From a85cd674d2976f15f0528f35dfb61bde6f4040b1 Mon Sep 17 00:00:00 2001 From: Mikhail Kot Date: Fri, 20 Jun 2025 12:21:59 +0100 Subject: [PATCH] NO_CLOSE_RANGE macro for old glibc/kernel builds --- pgxn/neon_walredo/walredoproc.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/pgxn/neon_walredo/walredoproc.c b/pgxn/neon_walredo/walredoproc.c index a1be498573..01c91eb644 100644 --- a/pgxn/neon_walredo/walredoproc.c +++ b/pgxn/neon_walredo/walredoproc.c @@ -159,17 +159,21 @@ static XLogReaderState *reader_state; * If the Linux uAPI headers don't define the system call number, * fail the build deliberately rather than ifdef'ing it to ENOSYS. * We prefer a compile time over a runtime error for walredo. + * + * If, however, we need to build on old systems for development, e.g. Ubuntu 20 + * with glibc 2.31, provide a NO_CLOSE_RANGE macro for suboptimal implementation */ #include #include #include +#ifdef __NR_close_range static int close_range_syscall(unsigned int start_fd, unsigned int count, unsigned int flags) { return syscall(__NR_close_range, start_fd, count, flags); } - +#endif static PgSeccompRule allowed_syscalls[] = { @@ -213,10 +217,24 @@ enter_seccomp_mode(void) * it potentially leaked to us, _before_ we start processing potentially dangerous * wal records. See the comment in the Rust code that launches this process. */ +#ifdef __NR_close_range if (close_range_syscall(3, ~0U, 0) != 0) ereport(FATAL, (errcode(ERRCODE_SYSTEM_ERROR), errmsg("seccomp: could not close files >= fd 3"))); +#else +#ifdef NO_CLOSE_RANGE +// close_range can return EINVAL (not our case, as start_fd and end_fd are hardcoded. +// It doesn't return any other erorrs if CLOSE_RANGE_UNSHARE is set (it isn't in our case) +// So we don't report any errors +#warning "__NR_close_range unavailable, using suboptimal implementation" + int fd; + for (fd = 3; fd <= INT_MAX; ++fd) + close(fd); +#else +#error "__NR_close_range syscall not defined, NO_CLOSE_RANGE not defined either" +#endif +#endif #ifdef MALLOC_NO_MMAP /* Ask glibc not to use mmap() */