[PATCH] SOCK_CLOEXEC for opening sockets
Andrew Luo
andrewluotechnologies at outlook.com
Wed Jul 11 06:35:38 UTC 2018
I agree, I wasn't aware of the other uses of ::socket in the libnet codebase. Thus, I've added a new common function, NET_SocketOpen that can be used by all the source files in libnet and revised my patch:
diff -r 95c0644a1c47 src/java.base/unix/native/libnet/Inet4AddressImpl.c
--- a/src/java.base/unix/native/libnet/Inet4AddressImpl.c Fri Jun 15 17:34:01 2018 -0700
+++ b/src/java.base/unix/native/libnet/Inet4AddressImpl.c Tue Jul 10 23:32:21 2018 -0700
@@ -264,7 +264,7 @@
int connect_rv = -1;
// open a TCP socket
- fd = socket(AF_INET, SOCK_STREAM, 0);
+ fd = NET_SocketOpen(AF_INET, SOCK_STREAM, 0);
if (fd == -1) {
// note: if you run out of fds, you may not be able to load
// the exception class, and get a NoClassDefFoundError instead.
@@ -503,7 +503,7 @@
// Let's try to create a RAW socket to send ICMP packets.
// This usually requires "root" privileges, so it's likely to fail.
- fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
+ fd = NET_SocketOpen(AF_INET, SOCK_RAW, IPPROTO_ICMP);
if (fd == -1) {
return tcp_ping4(env, &sa, netif, timeout, ttl);
} else {
diff -r 95c0644a1c47 src/java.base/unix/native/libnet/Inet6AddressImpl.c
--- a/src/java.base/unix/native/libnet/Inet6AddressImpl.c Fri Jun 15 17:34:01 2018 -0700
+++ b/src/java.base/unix/native/libnet/Inet6AddressImpl.c Tue Jul 10 23:32:21 2018 -0700
@@ -461,7 +461,7 @@
int connect_rv = -1;
// open a TCP socket
- fd = socket(AF_INET6, SOCK_STREAM, 0);
+ fd = NET_SocketOpen(AF_INET6, SOCK_STREAM, 0);
if (fd == -1) {
// note: if you run out of fds, you may not be able to load
// the exception class, and get a NoClassDefFoundError instead.
@@ -711,7 +711,7 @@
// Let's try to create a RAW socket to send ICMP packets.
// This usually requires "root" privileges, so it's likely to fail.
- fd = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
+ fd = NET_SocketOpen(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
if (fd == -1) {
return tcp_ping6(env, &sa, netif, timeout, ttl);
} else {
diff -r 95c0644a1c47 src/java.base/unix/native/libnet/NetworkInterface.c
--- a/src/java.base/unix/native/libnet/NetworkInterface.c Fri Jun 15 17:34:01 2018 -0700
+++ b/src/java.base/unix/native/libnet/NetworkInterface.c Tue Jul 10 23:32:21 2018 -0700
@@ -1055,7 +1055,7 @@
static int openSocket(JNIEnv *env, int proto) {
int sock;
- if ((sock = socket(proto, SOCK_DGRAM, 0)) < 0) {
+ if ((sock = NET_SocketOpen(proto, SOCK_DGRAM, 0)) < 0) {
// If EPROTONOSUPPORT is returned it means we don't have
// support for this proto so don't throw an exception.
