From patchwork Mon Mar 29 07:58:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 411315 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1CB2C4345A for ; Mon, 29 Mar 2021 08:38:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CEB566193B for ; Mon, 29 Mar 2021 08:38:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234303AbhC2Iil (ORCPT ); Mon, 29 Mar 2021 04:38:41 -0400 Received: from mail.kernel.org ([198.145.29.99]:55278 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234606AbhC2Igv (ORCPT ); Mon, 29 Mar 2021 04:36:51 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id AA0A661929; Mon, 29 Mar 2021 08:36:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1617006962; bh=BWha6g2ReB6vQK8qQFmrEzo3gadJxJSoJqqOplO8hSo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ITuh8IH3MwYGE8OnYUJ2pojXi6tx5eyQ6Iqet1kdfSCpbOLpILFItFantJmJeqESC aNkIfAd6MX8ZhSrNw3g1zqL/eIqG5Rhwx3ZpbYuGO/uIktzTizKupmihubuj2pP2EW XvW3D7MnOBta5nZDI8kStMHP5dpvbqSTzSXOVQ6s= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kumar Kartikeya Dwivedi , Daniel Borkmann , =?utf-8?b?VG9rZSBIw7hp?= =?utf-8?q?land-J=C3=B8rgensen?= , Sasha Levin Subject: [PATCH 5.11 170/254] libbpf: Use SOCK_CLOEXEC when opening the netlink socket Date: Mon, 29 Mar 2021 09:58:06 +0200 Message-Id: <20210329075638.758700890@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210329075633.135869143@linuxfoundation.org> References: <20210329075633.135869143@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Kumar Kartikeya Dwivedi [ Upstream commit 58bfd95b554f1a23d01228672f86bb489bdbf4ba ] Otherwise, there exists a small window between the opening and closing of the socket fd where it may leak into processes launched by some other thread. Fixes: 949abbe88436 ("libbpf: add function to setup XDP") Signed-off-by: Kumar Kartikeya Dwivedi Signed-off-by: Daniel Borkmann Acked-by: Toke Høiland-Jørgensen Link: https://lore.kernel.org/bpf/20210317115857.6536-1-memxor@gmail.com Signed-off-by: Sasha Levin --- tools/lib/bpf/netlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/lib/bpf/netlink.c b/tools/lib/bpf/netlink.c index 4dd73de00b6f..d2cb28e9ef52 100644 --- a/tools/lib/bpf/netlink.c +++ b/tools/lib/bpf/netlink.c @@ -40,7 +40,7 @@ static int libbpf_netlink_open(__u32 *nl_pid) memset(&sa, 0, sizeof(sa)); sa.nl_family = AF_NETLINK; - sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + sock = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_ROUTE); if (sock < 0) return -errno;