From patchwork Mon Mar 29 07:58:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 411520 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B2ADBC433E6 for ; Mon, 29 Mar 2021 08:16:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8CFEA61990 for ; Mon, 29 Mar 2021 08:16:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232906AbhC2IQP (ORCPT ); Mon, 29 Mar 2021 04:16:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:58964 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232903AbhC2IOn (ORCPT ); Mon, 29 Mar 2021 04:14:43 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id C2EE8619BD; Mon, 29 Mar 2021 08:14:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1617005679; bh=OXEfGx1wGYh8keCRUrCeaodw00FfIeYPvEMd9IROcmY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eoE2ww6fEOo6qhFLR1z+Dxq43AXxpnU4x0HXA5TOvbG2zaxIE9Ln3wDuVu8WiWZoV alCi6lPHx+GklKt7gEQJXuytI6JSDj3lkqVLSuE4SeIX78kPusqUFp+GAb8BqFBfc6 9kZ8BZ+UTKrRah5WXKEJ4sYlTMdyH5T+NIuq7ZUs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kumar Kartikeya Dwivedi , Daniel Borkmann , =?utf-8?b?VG9rZSBIw7hp?= =?utf-8?q?land-J=C3=B8rgensen?= , Sasha Levin Subject: [PATCH 5.4 079/111] libbpf: Use SOCK_CLOEXEC when opening the netlink socket Date: Mon, 29 Mar 2021 09:58:27 +0200 Message-Id: <20210329075617.844837122@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210329075615.186199980@linuxfoundation.org> References: <20210329075615.186199980@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Kumar Kartikeya Dwivedi [ Upstream commit 58bfd95b554f1a23d01228672f86bb489bdbf4ba ] Otherwise, there exists a small window between the opening and closing of the socket fd where it may leak into processes launched by some other thread. Fixes: 949abbe88436 ("libbpf: add function to setup XDP") Signed-off-by: Kumar Kartikeya Dwivedi Signed-off-by: Daniel Borkmann Acked-by: Toke Høiland-Jørgensen Link: https://lore.kernel.org/bpf/20210317115857.6536-1-memxor@gmail.com Signed-off-by: Sasha Levin --- tools/lib/bpf/netlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/lib/bpf/netlink.c b/tools/lib/bpf/netlink.c index 88416be2bf99..5ec8043c71bc 100644 --- a/tools/lib/bpf/netlink.c +++ b/tools/lib/bpf/netlink.c @@ -37,7 +37,7 @@ int libbpf_netlink_open(__u32 *nl_pid) memset(&sa, 0, sizeof(sa)); sa.nl_family = AF_NETLINK; - sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + sock = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_ROUTE); if (sock < 0) return -errno;