Add unit test to check for broker FD leak

sandbox/linux/services/broker_process_unittest.cc

Index: sandbox/linux/services/broker_process_unittest.cc
diff --git a/sandbox/linux/services/broker_process_unittest.cc b/sandbox/linux/services/broker_process_unittest.cc
index 7f1a685fe11cbac269e0157e7a0c6825756d3f44..1c77c36ff02316400a65c5fa8a0503bee527d69f 100644
--- a/sandbox/linux/services/broker_process_unittest.cc
+++ b/sandbox/linux/services/broker_process_unittest.cc
@@ -21,6 +21,7 @@
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/posix/eintr_wrapper.h"
+#include "base/posix/unix_domain_socket_linux.h"
 #include "sandbox/linux/tests/test_utils.h"
 #include "sandbox/linux/tests/unit_tests.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -434,4 +435,38 @@ TEST(BrokerProcess, OpenComplexFlagsNoClientCheck) {
   // expected.
 }
 
+// We need to allow noise because the broker will log when it receives our
+// bogus IPCs.
+SANDBOX_TEST_ALLOW_NOISE(BrokerProcess, RecvMsgDescriptorLeak) {
+  // Find the lowest available file descriptor currently.
+  const int min_fd = dup(STDIN_FILENO);

[jln (very slow on Chromium), 2014/04/09 02:25:47]

Maybe just create a pipe or open cpuinfo instead? stdin could become problematic
if we do something funky to it in an extension of the test.

[jln (very slow on Chromium), 2014/04/09 02:25:47]

While dup(2) will always give you the smallest fd available, it's not guaranteed
to equal the number of fds in use.

I don't think it's out of question that because of the complexity of the test
framework, a number of file descriptors get open and then closed before this
runs.

Unfortunately I think you may have no choice but count the number of entries in
/proc/self/fd/. You could also binary search this between 0 and
sysconf(OPEN_MAX) by trying to dup() a fd.

[jln (very slow on Chromium), 2014/04/09 02:32:09]

I meant "by setting soft rlimit and trying to dup() a fd". Or you could just
start at 0 and increment since the number is almost certainly very small.

[mdempsky, 2014/04/09 23:29:40]

Changed to use pipes.

[mdempsky, 2014/04/09 23:29:40]

True.  I've reworked this to be more robust about the process having sparsely
allocated file descriptors.  Instead of using dup(0) and assuming the next
couple should be free too, it allocates two pipes and then closes them again.

I don't think I need to check for how many files are actually in use currently
because RLIMIT_NOFILE doesn't limit the number of open file descriptors a
process can have, it just limits the highest value of a new descriptor.  E.g.,
if I have 100 descriptors but none of them are <10, RLIMIT_NOFILE will still
allow me to allocate 10 more file descriptors.

So since there aren't any other threads, allocating three extra fds and then
setting RLIMIT_NOFILE to 1 greater than the largest of them ensures I'll still
be able to allocate those three.

I added a comment to help explain this, but let me know if you think more
details would be helpful.

+  SANDBOX_ASSERT(min_fd >= 0);
+  SANDBOX_ASSERT(0 == IGNORE_EINTR(close(min_fd)));
+
+  // Lower our file descriptor limit to just above the current limit so we can

[jln (very slow on Chromium), 2014/04/09 02:25:47]

You mean just above the current usage I think?

+  // test for descriptor leaks easier.
+  const unsigned kExtraFiles = 8;
+  const struct rlimit new_rlim = {min_fd + kExtraFiles, min_fd + kExtraFiles};
+  SANDBOX_ASSERT(0 == setrlimit(RLIMIT_NOFILE, &new_rlim));
+
+  const char kCpuInfo[] = "/proc/cpuinfo";
+  std::vector<std::string> read_whitelist;
+  read_whitelist.push_back(kCpuInfo);
+
+  BrokerProcess open_broker(EPERM, read_whitelist, std::vector<std::string>());
+  SANDBOX_ASSERT(open_broker.Init(base::Bind(&NoOpCallback)));
+
+  static const char kBogus[] = "not a pickle";
+  const std::vector<int> fds(1, STDIN_FILENO);
+
+  for (unsigned i = 0; i < kExtraFiles; ++i) {
+    SANDBOX_ASSERT(UnixDomainSocket::SendMsg(
+        open_broker.ipc_socketpair(), kBogus, sizeof(kBogus), fds));
+  }
+
+  const int fd = open_broker.Open(kCpuInfo, O_RDONLY);
+  SANDBOX_ASSERT(fd >= 0);
+  SANDBOX_ASSERT(0 == IGNORE_EINTR(close(fd)));
+}
+
 }  // namespace sandbox