1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #637 from grooverdan/5.5-galera

Browse Source 
MDEV-8743: use CLOEXEC to protect mariadb files from sst script touching
This commit is contained in:
Jan Lindström 2018-03-14 10:29:47 +02:00 committed by GitHub
commit 804a7e60d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 37 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/my_global.h
View File

@ -578,6 +578,12 @@ typedef SOCKET_SIZE_TYPE size_socket;
#ifndef O_NOFOLLOW #ifndef O_NOFOLLOW
#define O_NOFOLLOW 0 #define O_NOFOLLOW 0
#endif #endif
#ifndef O_CLOEXEC
#define O_CLOEXEC 0
#endif
#ifndef SOCK_CLOEXEC
#define SOCK_CLOEXEC 0
#endif
/* additional file share flags for win32 */ /* additional file share flags for win32 */
#ifdef __WIN__ #ifdef __WIN__

2
mysys/my_symlink.c
View File

@ -236,7 +236,7 @@ const char *my_open_parent_dir_nosymlinks(const char *pathname, int *pdfd)
return pathname + (s - buf); return pathname + (s - buf);
} }
fd = openat(dfd, s, O_NOFOLLOW | O_PATH); fd = openat(dfd, s, O_NOFOLLOW | O_PATH | O_CLOEXEC);
if (fd < 0) if (fd < 0)
goto err; goto err;

8
sql/log.cc
View File

@ -2466,7 +2466,7 @@ bool MYSQL_LOG::open(
File file= -1; File file= -1;
my_off_t seek_offset; my_off_t seek_offset;
bool is_fifo = false; bool is_fifo = false;
int open_flags= O_CREAT | O_BINARY; int open_flags= O_CREAT | O_BINARY | O_CLOEXEC;
DBUG_ENTER("MYSQL_LOG::open"); DBUG_ENTER("MYSQL_LOG::open");
DBUG_PRINT("enter", ("log_type: %d", (int) log_type_arg)); DBUG_PRINT("enter", ("log_type: %d", (int) log_type_arg));
@ -3088,7 +3088,7 @@ bool MYSQL_BIN_LOG::open_index_file(const char *index_file_name_arg,
".index", opt); ".index", opt);
if ((index_file_nr= mysql_file_open(m_key_file_log_index, if ((index_file_nr= mysql_file_open(m_key_file_log_index,
index_file_name, index_file_name,
O_RDWR | O_CREAT | O_BINARY, O_RDWR | O_CREAT | O_BINARY | O_CLOEXEC,
MYF(MY_WME))) < 0 || MYF(MY_WME))) < 0 ||
mysql_file_sync(index_file_nr, MYF(MY_WME)) || mysql_file_sync(index_file_nr, MYF(MY_WME)) ||
init_io_cache(&index_file, index_file_nr, init_io_cache(&index_file, index_file_nr,
@ -7045,14 +7045,14 @@ int TC_LOG_MMAP::open(const char *opt_name)
DBUG_ASSERT(TC_LOG_PAGE_SIZE % tc_log_page_size == 0); DBUG_ASSERT(TC_LOG_PAGE_SIZE % tc_log_page_size == 0);
fn_format(logname,opt_name,mysql_data_home,"",MY_UNPACK_FILENAME); fn_format(logname,opt_name,mysql_data_home,"",MY_UNPACK_FILENAME);
if ((fd= mysql_file_open(key_file_tclog, logname, O_RDWR, MYF(0))) < 0) if ((fd= mysql_file_open(key_file_tclog, logname, O_RDWR | O_CLOEXEC, MYF(0))) < 0)
{ {
if (my_errno != ENOENT) if (my_errno != ENOENT)
goto err; goto err;
if (using_heuristic_recover()) if (using_heuristic_recover())
return 1; return 1;
if ((fd= mysql_file_create(key_file_tclog, logname, CREATE_MODE, if ((fd= mysql_file_create(key_file_tclog, logname, CREATE_MODE,
O_RDWR, MYF(MY_WME))) < 0) O_RDWR | O_CLOEXEC, MYF(MY_WME))) < 0)
goto err; goto err;
inited=1; inited=1;
file_length= opt_tc_log_size; file_length= opt_tc_log_size;

