From: Lars Schneider <larsxschneider@gmail.com>
To: Johannes Schindelin <johannes.schindelin@gmx.de>
Cc: Eric Wong <e@80x24.org>,
git@vger.kernel.org, gitster@pobox.com, tboegi@web.de
Subject: Re: [PATCH v1 1/2] sha1_file: open window into packfiles with CLOEXEC
Date: Wed, 7 Sep 2016 15:20:28 +0200 [thread overview]
Message-ID: <F8E7B7CE-1177-4CBD-999E-21C593A8ACD2@gmail.com> (raw)
In-Reply-To: <alpine.DEB.2.20.1609061333030.129229@virtualbox>
> On 06 Sep 2016, at 13:38, Johannes Schindelin <johannes.schindelin@gmx.de> wrote:
>
> Hi Eric & Lars,
>
> On Mon, 5 Sep 2016, Eric Wong wrote:
>
>> larsxschneider@gmail.com wrote:
>>> All processes that the Git main process spawns inherit the open file
>>> descriptors of the main process. These leaked file descriptors can
>>> cause problems.
>>
>>
>>> -int git_open_noatime(const char *name)
>>> +int git_open_noatime_cloexec(const char *name)
>>> {
>>> - static int sha1_file_open_flag = O_NOATIME;
>>> + static int sha1_file_open_flag = O_NOATIME | O_CLOEXEC;
>>>
>>> for (;;) {
>>> int fd;
>
>> I question the need for the "_cloexec" suffixing in the
>> function name since the old function is going away entirely.
>
> Me, too. While it is correct, it makes things harder to read, so it may
> even cause more harm than it does good.
What name would you suggest? Leaving the name as-is seems misleading to me.
Maybe just "git_open()" ?
>> I prefer all FD-creating functions set cloexec by default
>> for FD > 2 to avoid inadvertantly leaking FDs. So we
>> ought to use pipe2, accept4, socket(..., SOCK_CLOEXEC), etc...
>> and fallback to the racy+slower F_SETFD when not available.
>
> In the original Pull Request where the change was contributed to Git for
> Windows, this was tested (actually, the code did not see whether fd > 2,
> but simply assumed that all newly opened file descriptors would be > 2
> anyway), and it failed:
>
> https://github.com/git-for-windows/git/pull/755#issuecomment-220247972
>
> So it appears that we would have to exclude at least the code path to `git
> upload-pack` from that magic.
I just realized that Dscho improved his original patch in GfW with a
fallback if CLOEXEC is not present.
I applied the same mechanism here. Would that be OK?
Thanks,
Lars
- static int sha1_file_open_flag = O_NOATIME;
+ static int sha1_file_open_flag = O_NOATIME | O_CLOEXEC;
for (;;) {
int fd;
@@ -1471,12 +1471,17 @@ int git_open_noatime(const char *name)
if (fd >= 0)
return fd;
- /* Might the failure be due to O_NOATIME? */
- if (errno != ENOENT && sha1_file_open_flag) {
- sha1_file_open_flag = 0;
+ /* Try again w/o O_CLOEXEC: the kernel might not support it */
+ if (O_CLOEXEC && errno == EINVAL && (sha1_file_open_flag & O_CLOEXEC)) {
+ sha1_file_open_flag &= ~O_CLOEXEC;
continue;
}
+ /* Might the failure be due to O_NOATIME? */
+ if (errno != ENOENT && (sha1_file_open_flag & O_NOATIME)) {
+ sha1_file_open_flag &= ~O_NOATIME;
+ continue;
+ }
next prev parent reply other threads:[~2016-09-07 13:20 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-05 21:11 [PATCH v1 0/2] Use CLOEXEC to avoid fd leaks larsxschneider
2016-09-05 21:11 ` [PATCH v1 1/2] sha1_file: open window into packfiles with CLOEXEC larsxschneider
2016-09-05 22:27 ` Eric Wong
2016-09-06 9:36 ` Jakub Narębski
2016-09-06 11:38 ` Johannes Schindelin
2016-09-07 13:20 ` Lars Schneider [this message]
2016-09-07 18:17 ` Eric Wong
2016-09-05 21:11 ` [PATCH v1 2/2] read-cache: make sure file handles are not inherited by child processes larsxschneider
2016-09-06 11:41 ` Johannes Schindelin
2016-09-06 21:06 ` Eric Wong
2016-09-07 13:39 ` Lars Schneider
2016-09-07 18:10 ` Eric Wong
2016-09-07 18:23 ` Junio C Hamano
2016-09-08 5:57 ` Lars Schneider
2016-09-08 17:37 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=F8E7B7CE-1177-4CBD-999E-21C593A8ACD2@gmail.com \
--to=larsxschneider@gmail.com \
--cc=e@80x24.org \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=johannes.schindelin@gmx.de \
--cc=tboegi@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).