[PATCH] Clear fd after closing to avoid double-close error

[PATCH] Clear fd after closing to avoid double-close error

[Jens Lindström]

From: Jens Lindstrom <jl@opera.com>

In send_pack(), clear the fd passed to pack_objects() by setting
it to -1, since pack_objects() closes the fd (via a call to
run_command()).

Not doing so risks having git_transport_push(), caller of
send_pack(), closing the fd again, possibly incorrectly closing
some other open file.

Signed-off-by: Jens Lindström <jl@opera.com>
---
 send-pack.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/send-pack.c b/send-pack.c
index 7d172ef..7def2af 100644
--- a/send-pack.c
+++ b/send-pack.c
@@ -302,6 +302,9 @@ int send_pack(struct send_pack_args *args,
 				finish_async(&demux);
 			return -1;
 		}
+		if (!args->stateless_rpc)
+			/* Closed by pack_objects() via start_command() */
+			fd[1] = -1;
 	}
 	if (args->stateless_rpc && cmds_sent)
 		packet_flush(out);
-- 
1.8.1.2

Re: [PATCH] Clear fd after closing to avoid double-close error

[Duy Nguyen]

On Tue, Oct 22, 2013 at 7:10 PM, Jens Lindström <jl@opera.com> wrote:
> From: Jens Lindstrom <jl@opera.com>
>
> In send_pack(), clear the fd passed to pack_objects() by setting
> it to -1, since pack_objects() closes the fd (via a call to
> run_command()).
>
> Not doing so risks having git_transport_push(), caller of
> send_pack(), closing the fd again, possibly incorrectly closing
> some other open file.

Not your itch. But if you have time you may want to fix fetch-pack
too. It has the same problem. fetch-pack.c:get_pack() with
use_sideband == 0 passes fd[0] to start_command(), then later its
caller transport.c:fetch_refs_via_pack() closes the handle again.

> Signed-off-by: Jens Lindström <jl@opera.com>
> ---
>  send-pack.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/send-pack.c b/send-pack.c
> index 7d172ef..7def2af 100644
> --- a/send-pack.c
> +++ b/send-pack.c
> @@ -302,6 +302,9 @@ int send_pack(struct send_pack_args *args,
>                                 finish_async(&demux);
>                         return -1;

In this code block, there is "close(out);", we may need to set fd[1] = -1 too.

>                 }
> +               if (!args->stateless_rpc)
> +                       /* Closed by pack_objects() via start_command() */
> +                       fd[1] = -1;
>         }
>         if (args->stateless_rpc && cmds_sent)
>                 packet_flush(out);

I was puzzled by this packet_flush(out) for a while because I thought
"out" was already closed. Turns out when stateless_rpc is true, a new
pipe is created in pack_objects() and "out" is not closed. So
everything is still good (and messy).

Life would have been simpler if fd[1] was _always_ closed by
send_pack(), like in c20181e (start_command(), if .in/.out > 0, closes
file descriptors, not the callers - 2008-02-21).
-- 
Duy

Re: [PATCH] Clear fd after closing to avoid double-close error

[Jens Lindström]

On Tue, Oct 22, 2013 at 2:39 PM, Duy Nguyen <pclouds@gmail.com> wrote:

> Not your itch. But if you have time you may want to fix fetch-pack
> too. It has the same problem. fetch-pack.c:get_pack() with
> use_sideband == 0 passes fd[0] to start_command(), then later its
> caller transport.c:fetch_refs_via_pack() closes the handle again.

I'll update the patch to clear that fd as well.


>> Signed-off-by: Jens Lindström <jl@opera.com>
>> ---
>>  send-pack.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/send-pack.c b/send-pack.c
>> index 7d172ef..7def2af 100644
>> --- a/send-pack.c
>> +++ b/send-pack.c
>> @@ -302,6 +302,9 @@ int send_pack(struct send_pack_args *args,
>>                                 finish_async(&demux);
>>                         return -1;
>
> In this code block, there is "close(out);", we may need to set fd[1] = -1 too.

