-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
libct/system: ClearRlimitNofileCache for go 1.23
Go 1.23 tightens access to internal symbols, and even puts runc into "hall of shame" for using an internal symbol (recently added by commit da68c8e). So, while not impossible, it becomes harder to access those internal symbols, and it is a bad idea in general. Since Go 1.23 includes https://go.dev/cl/588076, we can clean the internal rlimit cache by setting the RLIMIT_NOFILE for ourselves, essentially disabling the rlimit cache. Once Go 1.22 is no longer supported, we will remove the go:linkname hack. Signed-off-by: Kir Kolyshkin <[email protected]>
- Loading branch information
Showing
4 changed files
with
54 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
//go:build go1.23 | ||
|
||
package system | ||
|
||
import ( | ||
"syscall" | ||
) | ||
|
||
// CleanRlimitNofileCache sets RLIMIT_NOFILE for the current process. This is | ||
// not needed per se, but rather to clean the origRlimitNofile cache in Go. | ||
// | ||
// The implementation relies on go.dev/cl/588076. | ||
func ClearRlimitNofileCache(lim *syscall.Rlimit) { | ||
// Ignore the return values since we only need to clean the cache, | ||
// the limit is going to be set via unix.Prlimit elsewhere. | ||
_ = syscall.Setrlimit(syscall.RLIMIT_NOFILE, lim) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
//go:build !go1.23 | ||
|
||
// TODO: remove this file once go 1.22 is no longer supported. | ||
|
||
package system | ||
|
||
import ( | ||
"sync/atomic" | ||
"syscall" | ||
_ "unsafe" // Needed for go:linkname to work. | ||
) | ||
|
||
//go:linkname syscallOrigRlimitNofile syscall.origRlimitNofile | ||
var syscallOrigRlimitNofile atomic.Pointer[syscall.Rlimit] | ||
|
||
// ClearRlimitNofileCache clears go runtime's nofile rlimit cache. | ||
// The argument is process RLIMIT_NOFILE values. | ||
func ClearRlimitNofileCache(_ *syscall.Rlimit) { | ||
// As reported in issue #4195, the new version of go runtime(since 1.19) | ||
// will cache rlimit-nofile. Before executing execve, the rlimit-nofile | ||
// of the process will be restored with the cache. In runc, this will | ||
// cause the rlimit-nofile setting by the parent process for the container | ||
// to become invalid. It can be solved by clearing this cache. But | ||
// unfortunately, go stdlib doesn't provide such function, so we need to | ||
// link to the private var `origRlimitNofile` in package syscall to hack. | ||
syscallOrigRlimitNofile.Store(nil) | ||
} |