Close file descriptor on drop in TimerFd #1381
Conversation
There was a problem hiding this comment.
Good catch about Clone. I think there may be some other structs that have that problem; I'll check for them.
A few requests:
- The drop implementation should panic on
EBADF, because that usually indicates a double-close. - Document somewhere that this type closes on drop.
- Don't forget to add a CHANGELOG entry!
|
I believe I've addressed the suggested changes. |
CHANGELOG.md
Outdated
| @@ -10,6 +10,8 @@ This project adheres to [Semantic Versioning](http://semver.org/). | |||
| - Added limited Fuchsia support (#[1285](https://github.com/nix-rust/nix/pull/1285)) | |||
| - Added `getpeereid` (#[1342](https://github.com/nix-rust/nix/pull/1342)) | |||
| ### Fixed | |||
| - TimerFd now closes the underlying fd on drop. | |||
There was a problem hiding this comment.
Also, in the "Removed" section you should note that is no longer Clone and Copy.
src/sys/timerfd.rs
Outdated
| libc::close(self.fd) | ||
| }); | ||
| if let Err(Error::Sys(Errno::EBADF)) = result { | ||
| panic!("close of TimerFd encountered EBADF"); |
There was a problem hiding this comment.
One problem: panicking during drop is usually bad, because drop itself gets called during panic. A double-panic is difficult to debug. Instead, you should only panic if the thread isn't already panicking. In fact, you don't even need to close when panicking, because the process is about to abort anyway. So I would write this as
if !std::thread::panicking() {
//close the file descriptor, panicking on EBADF
}There was a problem hiding this comment.
The file descriptor is now only closed if the thread isn't already panicking.
|
Would you mind squashing your commits? We can't do this with Github's merge button because we use bors. |
crdumoul
force-pushed
the
timerfd-file-leak
branch
from
43799bd
to
c33fa74
Compare
This is done. |
This change closes the TimerFd file descriptor on drop. Note that the TimerFd will no longer be
CloneorCopy. Since it has a destructor it can't beCopy, and if it wereCloneyou could end up trying to use a closed TimerFd, or double-closing the file descriptor.Addresses #1379.