From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=eC+2iBSY; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 6EAA05A0262 for ; Sat, 16 May 2026 17:46:17 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778946376; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Lc33GgOxeOAxfjoRfLaxaHoxBPoRw3jRA49bd1NwIJw=; b=eC+2iBSYv4ffwWG1F01eXt/eTcAC4Lal+kSDrMu3pvkla997K475Vt7z7CUYqEkNhdBI6Q cm5oBQbboG3vKRkGlzh1FYeCes5CpO+XVCFYkyYTbCy5UWdWiICl6FBvUjL/GP9gWcF1iI x/f/AunhJCHvJ5nLKAPcy8WbZhSzZTA= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-354-9fNM3n7GNOCHpSK9RkmuPQ-1; Sat, 16 May 2026 11:46:14 -0400 X-MC-Unique: 9fNM3n7GNOCHpSK9RkmuPQ-1 X-Mimecast-MFC-AGG-ID: 9fNM3n7GNOCHpSK9RkmuPQ_1778946373 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-48fd233d1e2so6765175e9.1 for ; Sat, 16 May 2026 08:46:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778946373; x=1779551173; h=date:content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Lc33GgOxeOAxfjoRfLaxaHoxBPoRw3jRA49bd1NwIJw=; b=LC27ktr30IGSmvfTfNFEh4TuSo4AFUG0vcYV3/OfDJS88/yr7kJ9TyC9xdV2vMfTod tYGgas8LKFwPIb0gzK2FIaUYUKgWUrYK/rYyHNvMjHGmCEURRd3OqWu1zhgzp5dFeIx4 bNxSyMq5JECMgowXtUgP8SCtYHJpJHbPQXjK5ltyvVXiNmeKvUYxPNIIciutahuCyH/0 iYGsvNH6ELK9zVqf1UTrh3PpDumRRHZzLOw9MePzDta2fks/hPZ8UObM2xTb1DyYxhAB WnqTsJR5nc3DBgoCZrnEGxBoP0HEX91YRL4E5GwY/P6+PjYlEt7PuTgylRDTK2z9keZg 0Vtw== X-Gm-Message-State: AOJu0YytRam3KxUzAnJm4f5jLYOkPyPjcTvgFCUS/k+NMw5iDnB1Y1Kt 8TP1nEzXUrahQAMYYA+DlzIihsXjzfixnoQAqjqhxsEOCnx7QZ3FQSLzL6/r30RqWAKNpKf0uQo OXnqNWRS8G0UvOXK/vNo8uzAMJcnuyt9rURl54SmV3EW8j2FoLFH34g== X-Gm-Gg: Acq92OGood9aLfH1cd6uTkWQ1qO6dYXMCTEVSnCzrbW1zCzqG+w9PUqmUYChv5ZzZnC 97qSgRoZmhc85vXZ9hcFGaJjunr6imgLsCIbZA+XtMiuwGUwUYVVjOiL7aDxXdE+k9u4TD4lMMl op4y/gAyjzHTpXg/FUAMtI4vOzD2N/peMa1jdvBNAA9XCNeRB2zzUmmPcxkoiU57RhjV1Q28BCn 0UTErvnBY2koZOuAK2cBMTL0KvJhp29a1svvK+07SNNpAAhN2eFzSFHHVUugXV+pH1YFJRLw/R8 nZxgxKT2Z+hbcj4+pX/y2GhRAAEH753dneEE3HlwvIjGa2duk7hmpkMwL9ordWM+SOSiwMgPEhB FOPab6ngKE9jaZwifYlbsiNZva74ws9AzIxFoDO6h17XY54jfow== X-Received: by 2002:a05:600c:8905:b0:48e:5d91:cffb with SMTP id 5b1f17b1804b1-48fe60e7d6emr94054935e9.10.1778946373283; Sat, 16 May 2026 08:46:13 -0700 (PDT) X-Received: by 2002:a05:600c:8905:b0:48e:5d91:cffb with SMTP id 5b1f17b1804b1-48fe60e7d6emr94054715e9.10.1778946372788; Sat, 16 May 2026 08:46:12 -0700 (PDT) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48febe6faeasm38928155e9.26.2026.05.16.08.46.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 16 May 2026 08:46:12 -0700 (PDT) From: Stefano Brivio To: David Gibson Subject: Re: [PATCH 1/3] treewide: Add SOCK_CLOEXEC to accept() calls that are missing it Message-ID: <20260516174610.3ee899b5@elisabeth> In-Reply-To: <20260513041423.2446716-2-david@gibson.dropbear.id.au> References: <20260513041423.2446716-1-david@gibson.dropbear.id.au> <20260513041423.2446716-2-david@gibson.dropbear.id.au> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 Date: Sat, 16 May 