From 9629bca1f0be1bf160c2e8ba205e7bf7fa4ba780 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Fri, 2 Mar 2018 10:54:00 +1100 Subject: [PATCH 1/6] MDEV-8743: use O_CLOEXEC (innodb/xtradb) --- storage/innobase/os/os0file.c | 6 +++--- storage/xtradb/os/os0file.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/storage/innobase/os/os0file.c b/storage/innobase/os/os0file.c index a6156e555b546..a410d4644ac40 100644 --- a/storage/innobase/os/os0file.c +++ b/storage/innobase/os/os0file.c @@ -1184,10 +1184,10 @@ os_file_create_simple_func( } if (create_mode == OS_FILE_CREATE) { - file = open(name, create_flag, S_IRUSR | S_IWUSR + file = open(name, create_flag | O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); } else { - file = open(name, create_flag); + file = open(name, create_flag | O_CLOEXEC); } if (file == -1) { @@ -1631,7 +1631,7 @@ os_file_create_func( } #endif /* O_SYNC */ - file = open(name, create_flag, os_innodb_umask); + file = open(name, create_flag | O_CLOEXEC, os_innodb_umask); if (file == -1) { *success = FALSE; diff --git a/storage/xtradb/os/os0file.c b/storage/xtradb/os/os0file.c index 8e5cc9a6ba649..d0f014e8f0896 100644 --- a/storage/xtradb/os/os0file.c +++ b/storage/xtradb/os/os0file.c @@ -1286,10 +1286,10 @@ os_file_create_simple_func( } if (create_mode == OS_FILE_CREATE) { - file = open(name, create_flag, S_IRUSR | S_IWUSR + file = open(name, create_flag | O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); } else { - file = open(name, create_flag); + file = open(name, create_flag | O_CLOEXEC); } if (file == -1) { @@ -1752,7 +1752,7 @@ os_file_create_func( } #endif /* O_SYNC */ - file = open(name, create_flag, os_innodb_umask); + file = open(name, create_flag | O_CLOEXEC, os_innodb_umask); if (file == -1) { *success = FALSE; From 4ec7b840776e498456b9a22a51178099e4d66aa3 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Fri, 2 Mar 2018 10:54:34 +1100 Subject: [PATCH 2/6] MDEV-8743: use O_CLOEXEC MYSQL_LOG::open / TC_LOG_MMAP::open For galera compatibility, the main thing is to ensure the FD 1, 2 are not opened with O_CLOEXEC otherwise galera sst errors don't appear in the error.log Files without O_CLOEXEC from the test below: 0 -> /dev/pts/9 1 -> /tmp/error.log (intended) 2 -> /tmp/error.log (intended) 5 -> /tmp/datadir 6 -> /tmp/datadir/aria_log.00000001 (Innodb temp files) 8 -> /tmp/ibIIrhFL (deleted) 9 -> /tmp/ibfx1vai (deleted) 10 -> /tmp/ibAQUKFO (deleted) 11 -> /tmp/ibWBQSHR (deleted) 15 -> /tmp/ibEXEcfo (deleted) 20 -> /tmp/datadir/mysql/host.MYD 22 -> /tmp/datadir/mysql/user.MYD ... (rest of MYD files) Test for this and the previous commit. sql/mysqld --skip-networking --datadir=/tmp/datadir --log-bin=/tmp/datadir/mysqlbin --socket /tmp/s.sock --lc-messages-dir=${PWD}/sql/share --verbose --log-error=/tmp/error.log --general-log-file=/tmp/general.log --general-log=1 --slow-query-log-file=/tmp/slow.log --slow-query-log=1 180302 10:56:41 [Note] sql/mysqld (mysqld 5.5.60-MariaDB-wsrep) starting as process 26056 ... $ cd /proc/26056 $ ls -la --sort=none fd total 0 dr-x------. 2 dan dan 0 Mar 2 10:57 . dr-xr-xr-x. 9 dan dan 0 Mar 2 10:56 .. lrwx------. 1 dan dan 64 Mar 2 10:57 0 -> /dev/pts/9 l-wx------. 1 dan dan 64 Mar 2 10:57 1 -> /tmp/error.log l-wx------. 1 dan dan 64 Mar 2 10:57 2 -> /tmp/error.log lrwx------. 