Fwd: Windows shmem fix: makes shared memory fully ASLR and DEP compliant (ea. cache zone, limit zone, etc.)

Maxim Dounin mdounin at mdounin.ru
Tue Jun 9 12:44:47 UTC 2015 

Hello!

On Mon, Jun 08, 2015 at 09:56:16PM +0200, Sergey Brester wrote:

> Hi,
> 
> Back to my wish to fix a problem with multiple workers under windows...
> 
> Since we successful implemented shared memory on windows, it may be used for
> proper sharing a socket descriptor for multiple workers.
> 
> Possible scenario can be found in this MSDN-article:
> 
> https://msdn.microsoft.com/en-en/library/windows/desktop/ms741565%28v=vs.85%29.aspx
> 
> I need some help, to make the changes more nginx conform:
> 
> I have not yet decided which process will create/share a socket (duplicate
> handle and set it to shared memory). The idea was to create from master in
> ngx_event_process_init an initial shared memory with empty socket
> descriptors. The first worker inside ngx_open_listening_sockets may create a
> socket and duplicate a handle to share it with all other workers (save it to
> shared memory).
> 
> The first problem would be the way windows does it - the (source) process
> should know each target process handle to duplicate a socket handle for it.
> So if a new worker will be created, it should "receive" a new shared handle,
> duplicated specially for him.
> 
> So if not possible to do that somehow, only master process can create a
> socket and duplicate handle for each worker, before create him. But this
> will make the whole solution more complicated as now.

This doesn't looks like an approach which will work well with
nginx.  I would rather recommend trying to use normal handle 
inheritance, as previously suggested.

> Another way is, to create child with CreateProcess and bInheritHandles=1,
> and then save the first created socket handle in shared memory, but the

Instead of shared memory consider using an environment variable, 
much like it's done for inherited sockets.

> problem would be - all handles created from childs will be shared also
> (files, channels, etc.), so if some handle will be not proper closed before
> end of some process - it will be a leak, as long as all processes including
> master are not terminated.

I don't see how CreateProcess() bInheritHandles affects handles 
created by worker processes.  It is documented to only control 
whether inheritable handles will be inherited by a new process or 
not.  Either way, worker processes are not expected to start other 
processes, so you probably shouldn't care at all.

-- 
Maxim Dounin
http://nginx.org/

More information about the nginx-devel mailing list