| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20201013140609.2269319-2-gscrivan@redhat.com>
Date: Tue, 13 Oct 2020 16:06:08 +0200
From: Giuseppe Scrivano <gscrivan@...hat.com>
To: linux-kernel@...r.kernel.org
Cc: viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org,
christian.brauner@...ntu.com, containers@...ts.linux-foundation.org
Subject: [PATCH 1/2] fs, close_range: add flag CLOSE_RANGE_CLOEXEC
When the flag CLOSE_RANGE_CLOEXEC is set, close_range doesn't
immediately close the files but it sets the close-on-exec bit.
Signed-off-by: Giuseppe Scrivano <gscrivan@...hat.com>
---
fs/file.c | 56 ++++++++++++++++++++++----------
include/uapi/linux/close_range.h | 3 ++
2 files changed, 42 insertions(+), 17 deletions(-)
diff --git a/fs/file.c b/fs/file.c
index 21c0893f2f1d..ad4ebee41e09 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -672,6 +672,17 @@ int __close_fd(struct files_struct *files, unsigned fd)
}
EXPORT_SYMBOL(__close_fd); /* for ksys_close() */
+static unsigned int __get_max_fds(struct files_struct *cur_fds)
+{
+ unsigned int max_fds;
+
+ rcu_read_lock();
+ /* cap to last valid index into fdtable */
+ max_fds = files_fdtable(cur_fds)->max_fds;
+ rcu_read_unlock();
+ return max_fds;
+}
+
/**
* __close_range() - Close all file descriptors in a given range.
*
@@ -683,27 +694,23 @@ EXPORT_SYMBOL(__close_fd); /* for ksys_close() */
*/
int __close_range(unsigned fd, unsigned max_fd, unsigned int flags)
{
- unsigned int cur_max;
+ unsigned int cur_max = UINT_MAX;
struct task_struct *me = current;
struct files_struct *cur_fds = me->files, *fds = NULL;
- if (flags & ~CLOSE_RANGE_UNSHARE)
+ if (flags & ~(CLOSE_RANGE_UNSHARE | CLOSE_RANGE_CLOEXEC))
return -EINVAL;
if (fd > max_fd)
return -EINVAL;
- rcu_read_lock();
- cur_max = files_fdtable(cur_fds)->max_fds;
- rcu_read_unlock();
-
- /* cap to last valid index into fdtable */
- cur_max--;
-
if (flags & CLOSE_RANGE_UNSHARE) {
int ret;
unsigned int max_unshare_fds = NR_OPEN_MAX;
+ /* cap to last valid index into fdtable */
+ cur_max = __get_max_fds(cur_fds) - 1;
+
/*
* If the requested range is greater than the current maximum,
* we're closing everything so only copy all file descriptors
@@ -724,16 +731,31 @@ int __close_range(unsigned fd, unsigned max_fd, unsigned int flags)
swap(cur_fds, fds);
}
- max_fd = min(max_fd, cur_max);
- while (fd <= max_fd) {
- struct file *file;
+ if (flags & CLOSE_RANGE_CLOEXEC) {
+ struct fdtable *fdt;
- file = pick_file(cur_fds, fd++);
- if (!file)
- continue;
+ spin_lock(&cur_fds->file_lock);
+ fdt = files_fdtable(cur_fds);
+ cur_max = fdt->max_fds - 1;
+ max_fd = min(max_fd, cur_max);
+ while (fd <= max_fd)
+ __set_close_on_exec(fd++, fdt);
+ spin_unlock(&cur_fds->file_lock);
+ } else {
+ /* Initialize cur_max if needed. */
+ if (cur_max == UINT_MAX)
+ cur_max = __get_max_fds(cur_fds) - 1;
+ max_fd = min(max_fd, cur_max);
+ while (fd <= max_fd) {
+ struct file *file;
- filp_close(file, cur_fds);
- cond_resched();
+ file = pick_file(cur_fds, fd++);
+ if (!file)
+ continue;
+
+ filp_close(file, cur_fds);
+ cond_resched();
+ }
}
if (fds) {
diff --git a/include/uapi/linux/close_range.h b/include/uapi/linux/close_range.h
index 6928a9fdee3c..2d804281554c 100644
--- a/include/uapi/linux/close_range.h
+++ b/include/uapi/linux/close_range.h
@@ -5,5 +5,8 @@
/* Unshare the file descriptor table before closing file descriptors. */
#define CLOSE_RANGE_UNSHARE (1U << 1)
+/* Set the FD_CLOEXEC bit instead of closing the file descriptor. */
+#define CLOSE_RANGE_CLOEXEC (1U << 2)
+
#endif /* _UAPI_LINUX_CLOSE_RANGE_H */
--
2.26.2
Powered by blists - more mailing lists