From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1N9r88-0007IQ-Un
	for qemu-devel@nongnu.org; Sun, 15 Nov 2009 21:15:48 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1N9r84-0007EJ-8v
	for qemu-devel@nongnu.org; Sun, 15 Nov 2009 21:15:48 -0500
Received: from [199.232.76.173] (port=58562 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1N9r84-0007EG-2o
	for qemu-devel@nongnu.org; Sun, 15 Nov 2009 21:15:44 -0500
Received: from mail2.shareable.org ([80.68.89.115]:58600)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <jamie@shareable.org>) id 1N9r83-0004Ng-Rn
	for qemu-devel@nongnu.org; Sun, 15 Nov 2009 21:15:44 -0500
Date: Mon, 16 Nov 2009 02:15:39 +0000
From: Jamie Lokier <jamie@shareable.org>
Subject: Re: [Qemu-devel] [PATCH] Don't leak file descriptors
Message-ID: <20091116021539.GA9827@shareable.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ef2f888d0911130736u18686ae3u631f9e97d1592357@mail.gmail.com>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Scott Tsai <scottt.tw@gmail.com>
Cc: Kevin Wolf <kwolf@redhat.com>, qemu-devel@nongnu.org

Scott Tsai wrote:
> On Fri, Nov 13, 2009 at 11:17 PM, Kevin Wolf <kwolf@redhat.com> wrote:
> > We're leaking file descriptors to child processes. Set FD_CLOEXEC on file
> > descriptors that don't need to be passed to children to stop this misbehaviour.
> 
> Since qemu is a multi threaded program, how about opening those file
> descriptors with the equivalent of O_CLOEXEC set to avoid the race
> condition when a fork comes between the 'open/socket/accept' operation
> and the 'fcntl'?

For qemu-system this shoudn't matter, as long as all the forking and
opening is done in the same thread, with other threads only used for
virtual CPUs.

For qemu-user, maybe it's relevant?

> We could create helper functions like 'qemu_socket_cloexec'.
> The implementation of qemu_socket_cloexec would use the new system
> calls and flags listed in:
> http://udrepper.livejournal.com/20407.html
> if available and fall back to separate 'open' and 'fcnt' operations
> when not building with a new enough glibc.

To do it thoroughly, it's possible to emulate O_CLOEXEC's
thread-safety, by blocking fork operations in other threads during an
open+fcntl sequence using an rwlock, or without locking by keeping
track of "possibly open" file descriptors and closing them
unconditionally in fork children.

That would help with qemu-user emulation of O_CLOEXEC (et al) too.

-- Jamie