[XEN,v8,26/29] tools/libs/*: Use O_CLOEXEC on Linux and FreeBSD

Commit Message

Ian Campbell Jan. 15, 2016, 1:23 p.m. UTC

In some cases this replaces an FD_CLOEXEC dance, in others it is new.

Linux has had O_CLOEXEC since 2.6.23 (October 2007), so we can rely on
it from Xen 4.7 I think. Some libc headers may still lack the
definition, so we take care of that if need be by defining to 0 (on
the premise that such an old glibc might barf on O_CLOEXEC even if the
kernel may or may not be so old).

All stable versions of FreeBSD support O_CLOEXEC (10.2, 9.3 and 8.4),
and we assume the libc there does too.

Remove various comments about having to take responsibility for this
(since really it is just hygiene, politeness, not a requirement) and
the reasons for using O_CLOEXEC seem pretty straightforward.

Backends for other OSes are untouched.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Roger Pau Monné <roger.pau@citrix.com>
Cc: Roger.Pau@citrix.com
Cc: jbeulich@suse.com
---
v6: New

v7: New, replaces "tools/libs/call: Use O_CLOEXEC when opening
    /dev/xen/privcmd on Linux"

v8: Define compat O_CLOEXEC of 0.
---
 tools/libs/call/freebsd.c          | 30 ++++++++----------------------
 tools/libs/call/linux.c            | 38 +++++++++++---------------------------
 tools/libs/evtchn/freebsd.c        |  2 +-
 tools/libs/evtchn/linux.c          |  6 +++++-
 tools/libs/foreignmemory/freebsd.c | 24 ++----------------------
 tools/libs/foreignmemory/linux.c   | 36 +++++++++---------------------------
 tools/libs/gnttab/linux.c          |  6 +++++-
 7 files changed, 41 insertions(+), 101 deletions(-)

Comments

Wei Liu Jan. 19, 2016, 1:24 p.m. UTC | #1

On Fri, Jan 15, 2016 at 01:23:05PM +0000, Ian Campbell wrote:
> In some cases this replaces an FD_CLOEXEC dance, in others it is new.
> 
> Linux has had O_CLOEXEC since 2.6.23 (October 2007), so we can rely on
> it from Xen 4.7 I think. Some libc headers may still lack the
> definition, so we take care of that if need be by defining to 0 (on
> the premise that such an old glibc might barf on O_CLOEXEC even if the
> kernel may or may not be so old).
> 
> All stable versions of FreeBSD support O_CLOEXEC (10.2, 9.3 and 8.4),
> and we assume the libc there does too.
> 
> Remove various comments about having to take responsibility for this
> (since really it is just hygiene, politeness, not a requirement) and
> the reasons for using O_CLOEXEC seem pretty straightforward.
> 
> Backends for other OSes are untouched.
> 
> Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
> Acked-by: Roger Pau Monné <roger.pau@citrix.com>

Acked-by: Wei Liu <wei.liu2@citrix.com>

Patch

diff --git a/tools/libs/call/freebsd.c b/tools/libs/call/freebsd.c
index 2413966..b3cbccd 100644
--- a/tools/libs/call/freebsd.c
+++ b/tools/libs/call/freebsd.c
@@ -35,8 +35,14 @@ 
 
 int osdep_xencall_open(xencall_handle *xcall)
 {
-    int flags, saved_errno;
-    int fd = open(PRIVCMD_DEV, O_RDWR);
+    int saved_errno;
+    int fd = open(PRIVCMD_DEV, O_RDWR|O_CLOEXEC);
+
+    /*
+     * This file descriptor is opaque to the caller, thus we are
+     * polite and try and ensure it doesn't propagate (ie leak)
+     * outside the process, by using O_CLOEXEC.
+     */
 
     if ( fd == -1 )
     {
@@ -45,26 +51,6 @@  int osdep_xencall_open(xencall_handle *xcall)
         return -1;
     }
 