1 dan dan 64 Mar 2 10:57 3 -> /tmp/datadir/mysqlbin.index lrwx------. 1 dan dan 64 Mar 2 10:57 4 -> /tmp/datadir/aria_log_control lr-x------. 1 dan dan 64 Mar 2 10:57 5 -> /tmp/datadir lrwx------. 1 dan dan 64 Mar 2 10:57 6 -> /tmp/datadir/aria_log.00000001 lrwx------. 1 dan dan 64 Mar 2 10:57 7 -> /tmp/datadir/ibdata1 lrwx------. 1 dan dan 64 Mar 2 10:57 8 -> /tmp/ibIIrhFL (deleted) lrwx------. 1 dan dan 64 Mar 2 10:57 9 -> /tmp/ibfx1vai (deleted) lrwx------. 1 dan dan 64 Mar 2 10:57 10 -> /tmp/ibAQUKFO (deleted) lrwx------. 1 dan dan 64 Mar 2 10:57 11 -> /tmp/ibWBQSHR (deleted) lrwx------. 1 dan dan 64 Mar 2 10:57 12 -> /tmp/datadir/ib_logfile0 lrwx------. 1 dan dan 64 Mar 2 10:57 13 -> /tmp/datadir/ib_logfile1 l-wx------. 1 dan dan 64 Mar 2 10:57 14 -> /tmp/slow.log lrwx------. 1 dan dan 64 Mar 2 10:57 15 -> /tmp/ibEXEcfo (deleted) l-wx------. 1 dan dan 64 Mar 2 10:57 16 -> /tmp/general.log lrwx------. 1 dan dan 64 Mar 2 10:57 17 -> socket:[1897356] lrwx------. 1 dan dan 64 Mar 2 10:57 18 -> socket:[45335] l-wx------. 1 dan dan 64 Mar 2 10:57 19 -> /tmp/datadir/mysqlbin.000004 lrwx------. 1 dan dan 64 Mar 2 10:57 20 -> /tmp/datadir/mysql/host.MYD lrwx------. 1 dan dan 64 Mar 2 10:57 21 -> /tmp/datadir/mysql/host.MYI lrwx------. 1 dan dan 64 Mar 2 10:57 22 -> /tmp/datadir/mysql/user.MYD lrwx------. 1 dan dan 64 Mar 2 10:57 23 -> /tmp/datadir/mysql/user.MYI lrwx------. 1 dan dan 64 Mar 2 10:57 24 -> /tmp/datadir/mysql/db.MYD lrwx------. 1 dan dan 64 Mar 2 10:57 25 -> /tmp/datadir/mysql/db.MYI lrwx------. 1 dan dan 64 Mar 2 10:57 26 -> /tmp/datadir/mysql/proxies_priv.MYD lrwx------. 1 dan dan 64 Mar 2 10:57 27 -> /tmp/datadir/mysql/proxies_priv.MYI lrwx------. 1 dan dan 64 Mar 2 10:57 28 -> /tmp/datadir/mysql/tables_priv.MYD lrwx------. 1 dan dan 64 Mar 2 10:57 29 -> /tmp/datadir/mysql/tables_priv.MYI lrwx------. 1 dan dan 64 Mar 2 10:57 30 -> /tmp/datadir/mysql/columns_priv.MYD lrwx------. 1 dan dan 64 Mar 2 10:57 31 -> /tmp/datadir/mysql/columns_priv.MYI lrwx------. 1 dan dan 64 Mar 2 10:57 32 -> /tmp/datadir/mysql/procs_priv.MYD lrwx------. 1 dan dan 64 Mar 2 10:57 33 -> /tmp/datadir/mysql/procs_priv.MYI lrwx------. 1 dan dan 64 Mar 2 10:57 34 -> /tmp/datadir/mysql/servers.MYD lrwx------. 1 dan dan 64 Mar 2 10:57 35 -> /tmp/datadir/mysql/servers.MYI lrwx------. 1 dan dan 64 Mar 2 10:57 36 -> /tmp/datadir/mysql/event.MYD lrwx------. 1 dan dan 64 Mar 2 10:57 37 -> /tmp/datadir/mysql/event.MYI O_CLOEXEC files are those with flags 02000000 /usr/include/bits/fcntl-linux.h:# define __O_CLOEXEC 02000000 /usr/include/bits/fcntl-linux.h:# define O_CLOEXEC __O_CLOEXEC /* Set close_on_exec. */ $ find fdinfo/ -type f -ls -exec cat {} \; | more 1924720 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/0 pos: 0 flags: 0100002 mnt_id: 25 1924721 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/1 pos: 9954 flags: 0102001 mnt_id: 82 1924722 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/2 pos: 10951 flags: 0102001 mnt_id: 82 1924723 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/3 pos: 116 flags: 02100002 mnt_id: 82 1924724 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/4 pos: 52 flags: 0100002 mnt_id: 82 lock: 1: POSIX ADVISORY WRITE 26056 00:2c:1866365 0 EOF 1924725 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/5 pos: 0 flags: 0100000 mnt_id: 82 1924726 