upstart

init: respawn detection relies on non-monotonic clock

Bug #389586 reported by Scott James Remnant (Canonical) on 2009-06-19

Affects		Status	Importance	Assigned to	Milestone
	upstart	Fix Released	High	Scott James Remnant (Canonical)	upstart 0.6.0 "How appropriate, you fight like a cow"

Bug Description

The respawn detection works by recording the last time that the job was respawned, and then when it is next due to be respawned, seeing if the delta between the two is greater than the respawn interval. The time it uses is obtained from time(NULL), the UNIX seconds since epoch.

This is not safe against changes to the system clock; any change to the system time would be incorrectly either result in jobs being flagged as respawning too fast, or jobs NOT being flagged when they are.

clock_gettime (CLOCK_MONOTONIC) should be used instead, or the code re-engineered completely

Scott James Remnant (Canonical) (canonical-scott) on 2009-06-19

Changed in upstart:
importance:	Undecided → High
status:	New → Triaged

Revision history for this message

Slawomir Czarko (lauchpad-net-sklep) wrote on 2009-06-23:

Any idea when can this be fixed?

Revision history for this message

Scott James Remnant (Canonical) (canonical-scott) wrote on 2009-06-23:

Patches in Palm WebOS apparently fix this, I'm awaiting a response from Palm as to whether they would assign copyright for the patch - otherwise I'll have to reimplement myself later.

Scott James Remnant (Canonical) (canonical-scott) on 2009-07-09

Changed in upstart:
status:	Triaged → Fix Committed

Revision history for this message

Slawomir Czarko (lauchpad-net-sklep) wrote on 2009-07-09:

Which revision has this fix?

Scott James Remnant (Canonical) (canonical-scott) on 2009-07-09

Changed in upstart:
milestone:	none → 0.6.0

Revision history for this message

Scott James Remnant (Canonical) (canonical-scott) wrote on 2009-07-09:

Download full text (6.7 KiB)

This has been fixed in Upstart 0.6.0.

0.6.0 2009-07-09 "How appropriate, you fight like a cow"

* The licence for Upstart has been changed back to version 2 of the
GNU GPL.

* D-Bus 1.2.15 is now required, this is the current GIT HEAD
pending a 1.2.16 release.

* Configuration paths have changed. Global configuration now
resides in "/etc/init.conf" while jobs are now configured in
"/etc/init"

* Job configuration filenames must now end in ".conf"

* Default configuration files are now supplied in the "conf"
sub-directory of the source, and installed into "/etc/init".

   These match the Debian/Ubuntu sysvinit configuration so may
   require some tweaking for other distributions, but provide an
   excellent base.

The old example-jobs tarballs are deprecated.

* The D-Bus interface remains unstable, to reflect this the current
interface name has changed to "com.ubuntu.Upstart0_6" and the
name of the job and instance interfaces have changed to match.

* The "EmitEvent" D-Bus method gains a wait argument, when given
   as TRUE (the recommended setting) the method call will be blocked
   until all effects of the event have finished. When FALSE the
   method call will return once the event has been queued.

* The "Start", "Stop" and "Restart" D-Bus methods of jobs and
instances gain a similar wait argument.

* The Upstart D-Bus object now has "version" and "log_priority"
properties. The former is to obtain the version of the init daemon,
the latter allows you to obtain and change the logging priority.

* Job D-Bus objects now have "name", "description", "author" and
"version" properties to obtain the job name and the contents of
the equivalent job file fields for the others.

* Instance D-Bus objects now have "name", "goal", "state" and
"processes" properties to obtain the instance name, goal, state
and list of running processes and their pids respectively.

* The default D-Bus security policy now permits use of the "Get"
methods by all users, including obtaining values of properties.

* initctl has been rewritten with functionality more along the
   lines of Upstart 0.3.x than before; since many distributions are
   still shipping 0.3.x the summary of changes for the tool reflects
   both changes from 0.3.x and 0.5.x

* The global "-p"/"--pid" argument has been dropped, since
   communication is over D-Bus. New "--system" and "--dest" arguments
   have been added to force communication over the system bus, and
   specify the destination, instead of using the private socket (this
   is the default when run as non-root to permit "list" and "status"
   to work for ordinary users).

* The "-i"/"--id" and "--show-ids" options to commands have been
dropped since jobs no longer have ids.

