From: Ian Campbell Date: Wed, 2 Dec 2015 16:21:41 +0000 (+0000) Subject: tools/libs/*: Use O_CLOEXEC on Linux and FreeBSD X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~1875 X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/%22bookmarks://%22Dat/%22http:/www.example.com/cgi/%22https:/%22bookmarks:/%22Dat?a=commitdiff_plain;h=0831774c8188584e2a48a7c8070d56ba744ca279;p=xen.git tools/libs/*: Use O_CLOEXEC on Linux and FreeBSD In some cases this replaces an FD_CLOEXEC dance, in others it is new. Linux has had O_CLOEXEC since 2.6.23 (October 2007), so we can rely on it from Xen 4.7 I think. Some libc headers may still lack the definition, so we take care of that if need be by defining to 0 (on the premise that such an old glibc might barf on O_CLOEXEC even if the kernel may or may not be so old). All stable versions of FreeBSD support O_CLOEXEC (10.2, 9.3 and 8.4), and we assume the libc there does too. Remove various comments about having to take responsibility for this (since really it is just hygiene, politeness, not a requirement) and the reasons for using O_CLOEXEC seem pretty straightforward. Backends for other OSes are untouched. Signed-off-by: Ian Campbell Acked-by: Roger Pau Monné Acked-by: Wei Liu Cc: Roger.Pau@citrix.com Cc: jbeulich@suse.com --- diff --git a/tools/libs/call/freebsd.c b/tools/libs/call/freebsd.c index 2413966452..b3cbccd774 100644 --- a/tools/libs/call/freebsd.c +++ b/tools/libs/call/freebsd.c @@ -35,8 +35,14 @@ int osdep_xencall_open(xencall_handle *xcall) { - int flags, saved_errno; - int fd = open(PRIVCMD_DEV, O_RDWR); + int saved_errno; + int fd = open(PRIVCMD_DEV, O_RDWR|O_CLOEXEC); + + /* + * This file descriptor is opaque to the caller, thus we are + * polite and try and ensure it doesn't propagate (ie leak) + * outside the process, by using O_CLOEXEC. + */ if ( fd == -1 ) { @@ -45,26 +51,6 @@ int osdep_xencall_open(xencall_handle *xcall) return -1; } - /* - * Although we return the file handle as the 'xc handle' the API - * does not specify / guarentee that this integer is in fact - * a file handle. Thus we must take responsiblity to ensure - * it doesn't propagate (ie leak) outside the process. - */ - if ( (flags = fcntl(fd, F_GETFD)) < 0 ) - { - PERROR("Could not get file handle flags"); - goto error; - } - - flags |= FD_CLOEXEC; - - if ( fcntl(fd, F_SETFD, flags) < 0 ) - { - PERROR("Could not set file handle flags"); - goto error; - } - xcall->fd = fd; return 0; diff --git a/tools/libs/call/linux.c b/tools/libs/call/linux.c index 651f380cb1..e8e03111ab 100644 --- a/tools/libs/call/linux.c +++ b/tools/libs/call/linux.c @@ -26,15 +26,23 @@ #include "private.h" +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + int osdep_xencall_open(xencall_handle *xcall) { - int flags, saved_errno; - int fd = open("/dev/xen/privcmd", O_RDWR); /* prefer this newer interface */ + int fd; + + /* + * Prefer the newer interface. + */ + fd = open("/dev/xen/privcmd", O_RDWR|O_CLOEXEC); if ( fd == -1 && ( errno == ENOENT || errno == ENXIO || errno == ENODEV )) { /* Fallback to /proc/xen/privcmd */ - fd = open("/proc/xen/privcmd", O_RDWR); + fd = open("/proc/xen/privcmd", O_RDWR|O_CLOEXEC); } if ( fd == -1 ) @@ -43,32 +51,8 @@ int osdep_xencall_open(xencall_handle *xcall) return -1; } - /* Although we return the file handle as the 'xc handle' the API - does not specify / guarentee that this integer is in fact - a file handle. Thus we must take responsiblity to ensure - it doesn't propagate (ie leak) outside the process */ - if ( (flags = fcntl(fd, F_GETFD)) < 0 ) - { - PERROR("Could not get file handle flags"); - goto error; - } - - flags |= FD_CLOEXEC; - - if ( fcntl(fd, F_SETFD, flags) < 0 ) - { - PERROR("Could not set file handle flags"); - goto error; - } - xcall->fd = fd; return 0; - - error: - saved_errno = errno; - close(fd); - errno = saved_errno; - return -1; } int osdep_xencall_close(xencall_handle *xcall) diff --git