[CRIU] [PATCH] Resolve file descriptor clashes with inherit fds

Pavel Emelyanov xemul at parallels.com
Thu Nov 27 02:13:22 PST 2014 

On 11/27/2014 01:13 AM, Saied Kazemi wrote:
> Hi Pavel,
> 
> While the idea of sending inherit fds to a unix socket is intriguing,
> I do not see what problem it solves :)

Well, actually Andrey has explained me that I didn't get the problem
properly and unix socket approach really doesn't solve the real one :)

> I tried hard to keep the inherit fd implementation as simple and
> effective as possible.  The current implementation, does not require
> expanding service fd area and it easily handles clashes, should there
> be any.  The only way that it would fail is:
> 
>     SUM(all application open files + all service fds + all inherit
> fds) > RLIMIT_NOFILE
> 
> Since RLIMIT_NOFILE is in thousands, this situation is very very
> unlikely.  Moreover, the main use case for inherit fd (i.e., Docker
> containers) requires only 2 descriptors (stdout and stderr).  The unix
> socket approach would still require 1 descriptor, so the saving is
> negligible.
> 
> May I suggest that we proceed with the current approach but stay open
> and flexible to changing it if/when we run into a real limitation?

Sure!

> Thanks,
> 
> --Saied
> 
> 
> On Wed, Nov 26, 2014 at 12:21 PM, Pavel Emelyanov <xemul at parallels.com> wrote:
>> On 11/26/2014 11:02 PM, Andrew Vagin wrote:
>>> On Wed, Nov 26, 2014 at 10:13:49PM +0300, Pavel Emelyanov wrote:
>>>> On 11/26/2014 01:54 AM, Saied Kazemi wrote:
>>>>> Since with --inherit-fd option criu's caller can set any fd to be
>>>>> inheritied, there is a chance of fd clash during restore.  Resolve such
>>>>> cases by moving the inherit fd to a different descriptor.
>>>>>
>>>>> Signed-off-by: Saied Kazemi <saied at google.com>
>>>>
>>>> I have a crazy idea how to keep all inherit-fds in a service-fd area :)
>>>> We can create a unix socket and "send" all inherited fd-s there. At the
>>>> time of fd restore we can just pull one out of this queue :)
>>>
>>> How to specify which one should be pulled out?
>>
>> At the time you put them in you remember the sequence.
>>
>>>>
>>>> What do you think?
>>>
>>> Are you going to read them all each time, when you need one of them?
>>
>> No. You restore file descriptors in one place. Before this "place" you
>> receive them all, then dup2 in the proper places. That's the proposal
>> how to keep them from being reopen_fd_as()-d and close_fd_safe()-d.
>>
>>> How many file descriptors can be sent in one unix socket?
>>
>> Technically any.
>>
>> Thanks,
>> Pavel
>>
> .
>

More information about the CRIU mailing list