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/6 pos: 16384 flags: 0100002 mnt_id: 82 1924727 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/7 pos: 0 flags: 02100002 mnt_id: 82 lock: 1: POSIX ADVISORY WRITE 26056 00:2c:1866491 0 EOF 1924728 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/8 pos: 0 flags: 0100002 mnt_id: 82 1924729 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/9 pos: 0 flags: 0100002 mnt_id: 82 1924730 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/10 pos: 0 flags: 0100002 mnt_id: 82 1924731 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/11 pos: 0 flags: 0100002 mnt_id: 82 1924732 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/12 pos: 0 flags: 02100002 mnt_id: 82 lock: 1: POSIX ADVISORY WRITE 26056 00:2c:1866492 0 EOF 1924733 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/13 pos: 0 flags: 02100002 mnt_id: 82 lock: 1: POSIX ADVISORY WRITE 26056 00:2c:1866493 0 EOF 1924734 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/14 pos: 763 flags: 02102001 mnt_id: 82 1924735 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/15 pos: 0 flags: 0100002 mnt_id: 82 1924736 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/16 pos: 473 flags: 02102001 mnt_id: 82 1924737 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/17 pos: 0 flags: 02000002 mnt_id: 9 1924738 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/18 pos: 0 flags: 02 mnt_id: 9 1924739 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/19 pos: 245 flags: 02100001 mnt_id: 82 1924740 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/20 pos: 0 flags: 0100002 mnt_id: 82 1924741 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/21 pos: 503 flags: 0500002 mnt_id: 82 1924742 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/22 pos: 324 flags: 0100002 mnt_id: 82 1924743 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/23 pos: 642 flags: 0500002 mnt_id: 82 1924744 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/24 pos: 880 flags: 0100002 mnt_id: 82 1924745 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/25 pos: 581 flags: 0500002 mnt_id: 82 1924746 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/26 pos: 1386 flags: 0100002 mnt_id: 82 1924747 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/27 pos: 498 flags: 0500002 mnt_id: 82 1924748 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/28 pos: 0 flags: 0100002 mnt_id: 82 1924749 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/29 pos: 513 flags: 0500002 mnt_id: 82 1924750 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/30 pos: 0 flags: 0100002 mnt_id: 82 1924751 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/31 pos: 494 flags: 0500002 mnt_id: 82 1924752 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/32 pos: 0 flags: 0100002 mnt_id: 82 1924753 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/33 pos: 535 flags: 0500002 mnt_id: 82 1924754 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/34 pos: 0 flags: 0100002 mnt_id: 82 1924755 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/35 pos: 396 flags: 0500002 mnt_id: 82 1924756 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/36 pos: 0 flags: 0100002 mnt_id: 82 1924757 0 -r-------- 1 dan dan 0 Mar 2 10:57 fdinfo/37 pos: 517 flags: 0500002 mnt_id: 82 --- mysys/my_symlink.c | 2 +- sql/log.cc | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/mysys/my_symlink.c b/mysys/my_symlink.c index 12959f1f24af6..f2dd2e596ff9c 100644 --- a/mysys/my_symlink.c +++ b/mysys/my_symlink.c @@ -236,7 +236,7 @@ const char *my_open_parent_dir_nosymlinks(const char *pathname, int *pdfd) return pathname + (s - buf); } - fd = openat(dfd, s, O_NOFOLLOW | O_PATH); + fd = openat(dfd, s, O_NOFOLLOW | O_PATH | O_CLOEXEC); if (fd < 0) goto err; diff --git a/sql/log.cc b/sql/log.cc index 4760e668aebbf..ca7833a0460b3 100644 --- a/sql/log.cc +++ b/sql/log.cc @@ -2466,7 +2466,7 @@ bool MYSQL_LOG::open( File file= -1; my_off_t seek_offset; bool is_fifo = false; - int open_flags= O_CREAT | O_BINARY; + int open_flags= O_CREAT | O_BINARY | O_CLOEXEC; DBUG_ENTER("MYSQL_LOG::open"); DBUG_PRINT("enter", ("log_type: %d", (int) log_type_arg)); @@ -3088,7 +3088,7 @@ bool MYSQL_BIN_LOG::open_index_file(const char *index_file_name_arg, ".index", opt); if ((index_file_nr= mysql_file_open(m_key_file_log_index, index_file_name, - O_RDWR | O_CREAT | O_BINARY, + O_RDWR | O_CREAT | O_BINARY | O_CLOEXEC, MYF(MY_WME))) < 0 || mysql_file_sync(index_file_nr, MYF(MY_WME)) || init_io_cache(&index_file, index_file_nr, @@ -7045,14 +7045,14 @@ int TC_LOG_MMAP::open(const char *opt_name) DBUG_ASSERT(TC_LOG_PAGE_SIZE % tc_log_page_size == 0); fn_format(logname,opt_name,mysql_data_home,"",MY_UNPACK_FILENAME); - if ((fd= mysql_file_open(key_file_tclog, logname, O_RDWR, MYF(0))) < 0) + if ((fd= mysql_file_open(key_file_tclog, logname, O_RDWR | O_CLOEXEC, MYF(0))) < 0) { if (my_errno != ENOENT) goto err; if (using_heuristic_recover()) return 1; if ((fd= mysql_file_create(key_file_tclog, logname, CREATE_MODE, - O_RDWR, MYF(MY_WME))) < 0) + O_RDWR | O_CLOEXEC, MYF(MY_WME))) < 0) goto err; inited=1; file_length= opt_tc_log_size; From c54c490c59e2d6aed21934cfd5948974ee0ee774 Mon Sep 17 00:00:00 2001 From: Nirbhay Choubey Date: Fri, 2 Mar 2018 11:17:35 +1100 Subject: [PATCH 3/6] MDEV-8743: O_CLOEXEC/SOCK_CLOEXEC defines for non-unix compatibility From 0f4478105f5027ce589a0f08c6019d906d632029 --- include/my_global.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/my_global.h b/include/my_global.h index cf140cf54ce48..6e8fb33b13786 100644 --- a/include/my_global.h +++ b/include/my_global.h @@ -578,6 +578,12 @@ typedef SOCKET_SIZE_TYPE size_socket; #ifndef O_NOFOLLOW #define O_NOFOLLOW 0 #endif +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif +#ifndef SOCK_CLOEXEC +#define SOCK_CLOEXEC 0 +#endif /* additional file share flags for win32 */ #ifdef __WIN__ From 88fb8b2e367158dce7a4c3e14f2517c5deb9b51d Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Fri, 2 Mar 2018 11:52:20 +1100 Subject: [PATCH 4/6] MDEV-8743: protect myisam/aria MYD files and aria log files --- storage/maria/ma_control_file.c | 2 +- storage/maria/ma_loghandler.c | 6 +++--- storage/maria/ma_open.c | 4 ++-- storage/myisam/mi_open.c | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/storage/maria/ma_control_file.c b/storage/maria/ma_control_file.c index 2fa3e6ed18e7e..11cb4c5fd243e 100644 --- a/storage/maria/ma_control_file.c +++ b/storage/maria/ma_control_file.c @@ -273,7 +273,7 @@ CONTROL_FILE_ERROR ma_control_file_open(my_bool create_if_missing, " file is probably in use by another process"; uint