Macro get_unused_fd() is used to allocate a file descriptor with default flags. Those default flags (0) can be "unsafe": O_CLOEXEC must be used by default to not leak file descriptor across exec().
Instead of macro get_unused_fd(), functions anon_inode_getfd() or get_unused_fd_flags() should be used with flags given by userspace. If not possible, flags should be set to O_CLOEXEC to provide userspace with a default safe behavor. In a further patch, get_unused_fd() will be removed so that new code start using anon_inode_getfd() or get_unused_fd_flags() with correct flags. This patch replaces calls to get_unused_fd() with call to get_unused_fd_flags(O_CLOEXEC) following advice from Erik Gilling. Signed-off-by: Yann Droneaud <ydrone...@opteya.com> Cc: Erik Gilling <konk...@android.com> Cc: Colin Cross <ccr...@google.com> Link: http://lkml.kernel.org/r/CACSP8SjZcpcpEtQHzcGYhf-MP7QGo0XpN7-uN7rmD=vNtopG=w...@mail.gmail.com Link: http://lkml.kernel.org/r/cover.1376327678.git.ydrone...@opteya.com --- drivers/staging/android/sw_sync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/android/sw_sync.c b/drivers/staging/android/sw_sync.c index 765c757..f24493a 100644 --- a/drivers/staging/android/sw_sync.c +++ b/drivers/staging/android/sw_sync.c @@ -163,7 +163,7 @@ static int sw_sync_release(struct inode *inode, struct file *file) static long sw_sync_ioctl_create_fence(struct sw_sync_timeline *obj, unsigned long arg) { - int fd = get_unused_fd(); + int fd = get_unused_fd_flags(O_CLOEXEC); int err; struct sync_pt *pt; struct sync_fence *fence; -- 1.8.3.1 _______________________________________________ devel mailing list de...@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
