box: do not close xlog file descriptors in the atfork handler
Use O_CLOEXEC flag instead.
If Tarantool is forked before executing box.cfg{}, e.g. using io.popen(),
the child process could start with stdin linked to /dev/urandom.
This happens because wal_writer_singleton and vy_log_writer are not yet
initialized, i.e. `fd' fields are 0, then atfork child handler wal_atfork()
is called. It checks that xlog is opened (the check succeeded as 0 != -1)
and closes its fd 0, in fact closing stdin (twice). Next, Tarantool opens
the file /dev/urandom during initialization, and it receives the lowest
unused file descriptor, which is 0. Then luaL_loadfile() loads stdin as a
Lua chunk, in effect reading random numbers.
This happens on glibc 2.28 and older, as newer versions do not invoke
atfork handlers during io.popen():
https://sourceware.org/bugzilla/show_bug.cgi?id=17490
Closes #7886
NO_DOC=bugfix
NO_TEST=Tested by test/app-luatest/gh_5747_crash_multiple_args_test.lua
(cherry picked from commit ec1af129)
Showing
- changelogs/unreleased/gh-7886-dont-close-xlog-fd-atfork.md 4 additions, 0 deletionschangelogs/unreleased/gh-7886-dont-close-xlog-fd-atfork.md
- src/box/box.cc 0 additions, 10 deletionssrc/box/box.cc
- src/box/box.h 0 additions, 6 deletionssrc/box/box.h
- src/box/wal.c 0 additions, 16 deletionssrc/box/wal.c
- src/box/wal.h 0 additions, 3 deletionssrc/box/wal.h
- src/box/xlog.c 3 additions, 19 deletionssrc/box/xlog.c
- src/box/xlog.h 0 additions, 7 deletionssrc/box/xlog.h
- src/main.cc 1 addition, 8 deletionssrc/main.cc
Loading
Please register or sign in to comment