From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NAAir-0001Nf-LX
	for qemu-devel@nongnu.org; Mon, 16 Nov 2009 18:11:01 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NAAim-0001JC-Bc
	for qemu-devel@nongnu.org; Mon, 16 Nov 2009 18:11:00 -0500
Received: from [199.232.76.173] (port=39449 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NAAim-0001J1-17
	for qemu-devel@nongnu.org; Mon, 16 Nov 2009 18:10:56 -0500
Received: from mail2.shareable.org ([80.68.89.115]:34497)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <jamie@shareable.org>) id 1NAAil-0000Nw-IS
	for qemu-devel@nongnu.org; Mon, 16 Nov 2009 18:10:55 -0500
Date: Mon, 16 Nov 2009 23:10:53 +0000
From: Jamie Lokier <jamie@shareable.org>
Subject: Re: [Qemu-devel] [PATCH] Don't leak file descriptors
Message-ID: <20091116231053.GH12063@shareable.org>
References: <1258125436-23759-1-git-send-email-kwolf@redhat.com>
	<f43fc5580911131305q45380957n5ea0338fea238dfc@mail.gmail.com>
	<4B0149C8.7040203@redhat.com>
	<f43fc5580911160821n3ee3780dx38ad25ab7b33af83@mail.gmail.com>
	<20091116230507.GG12063@shareable.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20091116230507.GG12063@shareable.org>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Blue Swirl <blauwirbel@gmail.com>
Cc: Kevin Wolf <kwolf@redhat.com>, qemu-devel@nongnu.org

Jamie Lokier wrote:
> Blue Swirl wrote:
> > On Mon, Nov 16, 2009 at 2:47 PM, Kevin Wolf <kwolf@redhat.com> wrote:
> > > Am 13.11.2009 22:05, schrieb Blue Swirl:
> > >> On Fri, Nov 13, 2009 at 5:17 PM, Kevin Wolf <kwolf@redhat.com> wrote:
> > >>> We're leaking file descriptors to child processes. Set FD_CLOEXEC on file
> > >>> descriptors that don't need to be passed to children to stop this misbehaviour.
> > >>
> > >>> -        c = accept(s, (struct sockaddr *)&addr, &addrlen);
> > >>> +        c = qemu_accept(s, (struct sockaddr *)&addr, &addrlen);
> > >>
> > >> Would it be possible to improve the interface so that no casts are
> > >> needed for the calling code?
> > >
> > > How exactly would you do that? The only way I see to do it would be
> > > using void*, but I'm not sure if this really is an improvement.
> > 
> > Instead of sockaddr_in vs. sockaddr and the lame casts in between, we
> > could have QSockAddr which magically works. Or if we only ever use
> > sockaddr_in, just use that.
> 
> int qemu_accept(int s, union __attribute__((__transparent_union__)) {
>                                struct sockaddr *sa;
>                                struct sockaddr_in *sin;
>                                struct sockaddr_in6 *sin6;
>                 } addr, socklen_t len);
> 
> #define qemu_accept(s, addr) qemu_accept(s, addr, sizeof(*addr))
> 
> Seems to work. :-)

The transparent_union is what Glibc uses for accept(), by the way,
when _GNU_SOURCE is defined.  That's why the old code using
accept() compiled without warnings despite the type mismatch.

Grep for __SOCKADDR_ARG in Glibc's /usr/include/sys/socket.h.

-- Jamie