start-stop-daemon, supervise-daemon: use closefrom()/close_range()

On systems with a very large RLIMIT_NOFILE, calling close() in a loop
from 3 to getdtablesize() effects an enormous number of system calls.
There are better alternatives. Both BSD and Linux have the closefrom()
system call that closes all file descriptors with indices not less than
a specified minimum. Have start-stop-daemon call closefrom() on systems
where it's implemented, falling back to the old loop elsewhere.

Likewise, calling fcntl(i, F_SETFD, FD_CLOEXEC) in a loop from 3 to
getdtablesize() raises a similar performance concern. Linux 5.11 and
onward has a close_range() system call with a CLOSE_RANGE_CLOEXEC flag
that sets the FD_CLOEXEC flag on all file descriptors in a specified
range. Have supervise-daemon utilize this feature on systems where it's
implemented, falling back to the old loop elsewhere.
This commit is contained in:
Matt Whitlock 2022-08-21 09:10:44 -04:00 committed by William Hubbs
parent de295bd0c6
commit 9dfd2b2737
3 changed files with 22 additions and 2 deletions

View File

@ -192,6 +192,14 @@ if cc.compiles(malloc_attribute_test, name : 'malloc attribute with arguments')
add_project_arguments('-DHAVE_MALLOC_EXTENDED_ATTRIBUTE', language: 'c') add_project_arguments('-DHAVE_MALLOC_EXTENDED_ATTRIBUTE', language: 'c')
endif endif
if cc.has_function('closefrom', prefix: '#define _GNU_SOURCE\n#include <unistd.h>')
add_project_arguments('-DHAVE_CLOSEFROM', language: 'c')
endif
if cc.has_function('close_range', prefix: '#define _GNU_SOURCE\n#include <unistd.h>') and \
cc.has_header_symbol('unistd.h', 'CLOSE_RANGE_CLOEXEC', prefix: '#define _GNU_SOURCE')
add_project_arguments('-DHAVE_CLOSE_RANGE_CLOEXEC', language: 'c')
endif
incdir = include_directories('src/shared') incdir = include_directories('src/shared')
einfo_incdir = include_directories('src/libeinfo') einfo_incdir = include_directories('src/libeinfo')
rc_incdir = include_directories('src/librc') rc_incdir = include_directories('src/librc')

View File

@ -1104,8 +1104,12 @@ int main(int argc, char **argv)
|| rc_yesno(getenv("EINFO_QUIET"))) || rc_yesno(getenv("EINFO_QUIET")))
dup2(stderr_fd, STDERR_FILENO); dup2(stderr_fd, STDERR_FILENO);
#ifdef HAVE_CLOSEFROM
closefrom(3);
#else
for (i = getdtablesize() - 1; i >= 3; --i) for (i = getdtablesize() - 1; i >= 3; --i)
close(i); close(i);
#endif
if (scheduler != NULL) { if (scheduler != NULL) {
int scheduler_index; int scheduler_index;

View File

@ -22,6 +22,11 @@
#define ONE_SECOND 1000000000 #define ONE_SECOND 1000000000
#define ONE_MS 1000000 #define ONE_MS 1000000
#ifdef HAVE_CLOSE_RANGE_CLOEXEC
/* For close_range() */
# define _GNU_SOURCE
#endif
#include <sys/types.h> #include <sys/types.h>
#include <sys/ioctl.h> #include <sys/ioctl.h>
#include <sys/resource.h> #include <sys/resource.h>
@ -569,8 +574,11 @@ static void child_process(char *exec, char **argv)
if (redirect_stderr || rc_yesno(getenv("EINFO_QUIET"))) if (redirect_stderr || rc_yesno(getenv("EINFO_QUIET")))
dup2(stderr_fd, STDERR_FILENO); dup2(stderr_fd, STDERR_FILENO);
for (i = getdtablesize() - 1; i >= 3; --i) #ifdef HAVE_CLOSE_RANGE_CLOEXEC
fcntl(i, F_SETFD, FD_CLOEXEC); if (close_range(3, UINT_MAX, CLOSE_RANGE_CLOEXEC) < 0)
#endif
for (i = getdtablesize() - 1; i >= 3; --i)
fcntl(i, F_SETFD, FD_CLOEXEC);
cmdline = make_cmdline(argv); cmdline = make_cmdline(argv);
syslog(LOG_INFO, "Child command line: %s", cmdline); syslog(LOG_INFO, "Child command line: %s", cmdline);
free(cmdline); free(cmdline);