From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NAJwy-00022I-PA
	for qemu-devel@nongnu.org; Tue, 17 Nov 2009 04:02:12 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NAJwu-00020A-SZ
	for qemu-devel@nongnu.org; Tue, 17 Nov 2009 04:02:12 -0500
Received: from [199.232.76.173] (port=56509 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NAJwu-0001zz-C2
	for qemu-devel@nongnu.org; Tue, 17 Nov 2009 04:02:08 -0500
Received: from mx1.redhat.com ([209.132.183.28]:39885)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <kwolf@redhat.com>) id 1NAJwt-0000Wm-NE
	for qemu-devel@nongnu.org; Tue, 17 Nov 2009 04:02:07 -0500
Message-ID: <4B026649.8040603@redhat.com>
Date: Tue, 17 Nov 2009 10:00:57 +0100
From: Kevin Wolf <kwolf@redhat.com>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH] Don't leak file descriptors
References: <1258125436-23759-1-git-send-email-kwolf@redhat.com>
	<4B01DF9B.6010407@codemonkey.ws>
In-Reply-To: <4B01DF9B.6010407@codemonkey.ws>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: qemu-devel@nongnu.org

Am 17.11.2009 00:26, schrieb Anthony Liguori:
> Kevin Wolf wrote:
>> We're leaking file descriptors to child processes. Set FD_CLOEXEC on file
>> descriptors that don't need to be passed to children to stop this misbehaviour.
>>
>> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
>>   
> 
>     pid = fork();
>     if (pid == 0) {
>         int open_max = sysconf(_SC_OPEN_MAX), i;
> 
>         for (i = 0; i < open_max; i++) {
>             if (i != STDIN_FILENO &&
>                 i != STDOUT_FILENO &&
>                 i != STDERR_FILENO &&
>                 i != fd) {
>                 close(i);
>             }
> 
> Handles this in a less invasive way.  I think the only problem we have 
> today is that we use popen() for exec: migration.  The solution to that 
> though should be to convert popen to a proper fork/exec() with a pipe.
> 
> I'd prefer to introduce a single fork/exec helper that behaved properly 
> instead of having to deal with cloexec everywhere.

No, unfortunately this doesn't work because it requires knowledge of all
execs. However, the glibc people believe that they are free to fork/exec
whenever they want in any function. Actually, the bug report that led to
this fix was triggered by a hidden fork/exec in glibc. I'm not convinced
that it's right what they're doing, but it's the way it is.

If you like to read it up, you can use
https://bugzilla.redhat.com/show_bug.cgi?id=528134 as a starting point
and dig through the referenced bugs.

Kevin