KEMBAR78
gh-104690 Disallow thread creation and fork at interpreter finalization by chgnrdv · Pull Request #104826 · python/cpython · GitHub
Skip to content

Conversation

@chgnrdv
Copy link
Contributor

@chgnrdv chgnrdv commented May 24, 2023

Fixes #104690

In the following functions, check if interpreter is finalizing and in this case raise RuntimeError with appropriate message:

  • _thread.start_new_thread
  • posix.fork
  • posix.fork1
  • posix.forkpty
  • _posixsubprocess.fork_exec when a preexec_fn is used.

in the following functions, check if interpreter is finalizing and raise `RuntimeError` with appropriate message:
* `_thread.start_new_thread`
* `posix.fork`
* `posix.fork1`
* `posix.forkpty`
* `_posixsubprocess.fork_exec`
@chgnrdv chgnrdv marked this pull request as ready for review May 24, 2023 12:46
@chgnrdv chgnrdv requested a review from gpshead as a code owner May 24, 2023 12:46
@gpshead gpshead self-assigned this May 26, 2023
@bedevere-bot
Copy link

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

And if you don't make the requested changes, you will be put in the comfy chair!

@gpshead gpshead requested a review from vstinner May 26, 2023 04:23
@gpshead gpshead added the needs backport to 3.12 only security fixes label May 26, 2023
chgnrdv added 4 commits May 26, 2023 12:07
…thub.com:chgnrdv/cpython into disallow-thread-creation-and-fork-at-interp-exit
* removed excess test case from `test_threading`
* changed NEWS entry to not mention internal function
* allowed `subprocess.Popen` at shutdown if `preexec_fn` is `None`
@chgnrdv
Copy link
Contributor Author

chgnrdv commented May 26, 2023

I have made the requested changes; please review again

@bedevere-bot
Copy link

Thanks for making the requested changes!

@gpshead: please review the changes made to this pull request.

@bedevere-bot bedevere-bot requested a review from gpshead May 26, 2023 09:36
@gpshead
Copy link
Member

gpshead commented May 26, 2023

FYI - if you want an example of real world code that was spawning threads from atexit (I'm not claiming that this was a good idea... just that it inadvertently happened): See the example given in #86813.

@gpshead gpshead enabled auto-merge (squash) June 3, 2023 15:45
@gpshead gpshead merged commit ce558e6 into python:main Jun 4, 2023
@miss-islington
Copy link
Contributor

Thanks @chgnrdv for the PR, and @gpshead for merging it 🌮🎉.. I'm working now to backport this PR to: 3.12.
🐍🍒⛏🤖

@miss-islington
Copy link
Contributor

Sorry @chgnrdv and @gpshead, I had trouble checking out the 3.12 backport branch.
Please retry by removing and re-adding the "needs backport to 3.12" label.
Alternatively, you can backport using cherry_picker on the command line.
cherry_picker ce558e69d4087dd3653207de78345fbb8a2c7835 3.12

@gpshead gpshead added needs backport to 3.12 only security fixes and removed needs backport to 3.12 only security fixes labels Jun 4, 2023
@miss-islington
Copy link
Contributor

Thanks @chgnrdv for the PR, and @gpshead for merging it 🌮🎉.. I'm working now to backport this PR to: 3.12.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jun 4, 2023
…lization (pythonGH-104826)

Disallow thread creation and fork at interpreter finalization.

in the following functions, check if interpreter is finalizing and raise `RuntimeError` with appropriate message:
* `_thread.start_new_thread` and thus `threading`
* `posix.fork`
* `posix.fork1`
* `posix.forkpty`
* `_posixsubprocess.fork_exec` when a `preexec_fn=` is supplied.

---------

(cherry picked from commit ce558e6)

Co-authored-by: chgnrdv <52372310+chgnrdv@users.noreply.github.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
@bedevere-bot
Copy link

GH-105277 is a backport of this pull request to the 3.12 branch.

@bedevere-bot bedevere-bot removed the needs backport to 3.12 only security fixes label Jun 4, 2023
gpshead added a commit that referenced this pull request Jun 4, 2023
…alization (GH-104826) (#105277)

gh-104690 Disallow thread creation and fork at interpreter finalization (GH-104826)

Disallow thread creation and fork at interpreter finalization.

in the following functions, check if interpreter is finalizing and raise `RuntimeError` with appropriate message:
* `_thread.start_new_thread` and thus `threading`
* `posix.fork`
* `posix.fork1`
* `posix.forkpty`
* `_posixsubprocess.fork_exec` when a `preexec_fn=` is supplied.

