Hey!
Although I don't use sinit directly but I do use a very similar
minimalistic init program in which I've managed to track down a problem.
It seems sinit is also suffering from the same problem as I've seen no
workarounds in it for this.
Usually of one the last steps in shutdown/reboot phase is to remount /
as read only. This can only happen if there are no open write handlers
to any of the files. This is usually fine because all other processes
are dead by this step and init doesn't open any files.
However there is one other case: If init gets deleted (e.g. you compile
a new version and the old one is replaced) or in case of dynamic linking
one the libs get deleted (e.g. libc update) then init is holding
references to deleted files. This will stop the system from remounting
the / as read only. When you get to this point there is no way to have /
cleanly unmounted because you can't kill init (you get a kernel panic if
you do). So all you can do is just sync & reboot without unmount. This
is usually not a problem for a filesystem with journaling but I'm using
a raspberry pi with ext2 on a very slow sd card on which fsck does a
full check after such reboot which is quite annoying (or was until I've
rootcaused and fixed the problem).
You can very simply reproduce the problem: add a sleep statement at the
very end of your reboot script and recompile init. You should see an
error message from umount.
Obviously the simplest solution is to use static linking and then never
ever recompile init. :)
Still, I've added a workaround to this in my setup just in case: before
I unmount the drives, I get init to reexec itself so that it is not
holding references to deleted files. I added a command line argument to
skip the initscripts and jump directly to the wait loop. This works
quite well.
Maybe there are better solutions (e.g. remapping the file pages to
MAP_PRIVATE?). I have no idea how other init systems solve this problem.
Anyways, just an fyi for the sinit maintainers. Maybe just a
reminder/warning in the README that upon recompile the / will be
uncleanly unmounted is enough.
Thanks!
--
Balazs
Received on Sun Sep 06 2015 - 16:07:00 CEST