4
storage/innobase/handler/ha_innodb.cc
View File

@ -1410,8 +1410,12 @@ innobase_mysql_tmpfile(void)
fd2 = -1; fd2 = -1;
} }
} }
#else
#ifdef F_DUPFD_CLOEXEC
fd2 = fcntl(fd, F_DUPFD_CLOEXEC, 0);
#else #else
fd2 = dup(fd); fd2 = dup(fd);
#endif
#endif #endif
if (fd2 < 0) { if (fd2 < 0) {
DBUG_PRINT("error",("Got error %d on dup",fd2)); DBUG_PRINT("error",("Got error %d on dup",fd2));

6
storage/innobase/os/os0file.c
View File

@ -1184,10 +1184,10 @@ try_again:
} }
if (create_mode == OS_FILE_CREATE) { if (create_mode == OS_FILE_CREATE) {
file = open(name, create_flag, S_IRUSR | S_IWUSR file = open(name, create_flag | O_CLOEXEC, S_IRUSR | S_IWUSR
| S_IRGRP | S_IWGRP); | S_IRGRP | S_IWGRP);
} else { } else {
file = open(name, create_flag); file = open(name, create_flag | O_CLOEXEC);
} }
if (file == -1) { if (file == -1) {
@ -1631,7 +1631,7 @@ try_again:
} }
#endif /* O_SYNC */ #endif /* O_SYNC */
file = open(name, create_flag, os_innodb_umask); file = open(name, create_flag | O_CLOEXEC, os_innodb_umask);
if (file == -1) { if (file == -1) {
*success = FALSE; *success = FALSE;

2
storage/maria/ma_control_file.c
View File

@ -273,7 +273,7 @@ CONTROL_FILE_ERROR ma_control_file_open(my_bool create_if_missing,
" file is probably in use by another process"; " file is probably in use by another process";
uint new_cf_create_time_size, new_cf_changeable_size, new_block_size; uint new_cf_create_time_size, new_cf_changeable_size, new_block_size;
my_off_t file_size; my_off_t file_size;
int open_flags= O_BINARY | /*O_DIRECT |*/ O_RDWR; int open_flags= O_BINARY | /*O_DIRECT |*/ O_RDWR | O_CLOEXEC;
int error= CONTROL_FILE_UNKNOWN_ERROR; int error= CONTROL_FILE_UNKNOWN_ERROR;
DBUG_ENTER("ma_control_file_open"); DBUG_ENTER("ma_control_file_open");

6
storage/maria/ma_loghandler.c
View File

@ -942,7 +942,7 @@ static File create_logfile_by_number_no_cache(uint32 file_no)
/* TODO: add O_DIRECT to open flags (when buffer is aligned) */ /* TODO: add O_DIRECT to open flags (when buffer is aligned) */
if ((file= mysql_file_create(key_file_translog, if ((file= mysql_file_create(key_file_translog,
translog_filename_by_fileno(file_no, path), translog_filename_by_fileno(file_no, path),
0, O_BINARY | O_RDWR, MYF(MY_WME))) < 0) 0, O_BINARY | O_RDWR | O_CLOEXEC, MYF(MY_WME))) < 0)
{ {
DBUG_PRINT("error", ("Error %d during creating file '%s'", errno, path)); DBUG_PRINT("error", ("Error %d during creating file '%s'", errno, path));
translog_stop_writing(); translog_stop_writing();
@ -979,7 +979,7 @@ static File open_logfile_by_number_no_cache(uint32 file_no)
/* TODO: use mysql_file_create() */ /* TODO: use mysql_file_create() */
if ((file= mysql_file_open(key_file_translog, if ((file= mysql_file_open(key_file_translog,
translog_filename_by_fileno(file_no, path), translog_filename_by_fileno(file_no, path),
log_descriptor.open_flags, log_descriptor.open_flags | O_CLOEXEC,
MYF(MY_WME))) < 0) MYF(MY_WME))) < 0)
{ {
DBUG_PRINT("error", ("Error %d during opening file '%s'", errno, path)); DBUG_PRINT("error", ("Error %d during opening file '%s'", errno, path));
@ -3263,7 +3263,7 @@ static my_bool translog_get_last_page_addr(TRANSLOG_ADDRESS *addr,
File fd; File fd;
if ((fd= mysql_file_open(key_file_translog, if ((fd= mysql_file_open(key_file_translog,
translog_filename_by_fileno(file_no, path), translog_filename_by_fileno(file_no, path),
O_RDONLY, (no_errors ? MYF(0) : MYF(MY_WME)))) < 0) O_RDONLY | O_CLOEXEC, (no_errors ? MYF(0) : MYF(MY_WME)))) < 0)
{ {
my_errno= errno; my_errno= errno;
DBUG_PRINT("error", ("Error %d during opening file #%d", DBUG_PRINT("error", ("Error %d during opening file #%d",