2026 17:46:11 +0200 (CEST) X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: LWHwhGIeGWSkmIMTHAhi1sW8w_H541Ay1nD3ELO7BxE_1778946373 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: CUHGJW53YKNND77XDWGN4I7GOQTED5MN X-Message-ID-Hash: CUHGJW53YKNND77XDWGN4I7GOQTED5MN X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Wed, 13 May 2026 14:14:21 +1000 David Gibson wrote: > Generally we try to set the O_CLOEXEC flag on every fd we create. This > seems to be generally accepted security best practice these days, and we > never fork(), so certainly have no need to pass fds to children. But we do clone() with CLONE_FILES (even though when we clone() to call execvp() later, we don't set CLONE_FILES), so, even though I don't see a reason to skip O_CLOEXEC for c->fd_tap, this conclusion shouldn't be automatic from the fact we don't fork(). I spent some time on it and I really couldn't find a reason why we don't have O_CLOEXEC there, so probably there isn't any, and I think this patch is fine. I would just change this paragraph to "[...] these days, and we don't need to pass file descriptors to children." > A handful of accept4() calls on Unix sockets are missing the SOCK_CLOEXEC > flag to set this though. Add the missing flag. > > Signed-off-by: David Gibson > --- > repair.c | 5 +++-- > tap.c | 4 ++-- > 2 files changed, 5 insertions(+), 4 deletions(-) > > diff --git a/repair.c b/repair.c > index 69c53077..3e0e3e0a 100644 > --- a/repair.c > +++ b/repair.c > @@ -87,7 +87,7 @@ int repair_listen_handler(struct ctx *c, uint32_t events) > /* Another client is already connected: accept and close right away. */ > if (c->fd_repair != -1) { > int discard = accept4(c->fd_repair_listen, NULL, NULL, > - SOCK_NONBLOCK); > + SOCK_NONBLOCK | SOCK_CLOEXEC); > > if (discard == -1) > return errno; > @@ -99,7 +99,8 @@ int repair_listen_handler(struct ctx *c, uint32_t events) > return EEXIST; > } > > - if ((c->fd_repair = accept4(c->fd_repair_listen, NULL, NULL, 0)) < 0) { > + if ((c->fd_repair = accept4(c->fd_repair_listen, NULL, NULL, > + SOCK_CLOEXEC)) < 0) { > rc = errno; > debug_perror("accept4() on TCP_REPAIR helper listening socket"); > return rc; > diff --git a/tap.c b/tap.c > index 0920a325..e7cac9df 100644 > --- a/tap.c > +++ b/tap.c > @@ -1477,7 +1477,7 @@ void tap_listen_handler(struct ctx *c, uint32_t events) > /* Another client is already connected: accept and close right away. */ > if (c->fd_tap != -1) { > int discard = accept4(c->fd_tap_listen, NULL, NULL, > - SOCK_NONBLOCK); > + SOCK_NONBLOCK | SOCK_CLOEXEC); > > if (discard == -1) > return; > @@ -1490,7 +1490,7 @@ void tap_listen_handler(struct ctx *c, uint32_t events) > return; > } > > - c->fd_tap = accept4(c->fd_tap_listen, NULL, NULL, 0); > + c->fd_tap = accept4(c->fd_tap_listen, NULL, NULL, SOCK_CLOEXEC); > > if (!getsockopt(c->fd_tap, SOL_SOCKET, SO_PEERCRED, &ucred, &len)) > info("accepted connection from PID %i", ucred.pid); -- Stefano