Module Name: src
Committed By: martin
Date: Mon Nov 18 17:38:04 UTC 2024
Modified Files:
src/distrib/sets/lists/debug [netbsd-9]: mi
src/distrib/sets/lists/tests [netbsd-9]: mi
src/sys/compat/netbsd32 [netbsd-9]: netbsd32_ioctl.c
src/sys/sys [netbsd-9]: filedesc.h
src/tests/kernel [netbsd-9]: Makefile
Added Files:
src/tests/kernel [netbsd-9]: h_cloexec.c t_cloexec.c
Log Message:
Pull up following revision(s) (requested by 1922):
tests/kernel/Makefile: revision 1.83
sys/sys/filedesc.h: revision 1.71
distrib/sets/lists/tests/mi: revision 1.1346
tests/kernel/h_cloexec.c: revision 1.1
tests/kernel/t_cloexec.c: revision 1.1
sys/compat/netbsd32/netbsd32_ioctl.c: revision 1.122
distrib/sets/lists/debug/mi: revision 1.454
tests/kernel/t_cloexec: New tests for close-on-exec.
Verified that the following tests fail on a netbsd-10 kernel:
- clonedev_posixspawn
- dup3_posixspawn
- fcntldupfd_posixspawn
PR kern/58822: close-on-exec is broken for dup3 and opening cloning
devices
sys/filedesc.h: Add a note about writing to ff_exclose.
No functional change intended -- just a reminder to avoid repeating a
class of bugs we've had.
PR kern/58822: close-on-exec is broken for dup3 and opening cloning
devices
netbsd32_ioctl: Use fd_set_exclose instead of open-coding it.
No functional change intended -- this just reduces unnecessary
copies of open-coded logic which, when copied incompletely, led to:
PR kern/58822: close-on-exec is broken for dup3 and opening cloning
devices
To generate a diff of this commit:
cvs rdiff -u -r1.285.2.10 -r1.285.2.11 src/distrib/sets/lists/debug/mi
cvs rdiff -u -r1.818.2.8 -r1.818.2.9 src/distrib/sets/lists/tests/mi
cvs rdiff -u -r1.103.2.1 -r1.103.2.2 src/sys/compat/netbsd32/netbsd32_ioctl.c
cvs rdiff -u -r1.64 -r1.64.8.1 src/sys/sys/filedesc.h
cvs rdiff -u -r1.60.2.1 -r1.60.2.2 src/tests/kernel/Makefile
cvs rdiff -u -r0 -r1.1.4.2 src/tests/kernel/h_cloexec.c \
src/tests/kernel/t_cloexec.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/sets/lists/debug/mi
diff -u src/distrib/sets/lists/debug/mi:1.285.2.10 src/distrib/sets/lists/debug/mi:1.285.2.11
--- src/distrib/sets/lists/debug/mi:1.285.2.10 Sun Oct 13 15:09:57 2024
+++ src/distrib/sets/lists/debug/mi Mon Nov 18 17:38:03 2024
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.285.2.10 2024/10/13 15:09:57 martin Exp $
+# $NetBSD: mi,v 1.285.2.11 2024/11/18 17:38:03 martin Exp $
./etc/mtree/set.debug comp-sys-root
./usr/lib comp-sys-usr compatdir
./usr/lib/i18n/libBIG5_g.a comp-c-debuglib debuglib,compatfile
@@ -1709,6 +1709,7 @@
./usr/libdata/debug/usr/tests/kernel/arch/i386/t_ptrace_wait6.debug tests-obsolete obsolete,compattestfile
./usr/libdata/debug/usr/tests/kernel/arch/i386/t_ptrace_waitid.debug tests-obsolete obsolete,compattestfile
./usr/libdata/debug/usr/tests/kernel/arch/i386/t_ptrace_waitpid.debug tests-obsolete obsolete,compattestfile
+./usr/libdata/debug/usr/tests/kernel/h_cloexec.debug tests-kernel-tests debug,atf,compattestfile