-    /*
-     * Although we return the file handle as the 'xc handle' the API
-     * does not specify / guarentee that this integer is in fact
-     * a file handle. Thus we must take responsiblity to ensure
-     * it doesn't propagate (ie leak) outside the process.
-     */
-    if ( (flags = fcntl(fd, F_GETFD)) < 0 )
-    {
-        PERROR("Could not get file handle flags");
-        goto error;
-    }
-
-    flags |= FD_CLOEXEC;
-
-    if ( fcntl(fd, F_SETFD, flags) < 0 )
-    {
-        PERROR("Could not set file handle flags");
-        goto error;
-    }
-
     xcall->fd = fd;
     return 0;
 
diff --git a/tools/libs/call/linux.c b/tools/libs/call/linux.c
index 651f380..e8e0311 100644
--- a/tools/libs/call/linux.c
+++ b/tools/libs/call/linux.c
@@ -26,15 +26,23 @@ 
 
 #include "private.h"
 
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
 int osdep_xencall_open(xencall_handle *xcall)
 {
-    int flags, saved_errno;
-    int fd = open("/dev/xen/privcmd", O_RDWR); /* prefer this newer interface */
+    int fd;
+
+    /*
+     * Prefer the newer interface.
+     */
+    fd = open("/dev/xen/privcmd", O_RDWR|O_CLOEXEC);
 
     if ( fd == -1 && ( errno == ENOENT || errno == ENXIO || errno == ENODEV ))
     {
         /* Fallback to /proc/xen/privcmd */
-        fd = open("/proc/xen/privcmd", O_RDWR);
+        fd = open("/proc/xen/privcmd", O_RDWR|O_CLOEXEC);
     }
 
     if ( fd == -1 )
@@ -43,32 +51,8 @@  int osdep_xencall_open(xencall_handle *xcall)
         return -1;
     }
 
-    /* Although we return the file handle as the 'xc handle' the API
-       does not specify / guarentee that this integer is in fact
-       a file handle. Thus we must take responsiblity to ensure
-       it doesn't propagate (ie leak) outside the process */
-    if ( (flags = fcntl(fd, F_GETFD)) < 0 )
-    {
-        PERROR("Could not get file handle flags");
-        goto error;
-    }
-
-    flags |= FD_CLOEXEC;
-
-    if ( fcntl(fd, F_SETFD, flags) < 0 )
-    {
-        PERROR("Could not set file handle flags");
-        goto error;
-    }
-
     xcall->fd = fd;
     return 0;
-
- error:
-    saved_errno = errno;
-    close(fd);
-    errno = saved_errno;
-    return -1;
 }
 
 int osdep_xencall_close(xencall_handle *xcall)
diff --git a/tools/libs/evtchn/freebsd.c b/tools/libs/evtchn/freebsd.c
index 6479f7c..ddf221d 100644
--- a/tools/libs/evtchn/freebsd.c
+++ b/tools/libs/evtchn/freebsd.c
@@ -32,7 +32,7 @@ 
 
 int osdep_evtchn_open(xenevtchn_handle *xce)
 {
-    int fd = open(EVTCHN_DEV, O_RDWR);
+    int fd = open(EVTCHN_DEV, O_RDWR|O_CLOEXEC);
     if ( fd == -1 )
         return -1;
     xce->fd = fd;
diff --git a/tools/libs/evtchn/linux.c b/tools/libs/evtchn/linux.c
index 76cf0ac..0a3c6e1 100644
--- a/tools/libs/evtchn/linux.c
+++ b/tools/libs/evtchn/linux.c
@@ -28,9 +28,13 @@ 
 
 #include "private.h"
 
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
 int osdep_evtchn_open(xenevtchn_handle *xce)
 {
-    int fd = open("/dev/xen/evtchn", O_RDWR);
+    int fd = open("/dev/xen/evtchn", O_RDWR|O_CLOEXEC);
     if ( fd == -1 )
         return -1;
     xce->fd = fd;
diff --git a/tools/libs/foreignmemory/freebsd.c b/tools/libs/foreignmemory/freebsd.c
index 38138dc..7bf3939 100644
--- a/tools/libs/foreignmemory/freebsd.c
+++ b/tools/libs/foreignmemory/freebsd.c
@@ -33,8 +33,8 @@ 
 
 int osdep_xenforeignmemory_open(xenforeignmemory_handle *fmem)
 {
-    int flags, saved_errno;
-    int fd = open(PRIVCMD_DEV, O_RDWR);
+    int saved_errno;
+    int fd = open(PRIVCMD_DEV, O_RDWR|O_CLOEXEC);
 
     if ( fd == -1 )
     {
@@ -43,26 +43,6 @@  int osdep_xenforeignmemory_open(xenforeignmemory_handle *fmem)
         return -1;
     }
 
