From aba250710a90254819cc8b86d6e5b912570bd9fb Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Aug 15 2022 12:50:44 +0000 Subject: Backport an upstream patch to fix an FD leak (rhbz#2109145) --- diff --git a/0001-gmain-close-pidfd-when-finalizing-GChildWatchSource.patch b/0001-gmain-close-pidfd-when-finalizing-GChildWatchSource.patch new file mode 100644 index 0000000..8ca96f2 --- /dev/null +++ b/0001-gmain-close-pidfd-when-finalizing-GChildWatchSource.patch @@ -0,0 +1,40 @@ +From b62745fe8e1699473f87caff328ac2c6ce394c55 Mon Sep 17 00:00:00 2001 +From: Christian Hergert +Date: Tue, 2 Aug 2022 12:35:40 -0700 +Subject: [PATCH] gmain: close pidfd when finalizing GChildWatchSource + +A file-descriptor was created with the introduction of pidfd_getfd() but +nothing is closing it when the source finalizes. The GChildWatchSource is +the creator and consumer of this FD and therefore responsible for closing +it on finalization. + +The pidfd leak was introduced in !2408. + +This fixes issues with Builder where anon_inode:[pidfd] exhaust the +available FD limit for the process. + +Fixes #2708 +--- + glib/gmain.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/glib/gmain.c b/glib/gmain.c +index a6f9b168e..dba5f40e4 100644 +--- a/glib/gmain.c ++++ b/glib/gmain.c +@@ -5804,7 +5804,11 @@ g_child_watch_finalize (GSource *source) + GChildWatchSource *child_watch_source = (GChildWatchSource *) source; + + if (child_watch_source->using_pidfd) +- return; ++ { ++ if (child_watch_source->poll.fd >= 0) ++ close (child_watch_source->poll.fd); ++ return; ++ } + + G_LOCK (unix_signal_lock); + unix_child_watches = g_slist_remove (unix_child_watches, source); +-- +2.37.1 + diff --git a/glib2.spec b/glib2.spec index 6e11ba6..37c18fd 100644 --- a/glib2.spec +++ b/glib2.spec @@ -23,6 +23,10 @@ Patch2: 2840.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2838 Patch3: 2838.patch +# Backported from upstream +# https://bugzilla.redhat.com/show_bug.cgi?id=2109145 +Patch4: 0001-gmain-close-pidfd-when-finalizing-GChildWatchSource.patch + BuildRequires: gcc BuildRequires: gcc-c++ BuildRequires: gettext