new_cf_create_time_size, new_cf_changeable_size, new_block_size; my_off_t file_size; - int open_flags= O_BINARY | /*O_DIRECT |*/ O_RDWR; + int open_flags= O_BINARY | /*O_DIRECT |*/ O_RDWR | O_CLOEXEC; int error= CONTROL_FILE_UNKNOWN_ERROR; DBUG_ENTER("ma_control_file_open"); diff --git a/storage/maria/ma_loghandler.c b/storage/maria/ma_loghandler.c index 2118b3b6ce657..f31662ce003f4 100644 --- a/storage/maria/ma_loghandler.c +++ b/storage/maria/ma_loghandler.c @@ -942,7 +942,7 @@ static File create_logfile_by_number_no_cache(uint32 file_no) /* TODO: add O_DIRECT to open flags (when buffer is aligned) */ if ((file= mysql_file_create(key_file_translog, translog_filename_by_fileno(file_no, path), - 0, O_BINARY | O_RDWR, MYF(MY_WME))) < 0) + 0, O_BINARY | O_RDWR | O_CLOEXEC, MYF(MY_WME))) < 0) { DBUG_PRINT("error", ("Error %d during creating file '%s'", errno, path)); translog_stop_writing(); @@ -979,7 +979,7 @@ static File open_logfile_by_number_no_cache(uint32 file_no) /* TODO: use mysql_file_create() */ if ((file= mysql_file_open(key_file_translog, translog_filename_by_fileno(file_no, path), - log_descriptor.open_flags, + log_descriptor.open_flags | O_CLOEXEC, MYF(MY_WME))) < 0) { DBUG_PRINT("error", ("Error %d during opening file '%s'", errno, path)); @@ -3263,7 +3263,7 @@ static my_bool translog_get_last_page_addr(TRANSLOG_ADDRESS *addr, File fd; if ((fd= mysql_file_open(key_file_translog, translog_filename_by_fileno(file_no, path), - O_RDONLY, (no_errors ? MYF(0) : MYF(MY_WME)))) < 0) + O_RDONLY | O_CLOEXEC, (no_errors ? MYF(0) : MYF(MY_WME)))) < 0) { my_errno= errno; DBUG_PRINT("error", ("Error %d during opening file #%d", diff --git a/storage/maria/ma_open.c b/storage/maria/ma_open.c index a382c30e025cf..d20fa06e0696b 100644 --- a/storage/maria/ma_open.c +++ b/storage/maria/ma_open.c @@ -1885,7 +1885,7 @@ int _ma_open_datafile(MARIA_HA *info, MARIA_SHARE *share) DEBUG_SYNC_C("mi_open_datafile"); info->dfile.file= share->bitmap.file.file= mysql_file_open(key_file_dfile, share->data_file_name.str, - share->mode | O_SHARE, MYF(flags)); + share->mode | O_SHARE | O_CLOEXEC, MYF(flags)); return info->dfile.file >= 0 ? 0 : 1; } @@ -1899,7 +1899,7 @@ int _ma_open_keyfile(MARIA_SHARE *share) mysql_mutex_lock(&share->intern_lock); share->kfile.file= mysql_file_open(key_file_kfile, share->unique_file_name.str, - share->mode | O_SHARE | O_NOFOLLOW, + share->mode | O_SHARE | O_NOFOLLOW | O_CLOEXEC, MYF(MY_WME | MY_NOSYMLINKS)); mysql_mutex_unlock(&share->intern_lock); return (share->kfile.file < 0); diff --git a/storage/myisam/mi_open.c b/storage/myisam/mi_open.c index 86b70129203e8..8e739109c0db3 100644 --- a/storage/myisam/mi_open.c +++ b/storage/myisam/mi_open.c @@ -1249,7 +1249,7 @@ int mi_open_datafile(MI_INFO *info, MYISAM_SHARE *share) myf flags= MY_WME | (share->mode & O_NOFOLLOW ? MY_NOSYMLINKS: 0); DEBUG_SYNC_C("mi_open_datafile"); info->dfile= mysql_file_open(mi_key_file_dfile, share->data_file_name, - share->mode | O_SHARE, MYF(flags)); + share->mode | O_SHARE | O_CLOEXEC, MYF(flags)); return info->dfile >= 0 ? 