From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>, passt-dev@passt.top
Cc: David Gibson <david@gibson.dropbear.id.au>
Subject: [PATCH 1/3] treewide: Add SOCK_CLOEXEC to accept() calls that are missing it
Date: Wed, 13 May 2026 14:14:21 +1000 [thread overview]
Message-ID: <20260513041423.2446716-2-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20260513041423.2446716-1-david@gibson.dropbear.id.au>
Generally we try to set the O_CLOEXEC flag on every fd we create. This
seems to be generally accepted security best practice these days, and we
never fork(), so certainly have no need to pass fds to children.
A handful of accept4() calls on Unix sockets are missing the SOCK_CLOEXEC
flag to set this though. Add the missing flag.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
repair.c | 5 +++--
tap.c | 4 ++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/repair.c b/repair.c
index 69c53077..3e0e3e0a 100644
--- a/repair.c
+++ b/repair.c
@@ -87,7 +87,7 @@ int repair_listen_handler(struct ctx *c, uint32_t events)
/* Another client is already connected: accept and close right away. */
if (c->fd_repair != -1) {
int discard = accept4(c->fd_repair_listen, NULL, NULL,
- SOCK_NONBLOCK);
+ SOCK_NONBLOCK | SOCK_CLOEXEC);
if (discard == -1)
return errno;
@@ -99,7 +99,8 @@ int repair_listen_handler(struct ctx *c, uint32_t events)
return EEXIST;
}
- if ((c->fd_repair = accept4(c->fd_repair_listen, NULL, NULL, 0)) < 0) {
+ if ((c->fd_repair = accept4(c->fd_repair_listen, NULL, NULL,
+ SOCK_CLOEXEC)) < 0) {
rc = errno;
debug_perror("accept4() on TCP_REPAIR helper listening socket");
return rc;
diff --git a/tap.c b/tap.c
index 0920a325..e7cac9df 100644
--- a/tap.c
+++ b/tap.c
@@ -1477,7 +1477,7 @@ void tap_listen_handler(struct ctx *c, uint32_t events)
/* Another client is already connected: accept and close right away. */
if (c->fd_tap != -1) {
int discard = accept4(c->fd_tap_listen, NULL, NULL,
- SOCK_NONBLOCK);
+ SOCK_NONBLOCK | SOCK_CLOEXEC);
if (discard == -1)
return;
@@ -1490,7 +1490,7 @@ void tap_listen_handler(struct ctx *c, uint32_t events)
return;
}
- c->fd_tap = accept4(c->fd_tap_listen, NULL, NULL, 0);
+ c->fd_tap = accept4(c->fd_tap_listen, NULL, NULL, SOCK_CLOEXEC);
if (!getsockopt(c->fd_tap, SOL_SOCKET, SO_PEERCRED, &ucred, &len))
info("accepted connection from PID %i", ucred.pid);
--
2.54.0
next prev parent reply other threads:[~2026-05-13 4:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-13 4:14 [PATCH 0/3] More caution with NONBLOCK flag on Unix sockets David Gibson
2026-05-13 4:14 ` David Gibson [this message]
2026-05-13 4:14 ` [PATCH 2/3] conf, tap, repair: Uniformly use non-blocking accept() " David Gibson
2026-05-13 5:51 ` David Gibson
2026-05-13 4:14 ` [PATCH 3/3] conf, repair, tap: More caution about blocking flag " David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260513041423.2446716-2-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).