if (errno != EPROTONOSUPPORT) {
@@ -1078,9 +1078,9 @@
static int openSocketWithFallback(JNIEnv *env, const char *ifname) {
int sock;
- if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+ if ((sock = NET_SocketOpen(AF_INET, SOCK_DGRAM, 0)) < 0) {
if (errno == EPROTONOSUPPORT) {
- if ((sock = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
+ if ((sock = NET_SocketOpen(AF_INET6, SOCK_DGRAM, 0)) < 0) {
JNU_ThrowByNameWithMessageAndLastError
(env, JNU_JAVANETPKG "SocketException", "IPV6 Socket creation failed");
return -1;
@@ -1315,9 +1315,9 @@
static int openSocketWithFallback(JNIEnv *env, const char *ifname) {
int sock;
- if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+ if ((sock = NET_SocketOpen(AF_INET, SOCK_DGRAM, 0)) < 0) {
if (errno == EPROTONOSUPPORT) {
- if ((sock = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
+ if ((sock = NET_SocketOpen(AF_INET6, SOCK_DGRAM, 0)) < 0) {
JNU_ThrowByNameWithMessageAndLastError
(env, JNU_JAVANETPKG "SocketException", "IPV6 Socket creation failed");
return -1;
@@ -1590,9 +1590,9 @@
int sock, alreadyV6 = 0;
struct lifreq if2;
- if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+ if ((sock = NET_SocketOpen(AF_INET, SOCK_DGRAM, 0)) < 0) {
if (errno == EPROTONOSUPPORT) {
- if ((sock = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
+ if ((sock = NET_SocketOpen(AF_INET6, SOCK_DGRAM, 0)) < 0) {
JNU_ThrowByNameWithMessageAndLastError
(env, JNU_JAVANETPKG "SocketException", "IPV6 Socket creation failed");
return -1;
@@ -1616,7 +1616,7 @@
strncpy(if2.lifr_name, ifname, sizeof(if2.lifr_name) - 1);
if (ioctl(sock, SIOCGLIFNETMASK, (char *)&if2) < 0) {
close(sock);
- if ((sock = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
+ if ((sock = NET_SocketOpen(AF_INET6, SOCK_DGRAM, 0)) < 0) {
JNU_ThrowByNameWithMessageAndLastError
(env, JNU_JAVANETPKG "SocketException", "IPV6 Socket creation failed");
return -1;
@@ -1941,9 +1941,9 @@
static int openSocketWithFallback(JNIEnv *env, const char *ifname) {
int sock;
- if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+ if ((sock = NET_SocketOpen(AF_INET, SOCK_DGRAM, 0)) < 0) {
if (errno == EPROTONOSUPPORT) {
- if ((sock = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
+ if ((sock = NET_SocketOpen(AF_INET6, SOCK_DGRAM, 0)) < 0) {
JNU_ThrowByNameWithMessageAndLastError
(env, JNU_JAVANETPKG "SocketException", "IPV6 Socket creation failed");
return -1;
diff -r 95c0644a1c47 src/java.base/unix/native/libnet/PlainSocketImpl.c
--- a/src/java.base/unix/native/libnet/PlainSocketImpl.c Fri Jun 15 17:34:01 2018 -0700
+++ b/src/java.base/unix/native/libnet/PlainSocketImpl.c Tue Jul 10 23:32:21 2018 -0700
@@ -178,7 +178,7 @@
return;
}
- if ((fd = socket(domain, type, 0)) == -1) {
+ if ((fd = NET_SocketOpen(domain, type, 0)) == -1) {
/* note: if you run out of fds, you may not be able to load
* the exception class, and get a NoClassDefFoundError
* instead.
diff -r 95c0644a1c47 src/java.base/unix/native/libnet/SdpSupport.c
--- a/src/java.base/unix/native/libnet/SdpSupport.c Fri Jun 15 17:34:01 2018 -0700
+++ b/src/java.base/unix/native/libnet/SdpSupport.c Tue Jul 10 23:32:21 2018 -0700
@@ -57,7 +57,7 @@
#if defined(__solaris__)
int domain = ipv6_available() ? AF_INET6 : AF_INET;
- s = socket(domain, SOCK_STREAM, PROTO_SDP);
+ s = NET_SocketOpen(domain, SOCK_STREAM, PROTO_SDP);
#elif defined(__linux__)
/**
* IPv6 not supported by SDP on Linux
@@ -66,7 +66,7 @@
JNU_ThrowIOException(env, "IPv6 not supported");
return -1;
}
- s = socket(AF_INET_SDP, SOCK_STREAM, 0);
+ s = NET_SocketOpen(AF_INET_SDP, SOCK_STREAM, 0);
