Eric Wong
2009-Jul-09 09:56 UTC
[Mongrel-development] [PATCH] always set FD_CLOEXEC on sockets post-accept()
FD_CLOEXEC is not guaranteed to be inherited by the accept()-ed descriptors even if the listener socket has this set. This can be a problem with applications that fork+exec long running background processes and our client expects us to close a connection to signal a completed response: the connection would only be closed when the background process closed it (when it exited), not when Mongrel closes the socket. This issue was discovered with a server other than Mongrel but the issue here is applicable to Mongrel as well. --- This patch was based on the below branch (against c365ba16d12a14bdf1cc50a26f67dd3b45f5a4d8) > I used git-svn and added it to > http://github.com/fauna/mongrel/tree/trunk_from_svn, where it can lie > unchanged for reference. P.S.: I know I used to have a commit bit to the Mongrel SVN but I never really cared for it since I''ve always preferred the mailing-patches-around-for-review form of development. Let me know if pushing things to git://git.bogomips.org/mongrel.git for you to pull is preferable in the future. P.P.S: not sure if it''s common around here, but I''ve long had mutt setup to pipe messages to "git am" directly from the index or pager and also diff syntax hilighting in the mutt pager. It all makes patch review/testing *much* nicer without having to context switch out of a terminal/screen. lib/mongrel.rb | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/lib/mongrel.rb b/lib/mongrel.rb index f09a617..0619abe 100644 --- a/lib/mongrel.rb +++ b/lib/mongrel.rb @@ -278,7 +278,11 @@ module Mongrel if defined?($tcp_cork_opts) and $tcp_cork_opts client.setsockopt(*$tcp_cork_opts) rescue nil end - + + if defined?(Fcntl::FD_CLOEXEC) + client.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC) + end + worker_list = @workers.list if worker_list.length >= @num_processors -- Eric Wong
Evan Weaver
2009-Jul-15 16:31 UTC
[Mongrel-development] [PATCH] always set FD_CLOEXEC on sockets post-accept()
Luis, is this one of the commits you already accepted for 1.1.6 and friends? Evan On Thu, Jul 9, 2009 at 2:56 AM, Eric Wong<normalperson at yhbt.net> wrote:> FD_CLOEXEC is not guaranteed to be inherited by the accept()-ed > descriptors even if the listener socket has this set. ?This can > be a problem with applications that fork+exec long running > background processes and our client expects us to close > a connection to signal a completed response: the connection > would only be closed when the background process closed it > (when it exited), not when Mongrel closes the socket. > > This issue was discovered with a server other than Mongrel but > the issue here is applicable to Mongrel as well. > --- > > ?This patch was based on the below branch > ?(against c365ba16d12a14bdf1cc50a26f67dd3b45f5a4d8) > > ?> I used git-svn and added it to > ?> http://github.com/fauna/mongrel/tree/trunk_from_svn, where it can lie > ?> unchanged for reference. > > ?P.S.: I know I used to have a commit bit to the Mongrel SVN but I > ?never really cared for it since I''ve always preferred the > ?mailing-patches-around-for-review form of development. ?Let me know if > ?pushing things to git://git.bogomips.org/mongrel.git for you to > ?pull is preferable in the future. > > ?P.P.S: not sure if it''s common around here, but I''ve long had mutt > ?setup to pipe messages to "git am" directly from the index or pager > ?and also diff syntax hilighting in the mutt pager. ?It all makes patch > ?review/testing *much* nicer without having to context switch out of a > ?terminal/screen. > > ?lib/mongrel.rb | ? ?6 +++++- > ?1 files changed, 5 insertions(+), 1 deletions(-) > > diff --git a/lib/mongrel.rb b/lib/mongrel.rb > index f09a617..0619abe 100644 > --- a/lib/mongrel.rb > +++ b/lib/mongrel.rb > @@ -278,7 +278,11 @@ module Mongrel > ? ? ? ? ? ? ? if defined?($tcp_cork_opts) and $tcp_cork_opts > ? ? ? ? ? ? ? ? client.setsockopt(*$tcp_cork_opts) rescue nil > ? ? ? ? ? ? ? end > - > + > + ? ? ? ? ? ? ?if defined?(Fcntl::FD_CLOEXEC) > + ? ? ? ? ? ? ? ?client.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC) > + ? ? ? ? ? ? ?end > + > ? ? ? ? ? ? ? worker_list = @workers.list > > ? ? ? ? ? ? ? if worker_list.length >= @num_processors > -- > Eric Wong > _______________________________________________ > Mongrel-development mailing list > Mongrel-development at rubyforge.org > http://rubyforge.org/mailman/listinfo/mongrel-development >-- Evan Weaver
Luis Lavena
2009-Jul-15 23:13 UTC
[Mongrel-development] [PATCH] always set FD_CLOEXEC on sockets post-accept()
On Wed, Jul 15, 2009 at 1:31 PM, Evan Weaver<evan at cloudbur.st> wrote:> Luis, is this one of the commits you already accepted for 1.1.6 and friends? >I think is not. Will review, but everything will be reflected in the history file.> Evan > > On Thu, Jul 9, 2009 at 2:56 AM, Eric Wong<normalperson at yhbt.net> wrote: >> FD_CLOEXEC is not guaranteed to be inherited by the accept()-ed >> descriptors even if the listener socket has this set. ?This can >> be a problem with applications that fork+exec long running >> background processes and our client expects us to close >> a connection to signal a completed response: the connection >> would only be closed when the background process closed it >> (when it exited), not when Mongrel closes the socket. >> >> This issue was discovered with a server other than Mongrel but >> the issue here is applicable to Mongrel as well. >> --- >> >> ?This patch was based on the below branch >> ?(against c365ba16d12a14bdf1cc50a26f67dd3b45f5a4d8) >> >> ?> I used git-svn and added it to >> ?> http://github.com/fauna/mongrel/tree/trunk_from_svn, where it can lie >> ?> unchanged for reference. >> >> ?P.S.: I know I used to have a commit bit to the Mongrel SVN but I >> ?never really cared for it since I''ve always preferred the >> ?mailing-patches-around-for-review form of development. ?Let me know if >> ?pushing things to git://git.bogomips.org/mongrel.git for you to >> ?pull is preferable in the future. >> >> ?P.P.S: not sure if it''s common around here, but I''ve long had mutt >> ?setup to pipe messages to "git am" directly from the index or pager >> ?and also diff syntax hilighting in the mutt pager. ?It all makes patch >> ?review/testing *much* nicer without having to context switch out of a >> ?terminal/screen. >> >> ?lib/mongrel.rb | ? ?6 +++++- >> ?1 files changed, 5 insertions(+), 1 deletions(-) >> >> diff --git a/lib/mongrel.rb b/lib/mongrel.rb >> index f09a617..0619abe 100644 >> --- a/lib/mongrel.rb >> +++ b/lib/mongrel.rb >> @@ -278,7 +278,11 @@ module Mongrel >> ? ? ? ? ? ? ? if defined?($tcp_cork_opts) and $tcp_cork_opts >> ? ? ? ? ? ? ? ? client.setsockopt(*$tcp_cork_opts) rescue nil >> ? ? ? ? ? ? ? end >> - >> + >> + ? ? ? ? ? ? ?if defined?(Fcntl::FD_CLOEXEC) >> + ? ? ? ? ? ? ? ?client.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC) >> + ? ? ? ? ? ? ?end >> + >> ? ? ? ? ? ? ? worker_list = @workers.list >> >> ? ? ? ? ? ? ? if worker_list.length >= @num_processors >> -- >> Eric Wong >> _______________________________________________ >> Mongrel-development mailing list >> Mongrel-development at rubyforge.org >> http://rubyforge.org/mailman/listinfo/mongrel-development >> > > > > -- > Evan Weaver > _______________________________________________ > Mongrel-development mailing list > Mongrel-development at rubyforge.org > http://rubyforge.org/mailman/listinfo/mongrel-development >-- Luis Lavena AREA 17 - Perfection in design is achieved not when there is nothing more to add, but rather when there is nothing more to take away. Antoine de Saint-Exup?ry