svn commit: r194262 - in head: include lib/libc/sys sys/compat/freebsd32 sys/kern tools/regression/file/closefrom

[Robert Watson]

On Tue, 16 Jun 2009, Kostik Belousov wrote:

>>   Note that this implementation of closefrom(2) does not make any effort to
>>   resolve userland races with open(2) in other threads.  As such, it is not
>>   multithread safe.
> ...
>> +	FILEDESC_SLOCK(fdp);
>> +	for (fd = uap->lowfd; fd < fdp->fd_nfiles; fd++) {
>> +		if (fdp->fd_ofiles[fd] != NULL) {
>> +			FILEDESC_SUNLOCK(fdp);
>> +			(void)kern_close(td, fd);
>> +			FILEDESC_SLOCK(fdp);
>> +		}
>> +	}
>> +	FILEDESC_SUNLOCK(fdp);
>
> Just curious why this was not implemented in userspace ? Audit + fd_nfiles, 
> perhaps ?
>
> I am sorry, but somebody would ask this question anyway, so why not me ?

Actually close(2) from userspace has better audit properties, since you get 
per-fd close information as part of the trail (at least, today).  The Solaris 
closefrom(3) uses procfs to decide what file descriptors are open in order to 
avoid additional syscalls, as I recall, and we'd need some similar 
optimization to make closefrom(3) in userspace make any sense.  Apart from the 
audit properties, the current approach seems fairly reasonable, though, and 
has the best performance properties (which is actually useful, since we 
currently do a lot of closing of unopened file descriptors on execve(2)).

Robert N M Watson
Computer Laboratory
University of Cambridge