This is an automated email from the ASF dual-hosted git repository.
abukor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new 1c5eb9f98 KUDU-3520 Fix file descriptor leak in encryption
1c5eb9f98 is described below
commit 1c5eb9f98d24b05cbafa596b964aae2ea831ad0f
Author: Attila Bukor <[email protected]>
AuthorDate: Mon Oct 30 09:42:08 2023 +0100
KUDU-3520 Fix file descriptor leak in encryption
In PosixEnv, when creating new file handles, file descriptors are
created first, which are then passed to file handle objects, which close
the file descriptors in their destructors. With encryption enabled,
things can go wrong before they're passed to these objects, in which
case the file descriptors can be leaked due to returning from these
methods without the file handle objects being created.
This commit fixes this leak by closing the files on the failure cases.
Unfortunately, I couldn't reproduce the bug reported originally after
several attempts with different fd limits as if it was set too low, it
failed with a different error, and if it was set higher, it just didn't
fail. It looks like this was an edge case triggered by an unhappy
coincidence of multiple variables.
Change-Id: I2412429d4fe836b705296e9e30453d7c4d030cec
Reviewed-on: http://gerrit.cloudera.org:8080/20631
Reviewed-by: Alexey Serbin <[email protected]>
Tested-by: Kudu Jenkins
---
src/kudu/util/env_posix.cc | 33 +++++++++++++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/kudu/util/env_posix.cc b/src/kudu/util/env_posix.cc
index 0c5a48a85..360df4f25 100644
--- a/src/kudu/util/env_posix.cc
+++ b/src/kudu/util/env_posix.cc
@@ -1578,13 +1578,25 @@ class PosixEnv : public Env {
bool encrypted = opts.is_sensitive && IsEncryptionEnabled();
EncryptionHeader header;
if (encrypted) {
+ auto cleanup = MakeScopedCleanup([&]() {
+ fclose(f);
+ });
+
DCHECK(encryption_key_);
int fd;
RETURN_NOT_OK(DoOpen(fname, OpenMode::MUST_EXIST, &fd));
+
+ auto fd_cleanup = MakeScopedCleanup([&]() {
+ DoClose(fd);
+ });
+
RETURN_NOT_OK(ReadEncryptionHeader(fd, fname, *encryption_key_,
&header));
if (fseek(f, kEncryptionHeaderSize, SEEK_CUR)) {
return IOError(fname, errno);
}
+
+ cleanup.cancel();
+ fd_cleanup.cancel();
}
result->reset(new PosixSequentialFile(fname, encrypted, f, header));
return Status::OK();
@@ -1610,7 +1622,7 @@ class PosixEnv : public Env {
bool encrypted = opts.is_sensitive && IsEncryptionEnabled();
if (encrypted) {
DCHECK(encryption_key_);
- RETURN_NOT_OK(ReadEncryptionHeader(fd, fname, *encryption_key_,
&header));
+ RETURN_NOT_OK_EVAL(ReadEncryptionHeader(fd, fname, *encryption_key_,
&header), DoClose(fd));
}
result->reset(new PosixRandomAccessFile(fname, fd,
encrypted, header));
@@ -1628,7 +1640,12 @@ class PosixEnv : public Env {
TRACE_EVENT1("io", "PosixEnv::NewWritableFile", "path", fname);
int fd;
RETURN_NOT_OK(DoOpen(fname, opts.mode, &fd));
- return InstantiateNewWritableFile(fname, fd, opts, result);
+ auto cleanup = MakeScopedCleanup([&]() {
+ DoClose(fd);
+ });
+ RETURN_NOT_OK(InstantiateNewWritableFile(fname, fd, opts, result));
+ cleanup.cancel();
+ return Status::OK();
}
Status NewTempWritableFile(const WritableFileOptions& opts,
@@ -1639,8 +1656,12 @@ class PosixEnv : public Env {
int fd = 0;
string tmp_filename;
RETURN_NOT_OK(MkTmpFile(name_template, &fd, &tmp_filename));
+ auto cleanup = MakeScopedCleanup([&]() {
+ DoClose(fd);
+ });
RETURN_NOT_OK(InstantiateNewWritableFile(tmp_filename, fd, opts, result));
created_filename->swap(tmp_filename);
+ cleanup.cancel();
return Status::OK();
}
@@ -1664,6 +1685,9 @@ class PosixEnv : public Env {
RETURN_NOT_OK(DoOpen(fname, opts.mode, &fd));
EncryptionHeader eh;
if (encrypt) {
+ auto cleanup = MakeScopedCleanup([&]() {
+ DoClose(fd);
+ });
DCHECK(encryption_key_);
if (size >= kEncryptionHeaderSize) {
RETURN_NOT_OK(ReadEncryptionHeader(fd, fname, *encryption_key_, &eh));
@@ -1671,6 +1695,7 @@ class PosixEnv : public Env {
RETURN_NOT_OK(GenerateHeader(&eh));
RETURN_NOT_OK(WriteEncryptionHeader(fd, fname, *encryption_key_, eh));
}
+ cleanup.cancel();
}
result->reset(new PosixRWFile(fname, fd, opts.sync_on_close,
encrypt, eh));
@@ -1687,9 +1712,13 @@ class PosixEnv : public Env {
bool encrypt = opts.is_sensitive && IsEncryptionEnabled();
EncryptionHeader eh;
if (encrypt) {
+ auto cleanup = MakeScopedCleanup([&]() {
+ DoClose(fd);
+ });
DCHECK(encryption_key_);
RETURN_NOT_OK(GenerateHeader(&eh));
RETURN_NOT_OK(WriteEncryptionHeader(fd, *created_filename,
*encryption_key_, eh));
+ cleanup.cancel();
}
res->reset(new PosixRWFile(*created_filename, fd, opts.sync_on_close,
encrypt, eh));