* Since instances may now have names, these will be displayed in
   brackets after the job name when one is present. The output of
   the goal and state are now expressed as "start/running" instead
   of "(start) running" to disambiguate.

* initctl "start" and "stop" now only output the final state of
the job, not inte...

This has been fixed in Upstart 0.6.0.

0.6.0  2009-07-09  "How appropriate, you fight like a cow"

* The licence for Upstart has been changed back to version 2 of the
	  GNU GPL.

* D-Bus 1.2.15 is now required, this is the current GIT HEAD
	  pending a 1.2.16 release.

* Configuration paths have changed.  Global configuration now
	  resides in "/etc/init.conf" while jobs are now configured in
	  "/etc/init"

* Job configuration filenames must now end in ".conf"

* Default configuration files are now supplied in the "conf"
	  sub-directory of the source, and installed into "/etc/init".

These match the Debian/Ubuntu sysvinit configuration so may
	  require some tweaking for other distributions, but provide an
	  excellent base.

The old example-jobs tarballs are deprecated.

* The D-Bus interface remains unstable, to reflect this the current
	  interface name has changed to "com.ubuntu.Upstart0_6" and the
	  name of the job and instance interfaces have changed to match.

* The "EmitEvent" D-Bus method gains a wait argument, when given
	  as TRUE (the recommended setting) the method call will be blocked
	  until all effects of the event have finished.  When FALSE the
	  method call will return once the event has been queued.

* The "Start", "Stop" and "Restart" D-Bus methods of jobs and
	  instances gain a similar wait argument.

* The Upstart D-Bus object now has "version" and "log_priority"
	  properties.  The former is to obtain the version of the init daemon,
	  the latter allows you to obtain and change the logging priority.

* Job D-Bus objects now have "name", "description", "author" and
	  "version" properties to obtain the job name and the contents of
	  the equivalent job file fields for the others.

* Instance D-Bus objects now have "name", "goal", "state" and
	  "processes" properties to obtain the instance name, goal, state
	  and list of running processes and their pids respectively.

* The default D-Bus security policy now permits use of the "Get"
	  methods by all users, including obtaining values of properties.

* initctl has been rewritten with functionality more along the
	  lines of Upstart 0.3.x than before; since many distributions are
	  still shipping 0.3.x the summary of changes for the tool reflects
	  both changes from 0.3.x and 0.5.x

* The global "-p"/"--pid" argument has been dropped, since
	  communication is over D-Bus.  New "--system" and "--dest" arguments
	  have been added to force communication over the system bus, and
	  specify the destination, instead of using the private socket (this
	  is the default when run as non-root to permit "list" and "status"
	  to work for ordinary users).

* The "-i"/"--id" and "--show-ids" options to commands have been
	  dropped since jobs no longer have ids.

* Since instances may now have names, these will be displayed in
	  brackets after the job name when one is present.  The output of
	  the goal and state are now expressed as "start/running" instead
	  of "(start) running" to disambiguate.

* initctl "start" and "stop" now only output the final state of
	  the job, not intermediate states it passes through.  When called
	  with "--no-wait", the commands now output a status before
	  returning (which may not be the final status).

* initctl "start", "stop" and "status" now only accept a single
	  job name.  Further arguments are taken as KEY=VALUE environment
	  variables to pass to the job, replacing the previous "-e" option.

* There is a new initctl "restart" command, with matching
	  /sbin/restart symlink.  This is the atomic equivalent of calling
	  "stop" and "start" with the exception that a stopped job will
	  not be started again.

* In keeping with the newer instance model, instance jobs are now
	  output on separate lines with their full names rather than
	  indented under a "master" instance.

* initctl "status" will exit non-zero if the job name was not
	  found.  (Bug: #328323)

* initctl "status" now outputs information for multi-instance
	  jobs.  (Bug: #331407)

* initctl "list" no longer accepts a pattern, use grep.  Output
	  is no longer sorted.

* initctl "emit" no longer outputs changes that occur as a result
	  of the event.

* When initctl "emit" is called with "--no-wait", it will return
	  immediately.  (Bug: #324890)

* initctl "emit" now only accepts a single event name.  Further
	  arguments are taken as KEY=VALUE environment for the event,
	  replacing the previous "-e" option.

* initctl "jobs" and "events" have been dropped.

* initctl "log-priority" may be called without arguments, in
	  which case it will output the current priority.  (Bug: #280529)

* initctl "reload" has been renamed to "reload-configuration"
	  to avoid confusion with reloading a job's configuration.

