From 9dfd2b2737351083e5bed173bda1acd01a70c510 Mon Sep 17 00:00:00 2001 From: Matt Whitlock Date: Sun, 21 Aug 2022 09:10:44 -0400 Subject: [PATCH] start-stop-daemon, supervise-daemon: use closefrom()/close_range() On systems with a very large RLIMIT_NOFILE, calling close() in a loop from 3 to getdtablesize() effects an enormous number of system calls. There are better alternatives. Both BSD and Linux have the closefrom() system call that closes all file descriptors with indices not less than a specified minimum. Have start-stop-daemon call closefrom() on systems where it's implemented, falling back to the old loop elsewhere. Likewise, calling fcntl(i, F_SETFD, FD_CLOEXEC) in a loop from 3 to getdtablesize() raises a similar performance concern. Linux 5.11 and onward has a close_range() system call with a CLOSE_RANGE_CLOEXEC flag that sets the FD_CLOEXEC flag on all file descriptors in a specified range. Have supervise-daemon utilize this feature on systems where it's implemented, falling back to the old loop elsewhere. --- meson.build | 8 ++++++++ src/start-stop-daemon/start-stop-daemon.c | 4 ++++ src/supervise-daemon/supervise-daemon.c | 12 ++++++++++-- 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/meson.build b/meson.build index fac5ac49..979517a9 100644 --- a/meson.build +++ b/meson.build @@ -192,6 +192,14 @@ if cc.compiles(malloc_attribute_test, name : 'malloc attribute with arguments') add_project_arguments('-DHAVE_MALLOC_EXTENDED_ATTRIBUTE', language: 'c') endif +if cc.has_function('closefrom', prefix: '#define _GNU_SOURCE\n#include ') + add_project_arguments('-DHAVE_CLOSEFROM', language: 'c') +endif +if cc.has_function('close_range', prefix: '#define _GNU_SOURCE\n#include ') and \ + cc.has_header_symbol('unistd.h', 'CLOSE_RANGE_CLOEXEC', prefix: '#define _GNU_SOURCE') + add_project_arguments('-DHAVE_CLOSE_RANGE_CLOEXEC', language: 'c') +endif + incdir = include_directories('src/shared') einfo_incdir = include_directories('src/libeinfo') rc_incdir = include_directories('src/librc') diff --git a/src/start-stop-daemon/start-stop-daemon.c b/src/start-stop-daemon/start-stop-daemon.c index b3a8edca..56f85cba 100644 --- a/src/start-stop-daemon/start-stop-daemon.c +++ b/src/start-stop-daemon/start-stop-daemon.c @@ -1104,8 +1104,12 @@ int main(int argc, char **argv) || rc_yesno(getenv("EINFO_QUIET"))) dup2(stderr_fd, STDERR_FILENO); +#ifdef HAVE_CLOSEFROM + closefrom(3); +#else for (i = getdtablesize() - 1; i >= 3; --i) close(i); +#endif if (scheduler != NULL) { int scheduler_index; diff --git a/src/supervise-daemon/supervise-daemon.c b/src/supervise-daemon/supervise-daemon.c index 68490ad4..9a1b6f55 100644 --- a/src/supervise-daemon/supervise-daemon.c +++ b/src/supervise-daemon/supervise-daemon.c @@ -22,6 +22,11 @@ #define ONE_SECOND 1000000000 #define ONE_MS 1000000 +#ifdef HAVE_CLOSE_RANGE_CLOEXEC +/* For close_range() */ +# define _GNU_SOURCE +#endif + #include #include #include @@ -569,8 +574,11 @@ static void child_process(char *exec, char **argv) if (redirect_stderr || rc_yesno(getenv("EINFO_QUIET"))) dup2(stderr_fd, STDERR_FILENO); - for (i = getdtablesize() - 1; i >= 3; --i) - fcntl(i, F_SETFD, FD_CLOEXEC); +#ifdef HAVE_CLOSE_RANGE_CLOEXEC + if (close_range(3, UINT_MAX, CLOSE_RANGE_CLOEXEC) < 0) +#endif + for (i = getdtablesize() - 1; i >= 3; --i) + fcntl(i, F_SETFD, FD_CLOEXEC); cmdline = make_cmdline(argv); syslog(LOG_INFO, "Child command line: %s", cmdline); free(cmdline);