---------

(cherry picked from commit ce558e6)

Co-authored-by: chgnrdv <52372310+chgnrdv@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
AdamWill added a commit to AdamWill/anaconda that referenced this pull request Jul 5, 2023
In Python 3.12, you cannot pass a preexec_fn to subprocess.Popen
during interpreter shutdown:

python/cpython#104826

This avoids the problem by giving startProgram an arg to not
use a preexec_fn, and passing that all the way from anaconda's
exitHandler through execWithRedirect and _run_program.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
AdamWill added a commit to AdamWill/anaconda that referenced this pull request Jul 5, 2023
In Python 3.12, you cannot pass a preexec_fn to subprocess.Popen
during interpreter shutdown:

python/cpython#104826

This avoids the problem by giving startProgram an arg to not
use a preexec_fn, and passing that all the way from anaconda's
exitHandler through execWithRedirect and _run_program.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
@vstinner
Copy link
Member

vstinner commented Sep 7, 2023

This change introduced a test_concurrent_futures regression: issue #109047. Well, right now I'm not sure about the root cause analysis.

mabdinur added a commit to DataDog/dd-trace-py that referenced this pull request Sep 8, 2023
… python 3.12 (#6859)

## Motivation

- Make the instrumentation telemetry client compatible with python3.12:
python/cpython#104826

## Description

 - Start telemetry worker thread as early as possible.
 - Delays sending all telemetry events until app-started is queued.
 - Refactors tests to align with this new logic.
 

## Risk 

- Telemetry events (metrics/logs/integrations) are queued as early as
possible but these events are only sent when the trace agent writer is
started. This **may** result in a memory leak if high cardinality
telemetry metrics and logs are added in the future. This is not a
concern right now.

## Checklist

- [x] Change(s) are motivated and described in the PR description.
- [x] Testing strategy is described if automated tests are not included
in the PR.
- [x] Risk is outlined (performance impact, potential for breakage,
maintainability, etc).
- [x] Change is maintainable (easy to change, telemetry, documentation).
- [x] [Library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
are followed. If no release note is required, add label
`changelog/no-changelog`.
- [x] Documentation is included (in-code, generated user docs, [public
corp docs](https://github.com/DataDog/documentation/)).
- [x] Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist

- [x] Title is accurate.
- [x] No unnecessary changes are introduced.
- [x] Description motivates each change.
- [x] Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes unless absolutely necessary.
- [x] Testing strategy adequately addresses listed risk(s).
- [x] Change is maintainable (easy to change, telemetry, documentation).
- [x] Release note makes sense to a user of the library.
- [x] Reviewer has explicitly acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment.
- [x] Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
- [x] If this PR touches code that signs or publishes builds or
packages, or handles credentials of any kind, I've requested a review
from `@DataDog/security-design-and-guidance`.
- [x] This PR doesn't touch any of that.

---------

Co-authored-by: Yun Kim <yun.kim@datadoghq.com>
Co-authored-by: Tahir H. Butt <tahir.butt@datadoghq.com>
Co-authored-by: Gabriele N. Tornetta <gabriele.tornetta@datadoghq.com>
Co-authored-by: Yun Kim <35776586+Yun-Kim@users.noreply.github.com>
Co-authored-by: Emmett Butler <emmett.butler321@gmail.com>
Co-authored-by: ZStriker19 <zach.groves@datadoghq.com>
mabdinur added a commit to DataDog/dd-trace-py that referenced this pull request Sep 11, 2023
… python 3.12 (#6859)

- Make the instrumentation telemetry client compatible with python3.12:
python/cpython#104826

 - Start telemetry worker thread as early as possible.
 - Delays sending all telemetry events until app-started is queued.
 - Refactors tests to align with this new logic.

- Telemetry events (metrics/logs/integrations) are queued as early as
possible but these events are only sent when the trace agent writer is
started. This **may** result in a memory leak if high cardinality
telemetry metrics and logs are added in the future. This is not a
concern right now.

