diff options
| author | Matt Whitlock <gentoo@mattwhitlock.name> | 2022-08-21 09:10:44 -0400 |
|---|---|---|
| committer | William Hubbs <w.d.hubbs@gmail.com> | 2023-01-20 21:44:37 -0600 |
| commit | 9dfd2b2737351083e5bed173bda1acd01a70c510 (patch) | |
| tree | 2887e6ed7bdc12f3dd1b13da94e6f59a25dc950d | |
| parent | de295bd0c63f15e3d4e797e053826dbacbce556e (diff) | |
start-stop-daemon, supervise-daemon: use closefrom()/close_range()
On systems with a very large RLIMIT_NOFILE, calling close() in a loop
from 3 to getdtablesize() effects an enormous number of system calls.
There are better alternatives. Both BSD and Linux have the closefrom()
system call that closes all file descriptors with indices not less than
a specified minimum. Have start-stop-daemon call closefrom() on systems
where it's implemented, falling back to the old loop elsewhere.
Likewise, calling fcntl(i, F_SETFD, FD_CLOEXEC) in a loop from 3 to
getdtablesize() raises a similar performance concern. Linux 5.11 and
onward has a close_range() system call with a CLOSE_RANGE_CLOEXEC flag
that sets the FD_CLOEXEC flag on all file descriptors in a specified
range. Have supervise-daemon utilize this feature on systems where it's
implemented, falling back to the old loop elsewhere.
| -rw-r--r-- | meson.build | 8 | ||||
| -rw-r--r-- | src/start-stop-daemon/start-stop-daemon.c | 4 | ||||
| -rw-r--r-- | src/supervise-daemon/supervise-daemon.c | 12 |
3 files changed, 22 insertions, 2 deletions
diff --git a/meson.build b/meson.build index fac5ac49..979517a9 100644 --- a/meson.build +++ b/meson.build @@ -192,6 +192,14 @@ if cc.compiles(malloc_attribute_test, name : 'malloc attribute with arguments') add_project_arguments('-DHAVE_MALLOC_EXTENDED_ATTRIBUTE', language: 'c') endif +if cc.has_function('closefrom', prefix: '#define _GNU_SOURCE\n#include <unistd.h>') + add_project_arguments('-DHAVE_CLOSEFROM', language: 'c') +endif +if cc.has_function('close_range', prefix: '#define _GNU_SOURCE\n#include <unistd.h>') and \ + cc.has_header_symbol('unistd.h', 'CLOSE_RANGE_CLOEXEC', prefix: '#define _GNU_SOURCE') + add_project_arguments('-DHAVE_CLOSE_RANGE_CLOEXEC', language: 'c') +endif + incdir = include_directories('src/shared') einfo_incdir = include_directories('src/libeinfo') rc_incdir = include_directories('src/librc') diff --git a/src/start-stop-daemon/start-stop-daemon.c b/src/start-stop-daemon/start-stop-daemon.c index b3a8edca..56f85cba 100644 --- a/src/start-stop-daemon/start-stop-daemon.c +++ b/src/start-stop-daemon/start-stop-daemon.c @@ -1104,8 +1104,12 @@ int main(int argc, char **argv) || rc_yesno(getenv("EINFO_QUIET"))) dup2(stderr_fd, STDERR_FILENO); +#ifdef HAVE_CLOSEFROM + closefrom(3); +#else for (i = getdtablesize() - 1; i >= 3; --i) close(i); +#endif if (scheduler != NULL) { int scheduler_index; diff --git a/src/supervise-daemon/supervise-daemon.c b/src/supervise-daemon/supervise-daemon.c index 68490ad4..9a1b6f55 100644 --- a/src/supervise-daemon/supervise-daemon.c +++ b/src/supervise-daemon/supervise-daemon.c @@ -22,6 +22,11 @@ #define ONE_SECOND 1000000000 #define ONE_MS 1000000 +#ifdef HAVE_CLOSE_RANGE_CLOEXEC +/* For close_range() */ +# define _GNU_SOURCE +#endif + #include <sys/types.h> #include <sys/ioctl.h> #include <sys/resource.h> @@ -569,8 +574,11 @@ static void child_process(char *exec, char **argv) if (redirect_stderr || rc_yesno(getenv("EINFO_QUIET"))) dup2(stderr_fd, STDERR_FILENO); - for (i = getdtablesize() - 1; i >= 3; --i) - fcntl(i, F_SETFD, FD_CLOEXEC); +#ifdef HAVE_CLOSE_RANGE_CLOEXEC + if (close_range(3, UINT_MAX, CLOSE_RANGE_CLOEXEC) < 0) +#endif + for (i = getdtablesize() - 1; i >= 3; --i) + fcntl(i, F_SETFD, FD_CLOEXEC); cmdline = make_cmdline(argv); syslog(LOG_INFO, "Child command line: %s", cmdline); free(cmdline); |