From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Monjalon Subject: Re: [PATCH] vfio: fix file descriptor leak in multi-process applications Date: Thu, 09 Feb 2017 18:36:18 +0100 Message-ID: <6697903.IRQjSijl37@xps13> References: <20170126230521.28314-1-patrick@patrickmacarthur.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7Bit Cc: dev@dpdk.org, "Burakov, Anatoly" To: Patrick MacArthur Return-path: Received: from mail-wm0-f44.google.com (mail-wm0-f44.google.com [74.125.82.44]) by dpdk.org (Postfix) with ESMTP id 2A5FCFA8F for ; Thu, 9 Feb 2017 18:36:20 +0100 (CET) Received: by mail-wm0-f44.google.com with SMTP id t18so59355064wmt.0 for ; Thu, 09 Feb 2017 09:36:20 -0800 (PST) In-Reply-To: List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > > When a secondary process wants access to the VFIO container file descriptor, > > the primary process calls vfio_get_container_fd() which always opens an > > entirely new file descriptor on /dev/vfio/vfio. > > However, once the file descriptor has been passed to the subprocess, it is > > effectively duplicated, meaning that the copy of the file descriptor in the > > primary process is no longer needed. However, the primary process does > > not close the duplicate fd, which results in a resource leak. > > > > This can be reproduced by starting a primary process with a small > > RLIMIT_NOFILE limit configured to use VFIO for at least one device, and > > repeatedly launching secondary processes until the file descriptor limit is > > exceeded. > > > > Fix the resource leak by closing the local vfio container file descriptor after > > passing it to the secondary process. > > > > Fixes: 2f4adfad0a69 ("vfio: add multiprocess support") > > Signed-off-by: Patrick MacArthur > > Acked-by: Anatoly Burakov Applied, thanks