[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging-4.17] tools/libxs: Open /dev/xen/xenbus fds as O_CLOEXEC
commit 5305b3b4f38d0824a656150703c41c6c17698eaa Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> AuthorDate: Tue May 21 11:58:47 2024 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Tue May 21 11:58:47 2024 +0200 tools/libxs: Open /dev/xen/xenbus fds as O_CLOEXEC The header description for xs_open() goes as far as to suggest that the fd is O_CLOEXEC, but it isn't actually. `xl devd` has been observed leaking /dev/xen/xenbus into children. Link: https://github.com/QubesOS/qubes-issues/issues/8292 Reported-by: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Juergen Gross <jgross@xxxxxxxx> master commit: f4f2f3402b2f4985d69ffc0d46f845d05fd0b60f master date: 2024-05-07 15:18:36 +0100 --- tools/libs/store/xs.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/libs/store/xs.c b/tools/libs/store/xs.c index 7a9a8b1656..b5933fb108 100644 --- a/tools/libs/store/xs.c +++ b/tools/libs/store/xs.c @@ -54,6 +54,10 @@ struct xs_stored_msg { #include <dlfcn.h> #endif +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + struct xs_handle { /* Communications channel to xenstore daemon. */ int fd; @@ -227,7 +231,7 @@ error: static int get_dev(const char *connect_to) { /* We cannot open read-only because requests are writes */ - return open(connect_to, O_RDWR); + return open(connect_to, O_RDWR | O_CLOEXEC); } static int all_restrict_cb(Xentoolcore__Active_Handle *ah, domid_t domid) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |