On 2020-07-05 16:34:05 +0200, Guilhem Moulin wrote: > On Sun, 05 Jul 2020 at 12:08:41 +0200, Vincent Lefevre wrote: > > On 2020-07-04 01:07:15 +0200, Guilhem Moulin wrote: > >> That would introduce back the race condition described in #943459. > > > > I don't think so, as this would be equivalent to the current code when > > it reaches the 60-second timeout, except that the wait_for_dropbear() > > function will return earlier (with return value 1). > > The raison d'être of wait_for_dropbear() is to avoid handing the > execution over to init(1) with a running ipconfig process or unclean > network stack. This is what the race condition described in #943459 is > about. wait_for_dropbear() somewhat of a hack, but ipconfig doesn't > seem to react to SIGTERM and I couldn't do better at the time.
How about SIGKILL, then? > If wait_for_dropbear() were to have an abort mechanism that didn't wait > for ipconfig to settle or give up, then we would reintroduce the race > condition. > > > Thus this would be no worse than the current code. > > Consider a slow DHCP setup where ipconfig gets a lease after 45s or so. With a temporary DHCP server failure, it can be more than the current timeout of 60 seconds. > While it's running you unlock drives so the boot process can proceed. > If the execution is handed over to init(1) right away, without waiting > for ipconfig to settle or give up (nor for dropbear to start), then > ipconfig and dropbear will race with the network stack resp. SSHd of the > main system. This might yield a static IP being overwritten by DHCP, > like in #943459, and/or OpenSSH failing to start because dropbear > listens on 22/tcp already. The user has more knowledge than initramfs. For instance, he knows whether the link is present. And he generally knows the typical time he has to wait for the DHCP server (unless a major problem occurs with the server, in which case he may have to wait any time). So it's better to leave the control to the user. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
