From 68ca6d2e1971372617f920e71a4a51e16900095e Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 4 Jan 2018 13:20:37 -0500 Subject: [PATCH 1/2] Don't treat a setrlimit failure as fatal. Fixes bug 21074; bugfix on 4689243242e2e12 in 0.0.9rc5 when we started doing setrlimit() in the first place. --- changes/bug21074_downgrade | 4 ++++ src/common/compat.c | 14 +++++++------- 2 files changed, 11 insertions(+), 7 deletions(-) create mode 100644 changes/bug21074_downgrade diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade new file mode 100644 index 000000000..c9f81bd13 --- /dev/null +++ b/changes/bug21074_downgrade @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Don't exit the Tor process if setrlimit() fails to change the file + limit (which can happen sometimes on some versions of OSX). Fixes + bug 21074; bugfix on 0.0.9pre5. diff --git a/src/common/compat.c b/src/common/compat.c index e16dfb1d2..a88e9b514 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1651,7 +1651,7 @@ get_max_sockets(void) * fail by returning -1 and max_out is untouched. * * If we are unable to set the limit value because of setrlimit() failing, - * return -1 and max_out is set to the current maximum value returned + * return 0 and max_out is set to the current maximum value returned * by getrlimit(). * * Otherwise, return 0 and store the maximum we found inside max_out @@ -1716,13 +1716,14 @@ set_max_file_descriptors(rlim_t limit, int *max_out) rlim.rlim_cur = rlim.rlim_max; if (setrlimit(RLIMIT_NOFILE, &rlim) != 0) { - int bad = 1; + int couldnt_set = 1; + const int setrlimit_errno = errno; #ifdef OPEN_MAX uint64_t try_limit = OPEN_MAX - ULIMIT_BUFFER; if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) { /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is * full of nasty lies. I'm looking at you, OSX 10.5.... */ - rlim.rlim_cur = try_limit; + rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur); if (setrlimit(RLIMIT_NOFILE, &rlim) == 0) { if (rlim.rlim_cur < (rlim_t)limit) { log_warn(LD_CONFIG, "We are limited to %lu file descriptors by " @@ -1737,14 +1738,13 @@ set_max_file_descriptors(rlim_t limit, int *max_out) (unsigned long)try_limit, (unsigned long)OPEN_MAX, (unsigned long)rlim.rlim_max); } - bad = 0; + couldnt_set = 0; } } #endif /* OPEN_MAX */ - if (bad) { + if (couldnt_set) { log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s", - strerror(errno)); - return -1; + strerror(setrlimit_errno)); } } /* leave some overhead for logs, etc, */ From 0bfd5a659777688798722a20f894797a4f4b54f0 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 17 Jan 2018 09:06:32 -0500 Subject: [PATCH 2/2] Add a cast to avoid a signed/unsigned comparison --- src/common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/compat.c b/src/common/compat.c index a88e9b514..4ac443c13 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1723,7 +1723,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out) if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) { /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is * full of nasty lies. I'm looking at you, OSX 10.5.... */ - rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur); + rlim.rlim_cur = MIN((rlim_t) try_limit, rlim.rlim_cur); if (setrlimit(RLIMIT_NOFILE, &rlim) == 0) { if (rlim.rlim_cur < (rlim_t)limit) { log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "