Displaying 20 results from an estimated 98 matches for "sock_cloexec".
2019 Aug 01
2
Re: [nbdkit PATCH 4/8] Revert "RHEL 5: Define O_CLOEXEC and SOCK_CLOEXEC."
...verts commit 25206df20275aeff346d9b86adf5e9be99cc9e43.
>
> An upcoming patch wants to ensure no leaked fds from the server to a
> child process. POSIX has required O_CLOEXEC since 2008, and although
> current POSIX doesn't yet specify full atomic interfaces everywhere
> such as SOCK_CLOEXEC, it does have an open bug since 2014 [1]
> recommending the full set of interfaces that will be mandatory in the
> next revision of POSIX. Most modern OS have caught up to that (RHEL 6
> and FreeBSD 10 support SOCK_CLOEXEC, for example), and we're doing
> ourselves a disservice by...
2019 Aug 01
1
Re: [nbdkit PATCH 4/8] Revert "RHEL 5: Define O_CLOEXEC and SOCK_CLOEXEC."
On 8/1/19 4:15 AM, Richard W.M. Jones wrote:
> On Thu, Aug 01, 2019 at 10:06:01AM +0100, Richard W.M. Jones wrote:
>> As far as I can see Haiku (hrev52698) has O_CLOEXEC but NOT
>> SOCK_CLOEXEC. As this version is a little old I'll do an update and
>> see if newer versions support it.
>
> I'm on hrev53313+1 which also doesn't appear to have SOCK_CLOEXEC (nor
> does it have accept4).
Ouch. Then I'm seriously thinking of a followup patch which either
forces...
2019 May 25
2
[PATCH libnbd] states: connect_command: Don't set O_NONBLOCK on socket passed to child.
...#include <errno.h>
#include <signal.h>
#include <netdb.h>
@@ -183,12 +184,12 @@
CONNECT_COMMAND.START:
int sv[2];
pid_t pid;
+ int flags;
assert (!h->sock);
assert (h->argv);
assert (h->argv[0]);
- if (socketpair (AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0,
- sv) == -1) {
+ if (socketpair (AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, sv) == -1) {
SET_NEXT_STATE (%.DEAD);
set_error (errno, "socketpair");
return -1;
@@ -219,13 +220,27 @@
}
/* Parent. */
+ close (sv[1]);
+
h->pid = pid;
+
+ /* The s...
2019 May 25
1
Re: [PATCH libnbd] states: connect_command: Don't set O_NONBLOCK on socket passed to child.
...> generator/states-connect.c | 21 ++++++++++++++++++---
>> 1 file changed, 18 insertions(+), 3 deletions(-)
>>
>
>> assert (!h->sock);
>> assert (h->argv);
>> assert (h->argv[0]);
>> - if (socketpair (AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0,
>> - sv) == -1) {
>> + if (socketpair (AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, sv) == -1) {
>
> Is it any easier to keep SOCK_NONBLOCK here and then clear O_NONBLOCK in
> the child process? It may matter if we try to port to a system that
> lacks SOCK_CL...
2019 Jul 31
0
[nbdkit PATCH 4/8] Revert "RHEL 5: Define O_CLOEXEC and SOCK_CLOEXEC."
This reverts commit 25206df20275aeff346d9b86adf5e9be99cc9e43.
An upcoming patch wants to ensure no leaked fds from the server to a
child process. POSIX has required O_CLOEXEC since 2008, and although
current POSIX doesn't yet specify full atomic interfaces everywhere
such as SOCK_CLOEXEC, it does have an open bug since 2014 [1]
recommending the full set of interfaces that will be mandatory in the
next revision of POSIX. Most modern OS have caught up to that (RHEL 6
and FreeBSD 10 support SOCK_CLOEXEC, for example), and we're doing
ourselves a disservice by using silent fallbac...
2019 Aug 02
0
[nbdkit PATCH v2 04/17] Revert "RHEL 5: Define O_CLOEXEC and SOCK_CLOEXEC."
This reverts commit 25206df20275aeff346d9b86adf5e9be99cc9e43, and
temporarily breaks compilation on Haiku which has O_CLOEXEC but lacks
SOCK_CLOEXEC [1].
An upcoming patch wants to ensure no leaked fds from the server to a
child process. POSIX has required O_CLOEXEC since 2008, and that is
long enough that we should start blindly relying on it. Meanwhile,
POSIX doesn't yet specify full atomic interfaces everywhere
(SOCK_CLOEXEC and accep...
2019 Aug 01
0
Re: [nbdkit PATCH 4/8] Revert "RHEL 5: Define O_CLOEXEC and SOCK_CLOEXEC."
