Re: [PATCH 1/2] kvm: use anon_inode_getfd() with O_CLOEXEC flag
Il 24/08/2013 22:14, Yann Droneaud ha scritto: KVM uses anon_inode_get() to allocate file descriptors as part of some of its ioctls. But those ioctls are lacking a flag argument allowing userspace to choose options for the newly opened file descriptor. In such case it's advised to use O_CLOEXEC by default so that userspace is allowed to choose, without race, if the file descriptor is going to be inherited across exec(). This patch set O_CLOEXEC flag on all file descriptors created with anon_inode_getfd() to not leak file descriptors across exec(). Signed-off-by: Yann Droneaud ydrone...@opteya.com Link: http://lkml.kernel.org/r/cover.1377372576.git.ydrone...@opteya.com Reviewed-by: Paolo Bonzini pbonz...@redhat.com --- virt/kvm/kvm_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 89f74d1..d65cc0c 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -1896,7 +1896,7 @@ static struct file_operations kvm_vcpu_fops = { */ static int create_vcpu_fd(struct kvm_vcpu *vcpu) { - return anon_inode_getfd(kvm-vcpu, kvm_vcpu_fops, vcpu, O_RDWR); + return anon_inode_getfd(kvm-vcpu, kvm_vcpu_fops, vcpu, O_RDWR | O_CLOEXEC); } /* @@ -2306,7 +2306,7 @@ static int kvm_ioctl_create_device(struct kvm *kvm, return ret; } - ret = anon_inode_getfd(ops-name, kvm_device_fops, dev, O_RDWR); + ret = anon_inode_getfd(ops-name, kvm_device_fops, dev, O_RDWR | O_CLOEXEC); if (ret 0) { ops-destroy(dev); return ret; @@ -2590,7 +2590,7 @@ static int kvm_dev_ioctl_create_vm(unsigned long type) return r; } #endif - r = anon_inode_getfd(kvm-vm, kvm_vm_fops, kvm, O_RDWR); + r = anon_inode_getfd(kvm-vm, kvm_vm_fops, kvm, O_RDWR | O_CLOEXEC); if (r 0) kvm_put_kvm(kvm); -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/2] kvm: use anon_inode_getfd() with O_CLOEXEC flag
KVM uses anon_inode_get() to allocate file descriptors as part of some of its ioctls. But those ioctls are lacking a flag argument allowing userspace to choose options for the newly opened file descriptor. In such case it's advised to use O_CLOEXEC by default so that userspace is allowed to choose, without race, if the file descriptor is going to be inherited across exec(). This patch set O_CLOEXEC flag on all file descriptors created with anon_inode_getfd() to not leak file descriptors across exec(). Signed-off-by: Yann Droneaud ydrone...@opteya.com Link: http://lkml.kernel.org/r/cover.1377372576.git.ydrone...@opteya.com --- virt/kvm/kvm_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 89f74d1..d65cc0c 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -1896,7 +1896,7 @@ static struct file_operations kvm_vcpu_fops = { */ static int create_vcpu_fd(struct kvm_vcpu *vcpu) { - return anon_inode_getfd(kvm-vcpu, kvm_vcpu_fops, vcpu, O_RDWR); + return anon_inode_getfd(kvm-vcpu, kvm_vcpu_fops, vcpu, O_RDWR | O_CLOEXEC); } /* @@ -2306,7 +2306,7 @@ static int kvm_ioctl_create_device(struct kvm *kvm, return ret; } - ret = anon_inode_getfd(ops-name, kvm_device_fops, dev, O_RDWR); + ret = anon_inode_getfd(ops-name, kvm_device_fops, dev, O_RDWR | O_CLOEXEC); if (ret 0) { ops-destroy(dev); return ret; @@ -2590,7 +2590,7 @@ static int kvm_dev_ioctl_create_vm(unsigned long type) return r; } #endif - r = anon_inode_getfd(kvm-vm, kvm_vm_fops, kvm, O_RDWR); + r = anon_inode_getfd(kvm-vm, kvm_vm_fops, kvm, O_RDWR | O_CLOEXEC); if (r 0) kvm_put_kvm(kvm); -- 1.8.3.1 -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html