-    /*
-     * Although we return the file handle as the 'xc handle' the API
-     * does not specify / guarentee that this integer is in fact
-     * a file handle. Thus we must take responsiblity to ensure
-     * it doesn't propagate (ie leak) outside the process.
-     */
-    if ( (flags = fcntl(fd, F_GETFD)) < 0 )
-    {
-        PERROR("Could not get file handle flags");
-        goto error;
-    }
-
-    flags |= FD_CLOEXEC;
-
-    if ( fcntl(fd, F_SETFD, flags) < 0 )
-    {
-        PERROR("Could not set file handle flags");
-        goto error;
-    }
-
     fmem->fd = fd;
     return 0;
 
diff --git a/tools/libs/foreignmemory/linux.c b/tools/libs/foreignmemory/linux.c
index 32b6def..423c744 100644
--- a/tools/libs/foreignmemory/linux.c
+++ b/tools/libs/foreignmemory/linux.c
@@ -30,15 +30,21 @@ 
 
 #define ROUNDUP(_x,_w) (((unsigned long)(_x)+(1UL<<(_w))-1) & ~((1UL<<(_w))-1))
 
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
 int osdep_xenforeignmemory_open(xenforeignmemory_handle *fmem)
 {
-    int flags, saved_errno;
-    int fd = open("/dev/xen/privcmd", O_RDWR); /* prefer this newer interface */
+    int fd;
+
+    /* prefer this newer interface */
+    fd = open("/dev/xen/privcmd", O_RDWR|O_CLOEXEC);
 
     if ( fd == -1 && ( errno == ENOENT || errno == ENXIO || errno == ENODEV ))
     {
         /* Fallback to /proc/xen/privcmd */
-        fd = open("/proc/xen/privcmd", O_RDWR);
+        fd = open("/proc/xen/privcmd", O_RDWR|O_CLOEXEC);
     }
 
     if ( fd == -1 )
@@ -47,32 +53,8 @@  int osdep_xenforeignmemory_open(xenforeignmemory_handle *fmem)
         return -1;
     }
 
-    /* Although we return the file handle as the 'xc handle' the API
-       does not specify / guarentee that this integer is in fact
-       a file handle. Thus we must take responsiblity to ensure
-       it doesn't propagate (ie leak) outside the process */
-    if ( (flags = fcntl(fd, F_GETFD)) < 0 )
-    {
-        PERROR("Could not get file handle flags");
-        goto error;
-    }
-
-    flags |= FD_CLOEXEC;
-
-    if ( fcntl(fd, F_SETFD, flags) < 0 )
-    {
-        PERROR("Could not set file handle flags");
-        goto error;
-    }
-
     fmem->fd = fd;
     return 0;
-
- error:
-    saved_errno = errno;
-    close(fd);
-    errno = saved_errno;
-    return -1;
 }
 
 int osdep_xenforeignmemory_close(xenforeignmemory_handle *fmem)
diff --git a/tools/libs/gnttab/linux.c b/tools/libs/gnttab/linux.c
index be04295..7b0fba4 100644
--- a/tools/libs/gnttab/linux.c
+++ b/tools/libs/gnttab/linux.c
@@ -43,9 +43,13 @@ 
 #define PAGE_SIZE            (1UL << PAGE_SHIFT)
 #define PAGE_MASK            (~(PAGE_SIZE-1))
 
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
 int osdep_gnttab_open(xengnttab_handle *xgt)
 {
-    int fd = open(DEVXEN "gntdev", O_RDWR);
+    int fd = open(DEVXEN "gntdev", O_RDWR|O_CLOEXEC);
     if ( fd == -1 )
         return -1;
     xgt->fd = fd;