From: Willy Tarreau Date: Fri, 19 Apr 2024 14:52:32 +0000 (+0200) Subject: BUG/MINOR: fd: my_closefrom() on Linux could skip contiguous series of sockets X-Git-Tag: v3.0-dev8~5 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=64d20fc9e0a914ad2fe03d74972b56baaf54b90f;p=thirdparty%2Fhaproxy.git BUG/MINOR: fd: my_closefrom() on Linux could skip contiguous series of sockets We got a detailed report analysis showing that our optimization consisting in using poll() to detect already closed FDs within a 1024 range has an issue with the case where 1024 consecutive FDs are open (hence do not show POLLNVAL) and none of them has any activity report. In this case poll() returns zero update and we would just skip the loop that inspects all the FDs to close the valid ones. One visible effect is that the called programs might occasionally see some FDs being exposed in the low range of their fd space, possibly making the process run out of FDs when trying to open a file for example. Note that this is actually a fix for commit b8e602cb1b ("BUG/MINOR: fd: make sure my_closefrom() doesn't miss some FDs") that already faced a more common form of this problem (incomplete but non-empty FDs reported). This can be backported up to 2.0. --- diff --git a/src/fd.c b/src/fd.c index 9d34315cbe..0feebfce67 100644 --- a/src/fd.c +++ b/src/fd.c @@ -981,8 +981,8 @@ void my_closefrom(int start) break; } while (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR || errno == ENOMEM); - if (ret) - ret = fd - start; + /* always check the whole range */ + ret = fd - start; for (idx = 0; idx < ret; idx++) { if (poll_events[idx].revents & POLLNVAL)