1. 30 Jul, 2018 2 commits
    • Daniel Drake's avatar
      Add check_cloexec_fds debug command · 49d8ff38
      Daniel Drake authored
      Add a debug command (to be executed manually via Alt+F2) to check
      that all of gnome-shell's file descriptors have the CLOEXEC flag set.
      This is important so that internal file descriptors do not get passed
      to apps when they are launched.
      It prints a warning message for every fd that does not have the flag set.
      fdwalk() is used from the standard library if available (it is not
      available in glibc), otherwise we use the same implementation as glib
      has internally.
    • Daniel Drake's avatar
      shell-app: remove child_setup from app launching · 4b522a02
      Daniel Drake authored
      When the amount of free memory on the system is somewhat low, gnome-shell
      will sometimes fail to launch apps, reporting the error:
        fork(): Cannot allocate memory
      fork() is failing here because while cloning the process virtual address
      space, Linux worries that the thread being forked may end up COWing the
      entire address space of the parent process (gnome-shell, which is
      memory-hungry), and there is not enough free memory to permit that to
      happen. This check is somewhat irrelevant because we are only forking
      to immediately exec(), which will discard the whole virtual address
      space anyway.
      This issue can be avoided by using a new optimized gspawn codepath in
      the latest glib development version, which uses posix_spawn() internally.
      For the optimized codepath to be used, we must not pass a child_setup
      function, so the the file descriptor management is reimplemented here
      using new glib API to pass fds to the child process. The old API will
      continue to be used on older glib versions.
      We must also change the spawn flags for this code path to be hit.
      I checked that gnome-shell's open file descriptors are all CLOEXEC
      so using G_SPAWN_LEAVE_DESCRIPTORS_OPEN should be safe.
      This will result in more resilient app launching when memory is low,
      since the optimized spawn path avoids cloning the virtual address
      space of the parent process (gnome-shell) and avoids the irrelevant
      memory overcommit check.
  2. 19 Jul, 2017 1 commit