From d79fe162c009788888faaf0317253b6f0cac7092 Mon Sep 17 00:00:00 2001
From: Kevin Buettner <kevinb@redhat.com>
Date: Thu, 23 Apr 2020 17:05:34 -0400
Subject: [SV 58232] Disable inheritance of jobserver FDs for recursive make
A parent make will invoke a sub-make with close-on-exec disabled for
the jobserver pipe FDs. Force close-on-exec to be to be enabled in
the sub-make so the pipe is not always passed to child jobs.
I have a test case which, when invoked with a suitable -j switch,
will hang if the recipe inherits the jobserver pipe. This test case
was inspired by a real world case in which testing GDB on Fedora
would hang due to some poorly written test GDB cases having been
passed the jobserver file descriptors.
* src/posixos.c (jobserver_parse_auth): Call fd_noinherit() for
jobserver pipe descriptors.
Copyright-paperwork-exempt: yes
diff --git a/src/posixos.c b/src/posixos.c
index 525f292c..eab175a4 100644
--- a/src/posixos.c
+++ b/src/posixos.c
@@ -145,6 +145,11 @@ jobserver_parse_auth (const char *auth)
/* When using pselect() we want the read to be non-blocking. */
set_blocking (job_fds[0], 0);
+ /* By default we don't send the job pipe FDs to our children.
+ See jobserver_pre_child() and jobserver_post_child(). */
+ fd_noinherit (job_fds[0]);
+ fd_noinherit (job_fds[1]);
+
return 1;
}