues as to how to actually handle this gracefully
Priority: P1 → P3
Target Milestone: mozilla1.1beta → Future
I agree this is hard and requires thought but did the relnote ever happen?
No, it did not. Would you mind writing one and mailing it to endico@mozilla.org, with a pointer to this bug? I won't be able to do it for a bit; kinda swamped with things....
How does this wording grab you ? A helper application that attempts to communicate with the user directly through the terminal (rather than through a dialog box) may cause mozilla to stop if mozilla is running as a background process. (This is a common Unix restriction. Background processes and their children are not allowed terminal access and every one of these processes will stop if any one of them tries.) If possible, it is best to use a helper that does not communicate via the terminal. For example, use "gv" rather than "gs" to view PostScript documents. If not possible, then mozilla must run as a foreground process. In case mozilla is stopped, see the job control documentation for your shell for information on how to continue a job in the foreground. Maybe it's too verbose.
jatin: comments? I'm willing to add that text as is, although I do believe it is too verbose. Reading back through the comments, i believe that the relnote should mention needs terminal, or maybe that's only useful when it works? If that doesn't work yet, how hard would it be to implement?
Keywords: relnote
That's only useful when it works. It's not hard to implement; it's _that_ hard to implement such that it'll work on all the various platforms we stuff through the "unix" codepath.... I may end up assuming existence of "sh" and "xterm" and just doing it... Then we can update the relnote.
QA Contact: sairuh → petersen
Priority: P3 → P5
*** Bug 208755 has been marked as a duplicate of this bug. ***
Depends on: 147659
No plans to work on this any time in the foreseeable future, so to default owner.
Assignee: bz-vacation → file-handling
QA Contact: chrispetersen → ian
Priority: P5 → --
Target Milestone: Future → ---
taking
Assignee: file-handling → cbiesinger
Target Milestone: --- → mozilla1.8alpha
Attached patch patch (obsolete) — Splinter Review
how about this?
(In reply to comment #18) > Mozilla shouldn't mess with stdin, etc. I can easily imagine a helper > app that would want to talk to the terminal. Maybe it wants a password > before continuing, maybe something else. most users do not run mozilla from a terminal. so if they set a helper app that wants to read from a terminal, they have no way to give that input...
Comment on attachment 140838 [details] [diff] [review] patch We should just do this instead of pretending this is not a problem. At least this way the helper is likely to give the user a useful error message. r=bzbarsky
Attachment #140838 - Flags: review+
Status: NEW → ASSIGNED
No longer depends on: 147659
Target Milestone: mozilla1.8alpha → mozilla1.7alpha
Just closing stdin is a bad idea because the kernel will reuse that fd on the next file op. You could have a child process or a plugin thinking stdin is something it isn't. It would be better to open /dev/null and dup that fd to stdin. Daemons do this.
As bz said in comment #21, reproducing the old Netscape behavior may be best. Presumably that's in the earliest mozilla code. Does anyone know where? Also, maybe just do this in a non-debug build. I don't care if developers lock themselves up.
Summary: Mozilla freeze when using ghostscript to read link → freeze when helper app reads from stdin (e.g. ghostscript)
Using this code which ignores SIGTTIN, I saw that ^Z can still stop the process (as expected), so if we went that route, mozilla could still be suspended with ^Z like a normal app. However, the getchar() did not result in a pause, and returned -1. That would probably break helper apps like ghostscript. #include <stdio.h> #include <signal.h> int main() { sigset_t sigs; int junk; sigaddset(&sigs, SIGTTIN); sigprocmask(SIG_BLOCK, &sigs, NULL); printf("hello, world!\n"); junk = getchar(); printf("%d\n", junk); while(1) { printf("a"); // putting some sort of delay here, e.g. sleep() // would make this friendlier } return 0; }
*** Bug 234780 has been marked as a duplicate of this bug. ***
Comment on attachment 140838 [details] [diff] [review] patch obsoleting per comment 35
Attachment #140838 - Attachment is obsolete: true
Attachment #140838 - Flags: superreview?(jag)
Attachment #143829 - Flags: superreview?(jag)
Attachment #143829 - Flags: review?(bzbarsky)
Comment on attachment 143829 [details] [diff] [review] like this, then Yeah, ok.
Attachment #143829 - Flags: review?(bzbarsky) → review+
Comment on attachment 143829 [details] [diff] [review] like this, then Sure, this works, though since you're only #include'ing stdio.h for XP_UNIX, add it inside the #ifdef.
Attachment #143829 - Flags: superreview?(jag) → superreview+
For generality you should use the _PATH_DEVNULL macro from paths.h if it exists, i.e.: #include <paths.h> #ifndef _PATH_DEVNULL #define _PATH_DEVNULL "/dev/null" #endif Also, using stdio incurs some extra overhead. Usually you see calls to the lower level open which also allows more paranoia, like using O_NOFOLLOW if it's avaliable.
If there are other threads running I think you need to put a lock around the code that redirects stdin. Also, are you sure no one else may have started to read from stdin when you do this? You're pulling the rug out from under them and bad things may happen.
(In reply to comment #44) > If there are other threads running what, at about the 4th line in main()?