./usr/libdata/debug/usr/tests/kernel/h_getprocpath.debug tests-kernel-tests debug,atf,compattestfile
./usr/libdata/debug/usr/tests/kernel/h_ps_strings1.debug tests-kernel-tests debug,atf,compattestfile
./usr/libdata/debug/usr/tests/kernel/h_ps_strings2.debug tests-kernel-tests debug,atf,compattestfile
@@ -1733,6 +1734,7 @@
./usr/libdata/debug/usr/tests/kernel/posix_spawn/t_fileactions.debug tests-obsolete obsolete,compattestfile
./usr/libdata/debug/usr/tests/kernel/posix_spawn/t_spawn.debug tests-obsolete obsolete,compattestfile
./usr/libdata/debug/usr/tests/kernel/posix_spawn/t_spawnattr.debug tests-obsolete obsolete,compattestfile
+./usr/libdata/debug/usr/tests/kernel/t_cloexec.debug tests-kernel-tests debug,atf,compattestfile
./usr/libdata/debug/usr/tests/kernel/t_extattrctl.debug tests-kernel-tests debug,atf,rump
./usr/libdata/debug/usr/tests/kernel/t_extent.debug tests-kernel-tests debug,atf,compattestfile
./usr/libdata/debug/usr/tests/kernel/t_filedesc.debug tests-kernel-tests debug,atf,rump
Index: src/distrib/sets/lists/tests/mi
diff -u src/distrib/sets/lists/tests/mi:1.818.2.8 src/distrib/sets/lists/tests/mi:1.818.2.9
--- src/distrib/sets/lists/tests/mi:1.818.2.8 Sun Oct 13 15:09:57 2024
+++ src/distrib/sets/lists/tests/mi Mon Nov 18 17:38:03 2024
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.818.2.8 2024/10/13 15:09:57 martin Exp $
+# $NetBSD: mi,v 1.818.2.9 2024/11/18 17:38:03 martin Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -2139,6 +2139,7 @@
./usr/tests/kernel/arch/i386/t_ptrace_waitid tests-obsolete obsolete
./usr/tests/kernel/arch/i386/t_ptrace_waitpid tests-obsolete obsolete
./usr/tests/kernel/arch/x86 tests-obsolete obsolete
+./usr/tests/kernel/h_cloexec tests-kernel-tests compattestfile,atf
./usr/tests/kernel/h_getprocpath tests-kernel-tests compattestfile,atf
./usr/tests/kernel/h_interpreter tests-kernel-tests compattestfile,atf
./usr/tests/kernel/h_ps_strings1 tests-kernel-tests compattestfile,atf
@@ -2177,6 +2178,7 @@
./usr/tests/kernel/posix_spawn/t_fileactions tests-obsolete obsolete
./usr/tests/kernel/posix_spawn/t_spawn tests-obsolete obsolete
./usr/tests/kernel/posix_spawn/t_spawnattr tests-obsolete obsolete
+./usr/tests/kernel/t_cloexec tests-kernel-tests atf,rump
./usr/tests/kernel/t_extattrctl tests-kernel-tests atf,rump
./usr/tests/kernel/t_extent tests-kernel-tests compattestfile,atf
./usr/tests/kernel/t_filedesc tests-kernel-tests atf,rump
Index: src/sys/compat/netbsd32/netbsd32_ioctl.c
diff -u src/sys/compat/netbsd32/netbsd32_ioctl.c:1.103.2.1 src/sys/compat/netbsd32/netbsd32_ioctl.c:1.103.2.2
--- src/sys/compat/netbsd32/netbsd32_ioctl.c:1.103.2.1 Thu Feb 13 19:28:15 2020
+++ src/sys/compat/netbsd32/netbsd32_ioctl.c Mon Nov 18 17:38:03 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_ioctl.c,v 1.103.2.1 2020/02/13 19:28:15 martin Exp $ */
+/* $NetBSD: netbsd32_ioctl.c,v 1.103.2.2 2024/11/18 17:38:03 martin Exp $ */
/*
* Copyright (c) 1998, 2001 Matthew R. Green
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_ioctl.c,v 1.103.2.1 2020/02/13 19:28:15 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_ioctl.c,v 1.103.2.2 2024/11/18 17:38:03 martin Exp $");
#if defined(_KERNEL_OPT)
#include "opt_ntp.h"
@@ -1081,9 +1081,7 @@ netbsd32_ioctl(struct lwp *l,
syscallarg(netbsd32_u_long) com;
syscallarg(netbsd32_voidp) data;
} */
- struct proc *p = l->l_proc;
struct file *fp;
- struct filedesc *fdp;
u_long com;
int error = 0;
size_t size;
@@ -1091,7 +1089,6 @@ netbsd32_ioctl(struct lwp *l,
void *data, *memp = NULL;
void *data32, *memp32 = NULL;
unsigned int fd;
- fdfile_t *ff;
int tmp;
#define STK_PARAMS 128
uint64_t stkbuf[STK_PARAMS/sizeof(uint64_t)];
@@ -1123,7 +1120,6 @@ netbsd32_ioctl(struct lwp *l,
size32 = 0;
size = 0;
- fdp = p->p_fd;
fd = SCARG(uap, fd);
if ((fp = fd_getfile(fd)) == NULL)
return EBADF;
@@ -1132,15 +1128,10 @@ netbsd32_ioctl(struct lwp *l,
goto out;
}
- ff = fdp->fd_dt->dt_ff[SCARG(uap, fd)];
switch (com = SCARG(uap, com)) {
case FIOCLEX:
- ff->ff_exclose = true;
- fdp->fd_exclose = true;
- goto out;
-
case FIONCLEX:
- ff->ff_exclose = false;
+ fd_set_exclose(l, fd, com == FIOCLEX);
goto out;
}
Index: src/sys/sys/filedesc.h
diff -u src/sys/sys/filedesc.h:1.64 src/sys/sys/filedesc.h:1.64.8.1
--- src/sys/sys/filedesc.h:1.64 Tue Dec 26 08:30:58 2017
+++ src/sys/sys/filedesc.h Mon Nov 18 17:38:03 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: filedesc.h,v 1.64 2017/12/26 08:30:58 kamil Exp $ */
+/* $NetBSD: filedesc.h,v 1.64.8.1 2024/11/18 17:38:03 martin Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -102,9 +102,15 @@
* the same way, but in this case it's ok: ff_exclose can only be
* modified while the descriptor slot is live, and ff_allocated when
* it's invalid.
+ *
+ * NOTE: ff_exclose should generally be set with fd_set_exclose(), not
+ * written to directly, when implementing flags like O_CLOEXEC or
+ * SOCK_CLOEXEC, so that struct filedesc::fd_exclose is updated as
+ * needed. See PR kern/58855: close-on-exec is broken for dup3 and
+ * opening cloning devices.
*/
typedef struct fdfile {
- bool ff_exclose; /* :: close on exec flag */
+ bool ff_exclose; /* :: close on exec (fd_set_exclose) */
bool ff_allocated; /* d: descriptor slot is allocated */
u_int ff_refcnt; /* a: reference count on structure */
struct file *ff_file; /* d: pointer to file if open */
Index: src/tests/kernel/Makefile
diff -u src/tests/kernel/Makefile:1.60.2.1 src/tests/kernel/Makefile:1.60.2.2
--- src/tests/kernel/Makefile:1.60.2.1 Fri Aug 16 19:26:48 2019
+++ src/tests/kernel/Makefile Mon Nov 18 17:38:03 2024
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.60.2.1 2019/08/16 19:26:48 martin Exp $
+# $NetBSD: Makefile,v 1.60.2.2 2024/11/18 17:38:03 martin Exp $
NOMAN= # defined
@@ -7,7 +7,8 @@ NOMAN= # defined
TESTSDIR= ${TESTSBASE}/kernel
TESTS_SUBDIRS+= kqueue
-TESTS_C= t_lock
+TESTS_C+= t_cloexec
+TESTS_C+= t_lock
TESTS_C+= t_lockf
TESTS_C+= t_pty
TESTS_C+= t_mqueue
@@ -29,7 +30,8 @@ TESTS_SH+= t_origin
TESTS_SH+= t_procpath
BINDIR= ${TESTSDIR}
-PROGS= h_ps_strings1
+PROGS+= h_cloexec
+PROGS+= h_ps_strings1
PROGS+= h_ps_strings2
PROGS+= h_segv
PROGS+= h_getprocpath
Added files:
Index: src/tests/kernel/h_cloexec.c
diff -u /dev/null src/tests/kernel/h_cloexec.c:1.1.4.2
--- /dev/null Mon Nov 18 17:38:04 2024
+++ src/tests/kernel/h_cloexec.c Mon Nov 18 17:38:03 2024
@@ -0,0 +1,48 @@
+/* $NetBSD: h_cloexec.c,v 1.1.4.2 2024/11/18 17:38:03 martin Exp $ */
+
+/*-
+ * Copyright (c) 2024 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: h_cloexec.c,v 1.1.4.2 2024/11/18 17:38:03 martin Exp $");
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+int
+main(int argc, char **argv)
+{
+ int fd = atoi(argv[1]);
+ int flags;
+
+ if (fcntl(fd, F_GETFL, &flags) == 0)
+ return 1;
+ if (errno != EBADF)
+ return 2;
+ return 0;
+}
Index: src/tests/kernel/t_cloexec.c
diff -u /dev/null src/tests/kernel/t_cloexec.c:1.1.4.2
--- /dev/null Mon Nov 18 17:38:04 2024
+++ src/tests/kernel/t_cloexec.c Mon Nov 18 17:38:03 2024
@@ -0,0 +1,457 @@
+/* $NetBSD: t_cloexec.c,v 1.1.4.2 2024/11/18 17:38:03 martin Exp $ */
+
+/*-
+ * Copyright (c) 2024 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: t_cloexec.c,v 1.1.4.2 2024/11/18 17:38:03 martin Exp $");
+
+#include <sys/types.h>
+
+#include <sys/bitops.h>
+#include <sys/event.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/wait.h>
+
+#include <atf-c.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <spawn.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include "h_macros.h"
+
+/*
+ * Test close-on-exec as set in various ways
+ */
+
+static int
+open_via_accept4(void)
+{
+ static const union {
+ struct sockaddr sa;
+ struct sockaddr_un sun;
+ } name = { .sun = {
+ .sun_family = AF_LOCAL,
+ .sun_path = "socket",
+ } };
+ int slisten, saccept, c;
+
+ /*
+ * Create a listening server socket and bind it to the path.
+ */
+ RL(slisten = socket(PF_LOCAL, SOCK_STREAM, 0));
+ RL(bind(slisten, &name.sa, sizeof(name)));
+ RL(listen(slisten, SOMAXCONN));
+
+ /*
+ * Create an active client socket and connect it to the path --
+ * nonblocking, so we don't deadlock here. If connect doesn't
+ * succeed immediately, it had better fail immediately with
+ * EINPROGRESS.
+ */
+ RL(c = socket(PF_LOCAL, SOCK_STREAM|SOCK_NONBLOCK, 0));
+ if (connect(c, &name.sa, sizeof(name)) == -1) {
+ ATF_CHECK_EQ_MSG(errno, EINPROGRESS, "connect failed %d: %s",
+ errno, strerror(errno));
+ }
+
+ /*
+ * Accept a socket on the server side with SOCK_CLOEXEC.
+ */
+ RL(saccept = accept4(slisten, /*addr*/NULL, /*addrlen*/NULL,
+ SOCK_CLOEXEC));
+ return saccept;
+}
+
+static int
+open_via_clonedev(void)
+{
+ int fd;
+
+ RL(fd = open("/dev/drvctl", O_RDONLY|O_CLOEXEC));
+
+ return fd;
+}
+
+static int
+open_via_dup3(void)
+{
+ int fd3;
+
+ RL(fd3 = dup3(STDIN_FILENO, 3, O_CLOEXEC));
+ ATF_REQUIRE_EQ_MSG(fd3, 3, "dup3(STDIN_FILENO, 3, ...)"
+ " failed to return 3: %d", fd3);
+
+ return fd3;
+}
+
+static int
+open_via_fcntldupfd(void)
+{
+ int fd;
+
+ RL(fd = fcntl(STDIN_FILENO, F_DUPFD_CLOEXEC, 0));
+
+ return fd;
+}
+
+static int
+open_via_kqueue(void)
+{
+ int fd;
+
+ RL(fd = kqueue1(O_CLOEXEC));
+
+ return fd;
+}
+
+static int
+open_via_opencloexec(void)
+{
+ int fd;
+
+ RL(fd = open("file", O_RDWR|O_CREAT|O_CLOEXEC, 0644));
+
+ return fd;
+}
+
+static int
+open_via_openfcntlcloexec(void)
+{
+ int fd;
+
+ RL(fd = open("file", O_RDWR|O_CREAT, 0644));
+ RL(fcntl(fd, F_SETFD, FD_CLOEXEC));
+
+ return fd;
+}
+
+static int
+open_via_openioctlfioclex(void)
+{
+ int fd;
+
+ RL(fd = open("file", O_RDWR|O_CREAT, 0644));
+ RL(ioctl(fd, FIOCLEX));
+
+ return fd;
+}
+
+static int
+open_via_pipe2rd(void)
+{
+ int fd[2];
+
+ RL(pipe2(fd, O_CLOEXEC));
+
+ return fd[0];
+}
+
+static int
+open_via_pipe2wr(void)
+{
+ int fd[2];
+
+ RL(pipe2(fd, O_CLOEXEC));
+
+ return fd[1];
+}
+
+static int
+open_via_paccept(void)
+{
+ static const union {
+ struct sockaddr sa;
+ struct sockaddr_un sun;
+ } name = { .sun = {
+ .sun_family = AF_LOCAL,
+ .sun_path = "socket",
+ } };
+ int slisten, saccept, c;
+
+ /*
+ * Create a listening server socket and bind it to the path.
+ */
+ RL(slisten = socket(PF_LOCAL, SOCK_STREAM, 0));
+ RL(bind(slisten, &name.sa, sizeof(name)));
+ RL(listen(slisten, SOMAXCONN));
+
+ /*
+ * Create an active client socket and connect it to the path --
+ * nonblocking, so we don't deadlock here. If connect doesn't
+ * succeed immediately, it had better fail immediately with
+ * EINPROGRESS.
+ */
+ RL(c = socket(PF_LOCAL, SOCK_STREAM|SOCK_NONBLOCK, 0));
+ if (connect(c, &name.sa, sizeof(name)) == -1) {
+ ATF_CHECK_EQ_MSG(errno, EINPROGRESS, "connect failed %d: %s",
+ errno, strerror(errno));
+ }
+
+ /*
+ * Accept a socket on the server side with SOCK_CLOEXEC.
+ */
+ RL(saccept = paccept(slisten, /*addr*/NULL, /*addrlen*/NULL,
+ /*sigmask*/NULL, SOCK_CLOEXEC));
+ return saccept;
+}
+
+static int
+open_via_socket(void)
+{
+ int fd;
+
+ RL(fd = socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0));
+
+ return fd;
+}
+
+static int
+open_via_socketpair0(void)
+{
+ int fd[2];
+
+ RL(socketpair(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0, fd));
+
+ return fd[0];
+}
+
+static int
+open_via_socketpair1(void)
+{
+ int fd[2];
+
+ RL(socketpair(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0, fd));
+
+ return fd[1];
+}
+
+/*
+ * XXX Close-on-exec paths still missing:
+ * XXX
+ * XXX compat_linux inotify
+ * XXX compat_linux close_range
+ * XXX drm i915_perf_open_ioctl
+ * XXX drm dma_buf
+ * XXX eventfd(2)
+ * XXX memfd(2)
+ * XXX timerfd(2)
+ * XXX recvmsg/recvmmsg with MSG_CMSG_CLOEXEC
+ */
+
+static void
+check_cloexec(const struct atf_tc *tc, int fd,
+ pid_t (*execfn)(char *, char *const[]))
+{
+ char h_cloexec[PATH_MAX];
+ char fdstr[(ilog2(INT_MAX) + 1)/(ilog2(10) - 1) + 1];
+ char *const argv[] = {__UNCONST("h_cloexec"), fdstr, NULL};
+ pid_t child, waitedpid;
+ int status;
+
+ /*
+ * Format the h_cloexec helper executable path, which lives in
+ * the test's directory (typically /usr/tests/kernel), and the
+ * argument of a file descriptor in decimal.
+ */
+ snprintf(h_cloexec, sizeof(h_cloexec), "%s/h_cloexec",
+ atf_tc_get_config_var(tc, "srcdir"));
+ snprintf(fdstr, sizeof(fdstr), "%d", fd);
+
+ /*
+ * Execute h_cloexec as a subprocess.
+ */
+ child = (*execfn)(h_cloexec, argv);
+
+ /*
+ * Wait for the child to complete.
+ */
+ RL(waitedpid = waitpid(child, &status, 0));
+ ATF_CHECK_EQ_MSG(child, waitedpid, "waited for %jd, got %jd",
+ (intmax_t)child, (intmax_t)waitedpid);
+
+ /*
+ * Verify the child exited normally.
+ */
+ if (WIFSIGNALED(status)) {
+ atf_tc_fail("subprocess terminated on signal %d",
+ WTERMSIG(status));
+ return;
+ } else if (!WIFEXITED(status)) {
+ atf_tc_fail("subprocess failed to exit normally: status=0x%x",
+ status);
+ return;
+ }
+
+ /*
+ * h_cloexec is supposed to exit status 0 if an operation on
+ * the fd failed with EBADFD, 1 if it unexpectedly succeeded,
+ * 127 if exec returned, or something else if anything else
+ * happened.
+ */
+ switch (WEXITSTATUS(status)) {
+ case 0: /* success -- closed on exec */
+ return;
+ case 1: /* fail -- not closed on exec */
+ atf_tc_fail("fd was not closed on exec");
+ return;
+ case 127: /* exec failed */
+ atf_tc_fail("failed to exec h_cloexec");
+ return;
+ default: /* something else went wong */
+ atf_tc_fail("h_cloexec failed unexpectedly: %d",
+ WEXITSTATUS(status));
+ return;
+ }
+}
+
+static pid_t
+exec_via_forkexecve(char *prog, char *const argv[])
+{
+ pid_t pid;
+
+ RL(pid = fork());
+ if (pid == 0) { /* child */
+ if (execve(prog, argv, /*envp*/NULL) == -1)
+ _exit(127);
+ abort();
+ }
+
+ /* parent */
+ return pid;
+}
+
+static pid_t
+exec_via_vforkexecve(char *prog, char *const argv[])
+{
+ pid_t pid;
+
+ RL(pid = vfork());
+ if (pid == 0) { /* child */
+ if (execve(prog, argv, /*envp*/NULL) == -1)
+ _exit(127);
+ abort();
+ }
+
+ /* parent */
+ return pid;
+}
+
+static pid_t
+exec_via_posixspawn(char *prog, char *const argv[])
+{
+ pid_t pid;
+
+ RZ(posix_spawn(&pid, prog, /*file_actions*/NULL, /*attrp*/NULL, argv,
+ /*envp*/NULL));
+
+ return pid;
+}
+
+/*
+ * Full cartesian product is not really important here -- the paths for
+ * open and the paths for exec are independent. So we try
+ * pipe2(O_CLOEXEC) with each exec path, and we try each open path with
+ * posix_spawn.
+ */
+
+#define CLOEXEC_TEST(test, openvia, execvia, descr) \
+ATF_TC(test); \
+ATF_TC_HEAD(test, tc) \
+{ \
+ atf_tc_set_md_var(tc, "descr", descr); \
+} \
+ATF_TC_BODY(test, tc) \
+{ \
+ check_cloexec(tc, openvia(), &execvia); \
+}
+
+CLOEXEC_TEST(pipe2rd_forkexecve, open_via_pipe2rd, exec_via_forkexecve,
+ "pipe2(O_CLOEXEC) reader is closed in child on fork/exec")
+CLOEXEC_TEST(pipe2rd_vforkexecve, open_via_pipe2rd, exec_via_vforkexecve,
+ "pipe2(O_CLOEXEC) reader is closed in child on vfork/exec")
+CLOEXEC_TEST(pipe2rd_posixspawn, open_via_pipe2rd, exec_via_posixspawn,
+ "pipe2(O_CLOEXEC) reader is closed in child on posix_spawn")
+
+CLOEXEC_TEST(accept4_posixspawn, open_via_accept4, exec_via_posixspawn,
+ "accept4(SOCK_CLOEXEC) is closed in child on posix_spawn");
+CLOEXEC_TEST(clonedev_posixspawn, open_via_clonedev, exec_via_posixspawn,
+ "open(\"/dev/drvctl\") is closed in child on posix_spawn");
+CLOEXEC_TEST(dup3_posixspawn, open_via_dup3, exec_via_posixspawn,
+ "dup3(..., O_CLOEXEC) is closed in child on posix_spawn");
+CLOEXEC_TEST(fcntldupfd_posixspawn, open_via_fcntldupfd, exec_via_posixspawn,
+ "fcntl(STDIN_FILENO, F_DUPFD_CLOEXEC) is closed in child on posix_spawn");
+CLOEXEC_TEST(kqueue_posixspawn, open_via_kqueue, exec_via_posixspawn,
+ "kqueue1(O_CLOEXEC) is closed in child on posix_spawn");
+CLOEXEC_TEST(opencloexec_posixspawn, open_via_opencloexec, exec_via_posixspawn,
+ "open(O_CLOEXEC) is closed in child on posix_spawn");
+CLOEXEC_TEST(openfcntlcloexec_posixspawn, open_via_openfcntlcloexec,
+ exec_via_posixspawn,
+ "fcntl(open(...), F_SETFD, O_CLOEXEC) is closed in child on posix_spawn");
+CLOEXEC_TEST(openioctlfioclex_posixspawn, open_via_openioctlfioclex,
+ exec_via_posixspawn,
+ "ioctl(open(...), FIOCLEX) is closed in child on posix_spawn");
+#if 0 /* already done above */
+CLOEXEC_TEST(pipe2rd_posixspawn, open_via_pipe2rd, exec_via_posixspawn,
+ "pipe2(O_CLOEXEC) reader is closed in child on posix_spawn")
+#endif
+CLOEXEC_TEST(pipe2wr_posixspawn, open_via_pipe2wr, exec_via_posixspawn,
+ "pipe2(O_CLOEXEC) writer is closed in child on posix_spawn")
+CLOEXEC_TEST(paccept_posixspawn, open_via_paccept, exec_via_posixspawn,
+ "paccept(..., SOCK_CLOEXEC) is closed in child on posix_spawn")
+CLOEXEC_TEST(socket_posixspawn, open_via_socket, exec_via_posixspawn,
+ "socket(SOCK_CLOEXEC) is closed in child on posix_spawn")
+CLOEXEC_TEST(socketpair0_posixspawn, open_via_socketpair0, exec_via_posixspawn,
+ "socketpair(SOCK_CLOEXEC) side 0 is closed in child on posix_spawn")
+CLOEXEC_TEST(socketpair1_posixspawn, open_via_socketpair1, exec_via_posixspawn,
+ "socketpair(SOCK_CLOEXEC) side 1 is closed in child on posix_spawn")
+
+ATF_TP_ADD_TCS(tp)
+{
+
+ ATF_TP_ADD_TC(tp, accept4_posixspawn);
+ ATF_TP_ADD_TC(tp, clonedev_posixspawn);
+ ATF_TP_ADD_TC(tp, dup3_posixspawn);
+ ATF_TP_ADD_TC(tp, fcntldupfd_posixspawn);
+ ATF_TP_ADD_TC(tp, kqueue_posixspawn);
+ ATF_TP_ADD_TC(tp, opencloexec_posixspawn);
+ ATF_TP_ADD_TC(tp, openfcntlcloexec_posixspawn);
+ ATF_TP_ADD_TC(tp, openioctlfioclex_posixspawn);
+ ATF_TP_ADD_TC(tp, paccept_posixspawn);
+ ATF_TP_ADD_TC(tp, pipe2rd_forkexecve);
+ ATF_TP_ADD_TC(tp, pipe2rd_posixspawn);
+ ATF_TP_ADD_TC(tp, pipe2rd_vforkexecve);
+ ATF_TP_ADD_TC(tp, pipe2wr_posixspawn);
+ ATF_TP_ADD_TC(tp, socket_posixspawn);
+ ATF_TP_ADD_TC(tp, socketpair0_posixspawn);
+ ATF_TP_ADD_TC(tp, socketpair1_posixspawn);
+
+ return atf_no_error();
+}
