[CRIU] [PATCH] Resolve file descriptor clashes with inherit fds

Saied Kazemi saied at google.com
Wed Nov 26 14:13:04 PST 2014 

Hi Pavel,

While the idea of sending inherit fds to a unix socket is intriguing,
I do not see what problem it solves :)

I tried hard to keep the inherit fd implementation as simple and
effective as possible.  The current implementation, does not require
expanding service fd area and it easily handles clashes, should there
be any.  The only way that it would fail is:

    SUM(all application open files + all service fds + all inherit
fds) > RLIMIT_NOFILE

Since RLIMIT_NOFILE is in thousands, this situation is very very
unlikely.  Moreover, the main use case for inherit fd (i.e., Docker
containers) requires only 2 descriptors (stdout and stderr).  The unix
socket approach would still require 1 descriptor, so the saving is
negligible.

May I suggest that we proceed with the current approach but stay open
and flexible to changing it if/when we run into a real limitation?

Thanks,

--Saied


On Wed, Nov 26, 2014 at 12:21 PM, Pavel Emelyanov <xemul at parallels.com> wrote:
> On 11/26/2014 11:02 PM, Andrew Vagin wrote:
>> On Wed, Nov 26, 2014 at 10:13:49PM +0300, Pavel Emelyanov wrote:
>>> On 11/26/2014 01:54 AM, Saied Kazemi wrote:
>>>> Since with --inherit-fd option criu's caller can set any fd to be
>>>> inheritied, there is a chance of fd clash during restore.  Resolve such
>>>> cases by moving the inherit fd to a different descriptor.
>>>>
>>>> Signed-off-by: Saied Kazemi <saied at google.com>
>>>
>>> I have a crazy idea how to keep all inherit-fds in a service-fd area :)
>>> We can create a unix socket and "send" all inherited fd-s there. At the
>>> time of fd restore we can just pull one out of this queue :)
>>
>> How to specify which one should be pulled out?
>
> At the time you put them in you remember the sequence.
>
>>>
>>> What do you think?
>>
>> Are you going to read them all each time, when you need one of them?
>
> No. You restore file descriptors in one place. Before this "place" you
> receive them all, then dup2 in the proper places. That's the proposal
> how to keep them from being reopen_fd_as()-d and close_fd_safe()-d.
>
>> How many file descriptors can be sent in one unix socket?
>
> Technically any.
>
> Thanks,
> Pavel
>

More information about the CRIU mailing list