8
storage/maria/ma_open.c
View File

@ -314,13 +314,13 @@ MARIA_HA *maria_open(const char *name, int mode, uint open_flags)
}); });
DEBUG_SYNC_C("mi_open_kfile"); DEBUG_SYNC_C("mi_open_kfile");
if ((kfile=mysql_file_open(key_file_kfile, name_buff, if ((kfile=mysql_file_open(key_file_kfile, name_buff,
(open_mode=O_RDWR) | O_SHARE | O_NOFOLLOW, (open_mode=O_RDWR) | O_SHARE | O_NOFOLLOW | O_CLOEXEC,
MYF(MY_NOSYMLINKS))) < 0) MYF(MY_NOSYMLINKS))) < 0)
{ {
if ((errno != EROFS && errno != EACCES) || if ((errno != EROFS && errno != EACCES) ||
mode != O_RDONLY || mode != O_RDONLY ||
(kfile=mysql_file_open(key_file_kfile, name_buff, (kfile=mysql_file_open(key_file_kfile, name_buff,
(open_mode=O_RDONLY) | O_SHARE | O_NOFOLLOW, (open_mode=O_RDONLY) | O_SHARE | O_NOFOLLOW | O_CLOEXEC,
MYF(MY_NOSYMLINKS))) < 0) MYF(MY_NOSYMLINKS))) < 0)
goto err; goto err;
} }
@ -1885,7 +1885,7 @@ int _ma_open_datafile(MARIA_HA *info, MARIA_SHARE *share)
DEBUG_SYNC_C("mi_open_datafile"); DEBUG_SYNC_C("mi_open_datafile");
info->dfile.file= share->bitmap.file.file= info->dfile.file= share->bitmap.file.file=
mysql_file_open(key_file_dfile, share->data_file_name.str, mysql_file_open(key_file_dfile, share->data_file_name.str,
share->mode | O_SHARE, MYF(flags)); share->mode | O_SHARE | O_CLOEXEC, MYF(flags));
return info->dfile.file >= 0 ? 0 : 1; return info->dfile.file >= 0 ? 0 : 1;
} }
@ -1899,7 +1899,7 @@ int _ma_open_keyfile(MARIA_SHARE *share)
mysql_mutex_lock(&share->intern_lock); mysql_mutex_lock(&share->intern_lock);
share->kfile.file= mysql_file_open(key_file_kfile, share->kfile.file= mysql_file_open(key_file_kfile,
share->unique_file_name.str, share->unique_file_name.str,
share->mode | O_SHARE | O_NOFOLLOW, share->mode | O_SHARE | O_NOFOLLOW | O_CLOEXEC,
MYF(MY_WME | MY_NOSYMLINKS)); MYF(MY_WME | MY_NOSYMLINKS));
mysql_mutex_unlock(&share->intern_lock); mysql_mutex_unlock(&share->intern_lock);
return (share->kfile.file < 0); return (share->kfile.file < 0);

