Failing to close the stderr pipe in verify_signed_buffer() causes git to run out of file descriptors if there are many calls to verify_signed_buffer(). An easy way to trigger this is to run git log --show-signature --merges | grep "key" on the linux kernel git repo. Eventually it will fail with error: cannot create pipe for gpg: Too many open files error: could not run gpg. Close the stderr pipe so that this can't happen. Signed-off-by: Stephen Boyd <sboyd@xxxxxxxxxxxxxx> --- gpg-interface.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gpg-interface.c b/gpg-interface.c index 0863c61..2c0bed3 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -133,6 +133,8 @@ int verify_signed_buffer(const char *payload, size_t payload_size, if (gpg_output) strbuf_read(gpg_output, gpg.err, 0); ret = finish_command(&gpg); + if (gpg_output) + close(gpg.err); unlink_or_warn(path); -- The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, hosted by The Linux Foundation -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html