Re: [PATCH 1/2] open: add close_range()
From: Florian Weimer
Date: Tue May 21 2019 - 08:12:20 EST
* Christian Brauner:
> +/**
> + * __close_range() - Close all file descriptors in a given range.
> + *
> + * @fd: starting file descriptor to close
> + * @max_fd: last file descriptor to close
> + *
> + * This closes a range of file descriptors. All file descriptors
> + * from @fd up to and including @max_fd are closed.
> + */
> +int __close_range(struct files_struct *files, unsigned fd, unsigned max_fd)
> +{
> + unsigned int cur_max;
> +
> + if (fd > max_fd)
> + return -EINVAL;
> +
> + rcu_read_lock();
> + cur_max = files_fdtable(files)->max_fds;
> + rcu_read_unlock();
> +
> + /* cap to last valid index into fdtable */
> + if (max_fd >= cur_max)
> + max_fd = cur_max - 1;
> +
> + while (fd <= max_fd)
> + __close_fd(files, fd++);
> +
> + return 0;
> +}
This seems rather drastic. How long does this block in kernel mode?
Maybe it's okay as long as the maximum possible value for cur_max stays
around 4 million or so.
Solaris has an fdwalk function:
<https://docs.oracle.com/cd/E88353_01/html/E37843/closefrom-3c.html>
So a different way to implement this would expose a nextfd system call
to userspace, so that we can use that to implement both fdwalk and
closefrom. But maybe fdwalk is just too obscure, given the existence of
/proc.
I'll happily implement closefrom on top of close_range in glibc (plus
fallback for older kernels based on /procâwith an abort in case that
doesn't work because the RLIMIT_NOFILE hack is unreliable
unfortunately).
Thanks,
Florian