-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
filedesc: don't use ioctl(FIOCLEX) on Linux #62425
Conversation
Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @shepmaster (or someone else) soon. If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes. Please see the contribution instructions for more information. |
cd26ac6
to
b20b22b
Compare
Whew, way past my current level of knowledge! 😇 |
Thanks for the PR! I don't personally know what an These are naively optimized to avoid syscalls into the kernel, although it's never been benchmarked one way or another I imagine. Is it possible though to look for other experience reports to guide which of these in theory should be used for these operations? |
I can give you a quick run-down if it'll help. Traditionally within Unix there were only three modes you could open a file with ( On Linux (since 2.6.39) there has been an additional way of getting a file handle -- However, it turns out that The reason why this change is necessary (or rather, "would be nice") is that I'm working on a new library to hopefully improve the security of many projects by providing a safe path resolution implementation. The safety and usability of this path resolution library depends incredibly strongly on the properties of I have worked around this issue in my own library (by doing
To be honest, I wasn't even aware there was a way to set Looking at my change again, I just realised that the
While the
I can look at what other languages do, but I'd like to say as someone who stares at |
Thanks for the thorough description! That all sounds great to me. If you want to revert the part for |
All ioctl(2)s will fail on O_PATH file descriptors on Linux (because they use &empty_fops as a security measure against O_PATH descriptors affecting the backing file). As a result, File::try_clone() and various other methods would always fail with -EBADF on O_PATH file descriptors. The solution is to simply use F_SETFD (as is used on other unices) which works on O_PATH descriptors because it operates through the fnctl(2) layer and not through ioctl(2)s. Since this code is usually only used in strange error paths (a broken or ancient kernel), the extra overhead of one syscall shouldn't cause any dramas. Most other systems programming languages also use the fnctl(2) so this brings us in line with them. Fixes: rust-lang#62314 Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
b20b22b
to
6031a07
Compare
Alright, I've dropped that hunk. Thanks! |
@bors: r+ |
📌 Commit 6031a07 has been approved by |
…lexcrichton filedesc: don't use ioctl(FIOCLEX) on Linux All `ioctl(2)`s will fail on `O_PATH` file descriptors on Linux (because they use `&empty_fops` as a security measure against `O_PATH` descriptors affecting the backing file). As a result, `File::try_clone()` and various other methods would always fail with `-EBADF` on `O_PATH` file descriptors. The solution is to simply use `F_SETFD` (as is used on other unices) which works on `O_PATH` descriptors because it operates through the `fnctl(2)` layer and not through `ioctl(2)`s. Since this code is usually only used in strange error paths (a broken or ancient kernel), the extra overhead of one syscall shouldn't cause any dramas. Most other systems programming languages also use the fnctl(2) so this brings us in line with them. Fixes: rust-lang#62314 Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Rollup of 7 pull requests Successful merges: - #61665 (core: check for pointer equality when comparing Eq slices) - #61923 (Prerequisites from dep graph refactoring #2) - #62270 (Move async-await tests from run-pass to ui) - #62425 (filedesc: don't use ioctl(FIOCLEX) on Linux) - #62476 (Continue refactoring macro expansion and resolution) - #62519 (Regression test for HRTB bug (issue 30786).) - #62557 (Fix typo in libcore/intrinsics.rs) Failed merges: r? @ghost
All
ioctl(2)
s will fail onO_PATH
file descriptors on Linux (becausethey use
&empty_fops
as a security measure againstO_PATH
descriptorsaffecting the backing file).
As a result,
File::try_clone()
and various other methods would alwaysfail with
-EBADF
onO_PATH
file descriptors. The solution is to simplyuse
F_SETFD
(as is used on other unices) which works onO_PATH
descriptors because it operates through the
fnctl(2)
layer and notthrough
ioctl(2)
s.Since this code is usually only used in strange error paths (a broken or
ancient kernel), the extra overhead of one syscall shouldn't cause any
dramas. Most other systems programming languages also use the fnctl(2)
so this brings us in line with them.
Fixes: #62314
Signed-off-by: Aleksa Sarai cyphar@cyphar.com