Unifying boilerplate code for handling child processes - part 3

[alexey-tikhonov]

Follow up of #7991 / #8174

I also wanted to make 'proxy' use sss_child_start() but that appeared to be not that straightforward:

• 'proxy' doesn't use FDs for communication with a child process but sbus
• for this reason there is no point to create pipes => no reason to supply _io output arg => no way to get the pid of child process
• but 'proxy' uses 'pid' to signal child process

It could be possible to amend sss_child_start() to return 'pid' in a different way but... imo, a better solution would be to fix 'proxy' to end child process via sbus communication, not relying on a signal. This is out of scope for this PR (even thought keeping pc_init_sig_handler() that practically is a copy of child_sig_handler() is frustrating).

[alexey-tikhonov]

/gemini review

[gemini-code-assist]

Code Review

This pull request is a good step towards unifying boilerplate code for handling child processes, specifically by centralizing timeout handling. The changes are consistent and remove a significant amount of redundant code. However, I've identified a critical issue related to potential NULL pointer dereferences in the new timeout handling logic. A memory allocation failure in the new helper function sss_child_create_timeout_cb_pvt is not handled by the callers, which could lead to a crash. I've provided two review comments with suggestions to make the new code more robust against such failures.

[alexey-tikhonov]

Note: Covscan is green.

[thalman]

Codewise it looks great, thank you Alexey. Please, fix the commit message.

[alexey-tikhonov]

(rebased)

[thalman]

Thanks, ACK

[pbrezina]

Ack, this is a nice improvement.

It might be better to use tevent_req_endtime, but since that would mean reworking the whole patch set, lets keep it as is.

[alexey-tikhonov]

It might be better to use tevent_req_endtime

I didn't know about this function...
But looks like it doesn't allow to specify custom error code, some parts of SSSD code rely on specific error code.

[sssd-bot]

The pull request was accepted by @alexey-tikhonov with the following PR CI status:

---

🟢 CodeFactor (success)
🟢 CodeQL (success)
🟢 osh-diff-scan:fedora-rawhide-x86_64:upstream (success)
🟢 rpm-build:centos-stream-10-x86_64:upstream (success)
🟢 rpm-build:fedora-41-x86_64:upstream (success)
🟢 rpm-build:fedora-42-x86_64:upstream (success)
🟢 rpm-build:fedora-43-x86_64:upstream (success)
🟢 rpm-build:fedora-rawhide-x86_64:upstream (success)
🟢 Analyze (target) / cppcheck (success)
🟢 Build / freebsd (success)
🟢 Build / make-distcheck (success)
🟢 ci / intgcheck (centos-10) (success)
🟢 ci / intgcheck (fedora-41) (success)
🟢 ci / intgcheck (fedora-42) (success)
🟢 ci / intgcheck (fedora-43) (success)
🟢 ci / intgcheck (fedora-44) (success)
🟢 ci / prepare (success)
🟢 ci / system (centos-10) (success)
🟢 ci / system (fedora-41) (success)
🟢 ci / system (fedora-42) (success)
🟢 ci / system (fedora-43) (success)
🟢 ci / system (fedora-44) (success)
➖ Coverity scan / coverity (skipped)
🟢 Static code analysis / codeql (success)
🟢 Static code analysis / pre-commit (success)
🟢 Static code analysis / python-system-tests (success)

---

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.

[pbrezina]

It might be better to use tevent_req_endtime

I didn't know about this function... But looks like it doesn't allow to specify custom error code, some parts of SSSD code rely on specific error code.

That can be handled in _recv, we already convert it to ETIMEDOUT. https://github.com/SSSD/sssd/blob/master/src/util/util.h#L158

[alexey-tikhonov]

That can be handled in _recv, we already convert it to ETIMEDOUT

Currently 'EFAULT', 'ERR_RENEWAL_CHILD', 'ERR_DYNDNS_TIMEOUT', 'ERR_P11_CHILD_TIMEOUT' and 'ERR_PASSKEY_CHILD_TIMEOUT' are also used.
Some of those do not actually matter as long as it is not EOK, but some are important (IIRC, initially I wanted to use 'ETIMEDOUT' everywhere but figured those specific error codes are checked for / handled explicitly later).