On Thu, Aug 01, 2019 at 10:06:01AM +0100, Richard W.M. Jones wrote:
> As far as I can see Haiku (hrev52698) has O_CLOEXEC but NOT
> SOCK_CLOEXEC. As this version is a little old I'll do an update and
> see if newer versions support it.
I'm on hrev53313+1 which also doesn't appear to have SOCK_CLOEXEC (nor
does it have accept4).
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my...
2015 Feb 09
5
Re: Patchable build problems on OS X 10.10
...,18 @@
> > #include "guestfs-internal-actions.h"
> > #include "guestfs_protocol.h"
> >
> > +/* Fixes for Mac OS X */
> > +#if defined __APPLE__ && defined __MACH__
> > +#include <sys/un.h>
> > +#endif
> > +#ifndef SOCK_CLOEXEC
> > +# define SOCK_CLOEXEC O_CLOEXEC
> > +#endif
> > +#ifndef SOCK_NONBLOCK
> > +# define SOCK_NONBLOCK O_NONBLOCK
> > +#endif
> > +/* End of fixes for Mac OS X */
> > +
> > /* Check minimum required version of libvirt. The libvirt backend
> >...
2015 Nov 04
3
[PATCH] launch: add missing headers on Darwin
...a/src/launch-libvirt.c b/src/launch-libvirt.c
index 1649884..ad07210 100644
--- a/src/launch-libvirt.c
+++ b/src/launch-libvirt.c
@@ -52,6 +52,7 @@
/* Fixes for Mac OS X */
#if defined __APPLE__ && defined __MACH__
#include <sys/un.h>
+#include <sys/fcntl.h>
#endif
#ifndef SOCK_CLOEXEC
# define SOCK_CLOEXEC O_CLOEXEC
diff --git a/src/launch-unix.c b/src/launch-unix.c
index 5cce9c1..f57910d 100644
--- a/src/launch-unix.c
+++ b/src/launch-unix.c
@@ -25,6 +25,10 @@
#include <string.h>
#include <libintl.h>
+#if defined __APPLE__ && defined __MACH__
+#include...
2019 Aug 02
1
[nbdkit PATCH] server: Restrict thread model when no atomic CLOEXEC
..._current_dir_name \
mkostemp \
diff --git a/common/utils/utils.c b/common/utils/utils.c
index 9ac3443b..029b6685 100644
--- a/common/utils/utils.c
+++ b/common/utils/utils.c
@@ -140,13 +140,15 @@ exit_status_to_nbd_error (int status, const char *cmd)
*/
int
set_cloexec (int fd) {
-#if defined SOCK_CLOEXEC && defined HAVE_MKOSTEMP && defined HAVE_PIPE2
+#if (defined SOCK_CLOEXEC && defined HAVE_MKOSTEMP && defined HAVE_PIPE2 && \
+ defined HAVE_ACCEPT4)
nbdkit_error ("prefer creating fds with CLOEXEC atomically set");
close (fd);
errno =...
2019 May 25
0
Re: [PATCH libnbd] states: connect_command: Don't set O_NONBLOCK on socket passed to child.
...> error paths.
> ---
> generator/states-connect.c | 21 ++++++++++++++++++---
> 1 file changed, 18 insertions(+), 3 deletions(-)
>
> assert (!h->sock);
> assert (h->argv);
> assert (h->argv[0]);
> - if (socketpair (AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0,
> - sv) == -1) {
> + if (socketpair (AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, sv) == -1) {
Is it any easier to keep SOCK_NONBLOCK here and then clear O_NONBLOCK in
the child process? It may matter if we try to port to a system that
lacks SOCK_CLOEXEC (SOCK_NONBLOCK and SOC...
2019 Oct 18
2
Re: [PATCH nbdkit] Add support for AF_VSOCK.
...lse {
> + /* --port parameter must be numeric for vsock, unless
> + * /etc/services is extended but that seems unlikely. XXX
> + */
> + if (nbdkit_parse_uint32_t ("port", port, &vsock_port) == -1)
> + exit (EXIT_FAILURE);
> + }
> +
> +#ifdef SOCK_CLOEXEC
> + sock = socket (AF_VSOCK, SOCK_STREAM|SOCK_CLOEXEC, 0);
> +#else
> + /* Fortunately, this code is only run at startup, so there is no
> + * risk of the fd leaking to a plugin's fork()
> + */
> + sock = set_cloexec (socket (AF_VSOCK, SOCK_STREAM, 0));
Even better, al...
2019 Jul 31
13
[nbdkit PATCH 0/8] fd leak safety
.... (Nothing like finding several other pre-requisite
bugs to fix first before getting to my real goal...)
Eric Blake (8):
rate: Pass through delay failures
server: Don't leave uninit variable on failure
server: Add test for nbdkit_read_password
Revert "RHEL 5: Define O_CLOEXEC and SOCK_CLOEXEC."
cow, cache: Better mkostemp fallback
server: Atomically set CLOEXEC on all fds
filters: Set CLOEXEC on files opened during .config
rate: Atomically set CLOEXEC on fds
server/internal.h | 8 ----
filters/cache/blk.c | 19 ++++++++-
filters/cow/blk.c...
2019 Aug 02
0
[nbdkit PATCH v2 07/17] build: Audit for use of pipe2
...her printf("%m") works
diff --git a/common/utils/utils.c b/common/utils/utils.c
index 7b63b4d4..9ac3443b 100644
--- a/common/utils/utils.c
+++ b/common/utils/utils.c
@@ -140,13 +140,13 @@ exit_status_to_nbd_error (int status, const char *cmd)
*/
int
set_cloexec (int fd) {
-#if defined SOCK_CLOEXEC && defined HAVE_MKOSTEMP
+#if defined SOCK_CLOEXEC && defined HAVE_MKOSTEMP && defined HAVE_PIPE2
nbdkit_error ("prefer creating fds with CLOEXEC atomically set");
close (fd);
errno = EBADF;
return -1;
#else
-# if defined SOCK_CLOEXEC || defined HAVE_M...
2015 Feb 09
0
Re: Patchable build problems on OS X 10.10
...7 Richard W.M. Jones wrote:
> > On Thu, Feb 05, 2015 at 10:53:06PM +0000, Margaret Lewicka wrote:
> > > +/* Fixes for Mac OS X */
> > > +#if defined __APPLE__ && defined __MACH__
> > > +#include <sys/un.h>
> > > +#endif
> > > +#ifndef SOCK_CLOEXEC
> > > +# define SOCK_CLOEXEC O_CLOEXEC
> > > +#endif
> > > +#ifndef SOCK_NONBLOCK
> > > +# define SOCK_NONBLOCK O_NONBLOCK
> > > +#endif
> > > +/* End of fixes for Mac OS X */
> > > +
> > > /* Check minimum required version of...
2019 Aug 02
23
[nbdkit PATCH v2 00/17] fd leak safety
...tch 10 on whether I've picked the best
naming convention.
Eric Blake (17):
maint: Rename server/utils.c to server/public.c
plugins: Expose more thread_model details in --dump-plugin
server: Add utility functions for setting CLOEXEC and NONBLOCK
Revert "RHEL 5: Define O_CLOEXEC and SOCK_CLOEXEC."
build: Audit existing use of SOCK_CLOEXEC
cow, cache: Better mkostemp fallback
build: Audit for use of pipe2
rate: Atomically set CLOEXEC on fds
server: Use atomic CLOEXEC for nbdkit_read_password
plugins: Add .fork_safe field
server: Atomically set CLOEXEC on accept fds
filt...
2011 Nov 12
5
[Bug 1950] New: sshd tries to bind over and over to ::1 for several seconds
..., SO_REUSEADDR, [1], 4) = 0
<0.000015>
28636 10:33:49 bind(6, {sa_family=AF_INET, sin_port=htons(6493),
sin_addr=inet_addr("127.0.0.1")}, 16) = 0 <0.000012>
28636 10:33:49 socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 7
<0.000017>
28636 10:33:49 socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 8
<0.000012>
28636 10:33:49 connect(8, {sa_family=AF_FILE, path="/dev/log"}, 110) =
-1 EPROTOTYPE (Protocol wrong type for socket) <0.000016>
28636 10:33:49 close(8) = 0 <0.000016>
28636 10:33:49 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC, 0) = 8
<...
2013 Mar 07
4
[PATCH 0/4] Small refactorings of the protocol layer.
As the start of work to add remote support, I'm taking a close look at
the protocol layer in the library. These are some small cleanups.
Rich.
2019 Aug 02
2
Re: [nbdkit PATCH v2 10/17] plugins: Add .fork_safe field
On Fri, Aug 02, 2019 at 02:26:11PM -0500, Eric Blake wrote:
> Allow a plugin field to declare whether a parallel plugin can tolerate
> windows where fds are not CLOEXEC, or must take precautions to avoid
> leaking fds if the plugin may fork. For safety reasons, the flag
> defaults to off, but many in-tree plugins can set it to on (most
> commonly because they don't fork after
2016 Jan 29
7
[PATCH 1/6] launch: unix: check for length of sockets
Error out early if the path to the socket will not fit into
sockaddr_un::sun_path, as we will not be able to connect to it.
---
src/launch-unix.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/launch-unix.c b/src/launch-unix.c
index 740c554..973e14b 100644
--- a/src/launch-unix.c
+++ b/src/launch-unix.c
@@ -47,6 +47,12 @@ launch_unix (guestfs_h *g, void *datav, const char