- [x] Change(s) are motivated and described in the PR description.
- [x] Testing strategy is described if automated tests are not included
in the PR.
- [x] Risk is outlined (performance impact, potential for breakage,
maintainability, etc).
- [x] Change is maintainable (easy to change, telemetry, documentation).
- [x] [Library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
are followed. If no release note is required, add label
`changelog/no-changelog`.
- [x] Documentation is included (in-code, generated user docs, [public
corp docs](https://github.com/DataDog/documentation/)).
- [x] Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

- [x] Title is accurate.
- [x] No unnecessary changes are introduced.
- [x] Description motivates each change.
- [x] Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes unless absolutely necessary.
- [x] Testing strategy adequately addresses listed risk(s).
- [x] Change is maintainable (easy to change, telemetry, documentation).
- [x] Release note makes sense to a user of the library.
- [x] Reviewer has explicitly acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment.
- [x] Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
- [x] If this PR touches code that signs or publishes builds or
packages, or handles credentials of any kind, I've requested a review
from `@DataDog/security-design-and-guidance`.
- [x] This PR doesn't touch any of that.

---------

Co-authored-by: Yun Kim <yun.kim@datadoghq.com>
Co-authored-by: Tahir H. Butt <tahir.butt@datadoghq.com>
Co-authored-by: Gabriele N. Tornetta <gabriele.tornetta@datadoghq.com>
Co-authored-by: Yun Kim <35776586+Yun-Kim@users.noreply.github.com>
Co-authored-by: Emmett Butler <emmett.butler321@gmail.com>
Co-authored-by: ZStriker19 <zach.groves@datadoghq.com>
majorgreys added a commit to DataDog/dd-trace-py that referenced this pull request Sep 13, 2023
… python 3.12 (#6859)

## Motivation

- Make the instrumentation telemetry client compatible with python3.12:
python/cpython#104826

## Description

 - Start telemetry worker thread as early as possible.
 - Delays sending all telemetry events until app-started is queued.
 - Refactors tests to align with this new logic.
 

## Risk 

- Telemetry events (metrics/logs/integrations) are queued as early as
possible but these events are only sent when the trace agent writer is
started. This **may** result in a memory leak if high cardinality
telemetry metrics and logs are added in the future. This is not a
concern right now.

## Checklist

- [x] Change(s) are motivated and described in the PR description.
- [x] Testing strategy is described if automated tests are not included
in the PR.
- [x] Risk is outlined (performance impact, potential for breakage,
maintainability, etc).
- [x] Change is maintainable (easy to change, telemetry, documentation).
- [x] [Library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
are followed. If no release note is required, add label
`changelog/no-changelog`.
- [x] Documentation is included (in-code, generated user docs, [public
corp docs](https://github.com/DataDog/documentation/)).
- [x] Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist

- [x] Title is accurate.
- [x] No unnecessary changes are introduced.
- [x] Description motivates each change.
- [x] Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes unless absolutely necessary.
- [x] Testing strategy adequately addresses listed risk(s).
- [x] Change is maintainable (easy to change, telemetry, documentation).
- [x] Release note makes sense to a user of the library.
- [x] Reviewer has explicitly acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment.
- [x] Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
- [x] If this PR touches code that signs or publishes builds or
packages, or handles credentials of any kind, I've requested a review
from `@DataDog/security-design-and-guidance`.
- [x] This PR doesn't touch any of that.

---------

Co-authored-by: Yun Kim <yun.kim@datadoghq.com>
Co-authored-by: Tahir H. Butt <tahir.butt@datadoghq.com>
Co-authored-by: Gabriele N. Tornetta <gabriele.tornetta@datadoghq.com>
Co-authored-by: Yun Kim <35776586+Yun-Kim@users.noreply.github.com>
Co-authored-by: Emmett Butler <emmett.butler321@gmail.com>
Co-authored-by: ZStriker19 <zach.groves@datadoghq.com>
ppigazzini added a commit to ppigazzini/fishtest that referenced this pull request Apr 4, 2024
Python 3.12 introduced a bug during the interpreter shutdown, see:
- issue python/cpython#104826
- bugfix python/cpython#117029

With Python 3.12.3, this change could potentially be reverted (after testing).
ppigazzini added a commit to official-stockfish/fishtest that referenced this pull request Apr 4, 2024
Python 3.12 introduced a bug during the interpreter shutdown, see:
- issue python/cpython#104826
- bugfix python/cpython#117029

With Python 3.12.3, this change could potentially be reverted (after testing).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Threads started in exit handler are still running after their thread states are destroyed

6 participants