From patchwork Fri Jan 15 13:23:05 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ian Campbell X-Patchwork-Id: 8040341 Return-Path: X-Original-To: patchwork-xen-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id C83639FE73 for ; Fri, 15 Jan 2016 13:25:35 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id A972F20453 for ; Fri, 15 Jan 2016 13:25:34 +0000 (UTC) Received: from lists.xen.org (lists.xenproject.org [50.57.142.19]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 72AC82035D for ; Fri, 15 Jan 2016 13:25:33 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aK4Lw-0004SO-A2; Fri, 15 Jan 2016 13:23:44 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aK4Lt-0004CD-Og for xen-devel@lists.xen.org; Fri, 15 Jan 2016 13:23:41 +0000 Received: from [85.158.139.211] by server-2.bemta-5.messagelabs.com id 0C/3D-21594-DD2F8965; Fri, 15 Jan 2016 13:23:41 +0000 X-Env-Sender: prvs=815b692d9=Ian.Campbell@citrix.com X-Msg-Ref: server-12.tower-206.messagelabs.com!1452864204!16117711!6 X-Originating-IP: [66.165.176.63] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 31335 invoked from network); 15 Jan 2016 13:23:40 -0000 Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63) by server-12.tower-206.messagelabs.com with RC4-SHA encrypted SMTP; 15 Jan 2016 13:23:40 -0000 X-IronPort-AV: E=Sophos;i="5.22,299,1449532800"; d="scan'208";a="331644659" From: Ian Campbell To: , , Date: Fri, 15 Jan 2016 13:23:05 +0000 Message-ID: <1452864188-2417-27-git-send-email-ian.campbell@citrix.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1452864188-2417-1-git-send-email-ian.campbell@citrix.com> References: <1452864168.32341.97.camel@citrix.com> <1452864188-2417-1-git-send-email-ian.campbell@citrix.com> MIME-Version: 1.0 X-DLP: MIA2 Cc: Ian Campbell , jbeulich@suse.com, Roger.Pau@citrix.com Subject: [Xen-devel] [PATCH XEN v8 26/29] tools/libs/*: Use O_CLOEXEC on Linux and FreeBSD X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In some cases this replaces an FD_CLOEXEC dance, in others it is new. Linux has had O_CLOEXEC since 2.6.23 (October 2007), so we can rely on it from Xen 4.7 I think. Some libc headers may still lack the definition, so we take care of that if need be by defining to 0 (on the premise that such an old glibc might barf on O_CLOEXEC even if the kernel may or may not be so old). All stable versions of FreeBSD support O_CLOEXEC (10.2, 9.3 and 8.4), and we assume the libc there does too. Remove various comments about having to take responsibility for this (since really it is just hygiene, politeness, not a requirement) and the reasons for using O_CLOEXEC seem pretty straightforward. Backends for other OSes are untouched. Signed-off-by: Ian Campbell Acked-by: Roger Pau Monné Cc: Roger.Pau@citrix.com Cc: jbeulich@suse.com Acked-by: Wei Liu --- v6: New v7: New, replaces "tools/libs/call: Use O_CLOEXEC when opening /dev/xen/privcmd on Linux" v8: Define compat O_CLOEXEC of 0. --- tools/libs/call/freebsd.c | 30 ++++++++---------------------- tools/libs/call/linux.c | 38 +++++++++++--------------------------- tools/libs/evtchn/freebsd.c | 2 +- tools/libs/evtchn/linux.c | 6 +++++- tools/libs/foreignmemory/freebsd.c | 24 ++---------------------- tools/libs/foreignmemory/linux.c | 36 +++++++++--------------------------- tools/libs/gnttab/linux.c | 6 +++++- 7 files changed, 41 insertions(+), 101 deletions(-) diff --git a/tools/libs/call/freebsd.c b/tools/libs/call/freebsd.c index 2413966..b3cbccd 100644 --- a/tools/libs/call/freebsd.c +++ b/tools/libs/call/freebsd.c @@ -35,8 +35,14 @@ int osdep_xencall_open(xencall_handle *xcall) { - int flags, saved_errno; - int fd = open(PRIVCMD_DEV, O_RDWR); + int saved_errno; + int fd = open(PRIVCMD_DEV, O_RDWR|O_CLOEXEC); + + /* + * This file descriptor is opaque to the caller, thus we are + * polite and try and ensure it doesn't propagate (ie leak) + * outside the process, by using O_CLOEXEC. + */ if ( fd == -1 ) { @@ -45,26 +51,6 @@ int osdep_xencall_open(xencall_handle *xcall) return -1; } - /* - * Although we return the file handle as the 'xc handle' the API - * does not specify / guarentee that this integer is in fact - * a file handle. Thus we must take responsiblity to ensure - * it doesn't propagate (ie leak) outside the process. - */ - if ( (flags = fcntl(fd, F_GETFD)) < 0 ) - { - PERROR("Could not get file handle flags"); - goto error; - } - - flags |= FD_CLOEXEC; - - if ( fcntl(fd, F_SETFD, flags) < 0 ) - { - PERROR("Could not set file handle flags"); - goto error; - } - xcall->fd = fd; return 0; diff --git a/tools/libs/call/linux.c b/tools/libs/call/linux.c index 651f380..e8e0311 100644 --- a/tools/libs/call/linux.c +++ b/tools/libs/call/linux.c @@ -26,15 +26,23 @@ #include "private.h" +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + int osdep_xencall_open(xencall_handle *xcall) { - int flags, saved_errno; - int fd = open("/dev/xen/privcmd", O_RDWR); /* prefer this newer interface */ + int fd; + + /* + * Prefer the newer interface. + */ + fd = open("/dev/xen/privcmd", O_RDWR|O_CLOEXEC); if ( fd == -1 && ( errno == ENOENT || errno == ENXIO || errno == ENODEV )) { /* Fallback to /proc/xen/privcmd */ - fd = open("/proc/xen/privcmd", O_RDWR); + fd = open("/proc/xen/privcmd", O_RDWR|O_CLOEXEC); } if ( fd == -1 ) @@ -43,32 +51,8 @@ int osdep_xencall_open(xencall_handle *xcall) return -1; } - /* Although we return the file handle as the 'xc handle' the API - does not specify / guarentee that this integer is in fact - a file handle. Thus we must take responsiblity to ensure - it doesn't propagate (ie leak) outside the process */ - if ( (flags = fcntl(fd, F_GETFD)) < 0 ) - { - PERROR("Could not get file handle flags"); - goto error; - } - - flags |= FD_CLOEXEC; - - if ( fcntl(fd, F_SETFD, flags) < 0 ) - { - PERROR("Could not set file handle flags"); - goto error; - } - xcall->fd = fd; return 0; - - error: - saved_errno = errno; - close(fd); - errno = saved_errno; - return -1; } int osdep_xencall_close(xencall_handle *xcall) diff --git a/tools/libs/evtchn/freebsd.c b/tools/libs/evtchn/freebsd.c index 6479f7c..ddf221d 100644 --- a/tools/libs/evtchn/freebsd.c +++ b/tools/libs/evtchn/freebsd.c @@ -32,7 +32,7 @@ int osdep_evtchn_open(xenevtchn_handle *xce) { - int fd = open(EVTCHN_DEV, O_RDWR); + int fd = open(EVTCHN_DEV, O_RDWR|O_CLOEXEC); if ( fd == -1 ) return -1; xce->fd = fd; diff --git a/tools/libs/evtchn/linux.c b/tools/libs/evtchn/linux.c index 76cf0ac..0a3c6e1 100644 --- a/tools/libs/evtchn/linux.c +++ b/tools/libs/evtchn/linux.c @@ -28,9 +28,13 @@ #include "private.h" +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + int osdep_evtchn_open(xenevtchn_handle *xce) { - int fd = open("/dev/xen/evtchn", O_RDWR); + int fd = open("/dev/xen/evtchn", O_RDWR|O_CLOEXEC); if ( fd == -1 ) return -1; xce->fd = fd; diff --git a/tools/libs/foreignmemory/freebsd.c b/tools/libs/foreignmemory/freebsd.c index 38138dc..7bf3939 100644 --- a/tools/libs/foreignmemory/freebsd.c +++ b/tools/libs/foreignmemory/freebsd.c @@ -33,8 +33,8 @@ int osdep_xenforeignmemory_open(xenforeignmemory_handle *fmem) { - int flags, saved_errno; - int fd = open(PRIVCMD_DEV, O_RDWR); + int saved_errno; + int fd = open(PRIVCMD_DEV, O_RDWR|O_CLOEXEC); if ( fd == -1 ) { @@ -43,26 +43,6 @@ int osdep_xenforeignmemory_open(xenforeignmemory_handle *fmem) return -1; } - /* - * Although we return the file handle as the 'xc handle' the API - * does not specify / guarentee that this integer is in fact - * a file handle. Thus we must take responsiblity to ensure - * it doesn't propagate (ie leak) outside the process. - */ - if ( (flags = fcntl(fd, F_GETFD)) < 0 ) - { - PERROR("Could not get file handle flags"); - goto error; - } - - flags |= FD_CLOEXEC; - - if ( fcntl(fd, F_SETFD, flags) < 0 ) - { - PERROR("Could not set file handle flags"); - goto error; - } - fmem->fd = fd; return 0; diff --git a/tools/libs/foreignmemory/linux.c b/tools/libs/foreignmemory/linux.c index 32b6def..423c744 100644 --- a/tools/libs/foreignmemory/linux.c +++ b/tools/libs/foreignmemory/linux.c @@ -30,15 +30,21 @@ #define ROUNDUP(_x,_w) (((unsigned long)(_x)+(1UL<<(_w))-1) & ~((1UL<<(_w))-1)) +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + int osdep_xenforeignmemory_open(xenforeignmemory_handle *fmem) { - int flags, saved_errno; - int fd = open("/dev/xen/privcmd", O_RDWR); /* prefer this newer interface */ + int fd; + + /* prefer this newer interface */ + fd = open("/dev/xen/privcmd", O_RDWR|O_CLOEXEC); if ( fd == -1 && ( errno == ENOENT || errno == ENXIO || errno == ENODEV )) { /* Fallback to /proc/xen/privcmd */ - fd = open("/proc/xen/privcmd", O_RDWR); + fd = open("/proc/xen/privcmd", O_RDWR|O_CLOEXEC); } if ( fd == -1 ) @@ -47,32 +53,8 @@ int osdep_xenforeignmemory_open(xenforeignmemory_handle *fmem) return -1; } - /* Although we return the file handle as the 'xc handle' the API - does not specify / guarentee that this integer is in fact - a file handle. Thus we must take responsiblity to ensure - it doesn't propagate (ie leak) outside the process */ - if ( (flags = fcntl(fd, F_GETFD)) < 0 ) - { - PERROR("Could not get file handle flags"); - goto error; - } - - flags |= FD_CLOEXEC; - - if ( fcntl(fd, F_SETFD, flags) < 0 ) - { - PERROR("Could not set file handle flags"); - goto error; - } - fmem->fd = fd; return 0; - - error: - saved_errno = errno; - close(fd); - errno = saved_errno; - return -1; } int osdep_xenforeignmemory_close(xenforeignmemory_handle *fmem) diff --git a/tools/libs/gnttab/linux.c b/tools/libs/gnttab/linux.c index be04295..7b0fba4 100644 --- a/tools/libs/gnttab/linux.c +++ b/tools/libs/gnttab/linux.c @@ -43,9 +43,13 @@ #define PAGE_SIZE (1UL << PAGE_SHIFT) #define PAGE_MASK (~(PAGE_SIZE-1)) +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + int osdep_gnttab_open(xengnttab_handle *xgt) { - int fd = open(DEVXEN "gntdev", O_RDWR); + int fd = open(DEVXEN "gntdev", O_RDWR|O_CLOEXEC); if ( fd == -1 ) return -1; xgt->fd = fd;