Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3416983pxf;
        Mon, 29 Mar 2021 01:25:22 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyGme8brYn6EiLm38LrJHq85jUnaVAcYurnOncIPxwR840BYf8JtZtwFZRdxmYYVDgptftR
X-Received: by 2002:a50:ec96:: with SMTP id e22mr27419208edr.385.1617006322659;
        Mon, 29 Mar 2021 01:25:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617006322; cv=none;
        d=google.com; s=arc-20160816;
        b=TbM+IqJT7Z5LDVvmsLpElw6zBO+yjwVeFfbzhxaQK1+JGrL5Z5XzD4uexTp2NcHJz1
         EYMbB/TdvTwD67rXTDhxQFgTSlZB14dgFo/iXDQd6YhvbGb1FEO/LEf9kgwWb4sqFo8n
         gc9JobWcxbXM7us2JQSDsnwWsWF3Ro85bSEZ8y0Ijrwy1RJyPgStdno9gAmOOPSr1FK1
         vWc2feFZgUJG/BNpyB4RY3+TYNvIun5u7sHi6vB4WqzPGj1O8ZIPQy869F9Pl2ip2vjW
         ZdpKdpll1+xGCb3F0AcbDO7JMS9ogqPOwIu4Hgxi3MdOE098g1Y5OLF6GJitcMfkrrIi
         9Jbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=KSiyYbG0ndiFQlSu5Yar9wtFxqQ1F9WjPoVi02k5eTw=;
        b=sIR9gwmvmLfhJ+BEpPliNcFJR01JCoJJYb1+JItME+rfXqTCxGwft/Pzx0QF1K8LPU
         ISQGS4MXav+edjMjHMiuvQSqEjcIuGKu6RLp9L9Kk4Jo3lA3xM37P8X7pGFreC0Q7V78
         jUnScNHog6A3nk7y8pGRbRypmM0PG4LhwM759M9M8d54F9IdHL9OwDTnw2C4mD2JIAzh
         i9OYpz8/cquPPKwTlCuQvaTZjiSw5O136fmmAfTfgxNtUWH7idKwCGYuIwHSXZCVMH59
         bQ8kPaE32UsU26rZc+yqYfnKY7xZzKSnK9mFGcEXych1FT6JaRsKesCGYARJTCrG6EqA
         l7Ow==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=eoE2ww6f;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id r1si12202930edp.303.2021.03.29.01.25.00;
        Mon, 29 Mar 2021 01:25:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=eoE2ww6f;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234053AbhC2IWy (ORCPT <rfc822;mahfouz.saif.elyazal@gmail.com>
        + 99 others); Mon, 29 Mar 2021 04:22:54 -0400
Received: from mail.kernel.org ([198.145.29.99]:58964 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S232903AbhC2IOn (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Mar 2021 04:14:43 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id C2EE8619BD;
        Mon, 29 Mar 2021 08:14:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1617005679;
        bh=OXEfGx1wGYh8keCRUrCeaodw00FfIeYPvEMd9IROcmY=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=eoE2ww6fEOo6qhFLR1z+Dxq43AXxpnU4x0HXA5TOvbG2zaxIE9Ln3wDuVu8WiWZoV
         alCi6lPHx+GklKt7gEQJXuytI6JSDj3lkqVLSuE4SeIX78kPusqUFp+GAb8BqFBfc6
         9kZ8BZ+UTKrRah5WXKEJ4sYlTMdyH5T+NIuq7ZUs=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Kumar Kartikeya Dwivedi <memxor@gmail.com>,
        Daniel Borkmann <daniel@iogearbox.net>,
        =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= <toke@redhat.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 079/111] libbpf: Use SOCK_CLOEXEC when opening the netlink socket
Date:   Mon, 29 Mar 2021 09:58:27 +0200
Message-Id: <20210329075617.844837122@linuxfoundation.org>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210329075615.186199980@linuxfoundation.org>
References: <20210329075615.186199980@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Kumar Kartikeya Dwivedi <memxor@gmail.com>

[ Upstream commit 58bfd95b554f1a23d01228672f86bb489bdbf4ba ]

Otherwise, there exists a small window between the opening and closing
of the socket fd where it may leak into processes launched by some other
thread.

Fixes: 949abbe88436 ("libbpf: add function to setup XDP")
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Link: https://lore.kernel.org/bpf/20210317115857.6536-1-memxor@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/lib/bpf/netlink.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/lib/bpf/netlink.c b/tools/lib/bpf/netlink.c
index 88416be2bf99..5ec8043c71bc 100644
--- a/tools/lib/bpf/netlink.c
+++ b/tools/lib/bpf/netlink.c
@@ -37,7 +37,7 @@ int libbpf_netlink_open(__u32 *nl_pid)
 	memset(&sa, 0, sizeof(sa));
 	sa.nl_family = AF_NETLINK;
 
-	sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+	sock = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_ROUTE);
 	if (sock < 0)
 		return -errno;
 
-- 
2.30.1