a/tools/libs/evtchn/freebsd.c b/tools/libs/evtchn/freebsd.c index 6479f7c173..ddf221dd8b 100644 --- a/tools/libs/evtchn/freebsd.c +++ b/tools/libs/evtchn/freebsd.c @@ -32,7 +32,7 @@ int osdep_evtchn_open(xenevtchn_handle *xce) { - int fd = open(EVTCHN_DEV, O_RDWR); + int fd = open(EVTCHN_DEV, O_RDWR|O_CLOEXEC); if ( fd == -1 ) return -1; xce->fd = fd; diff --git a/tools/libs/evtchn/linux.c b/tools/libs/evtchn/linux.c index 76cf0acf88..0a3c6e12c6 100644 --- a/tools/libs/evtchn/linux.c +++ b/tools/libs/evtchn/linux.c @@ -28,9 +28,13 @@ #include "private.h" +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + int osdep_evtchn_open(xenevtchn_handle *xce) { - int fd = open("/dev/xen/evtchn", O_RDWR); + int fd = open("/dev/xen/evtchn", O_RDWR|O_CLOEXEC); if ( fd == -1 ) return -1; xce->fd = fd; diff --git a/tools/libs/foreignmemory/freebsd.c b/tools/libs/foreignmemory/freebsd.c index 38138dcfed..7bf393993d 100644 --- a/tools/libs/foreignmemory/freebsd.c +++ b/tools/libs/foreignmemory/freebsd.c @@ -33,8 +33,8 @@ int osdep_xenforeignmemory_open(xenforeignmemory_handle *fmem) { - int flags, saved_errno; - int fd = open(PRIVCMD_DEV, O_RDWR); + int saved_errno; + int fd = open(PRIVCMD_DEV, O_RDWR|O_CLOEXEC); if ( fd == -1 ) { @@ -43,26 +43,6 @@ int osdep_xenforeignmemory_open(xenforeignmemory_handle *fmem) return -1; } - /* - * Although we return the file handle as the 'xc handle' the API - * does not specify / guarentee that this integer is in fact - * a file handle. Thus we must take responsiblity to ensure - * it doesn't propagate (ie leak) outside the process. - */ - if ( (flags = fcntl(fd, F_GETFD)) < 0 ) - { - PERROR("Could not get file handle flags"); - goto error; - } - - flags |= FD_CLOEXEC; - - if ( fcntl(fd, F_SETFD, flags) < 0 ) - { - PERROR("Could not set file handle flags"); - goto error; - } - fmem->fd = fd; return 0; diff --git a/tools/libs/foreignmemory/linux.c b/tools/libs/foreignmemory/linux.c index 32b6defa1b..423c7441bc 100644 --- a/tools/libs/foreignmemory/linux.c +++ b/tools/libs/foreignmemory/linux.c @@ -30,15 +30,21 @@ #define ROUNDUP(_x,_w) (((unsigned long)(_x)+(1UL<<(_w))-1) & ~((1UL<<(_w))-1)) +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + int osdep_xenforeignmemory_open(xenforeignmemory_handle *fmem) { - int flags, saved_errno; - int fd = open("/dev/xen/privcmd", O_RDWR); /* prefer this newer interface */ + int fd; + + /* prefer this newer interface */ + fd = open("/dev/xen/privcmd", O_RDWR|O_CLOEXEC); if ( fd == -1 && ( errno == ENOENT || errno == ENXIO || errno == ENODEV )) { /* Fallback to /proc/xen/privcmd */ - fd = open("/proc/xen/privcmd", O_RDWR); + fd = open("/proc/xen/privcmd", O_RDWR|O_CLOEXEC); } if ( fd == -1 ) @@ -47,32 +53,8 @@ int osdep_xenforeignmemory_open(xenforeignmemory_handle *fmem) return -1; } - /* Although we return the file handle as the 'xc handle' the API - does not specify / guarentee that this integer is in fact - a file handle. Thus we must take responsiblity to ensure - it doesn't propagate (ie leak) outside the process */ - if ( (flags = fcntl(fd, F_GETFD)) < 0 ) - { - PERROR("Could not get file handle flags"); - goto error; - } - - flags |= FD_CLOEXEC; - - if ( fcntl(fd, F_SETFD, flags) < 0 ) - { - PERROR("Could not set file handle flags"); - goto error; - } - fmem->fd = fd; return 0; - - error: - saved_errno = errno; - close(fd); - errno = saved_errno; - return -1; } int osdep_xenforeignmemory_close(xenforeignmemory_handle *fmem) diff --git a/tools/libs/gnttab/linux.c b/tools/libs/gnttab/linux.c index be04295304..7b0fba46e6 100644 --- a/tools/libs/gnttab/linux.c +++ b/tools/libs/gnttab/linux.c @@ -43,9 +43,13 @@ #define PAGE_SIZE (1UL << PAGE_SHIFT) #define PAGE_MASK (~(PAGE_SIZE-1)) +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + int osdep_gnttab_open(xengnttab_handle *xgt) { - int fd = open(DEVXEN "gntdev", O_RDWR); + int fd = open(DEVXEN "gntdev", O_RDWR|O_CLOEXEC); if ( fd == -1 ) return -1; xgt->fd = fd;