Re: [PATCH] events: add a flag to perf_event_open() to set O_CLOEXEC

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Yann Droneaud <ydroneaud@opteya.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Paul Mackerras <paulus@samba.org>, Ingo Molnar <mingo@redhat.com>,
	Arnaldo Carvalho de Melo <acme@ghostprotocols.net>,
	linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk,
	Yann Droneaud <ydroneaud@opteya.com>
Subject: Re: [PATCH] events: add a flag to perf_event_open() to set O_CLOEXEC
Date: Mon, 04 Nov 2013 16:05:38 +0100	[thread overview]
Message-ID: <1383577538.18301.28.camel@localhost.localdomain> (raw)
In-Reply-To: <20131031181202.GA19466@laptop.lan>

Hi,

Le jeudi 31 octobre 2013 à 19:12 +0100, Peter Zijlstra a écrit :
> On Wed, Oct 30, 2013 at 10:35:50PM +0100, Yann Droneaud wrote:
> > This patch adds PERF_FLAG_FD_CLOEXEC flag for
> > perf_event_open() syscall.
> > 
> > perf_event_open() creates a new file descriptor,
> > but unlike open() syscall, it lack a flag to atomicaly
> > set close-on-exec (O_CLOEXEC).
> > 
> > Not using O_CLOEXEC by default and not letting userspace
> > provide the "open" flags should be avoided: in most case
> > O_CLOEXEC must be used to not leak file descriptor across
> > exec().
> > 
> > Using O_CLOEXEC when creating a file descriptor allows
> > userspace to set latter, using fcntl(), without any risk
> > of race, if the file descriptor is going to be inherited
> > or not across exec().
> > 
> > Link: http://lkml.kernel.org/r/94b641a81a06ba4943cf77e80bc271c8@meuh.org
> > Link: http://lkml.kernel.org/r/cover.1383121137.git.ydroneaud@opteya.com
> > Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
> > ---
> > 
> > Hi Peter,
> > 
> > This patch should replaces
> > "[PATCH v4 6/7] events: use get_unused_fd_flags(0) instead of get_unused_fd()"
> > 
> > Please have a look.
> 
> I'm still terminally confused as to all of this... Why does it matter
> what the default is if you can change it with fcntl() ?

There's a possible race between open() and fcntl()in multi-threaded
program, that's why O_CLOEXEC was added to open(), and then added to
many other system calls.

>  Also, how can you tell nobody relies on the current behaviour and its therefore safe
> to change?
> 

If *you* cannot tell, then no one could tell, thus the default *must*
not be changed because no one could ever be sure that no application
rely on the current behavior.

But it's rather pointless to change the default, since the caller of
get_unused_fd(), eg. syscall perf_event_open(), has a flags argument
that can be used to ask for O_CLOEXEC. Just like other syscall extended
to support O_CLOEXEC.

You might want to read "Secure File Descriptor Handling" by 
Ulrich Drepper [1] who is responsible to adding O_CLOEXEC on open,
and probably other syscalls

[1] http://udrepper.livejournal.com/20407.html

Regards.

-- 
Yann Droneaud
OPTEYA

next prev parent reply	other threads:[~2013-11-04 15:06 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-30 19:47 [PATCH v4 0/7] Getting rid of get_unused_fd() Yann Droneaud
2013-10-30 19:47 ` [PATCH v4 1/7] ia64: use get_unused_fd_flags(0) instead " Yann Droneaud
2013-10-30 19:47 ` [PATCH v4 2/7] ppc/cell: " Yann Droneaud
2013-10-30 19:47 ` [PATCH v4 3/7] binfmt_misc: " Yann Droneaud
2013-10-30 19:47 ` [PATCH v4 4/7] file: " Yann Droneaud
2013-10-30 19:47 ` [PATCH v4 5/7] fanotify: " Yann Droneaud
2013-10-30 19:47 ` [PATCH v4 6/7] events: " Yann Droneaud
2013-10-30 20:20   ` Peter Zijlstra
2013-10-30 21:18     ` Yann Droneaud
2013-10-30 21:35       ` [PATCH] events: add a flag to perf_event_open() to set O_CLOEXEC Yann Droneaud
2013-10-31 18:12         ` Peter Zijlstra
2013-11-04 15:05           ` Yann Droneaud [this message]
2013-10-30 22:00       ` [PATCH v4 6/7] events: use get_unused_fd_flags(0) instead of get_unused_fd() Yann Droneaud
2013-10-30 19:47 ` [PATCH v4 7/7] file: remove get_unused_fd() macro Yann Droneaud

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1383577538.18301.28.camel@localhost.localdomain \
    --to=ydroneaud@opteya.com \
    --cc=acme@ghostprotocols.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=paulus@samba.org \
    --cc=peterz@infradead.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox