unicorn Ruby/Rack server user+dev discussion/patches/pulls/bugs/help
 help / color / Atom feed
* [PATCH] Rescue failed pipe resizes due to permissions
@ 2019-05-03 22:20 sdemjanenko
  2019-05-03 22:53 ` Eric Wong
  0 siblings, 1 reply; 2+ messages in thread
From: sdemjanenko @ 2019-05-03 22:20 UTC (permalink / raw)
  To: unicorn-public; +Cc: Stephen Demjanenko

From: Stephen Demjanenko <sdemjanenko@gmail.com>

When running: ```
require 'kgio'
require 'raindrops'

F_SETPIPE_SZ = 1031 if RUBY_PLATFORM =~ /linux/

Kgio::Pipe.new.each do |io|
  io.close_on_exec = true
  if defined?(F_SETPIPE_SZ)
    begin
      puts "setting"
      io.fcntl(F_SETPIPE_SZ, Raindrops::PAGE_SIZE)
    rescue Errno::EINVAL
      puts "rescued"
    rescue => e
      puts ["FAILED HARD", e].inspect
    end
  end
end
```
on a few servers to test some Unicorn boot failures I saw:
```
["FAILED HARD", #<Errno::EPERM: Operation not permitted>]
```

The `EPERM` error gets raised by the Linux kernel if:
```
(too_many_pipe_buffers_hard(pipe->user) ||
too_many_pipe_buffers_soft(pipe->user)) &&
!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)
```

Given that the resize is not strictly necessary Unicorn should
rescue the error and continue booting.
---
 lib/unicorn.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/unicorn.rb b/lib/unicorn.rb
index 5f2134d..dd5dff4 100644
--- a/lib/unicorn.rb
+++ b/lib/unicorn.rb
@@ -123,6 +123,9 @@ def self.pipe # :nodoc:
           io.fcntl(F_SETPIPE_SZ, Raindrops::PAGE_SIZE)
         rescue Errno::EINVAL
           # old kernel
+        rescue Errno::EPERM
+          # resizes fail if Linux is close to the pipe limit for the user
+          # or if the user does not have permissions to resize
         end
       end
     end
-- 
2.7.4


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] Rescue failed pipe resizes due to permissions
  2019-05-03 22:20 [PATCH] Rescue failed pipe resizes due to permissions sdemjanenko
@ 2019-05-03 22:53 ` Eric Wong
  0 siblings, 0 replies; 2+ messages in thread
From: Eric Wong @ 2019-05-03 22:53 UTC (permalink / raw)
  To: Stephen Demjanenko; +Cc: unicorn-public

sdemjanenko@gmail.com wrote:

Thanks, patch looks good; though I'd like to confirm
some things below for the sake of documentation.

> The `EPERM` error gets raised by the Linux kernel if:
> ```
> (too_many_pipe_buffers_hard(pipe->user) ||
> too_many_pipe_buffers_soft(pipe->user)) &&
> !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)
> ```

Which kernel are you running?
Modern kernels prefix that condition with:

	if (nr_pages > pipe->buffers &&

Scanning kernel changes with `git log -p -L:pipe_set_size:fs/pipe.c',
I see that check was added in b0b91d18e2e97b741b294af9333824ecc3fadfd8
("pipe: fix limit checking in pipe_set_size()")
which was fixed in Linux v4.9+ and v3.16.57+

https://80x24.org/mirrors/linux.git/commit?id=b0b91d18e2e97b741b294af9333824ecc3fadfd8
https://lore.kernel.org/lkml/?q=s%3A%22fix+limit+checking+in+pipe_set_size%22

> Given that the resize is not strictly necessary Unicorn should
> rescue the error and continue booting.

Agreed.  Applied, tested and pushed to master as
commit 5c613c6ea98541df587193e861364c858a8a0abd
Thanks!

Will tag and release v5.5.1 in a day or two.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-03 22:20 [PATCH] Rescue failed pipe resizes due to permissions sdemjanenko
2019-05-03 22:53 ` Eric Wong

unicorn Ruby/Rack server user+dev discussion/patches/pulls/bugs/help

Archives are clonable:
	git clone --mirror https://bogomips.org/unicorn-public
	git clone --mirror http://ou63pmih66umazou.onion/unicorn-public

Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.lang.ruby.unicorn
	nntp://ou63pmih66umazou.onion/inbox.comp.lang.ruby.unicorn

 note: .onion URLs require Tor: https://www.torproject.org/

AGPL code for this site: git clone https://public-inbox.org/ public-inbox