xapian-core  1.4.21
closefrom.cc
Go to the documentation of this file.
1 
4 /* Copyright (C) 2010,2011,2012,2016,2018,2019 Olly Betts
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19  */
20 
21 #include <config.h>
22 
23 // We don't currently need closefrom() on __WIN32__.
24 #if !defined HAVE_CLOSEFROM && !defined __WIN32__
25 
26 #include "closefrom.h"
27 
28 #include <cerrno>
29 #include "safefcntl.h"
30 #include "safeunistd.h"
31 
32 #ifdef HAVE_SYS_RESOURCE_H
33 # include <sys/types.h>
34 # include <sys/resource.h>
35 #endif
36 
37 #if defined __linux__
38 # include "alignment_cast.h"
39 # include "safedirent.h"
40 # include "parseint.h"
41 #elif defined __APPLE__
42 # include <sys/attr.h>
43 # include <cstring>
44 # include "parseint.h"
45 #endif
46 
47 using namespace std;
48 
49 static int
51 #ifdef F_MAXFD
52  // May only be supported by NetBSD, modern versions of which implement
53  // closefrom(). Leave this in so that if other platforms have it or add
54  // it they will benefit.
55  int maxfd = fcntl(0, F_MAXFD);
56  if (maxfd >= 0) return maxfd;
57 #endif
58 #ifdef HAVE_GETRLIMIT
59  struct rlimit rl;
60  if (getrlimit(RLIMIT_NOFILE, &rl) == 0 &&
61  rl.rlim_max != RLIM_INFINITY) {
62  return static_cast<int>(rl.rlim_max) - 1;
63  }
64 #endif
65  return static_cast<int>(sysconf(_SC_OPEN_MAX)) - 1;
66 }
67 
68 // These platforms are known to provide closefrom():
69 // FreeBSD >= 8.0, NetBSD >= 3.0, OpenBSD >= 3.5, Solaris >= 9,
70 // Linux >= 5.9 with glibc >= 2.34
71 //
72 // These platforms are known to support fcntl() with F_CLOSEM:
73 // AIX, IRIX, NetBSD >= 2.0
74 //
75 // These platforms have getdirentries() and a "magic" directory with an entry
76 // for each FD open in the current process:
77 // Linux (at least with glibc)
78 //
79 // These platforms have getdirentriesattr() and a "magic" directory with an
80 // entry for each FD open in the current process:
81 // macOS
82 //
83 // Other platforms just use a loop up to a limit obtained from
84 // fcntl(0, F_MAXFD), getrlimit(RLIMIT_NOFILE, ...), or sysconf(_SC_OPEN_MAX)
85 // - known examples:
86 // Android (bionic libc doesn't provide getdirentries())
87 
88 void
90 {
91  int maxfd = -1;
92 #ifdef F_CLOSEM
93  if (fcntl(fd, F_CLOSEM, 0) >= 0)
94  return;
95 #elif defined HAVE_GETDIRENTRIES && defined __linux__
96  const char* path = "/proc/self/fd";
97  int dir = open(path, O_RDONLY|O_DIRECTORY);
98  if (dir >= 0) {
99  off_t base = 0;
100  while (true) {
101  char buf[1024];
102  errno = 0;
103  // We use getdirentries() instead of opendir()/readdir() here
104  // because the latter can call malloc(), which isn't safe to do
105  // between fork() and exec() in a multi-threaded program.
106  ssize_t c = getdirentries(dir, buf, sizeof(buf), &base);
107  if (c == 0) {
108  close(dir);
109  return;
110  }
111  if (c < 0) {
112  // Fallback if getdirentries() fails.
113  break;
114  }
115  struct dirent* d;
116  for (ssize_t pos = 0; pos < c; pos += d->d_reclen) {
117  d = alignment_cast<struct dirent*>(buf + pos);
118  const char* leaf = d->d_name;
119  int n;
120  if (!parse_signed(leaf, n)) {
121  // Skip '.' and '..'.
122  continue;
123  }
124  if (n < fd) {
125  // FD below threshold.
126  continue;
127  }
128  if (n == dir) {
129  // Don't close the fd open on the directory.
130  continue;
131  }
132 
133  // Running under valgrind causes some entries above the
134  // reported RLIMIT_NOFILE value to appear in
135  // /proc/self/fd - see:
136  // https://bugs.kde.org/show_bug.cgi?id=191758
137  //
138  // If we try to close these, valgrind issues a warning about
139  // trying to close an invalid file descriptor. These entries
140  // start at 1024, so we check that value first so we can
141  // usually avoid having to read the fd limit when we're not
142  // running under valgrind.
143  if (n >= 1024) {
144  if (maxfd < 0)
145  maxfd = get_maxfd();
146  if (n > maxfd)
147  continue;
148  }
149 
150  // Retry on EINTR.
151  while (close(n) < 0 && errno == EINTR) { }
152  }
153  }
154  close(dir);
155  }
156 #elif defined __APPLE__ // macOS
157  const char* path = "/dev/fd";
158 #ifdef __LP64__
159  typedef unsigned int gdea_type;
160 #else
161  typedef unsigned long gdea_type;
162 #endif
163  int dir = open(path, O_RDONLY|O_DIRECTORY);
164  if (dir >= 0) {
165  gdea_type base = 0;
166  struct attrlist alist;
167  memset(&alist, 0, sizeof(alist));
168  alist.bitmapcount = ATTR_BIT_MAP_COUNT;
169  alist.commonattr = ATTR_CMN_NAME;
170  while (true) {
171  char buf[1024];
172  errno = 0;
173  // We use getdirentriesattr() instead of opendir()/readdir() here
174  // because the latter can call malloc(), which isn't safe to do
175  // between fork() and exec() in a multi-threaded program. We only
176  // want filename, but can't use getdirentries() because it's not
177  // available with 64-bit inode_t, which seems to be tied to LFS.
178  gdea_type count = sizeof(buf);
179  gdea_type new_state;
180  int r = getdirentriesattr(dir, &alist, buf, sizeof(buf),
181  &count, &base, &new_state, 0);
182  (void)new_state;
183  if (r < 0) {
184  // Fallback if getdirentriesattr() fails.
185  break;
186  }
187  char* p = buf;
188  while (count-- > 0) {
189  const char* leaf = p + sizeof(u_int32_t);
190  p += *static_cast<u_int32_t*>(static_cast<void*>(p));
191 
192  int n;
193  if (!parse_signed(leaf, n)) {
194  // Skip '.' and '..'.
195  continue;
196  }
197  if (n < fd) {
198  // FD below threshold.
199  continue;
200  }
201  if (n == dir) {
202  // Don't close the fd open on the directory.
203  continue;
204  }
205 
206  // Retry on EINTR.
207  while (close(n) < 0 && errno == EINTR) { }
208  }
209  if (r == 1) {
210  // We've had the last entry.
211  close(dir);
212  return;
213  }
214  }
215  close(dir);
216  }
217 #elif 0
218  // Some platforms have /proc/<pid>/fd but not /proc/self - if any such
219  // platforms don't have either closefrom() or F_CLOSEM but do have
220  // getdirentries() then this code can be used. AIX is an example of
221  // a platform of the former, but apparently has F_CLOSEM.
222  char path[6 + sizeof(pid_t) * 3 + 4];
223  sprintf(path, "/proc/%ld/fd", long(getpid()));
224 #endif
225  if (maxfd < 0)
226  maxfd = get_maxfd();
227  while (fd <= maxfd) {
228  // Retry on EINTR; just ignore other errors (we'll get EBADF if fd
229  // isn't open so that's OK).
230  while (close(fd) < 0 && errno == EINTR) { }
231  ++fd;
232  }
233 }
234 
235 #endif
int close(FD &fd)
Definition: fd.h:63
Parse signed and unsigned type from string and check for trailing characters.
void closefrom(int fd)
Definition: closefrom.cc:89
Cast a pointer we know is suitably aligned.
Implementation of closefrom() function.
WritableDatabase open()
Construct a WritableDatabase object for a new, empty InMemory database.
Definition: dbfactory.h:104
STL namespace.
include <dirent.h>, with alternative implementation for windows.
std::enable_if< std::is_const< typename std::remove_pointer< U >::type >::value, T >::type alignment_cast(U ptr)
Cast a pointer we know is suitably aligned.
char * d_name
Definition: msvc_dirent.h:36
static int get_maxfd()
Definition: closefrom.cc:50
bool parse_signed(const char *p, T &res)
Definition: parseint.h:43
<unistd.h>, but with compat.
include <fcntl.h>, but working around broken platforms.