> what, at about the 4th line in main()? Probably safe then unless something weird happens in the constructors.
Here's a dumb question. Since this is unix only and unix starts with shell scripts why not just change the mozilla scripts so it does "run-mozilla.sh </dev/null"?
hm, sure, that would be doable. but I believe bsmedberg would like to get rid of the script. bsmedberg, can you comment? (in reply to comment 47)
Well, hmm. It is in the works to remove the shell scripts from the new-toolkit apps, so I don't like bugfixes that rely on them. But I don't understand all the issues, and as a hacky-fix it looks fairly safe and elegant ;)
Benjamin Smedbergwrote: > Well, hmm. It is in the works to remove the shell scripts from the new-toolkit > apps, Do you want to get rid of the shell scripts which start *Bird/*Fox/etc. ? If "yes"... how do you want to do that ? You can't set LD_*-vars from within the application...
I'm all for removing the shell scripts on security issues alone but it requires copperation with the underlying OS. This is something mozilla doesn't seem to like to do. See bug 57866 for a really old proposal I had for a launcher program. See also bug 125505 for an almost as old companion to properly exit the mozilla environment. Where is this being discussed? As I see it, this bug is about mozilla avoiding a standard security precaution. There's no actual bug here. The more I think about it the more I think this is a question for the embedder/packager/distributor and not mozilla. Besides, you can't guarantee proper redirection in all cases unless you do it between a fork and exec.
mozhack@boffo:~/obj-i686-pc-linux-gnu-xlib/dist/bin$ ./run-mozilla.sh -g -d gdb ./regxpcom < /dev/null MOZILLA_FIVE_HOME=. LD_LIBRARY_PATH=.:./plugins:. DYLD_LIBRARY_PATH=.:. LIBRARY_PATH=.:./components:. SHLIB_PATH=.:. LIBPATH=.:. ADDON_PATH=. MOZ_PROGRAM=./regxpcom MOZ_TOOLKIT= moz_debug=1 moz_debugger=gdb /usr/bin/gdb ./regxpcom -x /tmp/mozargs6794 GNU gdb 5.2 Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-slackware-linux"... (gdb) mozhack@boffo:~/obj-i686-pc-linux-gnu-xlib/dist/bin$ if we go the redirect route, it is a bit more work than just </dev/null, because we just doing that will break gdb. and of course ./run-mozilla.sh ./xpcshell </dev/null would be bad...
If you're debugging I see no reason why you would want stdin redirected anyway. Presumably (and it's a big assumption I suppose) you understand the consequences. Note that I said the mozilla script _not_ run-mozilla.sh. I did think about regxpcom, etc.
the problem with this is that -g now *significantly* changes the behavior of a running mozilla. this is a bad thing. i suppose an alternative would be for someone to teach me how to get gdb to run an app w/ </dev/null, and then i'd teach run-mozilla.sh about -noinput or something...
You got there before me. :-) I had Index: mozilla/xpfe/bootstrap/mozilla.in =================================================================== RCS file: /cvsroot/mozilla/xpfe/bootstrap/mozilla.in,v retrieving revision 1.6 diff -u -r1.6 mozilla.in --- mozilla/xpfe/bootstrap/mozilla.in 20 Feb 2004 18:13:46 -0000 1.6 +++ mozilla/xpfe/bootstrap/mozilla.in 29 Mar 2004 18:52:59 -0000 @@ -157,11 +157,13 @@ ## Start addon scripts moz_pis_startstop_scripts "start" +STDIN_REDIR="</dev/null" if [ $debugging = 1 ] then echo $dist_bin/run-mozilla.sh $script_args $dist_bin/$MOZILLA_BIN "$@" + STDIN_REDIR= fi -"$dist_bin/run-mozilla.sh" $script_args "$dist_bin/$MOZILLA_BIN" "$@" +"$dist_bin/run-mozilla.sh" $script_args "$dist_bin/$MOZILLA_BIN" "$@" $STDIN_REDIR exitcode=$? ## Stop addon scripts In gdb just add the redirection into the "set args" command, /tmp/mozargs* would then have set args "stuff" </dev/null
It occurred to me that we've only heard from poeple who think it's a bad idea to have stdin be a terminal. There may well be other poeple out there with helper apps that rely on this. We may well need a something like a -no-stdin-redirect option to be safe.
This bug has been plaguing me for some time. Especially on recent builds of Firefox, where clicking on a link to a file of type text/x-patch gives me the open dialog box with "Open With: less (default)" which of course freezes the browser immediately (when operating the browser from the background). It seems to me an additional option (have the browser attempt to render it -- it is text after all) would be nice. Wouldn't help for things like gs, but...
Less opens /dev/tty directly so _any_ background process that invokes it will freeze. Mozilla can do nothing about this.
since there seems to be disagreement about whether that patch is the right thing, -> default owner
Assignee: cbiesinger → file-handling
Status: ASSIGNED → NEW
Target Milestone: mozilla1.7alpha → ---
Assignee: file-handling → nobody
QA Contact: ian → file-handling
Keywords: relnote
Product: Core → Firefox
Version: Trunk → unspecified
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: