Macro get_unused_fd() is used to allocate a file descriptor with default flags. Those default flags (0) can be "unsafe": O_CLOEXEC must be used by default to not leak file descriptor across exec().
Instead of macro get_unused_fd(), functions anon_inode_getfd() or get_unused_fd_flags() should be used with flags given by userspace. If not possible, flags should be set to O_CLOEXEC to provide userspace with a default safe behavor. In a further patch, get_unused_fd() will be removed so that new code start using anon_inode_getfd() or get_unused_fd_flags() with correct flags. This patch replaces calls to get_unused_fd() with call to get_unused_fd_flags(O_CLOEXEC) following advice from Erik Gilling. Signed-off-by: Yann Droneaud <ydrone...@opteya.com> Cc: Erik Gilling <konk...@android.com> Cc: Colin Cross <ccr...@google.com> Link: http://lkml.kernel.org/r/cacsp8sjxgmk2_kx_+rgzqqqwqkernvf1wt3k5tw991w5dfa...@mail.gmail.com Link: http://lkml.kernel.org/r/cover.1376327678.git.ydrone...@opteya.com --- drivers/staging/android/sync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/android/sync.c b/drivers/staging/android/sync.c index 2996077..38e5d3b 100644 --- a/drivers/staging/android/sync.c +++ b/drivers/staging/android/sync.c @@ -697,7 +697,7 @@ static long sync_fence_ioctl_wait(struct sync_fence *fence, unsigned long arg) static long sync_fence_ioctl_merge(struct sync_fence *fence, unsigned long arg) { - int fd = get_unused_fd(); + int fd = get_unused_fd_flags(O_CLOEXEC); int err; struct sync_fence *fence2, *fence3; struct sync_merge_data data; -- 1.8.3.1 _______________________________________________ devel mailing list de...@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
