This is an archive of the discontinued LLVM Phabricator instance.

Differential D120453

[libc++] Fix double file closing in `std::filesystem::remove_all()`.
ClosedPublic

Authored by var-const on Feb 23 2022, 9:13 PM.

Details

Reviewers
ldionne
Group Reviewers
Restricted Project
Commits
rG3906ebf750b8: [libc++] Fix double file closing in `std::filesystem::remove_all()`.
Summary

According to Linux documentation (see e.g. https://linux.die.net/man/3/closedir):

A successful call to closedir() also closes the underlying file
descriptor associated with dirp.

Thus, calling close() after a successful call to closedir() is at
best redundant. Worse, should a different thread open a file in-between
the calls to closedir() and close() and get the same file descriptor,
the call to close() might actually close a different file than was
intended:

// Thread 1.
int fd = ::openat(AT_FDCWD, "foo", O_DIRECTORY);

DIR* stream = ::fdopendir(fd);
int result = ::closedir(stream);
assert(result == 0); // `fd` is now closed.

{
  // Thread 2.
  int fd2 = ::openat(AT_FDCWD, "BAR", O_DIRECTORY);
  assert(fd2 == fd); // Quite possible.
}

// Thread 1.
result = ::close(fd);
assert(result == 0);
// The call to `close` succeeds but closes a different file ("BAR",
// which was never opened by this function).

rdar://89251874

Diff Detail

Event Timeline

var-const created this revision.Feb 23 2022, 9:13 PM
Herald added a subscriber: wenlei. · View Herald TranscriptFeb 23 2022, 9:13 PM
var-const requested review of this revision.Feb 23 2022, 9:13 PM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 23 2022, 9:13 PM
Herald added a reviewer: Restricted Project. · View Herald Transcript
Herald added a subscriber: libcxx-commits. · View Herald Transcript
var-const added a reviewer: ldionne.Feb 23 2022, 9:13 PM

According to Linux documentation [...]

I couldn't see the same note in BSD documentation but it works the same in practice.

var-const added a comment.Feb 23 2022, 9:19 PM

More detailed demonstration: https://godbolt.org/z/cMzjvh93x

var-const added a comment.Feb 23 2022, 9:20 PM

I'm not sure if it's possible to test this -- please let me know if I'm missing something.

Harbormaster completed remote builds in B151188: Diff 411002.Feb 23 2022, 10:28 PM
var-const edited the summary of this revision. (Show Details)Feb 24 2022, 1:54 AM
var-const edited the summary of this revision. (Show Details)
ldionne accepted this revision.Feb 28 2022, 9:55 AM

LGTM, thanks for fixing this. I'll land this on main and cherry-pick to release/14.x because I think it's important to fix this bug.

This revision is now accepted and ready to land.Feb 28 2022, 9:55 AM
This revision was landed with ongoing or failed builds.Feb 28 2022, 9:57 AM
Closed by commit rG3906ebf750b8: [libc++] Fix double file closing in `std::filesystem::remove_all()`. (authored by var-const, committed by ldionne). · Explain Why
This revision was automatically updated to reflect the committed changes.
ldionne added a commit: rG3906ebf750b8: [libc++] Fix double file closing in `std::filesystem::remove_all()`..

Revision Contents

PathSize
libcxx/
src/
filesystem/
4 lines

Diff 411830

libcxx/src/filesystem/operations.cpp

Show First 20 LinesShow All 1,410 Lines▼ Show 20 Lines
uintmax_t remove_all_impl(int parent_directory, const path& p, error_code& ec) { uintmax_t remove_all_impl(int parent_directory, const path& p, error_code& ec) {
// First, try to open the path as a directory. // First, try to open the path as a directory.
const int options = O_CLOEXEC | O_RDONLY | O_DIRECTORY | O_NOFOLLOW; const int options = O_CLOEXEC | O_RDONLY | O_DIRECTORY | O_NOFOLLOW;
int fd = ::openat(parent_directory, p.c_str(), options); int fd = ::openat(parent_directory, p.c_str(), options);
if (fd != -1) { if (fd != -1) {
// If that worked, iterate over the contents of the directory and // If that worked, iterate over the contents of the directory and
// remove everything in it, recursively. // remove everything in it, recursively.
scope_exit close_fd([=] { ::close(fd); });
DIR* stream = ::fdopendir(fd); DIR* stream = ::fdopendir(fd);
if (stream == nullptr) { if (stream == nullptr) {
::close(fd);
ec = detail::capture_errno(); ec = detail::capture_errno();
return 0; return 0;
} }
// Note: `::closedir` will also close the associated file descriptor, so
// there should be no call to `close(fd)`.
scope_exit close_stream([=] { ::closedir(stream); }); scope_exit close_stream([=] { ::closedir(stream); });
uintmax_t count = 0; uintmax_t count = 0;
while (true) { while (true) {
auto [str, type] = detail::posix_readdir(stream, ec); auto [str, type] = detail::posix_readdir(stream, ec);
static_assert(std::is_same_v<decltype(str), std::string_view>); static_assert(std::is_same_v<decltype(str), std::string_view>);
if (str == "." || str == "..") { if (str == "." || str == "..") {
continue; continue;
▲ Show 20 LinesShow All 668 LinesShow Last 20 Lines