[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: LuaJIT FFI __gc metamethod?
- From: David Given <dg@...>
- Date: Mon, 28 Feb 2011 23:54:54 +0000
On 28/02/11 22:02, Josh Haberman wrote:
[...]
> You might even be able to do a thing like this in-process with
> pthread_cancel() (it has cleanup handlers that are run in the
> cancellation case), but I have no experience with this so can't say
> whether this would work or not.
*raises hand*
pthread_cancel doesn't actually do what it looks like it does. It
doesn't kill a thread; it just asks it to exit the next time it reaches
a cancellation point. Cancellation points are defined in Posix as a long
list of system calls that I won't copy here, but they basically consist
of anything that blocks.
Which means that this code:
for (;;)
{}
...will never reach a cancellation point and will therefore never exit.
The only way of terminating a thread that can be relied upon to actually
work is to terminate the entire process that contains it.
(I ran into this a big way in a while back. After much screaming we
managed to get the customers to change their requirements to make the
problem go away, 'cos there wasn't going to be a technical solution...)
Your best option here really is to sandbox your Lua VM inside a process,
I'm afraid, because then you can apply system level security to it ---
chroot, ulimit, selinux, etc --- and not only will it be much faster and
vastly more robust, but you can nuke it whenever you feel like and know
that it will stay nuked. (And that it won't leave any embarrassing locks
held when it dies.)
Lua Lanes might be a good place to start with this, although I think it
runs each lane in a separate thread, not process, and so would need
modification.
--
┌─── dg@cowlark.com ───── http://www.cowlark.com ─────
│
│ "I have a mind like a steel trap. It's rusty and full of dead mice."
│ --- Anonymous, on rasfc
Attachment:
signature.asc
Description: OpenPGP digital signature