* initctl(8) man page updated.  (Bug: #285753)

* runlevel no longer accepts the --set and --reboot arguments,
	  instead telinit and shutdown write these records into utmp and wtmp.

* runlevel(7) man page added to describe the runlevel event, and
	  the implementation of runlevels and System V compatibility in
	  Upstart.  (Bug: #60429)

* telinit will no longer silently ignore the "a", "b" or "c"
	  runlevels.

* telinit now accepts the previously ignored "-e" argument, passing
	  the environment variables given along with the runlevel event.

* telinit now officially accepts the "q"/"Q" and "u"/"U" arguments,
	  the former will reload the Upstart configuration while the latter
	  will re-execute Upstart.

* telinit q will also attempt to reconnect to the D-Bus system bus
	  if the connection has not been made, or has been lost.
	  (Bug: #323022)

* reboot no longer silently ignores the "-t" option.

* reboot now silently ignores the "-n", "-i" and "-h" options; it
	  will no longer sync your disks, down your network interfaces or
	  spin down your hard drives.  This functionality is all handled
	  by the kernel on a modern system.  (Bug: #92685)

* reboot now writes a "shutdown" record to /var/log/wtmp, this means
	  that the "-w" option is honoured with its original intent.  We
	  still silently ignore the "-d" option.

* shutdown message generation fixed to be more easily translatable.
	  (Bug: #102565)

* The TERM/KILL timeout, and other system timeouts, now use the
	  monotonic clock so are unaffected by system clock changes.
	  (Bug: #389588)

* Respawn detection now uses the monotonic clock so is unaffected
	  by system clock changes.  (Bug: #389586)

* Significant improvement in the amount of manual pages included
	  with Upstart and their content.  (Bug: #60429)

* A manual page refering people from /etc/inittab to /etc/init
	  is also included.  (Bug: #72058)

Changed in upstart:
assignee:	nobody → Scott James Remnant (scott)
status:	Fix Committed → Fix Released

Revision history for this message

Slawomir Czarko (lauchpad-net-sklep) wrote on 2009-07-09:

Is this going to be fixed in 0.3.x as well?

Revision history for this message

Scott James Remnant (Canonical) (canonical-scott) wrote on 2009-07-10: Re: [Bug 389586] Re: init: respawn detection relies on non-monotonic clock

On Thu, 2009-07-09 at 16:35 +0000, Slawomir Czarko wrote:

> Is this going to be fixed in 0.3.x as well?
>
I think that I would prefer for people to update to 0.6.0, there should
be no reason to stay on the 0.3.x series now.

Scott
--
Scott James Remnant
<email address hidden>

Revision history for this message

Slawomir Czarko (lauchpad-net-sklep) wrote on 2009-07-10:

0.6.0 was just released yesterday so distros will take some time before switching. Are you planning to backport this to 0.3.x in the mean time?

Revision history for this message

Scott James Remnant (Canonical) (canonical-scott) wrote on 2009-07-10:

On Fri, 2009-07-10 at 09:44 +0000, Slawomir Czarko wrote:

> 0.6.0 was just released yesterday so distros will take some time before
> switching. Are you planning to backport this to 0.3.x in the mean time?
>
It's the distros that I'm most keen to have updated to 0.6.0 - aside
from a few bug fixes, 0.3.x is really over two years old at this point.

Scott
--
Scott James Remnant
<email address hidden>

Revision history for this message

Slawomir Czarko (lauchpad-net-sklep) wrote on 2009-07-10:

0.6.0 depends on dbus 1.2.15 but as far as I can see on dbus website the last release is 1.2.14. Is it OK to build upstart 0.6.0 against dbus 1.2.14 or earlier version or will it only work correctly with dbus 1.2.15?

Revision history for this message

Scott James Remnant (Canonical) (canonical-scott) wrote on 2009-07-10:

#10

On Fri, 2009-07-10 at 11:38 +0000, Slawomir Czarko wrote:

> 0.6.0 depends on dbus 1.2.15 but as far as I can see on dbus website the
> last release is 1.2.14. Is it OK to build upstart 0.6.0 against dbus
> 1.2.14 or earlier version or will it only work correctly with dbus
> 1.2.15?
>
As noted in NEWS, this is current GIT HEAD prior to a 1.2.16 release
(which is due as soon as Colin releases it)

Scott
--
Scott James Remnant
<email address hidden>

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.