user/dev discussion of public-inbox itself
 help / color / Atom feed
From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH] ds: set close-on-exec flag on epoll descriptors
Date: Sat,  1 Jun 2019 03:46:30 +0000
Message-ID: <20190601034630.25019-1-e@80x24.org> (raw)

We should not be leaking these FDs to git(1) processes,
in case git has a bug that causes it to access the wrong FD.
---
 lib/PublicInbox/DS.pm | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/lib/PublicInbox/DS.pm b/lib/PublicInbox/DS.pm
index 737f4c7..c165559 100644
--- a/lib/PublicInbox/DS.pm
+++ b/lib/PublicInbox/DS.pm
@@ -12,6 +12,8 @@ use strict;
 use bytes;
 use POSIX ();
 use Time::HiRes ();
+use IO::Handle qw();
+use Fcntl qw(FD_CLOEXEC F_SETFD F_GETFD);
 
 use warnings;
 
@@ -48,6 +50,7 @@ our (
      %DescriptorMap,             # fd (num) -> PublicInbox::DS object
      $Epoll,                     # Global epoll fd (for epoll mode only)
      $KQueue,                    # Global kqueue fd (for kqueue mode only)
+     $_io,                       # IO::Handle for Epoll or KQueue
      @ToClose,                   # sockets to close when event loop is done
 
      $PostLoopCallback,          # subref to call at the end of each loop, if defined (global)
@@ -83,6 +86,7 @@ sub Reset {
 
     POSIX::close($Epoll)  if defined $Epoll  && $Epoll  >= 0;
     POSIX::close($KQueue) if defined $KQueue && $KQueue >= 0;
+    $_io = undef;
 
     *EventLoop = *FirstTimeEventLoop;
 }
@@ -164,6 +168,16 @@ sub AddTimer {
     die "Shouldn't get here.";
 }
 
+sub set_cloexec ($) {
+    my ($fd) = @_;
+
+    # new_from_fd fails on real kqueue, but is needed for libkqueue
+    # (which emulates kqueue via epoll)
+    $_io = IO::Handle->new_from_fd($fd, 'r+') or return;
+    defined(my $fl = fcntl($_io, F_GETFD, 0)) or return;
+    fcntl($_io, F_SETFD, $fl | FD_CLOEXEC);
+}
+
 sub _InitPoller
 {
     return if $DoneInit;
@@ -173,6 +187,7 @@ sub _InitPoller
         $KQueue = IO::KQueue->new();
         $HaveKQueue = $KQueue >= 0;
         if ($HaveKQueue) {
+            set_cloexec($KQueue); # needed if using libkqueue & epoll
             *EventLoop = *KQueueEventLoop;
         }
     }
@@ -180,6 +195,7 @@ sub _InitPoller
         $Epoll = eval { epoll_create(1024); };
         $HaveEpoll = defined $Epoll && $Epoll >= 0;
         if ($HaveEpoll) {
+            set_cloexec($Epoll);
             *EventLoop = *EpollEventLoop;
         }
     }
-- 
EW


                 reply index

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://public-inbox.org/README

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190601034630.25019-1-e@80x24.org \
    --to=e@80x24.org \
    --cc=meta@public-inbox.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

user/dev discussion of public-inbox itself

Archives are clonable:
	git clone --mirror http://public-inbox.org/meta
	git clone --mirror http://czquwvybam4bgbro.onion/meta
	git clone --mirror http://hjrcffqmbrq6wope.onion/meta
	git clone --mirror http://ou63pmih66umazou.onion/meta

Example config snippet for mirrors

Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.mail.public-inbox.meta
	nntp://ou63pmih66umazou.onion/inbox.comp.mail.public-inbox.meta
	nntp://czquwvybam4bgbro.onion/inbox.comp.mail.public-inbox.meta
	nntp://hjrcffqmbrq6wope.onion/inbox.comp.mail.public-inbox.meta
	nntp://news.gmane.io/gmane.mail.public-inbox.general

 note: .onion URLs require Tor: https://www.torproject.org/

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git