This block closes the fd unconditionally, I think. Either via
pack_objects() (if !args->stateless_rpc) or directly (otherwise.) So I
guess it should always clear the fd before returning to be safe.


>>                 }
>> +               if (!args->stateless_rpc)
>> +                       /* Closed by pack_objects() via start_command() */
>> +                       fd[1] = -1;
>>         }
>>         if (args->stateless_rpc && cmds_sent)
>>                 packet_flush(out);
>
> I was puzzled by this packet_flush(out) for a while because I thought
> "out" was already closed. Turns out when stateless_rpc is true, a new
> pipe is created in pack_objects() and "out" is not closed. So
> everything is still good (and messy).
>
> Life would have been simpler if fd[1] was _always_ closed by
> send_pack(), like in c20181e (start_command(), if .in/.out > 0, closes
> file descriptors, not the callers - 2008-02-21).

It did strike me as a bit unclear who exactly "owned" these file
descriptors. But I'm of course wholly unfamiliar with this code.

/ Jens

Re: [PATCH] Clear fd after closing to avoid double-close error

[Junio C Hamano]

Duy Nguyen <pclouds@gmail.com> writes:

> On Tue, Oct 22, 2013 at 7:10 PM, Jens Lindström <jl@opera.com> wrote:
> ...
>> +               if (!args->stateless_rpc)
>> +                       /* Closed by pack_objects() via start_command() */
>> +                       fd[1] = -1;
>>         }
> ...
> Life would have been simpler if fd[1] was _always_ closed by
> send_pack(), like in c20181e (start_command(), if .in/.out > 0, closes
> file descriptors, not the callers - 2008-02-21).

Yeah, that was also my first reaction when I saw the above three
lines after reading the discussion that led to the diagnosis.

Re: [PATCH] Clear fd after closing to avoid double-close error

[Jens Lindström]

On Tue, Oct 22, 2013 at 8:42 PM, Junio C Hamano <gitster@pobox.com> wrote:
> Duy Nguyen <pclouds@gmail.com> writes:

>> Life would have been simpler if fd[1] was _always_ closed by
>> send_pack(), like in c20181e (start_command(), if .in/.out > 0, closes
>> file descriptors, not the callers - 2008-02-21).
>
> Yeah, that was also my first reaction when I saw the above three
> lines after reading the discussion that led to the diagnosis.

If send_pack() always closes fd[1], then I believe "git send-pack
--stateless-rpc --helper-status" would die in print_helper_status(),
called after send_pack(), since fd[1] would be 1, to which
print_helper_status() will try to write. (I don't know what either
--stateless-rpc or --helper-status mean, other than what's obvious
from the code, or if the combination of them makes any sense.)

I don't really have any more time to spend on this issue, so if a more
thorough fix is required, I'm afraid someone else will have to work on
it.

/ Jens

Re: [PATCH] Clear fd after closing to avoid double-close error

[Junio C Hamano]

Jens Lindström <jl@opera.com> writes:

> On Tue, Oct 22, 2013 at 8:42 PM, Junio C Hamano <gitster@pobox.com> wrote:
>> Duy Nguyen <pclouds@gmail.com> writes:
>
>>> Life would have been simpler if fd[1] was _always_ closed by
>>> send_pack(), like in c20181e (start_command(), if .in/.out > 0, closes
>>> file descriptors, not the callers - 2008-02-21).
>>
>> Yeah, that was also my first reaction when I saw the above three
>> lines after reading the discussion that led to the diagnosis.
>
> If send_pack() always closes fd[1], then I believe "git send-pack
> --stateless-rpc --helper-status" would die in print_helper_status(),
> called after send_pack(), since fd[1] would be 1, to which
> print_helper_status() will try to write.

Ah, I obviously did not look far enough.  Of course we could dup(2)
the fd=1 to code it around, but it is not clear to me if it is worth
it---your solution (v2) is clearer, so let's queue it with Acks we
saw from Peff and Duy.

Thanks.