0 : 1; } @@ -1258,7 +1258,7 @@ int mi_open_keyfile(MYISAM_SHARE *share) { if ((share->kfile= mysql_file_open(mi_key_file_kfile, share->unique_file_name, - share->mode | O_SHARE | O_NOFOLLOW, + share->mode | O_SHARE | O_NOFOLLOW | O_CLOEXEC, MYF(MY_NOSYMLINKS | MY_WME))) < 0) return 1; return 0; From bbee025370d885103cba55716c9c2ab44e533283 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Fri, 2 Mar 2018 12:45:36 +1100 Subject: [PATCH 5/6] MDEV-8743: O_CLOEXEC on innodb/xtradb temp files Thread 1 "mysqld" hit Breakpoint 1, innobase_mysql_tmpfile () at /home/dan/repos/mariadb-server-5.5/storage/xtradb/handler/ha_innodb.cc:1639 1639 os_event_wait(srv_allow_writes_event); (gdb) p fd $2 = 7 (gdb) n 1682 fd2 = fcntl(fd, F_DUPFD_CLOEXEC, 0); (gdb) 1687 if (fd2 < 0) { (gdb) p fd2 $3 = 8 cat /proc/20448/fdinfo/{7,8} 2051972 0 -r-------- 1 dan dan 0 Mar 2 12:04 fdinfo/7 pos: 0 flags: 0100002 mnt_id: 82 2051973 0 -r-------- 1 dan dan 0 Mar 2 12:04 fdinfo/8 pos: 0 flags: 02100002 mnt_id: 82 So fd 8 has 02000000 hence CLOEXEC --- storage/innobase/handler/ha_innodb.cc | 4 ++++ storage/xtradb/handler/ha_innodb.cc | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 3a96763d6c21e..c9eee5b4dcd72 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -1410,8 +1410,12 @@ innobase_mysql_tmpfile(void) fd2 = -1; } } +#else +#ifdef F_DUPFD_CLOEXEC + fd2 = fcntl(fd, F_DUPFD_CLOEXEC, 0); #else fd2 = dup(fd); +#endif #endif if (fd2 < 0) { DBUG_PRINT("error",("Got error %d on dup",fd2)); diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index f99ae7c7de99c..04fbcd1a9fd86 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -1677,8 +1677,12 @@ innobase_mysql_tmpfile(void) fd2 = -1; } } +#else +#ifdef F_DUPFD_CLOEXEC + fd2 = fcntl(fd, F_DUPFD_CLOEXEC, 0); #else fd2 = dup(fd); +#endif #endif if (fd2 < 0) { DBUG_PRINT("error",("Got error %d on dup",fd2)); From d3c0e34bdc99ee57fd5d63237d29531d1afdef2b Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Fri, 2 Mar 2018 16:19:14 +1100 Subject: [PATCH 6/6] MDEV-8743: protect myisam/aria MYI with O_CLOEXEC --- storage/maria/ma_open.c | 4 ++-- storage/myisam/mi_open.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/storage/maria/ma_open.c b/storage/maria/ma_open.c index d20fa06e0696b..d9ff217969101 100644 --- a/storage/maria/ma_open.c +++ b/storage/maria/ma_open.c @@ -314,13 +314,13 @@ MARIA_HA *maria_open(const char *name, int mode, uint open_flags) }); DEBUG_SYNC_C("mi_open_kfile"); if ((kfile=mysql_file_open(key_file_kfile, name_buff, - (open_mode=O_RDWR) | O_SHARE | O_NOFOLLOW, + (open_mode=O_RDWR) | O_SHARE | O_NOFOLLOW | O_CLOEXEC, MYF(MY_NOSYMLINKS))) < 0) { if ((errno != EROFS && errno != EACCES) || mode != O_RDONLY || (kfile=mysql_file_open(key_file_kfile, name_buff, - (open_mode=O_RDONLY) | O_SHARE | O_NOFOLLOW, + (open_mode=O_RDONLY) | O_SHARE | O_NOFOLLOW | O_CLOEXEC, MYF(MY_NOSYMLINKS))) < 0) goto err; } diff --git a/storage/myisam/mi_open.c b/storage/myisam/mi_open.c index 8e739109c0db3..9775aade9c14f 100644 --- a/storage/myisam/mi_open.c +++ b/storage/myisam/mi_open.c @@ -117,13 +117,13 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags) DEBUG_SYNC_C("mi_open_kfile"); if ((kfile= mysql_file_open(mi_key_file_kfile, name_buff, - (open_mode= O_RDWR) | O_SHARE | O_NOFOLLOW, + (open_mode= O_RDWR) | O_SHARE | O_NOFOLLOW | O_CLOEXEC, MYF(MY_NOSYMLINKS))) < 0) { if ((errno != EROFS && errno != EACCES) || mode != O_RDONLY || (kfile= mysql_file_open(mi_key_file_kfile, name_buff, - (open_mode= O_RDONLY) | O_SHARE| O_NOFOLLOW, + (open_mode= O_RDONLY) | O_SHARE| O_NOFOLLOW | O_CLOEXEC, MYF(MY_NOSYMLINKS))) < 0) goto err; }