8
storage/myisam/mi_open.c
View File

@ -117,13 +117,13 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
DEBUG_SYNC_C("mi_open_kfile"); DEBUG_SYNC_C("mi_open_kfile");
if ((kfile= mysql_file_open(mi_key_file_kfile, name_buff, if ((kfile= mysql_file_open(mi_key_file_kfile, name_buff,
(open_mode= O_RDWR) | O_SHARE | O_NOFOLLOW, (open_mode= O_RDWR) | O_SHARE | O_NOFOLLOW | O_CLOEXEC,
MYF(MY_NOSYMLINKS))) < 0) MYF(MY_NOSYMLINKS))) < 0)
{ {
if ((errno != EROFS && errno != EACCES) || if ((errno != EROFS && errno != EACCES) ||
mode != O_RDONLY || mode != O_RDONLY ||
(kfile= mysql_file_open(mi_key_file_kfile, name_buff, (kfile= mysql_file_open(mi_key_file_kfile, name_buff,
(open_mode= O_RDONLY) | O_SHARE| O_NOFOLLOW, (open_mode= O_RDONLY) | O_SHARE| O_NOFOLLOW | O_CLOEXEC,
MYF(MY_NOSYMLINKS))) < 0) MYF(MY_NOSYMLINKS))) < 0)
goto err; goto err;
} }
@ -1249,7 +1249,7 @@ int mi_open_datafile(MI_INFO *info, MYISAM_SHARE *share)
myf flags= MY_WME | (share->mode & O_NOFOLLOW ? MY_NOSYMLINKS: 0); myf flags= MY_WME | (share->mode & O_NOFOLLOW ? MY_NOSYMLINKS: 0);
DEBUG_SYNC_C("mi_open_datafile"); DEBUG_SYNC_C("mi_open_datafile");
info->dfile= mysql_file_open(mi_key_file_dfile, share->data_file_name, info->dfile= mysql_file_open(mi_key_file_dfile, share->data_file_name,
share->mode | O_SHARE, MYF(flags)); share->mode | O_SHARE | O_CLOEXEC, MYF(flags));
return info->dfile >= 0 ? 0 : 1; return info->dfile >= 0 ? 0 : 1;
} }
@ -1258,7 +1258,7 @@ int mi_open_keyfile(MYISAM_SHARE *share)
{ {
if ((share->kfile= mysql_file_open(mi_key_file_kfile, if ((share->kfile= mysql_file_open(mi_key_file_kfile,
share->unique_file_name, share->unique_file_name,
share->mode | O_SHARE | O_NOFOLLOW, share->mode | O_SHARE | O_NOFOLLOW | O_CLOEXEC,
MYF(MY_NOSYMLINKS | MY_WME))) < 0) MYF(MY_NOSYMLINKS | MY_WME))) < 0)
return 1; return 1;
return 0; return 0;

4
storage/xtradb/handler/ha_innodb.cc
View File

@ -1677,8 +1677,12 @@ innobase_mysql_tmpfile(void)
fd2 = -1; fd2 = -1;
} }
} }
#else
#ifdef F_DUPFD_CLOEXEC
fd2 = fcntl(fd, F_DUPFD_CLOEXEC, 0);
#else #else
fd2 = dup(fd); fd2 = dup(fd);
#endif
#endif #endif
if (fd2 < 0) { if (fd2 < 0) {
DBUG_PRINT("error",("Got error %d on dup",fd2)); DBUG_PRINT("error",("Got error %d on dup",fd2));

6
storage/xtradb/os/os0file.c
View File

@ -1286,10 +1286,10 @@ try_again:
} }
if (create_mode == OS_FILE_CREATE) { if (create_mode == OS_FILE_CREATE) {
file = open(name, create_flag, S_IRUSR | S_IWUSR file = open(name, create_flag | O_CLOEXEC, S_IRUSR | S_IWUSR
| S_IRGRP | S_IWGRP); | S_IRGRP | S_IWGRP);
} else { } else {
file = open(name, create_flag); file = open(name, create_flag | O_CLOEXEC);
} }
if (file == -1) { if (file == -1) {
@ -1752,7 +1752,7 @@ try_again:
} }
#endif /* O_SYNC */ #endif /* O_SYNC */
file = open(name, create_flag, os_innodb_umask); file = open(name, create_flag | O_CLOEXEC, os_innodb_umask);
if (file == -1) { if (file == -1) {
*success = FALSE; *success = FALSE;