Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp3847732pxu; Wed, 9 Dec 2020 02:02:20 -0800 (PST) X-Google-Smtp-Source: ABdhPJzB1Gjk3hnUyXYifnsOGfcmrl/YHgdhlF7TKpY/qQcxjX94DEb8CQbxNx2/ts1oQUi1C93M X-Received: by 2002:aa7:c856:: with SMTP id g22mr1226507edt.85.1607508140307; Wed, 09 Dec 2020 02:02:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607508140; cv=none; d=google.com; s=arc-20160816; b=vr42YqTZEcn3wnuY7Vu3uZweodp2FgXQsHt8oFf1lO8oDJDvOlqBE6Idu2NSkFK65u C3f9M32L2spZK+X70GJkOflMxoIyrgWo6KmwE9kgPxOFSD6BFwIr1ByY/fvZEuiLKG1Q CL00MZKTGNs2POkZAA7Shl3+tHjaJlNjDmXethtr7NiYfKfBx8ydsLZTrny7Ru8w/A0g hc7kJPLZrYlgVFwidfWxBaAPLZEwi31IlLOWNNdVvgigEaqNlurYPPuw0syVFAMbhXg9 pbGsgD6+IlBPrKDyxIszLJjGcL5LZ3i0lMWSPIXG/Ls7FGaq/GMjthF/Jj2wR8TjwnI8 kqZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=1b9cmcEMCBESyaBa1YHCYGwNWNyMmyvKSoii9uZET2M=; b=Rdum2hfCgi59VZAkG1FJ3d2uaLjiCo8q998I0ykEzegg+Z/59Q8bLrauQo0RS4x6cZ qosOtlqUEiJ0pc/9qwMygbZ5fsb1hS8W3O4jAeMW1g2UYjxxMmpMO6STYuJKXFIRFmIx KN5NGWKGFo7gA0N0HZTIdCmTdhbMGzg0pxlHtQ5sTpJ5rypkpGB3371tyLUxKefi6Zwe kKQlARwF/zU9v0hswyXemh9lKQPgDSZUCu8IchUBzzlsobIhMlwCwEkc+PLUQ9ssRHn9 NZgLoGCrkUOAMlosTqmIxlTRX2nbYZyX9k6NKn/JO1yLk02XLyKToSsMQNwPbVQZP0/c GRoA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bi26si545829edb.553.2020.12.09.02.01.56; Wed, 09 Dec 2020 02:02:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729051AbgLIJ7I (ORCPT + 99 others); Wed, 9 Dec 2020 04:59:08 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:47801 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729580AbgLIJ7D (ORCPT ); Wed, 9 Dec 2020 04:59:03 -0500 Received: from ip5f5af0a0.dynamic.kabel-deutschland.de ([95.90.240.160] helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1kmwEk-0007nz-Ds; Wed, 09 Dec 2020 09:58:18 +0000 Date: Wed, 9 Dec 2020 10:58:17 +0100 From: Christian Brauner To: Stephen Kitt Cc: linux-man@vger.kernel.org, Alejandro Colomar , Michael Kerrisk , linux-kernel@vger.kernel.org Subject: Re: [patch] close_range.2: new page documenting close_range(2) Message-ID: <20201209095817.7ksihhftmnd3c3hi@wittgenstein> References: <20201208215133.30575-1-steve@sk2.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20201208215133.30575-1-steve@sk2.org> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 08, 2020 at 10:51:33PM +0100, Stephen Kitt wrote: > This documents close_range(2) based on information in > 278a5fbaed89dacd04e9d052f4594ffd0e0585de and > 60997c3d45d9a67daf01c56d805ae4fec37e0bd8. > > Signed-off-by: Stephen Kitt > --- Hey Stephen, Thanks for working on this that's an early Christmas present as it gets an item off my todo list! > man2/close_range.2 | 112 +++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 112 insertions(+) > create mode 100644 man2/close_range.2 > > diff --git a/man2/close_range.2 b/man2/close_range.2 > new file mode 100644 > index 000000000..62167d9b0 > --- /dev/null > +++ b/man2/close_range.2 > @@ -0,0 +1,112 @@ > +.\" Copyright (c) 2020 Stephen Kitt > +.\" > +.\" %%%LICENSE_START(VERBATIM) > +.\" Permission is granted to make and distribute verbatim copies of this > +.\" manual provided the copyright notice and this permission notice are > +.\" preserved on all copies. > +.\" > +.\" Permission is granted to copy and distribute modified versions of this > +.\" manual under the conditions for verbatim copying, provided that the > +.\" entire resulting derived work is distributed under the terms of a > +.\" permission notice identical to this one. > +.\" > +.\" Since the Linux kernel and libraries are constantly changing, this > +.\" manual page may be incorrect or out-of-date. The author(s) assume no > +.\" responsibility for errors or omissions, or for damages resulting from > +.\" the use of the information contained herein. The author(s) may not > +.\" have taken the same level of care in the production of this manual, > +.\" which is licensed free of charge, as they might when working > +.\" professionally. > +.\" > +.\" Formatted or processed versions of this manual, if unaccompanied by > +.\" the source, must acknowledge the copyright and authors of this work. > +.\" %%%LICENSE_END > +.\" > +.TH CLOSE_RANGE 2 2020-12-08 "Linux" "Linux Programmer's Manual" > +.SH NAME > +close_range \- close all file descriptors in a given range > +.SH SYNOPSIS > +.nf > +.B #include > +.PP > +.BI "int close_range(int " first ", int " last ", unsigned int " flags ); Note, the kernel prototype uses unsigned int as the type for file descriptor arguments. As does the close() syscall itself. Only glibc wrappers expose file descriptor types (at least in close variants) as int. Since this is a manpage about the syscall not the wrapper it might make sense to note the correct types. > +.fi > +.SH DESCRIPTION > +The > +.BR close_range () > +system call closes all open file descriptors from > +.I first > +to > +.IR last > +(included). > +.PP > +Errors closing a given file descriptor are currently ignored. > +.PP > +.I flags > +can be set to > +.B CLOSE_RANGE_UNSHARE > +to unshare the range of file descriptors from any other processes, > +.I instead > +of closing them. As Michael has noted, this needs to be reworded. A few things to note: - CLOSE_RANGE_UNSHARE will ensure that the calling process will have a private file descriptor table. This ensures that other threads opening files cannot inject new file descriptors into the caller's file descriptor table to e.g. make the caller inherit unwanted file descriptors. - CLOSE_RANGE_UNSHARE is conceptually equivalent to: unshare(CLONE_FILES); close_range(3, ~0U); - Whenever the requested range @last is greater than the current maximum number of file descriptors allocated in the caller's file descriptor table the kernel will only unshare a new file descriptor table for the caller up to @first, i.e. the new file descriptor table will be 0 up to and including @first not 0 up to and including @last. Which means that the kernel will not have to do any costly filp_close() calls at all. In essence, the close_range() operation is finished after the in-kernel unshare call in such cases. Christian