#else
/* not supported on other platforms at this time */
s = -1;
diff -r 95c0644a1c47 src/java.base/unix/native/libnet/net_util_md.c
--- a/src/java.base/unix/native/libnet/net_util_md.c Fri Jun 15 17:34:01 2018 -0700
+++ b/src/java.base/unix/native/libnet/net_util_md.c Tue Jul 10 23:32:21 2018 -0700
@@ -117,6 +117,34 @@
return defaultIndex;
}
+/*
+ * Opens a socket
+ * On systems where supported, uses SOCK_CLOEXEC where possible
+ */
+int NET_SocketOpen(int domain, int type, int protocol) {
+#if defined(SOCK_CLOEXEC)
+ int typeToUse = type | SOCK_CLOEXEC;
+#else
+ int typeToUse = type;
+#endif
+
+ int socketFileDescriptor = socket(domain, typeToUse, protocol);
+#if defined(SOCK_CLOEXEC)
+ if ((socketFileDescriptor == -1) && (errno = EINVAL)) {
+ // Attempt to open the socket without SOCK_CLOEXEC
+ // May have been compiled on an OS with SOCK_CLOEXEC supported
+ // But runtime system might not have SOCK_CLOEXEC support
+ socketFileDescriptor = socket(domain, type, protocol);
+ }
+#else
+ // Best effort
+ // Return value is intentionally ignored since socket was successfully opened anyways
+ fcntl(socketFileDescriptor, F_SETFD, FD_CLOEXEC);
+#endif
+
+ return socketFileDescriptor;
+}
+
#define RESTARTABLE(_cmd, _result) do { \
do { \
_result = _cmd; \
@@ -295,7 +323,7 @@
SOCKETADDRESS sa;
socklen_t sa_len = sizeof(SOCKETADDRESS);
- fd = socket(AF_INET6, SOCK_STREAM, 0) ;
+ fd = NET_SocketOpen(AF_INET6, SOCK_STREAM, 0) ;
if (fd < 0) {
/*
* TODO: We really cant tell since it may be an unrelated error
@@ -402,7 +430,7 @@
/* Do a simple dummy call, and try to figure out from that */
int one = 1;
int rv, s;
- s = socket(PF_INET, SOCK_STREAM, 0);
+ s = NET_SocketOpen(PF_INET, SOCK_STREAM, 0);
if (s < 0) {
return JNI_FALSE;
}
diff -r 95c0644a1c47 src/java.base/unix/native/libnet/net_util_md.h
--- a/src/java.base/unix/native/libnet/net_util_md.h Fri Jun 15 17:34:01 2018 -0700
+++ b/src/java.base/unix/native/libnet/net_util_md.h Tue Jul 10 23:32:21 2018 -0700
@@ -89,6 +89,7 @@
int NET_Writev(int s, const struct iovec * vector, int count);
int NET_Connect(int s, struct sockaddr *addr, int addrlen);
int NET_Accept(int s, struct sockaddr *addr, socklen_t *addrlen);
+int NET_SocketOpen(int domain, int type, int protocol);
int NET_SocketClose(int s);
int NET_Dup2(int oldfd, int newfd);
int NET_Poll(struct pollfd *ufds, unsigned int nfds, int timeout);
From: Norman Maurer <norman.maurer at googlemail.com>
Sent: Tuesday, July 10, 2018 9:55 AM
To: Alan Bateman <Alan.Bateman at oracle.com>
Cc: Martin Buchholz <martinrb at google.com>; Andrew Luo <andrewluotechnologies at outlook.com>; net-dev at openjdk.java.net
Subject: Re: [PATCH] SOCK_CLOEXEC for opening sockets
+1 I think this makes a lot of sense
On 10. Jul 2018, at 17:54, Alan Bateman <Alan.Bateman at oracle.com<mailto:Alan.Bateman at oracle.com>> wrote:
On 10/07/2018 17:40, Martin Buchholz wrote:
I agree with this approach - it parallels the efforts made with O_CLOEXEC in past years.
According to
https://www.freebsd.org/cgi/man.cgi?query=socket&sektion=2
SOCK_CLOEXEC is also available on freebsd.
This is something that doesn't come up too often, I assume because most developers using ProcessBuilder/Process rather than invoking fork from native code.
If we are going to tackle this issue then it will require changes in several places, changing PlainSocketImpl.c is just one of several.
-Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/net-dev/attachments/20180711/d57b0fc6/attachment-0001.html>
More information about the net-dev
mailing list