Message ID | 6d4271e2e0b05ae2728cba1d890e77cac50cf8f0.1372777600.git.ydroneaud@opteya.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
On 07/02/2013 12:39 PM, Yann Droneaud wrote: > Macro get_unused_fd() is used to allocate a file descriptor with > default flags. Those default flags (0) can be "unsafe": > O_CLOEXEC must be used by default to not leak file descriptor > across exec(). > > Instead of macro get_unused_fd(), functions anon_inode_getfd() > or get_unused_fd_flags() should be used with flags given by userspace. > If not possible, flags should be set to O_CLOEXEC to provide userspace > with a default safe behavor. > > In a further patch, get_unused_fd() will be removed so that > new code start using anon_inode_getfd() or get_unused_fd_flags() > with correct flags. > > This patch replaces calls to get_unused_fd() with equivalent call to > get_unused_fd_flags(0) to preserve current behavor for existing code. > > The hard coded flag value (0) should be reviewed on a per-subsystem basis, > and, if possible, set to O_CLOEXEC. > > Signed-off-by: Yann Droneaud <ydroneaud@opteya.com> Acked-by: Vlad Yasevich <vyasevich@gmail.com> -vlad > --- > net/sctp/socket.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/sctp/socket.c b/net/sctp/socket.c > index 66fcdcf..caa5919 100644 > --- a/net/sctp/socket.c > +++ b/net/sctp/socket.c > @@ -4320,7 +4320,7 @@ static int sctp_getsockopt_peeloff(struct sock *sk, int len, char __user *optval > goto out; > > /* Map the socket to an unused fd that can be returned to the user. */ > - retval = get_unused_fd(); > + retval = get_unused_fd_flags(0); > if (retval < 0) { > sock_release(newsock); > goto out; > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Vlad Yasevich <vyasevich@gmail.com> Date: Tue, 02 Jul 2013 13:50:32 -0400 > On 07/02/2013 12:39 PM, Yann Droneaud wrote: >> Macro get_unused_fd() is used to allocate a file descriptor with >> default flags. Those default flags (0) can be "unsafe": >> O_CLOEXEC must be used by default to not leak file descriptor >> across exec(). >> >> Instead of macro get_unused_fd(), functions anon_inode_getfd() >> or get_unused_fd_flags() should be used with flags given by userspace. >> If not possible, flags should be set to O_CLOEXEC to provide userspace >> with a default safe behavor. >> >> In a further patch, get_unused_fd() will be removed so that >> new code start using anon_inode_getfd() or get_unused_fd_flags() >> with correct flags. >> >> This patch replaces calls to get_unused_fd() with equivalent call to >> get_unused_fd_flags(0) to preserve current behavor for existing code. >> >> The hard coded flag value (0) should be reviewed on a per-subsystem >> basis, >> and, if possible, set to O_CLOEXEC. >> >> Signed-off-by: Yann Droneaud <ydroneaud@opteya.com> > > Acked-by: Vlad Yasevich <vyasevich@gmail.com> Applied to net-next, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 66fcdcf..caa5919 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4320,7 +4320,7 @@ static int sctp_getsockopt_peeloff(struct sock *sk, int len, char __user *optval goto out; /* Map the socket to an unused fd that can be returned to the user. */ - retval = get_unused_fd(); + retval = get_unused_fd_flags(0); if (retval < 0) { sock_release(newsock); goto out;
Macro get_unused_fd() is used to allocate a file descriptor with default flags. Those default flags (0) can be "unsafe": O_CLOEXEC must be used by default to not leak file descriptor across exec(). Instead of macro get_unused_fd(), functions anon_inode_getfd() or get_unused_fd_flags() should be used with flags given by userspace. If not possible, flags should be set to O_CLOEXEC to provide userspace with a default safe behavor. In a further patch, get_unused_fd() will be removed so that new code start using anon_inode_getfd() or get_unused_fd_flags() with correct flags. This patch replaces calls to get_unused_fd() with equivalent call to get_unused_fd_flags(0) to preserve current behavor for existing code. The hard coded flag value (0) should be reviewed on a per-subsystem basis, and, if possible, set to O_CLOEXEC. Signed-off-by: Yann Droneaud <ydroneaud@opteya.com> --- net/sctp/socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)