<div dir="ltr"><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em qua., 16 de dez. de 2020 às 10:14, Vladimir Homutov <<a href="mailto:vl@nginx.com">vl@nginx.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">16.12.2020 09:41, 张翔 пишет:<br>
> # HG changeset patch<br>
> # User Zhang Xiang <<a href="mailto:hawkxiang.cpp@gmail.com" target="_blank">hawkxiang.cpp@gmail.com</a> <br>
> <mailto:<a href="mailto:hawkxiang.cpp@gmail.com" target="_blank">hawkxiang.cpp@gmail.com</a>>><br>
> # Date 1608099124 -28800<br>
> # Wed Dec 16 14:12:04 2020 +0800<br>
> # Node ID a685d9c04acdb4ec71fd9f176415917c217af630<br>
> # Parent 82228f955153527fba12211f52bf102c90f38dfb<br>
> Mail: accept4() support SOCK_CLOEXEC flag<br>
> <br>
> The close-on-exec flag on the new FD can be set via SOCK_CLOEXEC<br>
> <br>
> diff -r 82228f955153 -r a685d9c04acd auto/unix<br>
> --- a/auto/unix Tue Dec 15 17:41:39 2020 +0300<br>
> +++ b/auto/unix Wed Dec 16 14:12:04 2020 +0800<br>
> @@ -510,7 +510,7 @@<br>
> ngx_feature_incs="#include <sys/socket.h>"<br>
> ngx_feature_path=<br>
> ngx_feature_libs=<br>
> -ngx_feature_test="accept4(0, NULL, NULL, SOCK_NONBLOCK)"<br>
> +ngx_feature_test="accept4(0, NULL, NULL, SOCK_NONBLOCK | SOCK_CLOEXEC)"<br>
> . auto/feature<br>
> <br>
> if [ $NGX_FILE_AIO = YES ]; then<br>
> diff -r 82228f955153 -r a685d9c04acd src/event/ngx_event_accept.c<br>
> --- a/src/event/ngx_event_accept.c Tue Dec 15 17:41:39 2020 +0300<br>
> +++ b/src/event/ngx_event_accept.c Wed Dec 16 14:12:04 2020 +0800<br>
> @@ -57,7 +57,7 @@<br>
> <br>
> #if (NGX_HAVE_ACCEPT4)<br>
> if (use_accept4) {<br>
> - s = accept4(lc->fd, &sa.sockaddr, &socklen, SOCK_NONBLOCK);<br>
> + s = accept4(lc->fd, &sa.sockaddr, &socklen, SOCK_NONBLOCK | <br>
> SOCK_CLOEXEC);<br>
> } else {<br>
> s = accept(lc->fd, &sa.sockaddr, &socklen);<br>
> }<br>
> <br>
> _______________________________________________<br>
> nginx-devel mailing list<br>
> <a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br>
> <a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a><br>
> <br>
<br>
just realized you are talking about accepted sockets.<br>
Why do you think it is useful? Normally we don't fork workers and don't <br>
exec anything.<br></blockquote><div>Sorry for meddling.<br>While we wait for a response, I would like to include just for help.</div><div>
<pre><b>O_CLOEXEC </b>(since Linux 2.6.23)
Enable the close-on-exec flag for the new file descriptor.
Specifying this flag permits a program to avoid additional
<a href="https://man7.org/linux/man-pages/man2/fcntl.2.html">fcntl(2)</a> <b>F_SETFD </b>operations to set the <b>FD_CLOEXEC </b>flag.
Note that the use of this flag is essential in some
multithreaded programs, because using a separate <a href="https://man7.org/linux/man-pages/man2/fcntl.2.html">fcntl(2)</a>
<b>F_SETFD </b>operation to set the <b>FD_CLOEXEC </b>flag does not suffice
to avoid race conditions where one thread opens a file
descriptor and attempts to set its close-on-exec flag using
<a href="https://man7.org/linux/man-pages/man2/fcntl.2.html">fcntl(2)</a> at the same time as another thread does a <a href="https://man7.org/linux/man-pages/man2/fork.2.html">fork(2)</a>
plus <a href="https://man7.org/linux/man-pages/man2/execve.2.html">execve(2)</a>. Depending on the order of execution, the race
may lead to the file descriptor returned by <b>open</b>() being
unintentionally leaked to the program executed by the child
process created by <a href="https://man7.org/linux/man-pages/man2/fork.2.html">fork(2)</a>. (This kind of race is in
principle possible for any system call that creates a file
descriptor whose close-on-exec flag should be set, and various
other Linux system calls provide an equivalent of the
<b>O_CLOEXEC </b>flag to deal with this problem.)</pre>
</div><div>Ranier Vilela<br></div></div></div>