From fc3040cd59851326bc024e3f082b217b7d10b2ad Mon Sep 17 00:00:00 2001 From: Bastian Triller Date: Thu, 11 Sep 2025 08:32:03 +0200 Subject: [PATCH 1/3] tests/valgrind: Check for leaking file descriptors Let valgrind track fds to catch unclosed file descriptors. That would have catched bug in #5722. --- tests/acceptance/testall | 2 +- tests/valgrind-check/valgrind.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/acceptance/testall b/tests/acceptance/testall index adc73a6c9d..be3274b91b 100755 --- a/tests/acceptance/testall +++ b/tests/acceptance/testall @@ -109,7 +109,7 @@ DIFF=${DIFF:-} ; export DIFF LIBTOOL=${LIBTOOL:-} ; export LIBTOOL INCLUDE_IN_WORKDIR=${INCLUDE_IN_WORKDIR:-} ; export INCLUDE_IN_WORKDIR -VALGRIND_OPTS="${VALGRIND_OPTS:---leak-check=full --show-reachable=yes --suppressions=valgrind-suppressions}" +VALGRIND_OPTS="${VALGRIND_OPTS:---leak-check=full --show-reachable=yes --suppressions=valgrind-suppressions --track-fds=yes}" export VALGRIND_OPTS export MAKEFLAGS diff --git a/tests/valgrind-check/valgrind.sh b/tests/valgrind-check/valgrind.sh index 34716fec64..211e13f57e 100644 --- a/tests/valgrind-check/valgrind.sh +++ b/tests/valgrind-check/valgrind.sh @@ -86,7 +86,7 @@ make install /var/cfengine/bin/cf-agent --version -VG_OPTS="--leak-check=full --track-origins=yes --error-exitcode=1" +VG_OPTS="--leak-check=full --track-origins=yes --error-exitcode=1 --track-fds=yes" BOOTSTRAP_IP="127.0.0.1" valgrind $VG_OPTS /var/cfengine/bin/cf-key 2>&1 | tee cf-key.txt From 8b65cb5291cd267c64df488a8e8f1668b6917548 Mon Sep 17 00:00:00 2001 From: Lars Erik Wik Date: Fri, 12 Sep 2025 12:46:55 +0200 Subject: [PATCH 2/3] Fixed file descriptor leak when creating the am_policy_hub file Changelog: Title Signed-off-by: Lars Erik Wik --- libpromises/bootstrap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libpromises/bootstrap.c b/libpromises/bootstrap.c index 58e40fdccc..e79a92294a 100644 --- a/libpromises/bootstrap.c +++ b/libpromises/bootstrap.c @@ -215,12 +215,14 @@ bool WriteAmPolicyHubFile(bool am_policy_hub) { if (!GetAmPolicyHub()) { - if (creat(filename, 0600) == -1) + int fd = creat(filename, 0600); + if (fd == -1) { Log(LOG_LEVEL_ERR, "Error writing marker file '%s'", filename); free(filename); return false; } + close(fd); } } else From 47e87a4b0ccf80b6ca1ff19ea811d2b84210115f Mon Sep 17 00:00:00 2001 From: Lars Erik Wik Date: Thu, 25 Sep 2025 14:46:06 +0200 Subject: [PATCH 3/3] Silence file descriptor leak in liblmdb Signed-off-by: Lars Erik Wik --- .github/workflows/valgrind.sh | 2 +- tests/valgrind-check/valgrind.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/valgrind.sh b/.github/workflows/valgrind.sh index 73e7a48dd0..8481c16567 100644 --- a/.github/workflows/valgrind.sh +++ b/.github/workflows/valgrind.sh @@ -140,7 +140,7 @@ check_output promises.txt # Some of the databases have strings containing "error" # which check_output greps for. echo "Running cf-check dump:" -valgrind $VG_OPTS /var/cfengine/bin/cf-check dump 2>&1 | grep -E '\s*[{}"]' --invert-match | tee cf_check_dump.txt +valgrind $VG_OPTS --trace-children-skip='*/liblmdb.so*' /var/cfengine/bin/cf-check dump 2>&1 | grep -E '\s*[{}"]' --invert-match | tee cf_check_dump.txt check_output cf_check_dump.txt echo "Running cf-check diagnose on all databases" diff --git a/tests/valgrind-check/valgrind.sh b/tests/valgrind-check/valgrind.sh index 211e13f57e..4c75005b61 100644 --- a/tests/valgrind-check/valgrind.sh +++ b/tests/valgrind-check/valgrind.sh @@ -157,7 +157,7 @@ check_valgrind_output promises.txt # Some of the databases have strings containing "error" # which check_valgrind_output greps for. echo "Running cf-check dump:" -valgrind $VG_OPTS /var/cfengine/bin/cf-check dump 2>&1 | grep -E '\s*[{}"]' --invert-match | tee cf_check_dump.txt +valgrind $VG_OPTS --trace-children-skip='*/liblmdb.so*' /var/cfengine/bin/cf-check dump 2>&1 | grep -E '\s*[{}"]' --invert-match | tee cf_check_dump.txt check_valgrind_output cf_check_dump.txt echo "Running cf-check diagnose on all databases"