[libvirt] [PATCH] command: avoid leaking fds across fork

Eric Blake eblake at redhat.com
Tue Jul 12 21:13:42 UTC 2011 

On 07/12/2011 03:00 PM, Eric Blake wrote:
> Since libvirt is multi-threaded, we should use FD_CLOEXEC as much
> as possible in the parent, and only relax fds to inherited after
> forking, to avoid leaking an fd created in one thread to a fork
> run in another thread.  This gets us closer to that ideal, by
> making virCommand automatically clear FD_CLOEXEC on fds intended
> for the child, as well as avoiding a window of time with non-cloexec
> pipes created for capturing output.
> 
> * src/util/command.c (virExecWithHook): Use CLOEXEC in parent.  In
> child, guarantee that all fds to pass to child are inheritable.
> (getDevNull): Use CLOEXEC.
> (prepareStdFd): New helper function.
> * src/qemu/qemu_command.c (qemuBuildCommandLine): Simplify caller.
> ---
>  src/qemu/qemu_command.c |   16 --------------
>  src/util/command.c      |   51 ++++++++++++++++++++++++-----------------------
>  2 files changed, 26 insertions(+), 41 deletions(-)

Squash this in as well:

diff --git c/src/util/command.c w/src/util/command.c
index 24681e6..177847b 100644
--- c/src/util/command.c
+++ w/src/util/command.c
@@ -1654,7 +1654,7 @@ virCommandRun(virCommandPtr cmd, int *exitstatus)
     /* If we have an input buffer, we need
      * a pipe to feed the data to the child */
     if (cmd->inbuf) {
-        if (pipe(infd) < 0) {
+        if (pipe2(infd, O_CLOEXEC) < 0) {
             virReportSystemError(errno, "%s",
                                  _("unable to open pipe"));
             cmd->has_error = -1;
@@ -2103,11 +2103,11 @@ void virCommandRequireHandshake(virCommandPtr cmd)
         return;
     }

-    if (pipe(cmd->handshakeWait) < 0) {
+    if (pipe2(cmd->handshakeWait, O_CLOEXEC) < 0) {
         cmd->has_error = errno;
         return;
     }
-    if (pipe(cmd->handshakeNotify) < 0) {
+    if (pipe2(cmd->handshakeNotify, O_CLOEXEC) < 0) {
         VIR_FORCE_CLOSE(cmd->handshakeWait[0]);
         VIR_FORCE_CLOSE(cmd->handshakeWait[1]);
         cmd->has_error = errno;

-- 
Eric Blake   eblake at redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110712/458dc82a/attachment-0001.sig>

More information about the libvir-list mailing list