* [PATCH] ds: set close-on-exec flag on epoll descriptors
@ 2019-06-01 3:46 Eric Wong
0 siblings, 0 replies; only message in thread
From: Eric Wong @ 2019-06-01 3:46 UTC (permalink / raw)
To: meta
We should not be leaking these FDs to git(1) processes,
in case git has a bug that causes it to access the wrong FD.
---
lib/PublicInbox/DS.pm | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/lib/PublicInbox/DS.pm b/lib/PublicInbox/DS.pm
index 737f4c7..c165559 100644
--- a/lib/PublicInbox/DS.pm
+++ b/lib/PublicInbox/DS.pm
@@ -12,6 +12,8 @@ use strict;
use bytes;
use POSIX ();
use Time::HiRes ();
+use IO::Handle qw();
+use Fcntl qw(FD_CLOEXEC F_SETFD F_GETFD);
use warnings;
@@ -48,6 +50,7 @@ our (
%DescriptorMap, # fd (num) -> PublicInbox::DS object
$Epoll, # Global epoll fd (for epoll mode only)
$KQueue, # Global kqueue fd (for kqueue mode only)
+ $_io, # IO::Handle for Epoll or KQueue
@ToClose, # sockets to close when event loop is done
$PostLoopCallback, # subref to call at the end of each loop, if defined (global)
@@ -83,6 +86,7 @@ sub Reset {
POSIX::close($Epoll) if defined $Epoll && $Epoll >= 0;
POSIX::close($KQueue) if defined $KQueue && $KQueue >= 0;
+ $_io = undef;
*EventLoop = *FirstTimeEventLoop;
}
@@ -164,6 +168,16 @@ sub AddTimer {
die "Shouldn't get here.";
}
+sub set_cloexec ($) {
+ my ($fd) = @_;
+
+ # new_from_fd fails on real kqueue, but is needed for libkqueue
+ # (which emulates kqueue via epoll)
+ $_io = IO::Handle->new_from_fd($fd, 'r+') or return;
+ defined(my $fl = fcntl($_io, F_GETFD, 0)) or return;
+ fcntl($_io, F_SETFD, $fl | FD_CLOEXEC);
+}
+
sub _InitPoller
{
return if $DoneInit;
@@ -173,6 +187,7 @@ sub _InitPoller
$KQueue = IO::KQueue->new();
$HaveKQueue = $KQueue >= 0;
if ($HaveKQueue) {
+ set_cloexec($KQueue); # needed if using libkqueue & epoll
*EventLoop = *KQueueEventLoop;
}
}
@@ -180,6 +195,7 @@ sub _InitPoller
$Epoll = eval { epoll_create(1024); };
$HaveEpoll = defined $Epoll && $Epoll >= 0;
if ($HaveEpoll) {
+ set_cloexec($Epoll);
*EventLoop = *EpollEventLoop;
}
}
--
EW
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-06-01 3:46 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-01 3:46 [PATCH] ds: set close-on-exec flag on epoll descriptors Eric Wong
user/dev discussion of public-inbox itself
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://public-inbox.org/meta
git clone --mirror http://czquwvybam4bgbro.onion/meta
git clone --mirror http://hjrcffqmbrq6wope.onion/meta
git clone --mirror http://ou63pmih66umazou.onion/meta
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V1 meta meta/ http://public-inbox.org/meta \
meta@public-inbox.org
public-inbox-index meta
Example config snippet for mirrors.
Newsgroups are available over NNTP:
nntp://news.public-inbox.org/inbox.comp.mail.public-inbox.meta
nntp://ou63pmih66umazou.onion/inbox.comp.mail.public-inbox.meta
nntp://czquwvybam4bgbro.onion/inbox.comp.mail.public-inbox.meta
nntp://hjrcffqmbrq6wope.onion/inbox.comp.mail.public-inbox.meta
nntp://news.gmane.io/gmane.mail.public-inbox.general
note: .onion URLs require Tor: https://www.torproject.org/
code repositories for the project(s) associated with this inbox:
https://80x24.org/public-inbox.git
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git