From: Jamie Lokier <jamie@shareable.org>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: Kevin Wolf <kwolf@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] Don't leak file descriptors
Date: Mon, 16 Nov 2009 23:44:51 +0000 [thread overview]
Message-ID: <20091116234451.GK12063@shareable.org> (raw)
In-Reply-To: <4B01DF9B.6010407@codemonkey.ws>
Anthony Liguori wrote:
> Kevin Wolf wrote:
> >We're leaking file descriptors to child processes. Set FD_CLOEXEC on file
> >descriptors that don't need to be passed to children to stop this
> >misbehaviour.
> >
> >Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> >
>
> pid = fork();
> if (pid == 0) {
> int open_max = sysconf(_SC_OPEN_MAX), i;
>
> for (i = 0; i < open_max; i++) {
> if (i != STDIN_FILENO &&
> i != STDOUT_FILENO &&
> i != STDERR_FILENO &&
> i != fd) {
> close(i);
> }
>
> Handles this in a less invasive way. I think the only problem we have
> today is that we use popen() for exec: migration. The solution to that
> though should be to convert popen to a proper fork/exec() with a pipe.
>
> I'd prefer to introduce a single fork/exec helper that behaved properly
> instead of having to deal with cloexec everywhere.
The above can be a bit slow when sysconf(_SC_OPEN_MAX) == 131072,
which you get if running qemu from some web servers or some user
environments set up to run web servers... But it's not _that_ slow on
a modern machine on Linux - 10^7 closes per second has been measured.
Still a bit slow if it's INT_MAX :-)
A scalable method on Linux is readdir(/proc/self/fd). (I'm not sure
if readdir returns everything reliably if you close while reading, so
just reading to get the largest open fd value, then closing all fds up
to that value is what I do).
Or just copy the closefrom() implementation from openssh/sudo.
Interestingly, that says "We avoid checking resource limits since it
is possible to open a file descriptor and then drop the rlimit such
that it is below the open fd..." but then uses _SC_OPEN_MAX, which I
think on Glibc checks the resource limits...
-- Jamie
next prev parent reply other threads:[~2009-11-16 23:45 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-13 15:17 [Qemu-devel] [PATCH] Don't leak file descriptors Kevin Wolf
2009-11-13 15:36 ` Scott Tsai
2009-11-16 2:15 ` Jamie Lokier
2009-11-13 15:41 ` Nathan Froyd
2009-11-13 15:44 ` Kevin Wolf
2009-11-13 21:05 ` Blue Swirl
2009-11-16 12:47 ` Kevin Wolf
2009-11-16 16:21 ` Blue Swirl
2009-11-16 16:46 ` Avi Kivity
2009-11-16 23:05 ` Jamie Lokier
2009-11-16 23:10 ` Jamie Lokier
2009-11-17 9:12 ` Kevin Wolf
2009-11-17 20:28 ` Blue Swirl
2009-11-16 23:26 ` Anthony Liguori
2009-11-16 23:44 ` Jamie Lokier [this message]
2009-11-17 9:00 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091116234451.GK12063@shareable.org \
--to=jamie@shareable.org \
--cc=anthony@codemonkey.ws \
--cc=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).