pasta: Add fallback timer mechanism to check if namespace is gone

We don't know how frequently this happens, but hitting
fs.inotify.max_user_watches or similar sysctl limits is definitely
not out of question, and Paul mentioned that, for example, Podman's
CI environments hit similar issues in the past.

Introduce a fallback mechanism based on a timer file descriptor: we
grab the directory handle at startup, and we can then use openat(),
triggered periodically, to check if the (network) namespace directory
still exists. If openat() fails at some point, exit.

Link: https://github.com/containers/podman/pull/21563#issuecomment-1943505707
Reported-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

1 files changed, 5 insertions, 1 deletions

diff --git a/passt.h b/passt.h
index a9e8f15..fb729b6 100644
--- a/passt.h
+++ b/passt.h
@@ -64,7 +64,9 @@ enum epoll_type {
 	/* ICMPv6 sockets */
 	EPOLL_TYPE_ICMPV6,
 	/* inotify fd watching for end of netns (pasta) */
-	EPOLL_TYPE_NSQUIT,
+	EPOLL_TYPE_NSQUIT_INOTIFY,
+	/* timer fd watching for end of netns, fallback for inotify (pasta) */
+	EPOLL_TYPE_NSQUIT_TIMER,
 	/* tuntap character device */
 	EPOLL_TYPE_TAP_PASTA,
 	/* socket connected to qemu  */
@@ -84,6 +86,7 @@ enum epoll_type {
  * @udp:	UDP-specific reference part
  * @icmp:	ICMP-specific reference part
  * @data:	Data handled by protocol handlers
+ * @nsdir_fd:	netns dirfd for fallback timer checking if namespace is gone
  * @u64:	Opaque reference for epoll_ctl() and epoll_wait()
  */
 union epoll_ref {
@@ -99,6 +102,7 @@ union epoll_ref {
 			union udp_epoll_ref udp;
 			union icmp_epoll_ref icmp;
 			uint32_t data;
+			int nsdir_fd;
 		};
 	};
 	uint64_t u64;