Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3491793pxf; Mon, 29 Mar 2021 03:53:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxqO6KaGtqDZAejK4gSWtGV/b9zhFt/RAPD6jnPRnSI2DQ9pSOF5IQWRhjhpNIbnQLTzn/k X-Received: by 2002:a17:906:6c4:: with SMTP id v4mr27284244ejb.198.1617015220758; Mon, 29 Mar 2021 03:53:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617015220; cv=none; d=google.com; s=arc-20160816; b=s4OUPr0LlGu6b7YuPTmUsMSyaTLcXFUTL98Q7v2/J+Z2d9Y411RGfyRe4wI1H5pT+i BiDdHAJ4WBRDi4Z6r7+CpbHh/qhcIc5eqdJLC3c6yTZSWYuYdIC41QCfdp7XAPvKsvAh dn9zMtRLZ5lQN+N9I9ZpPg/yUBqa3GbyEBsPq2aawNjoiKWDDTmgdPQItoPHPrZyerb+ dwHnaOgROB3uM6ydnB9UnR82sWdm/0tGLsehXcWEtsH3fIH/+TqFZBbb6JxXEijHhpMg FLUUY5Nx2JlvttW5YaneNsu3jqkRrjFm9wMFjh1cYv34TvDI9EtSGK8KclYBJF6L+JO4 tgjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=GxirbmBfLxxZXrSaZl5cNDRrJRH6CWRPifesjfm7J9M=; b=U/MFpUIakuy5GYIpL5/AzZNJ/ZkaWKlONgUaEUV7A9DQvBfJEJo4OZtiCg6v4KkxzC MZaT7s50FcLOTm89aaI4Twv/8bhgMroQZzdcaQRot8uxWgsuXzoLCtGcpZ8Vg1sc3K8q r4+Y8Z6LTpvPmusnlEhV1BHoXdpm+OIe5XTfn15mDKFTDFQ+H8vNnhMUMCzAUq6AkDwW 6JHJUPk0j3jjtr4DvV6K12tGJYmERXi6IOoW6tmfIBabMoh7sx8IJJQylXBOkiWuWLfu bKAHHTwF+PeeudeUZR6wdNYhpT65RCplvOEUrCp4iPFC7HIUWhKKwRTVu7+5WJl3PPHy Ec1A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="D/krM/LB"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ds10si2292077ejc.709.2021.03.29.03.53.18; Mon, 29 Mar 2021 03:53:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="D/krM/LB"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235415AbhC2Imt (ORCPT + 99 others); Mon, 29 Mar 2021 04:42:49 -0400 Received: from mail.kernel.org ([198.145.29.99]:41658 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232506AbhC2IYh (ORCPT ); Mon, 29 Mar 2021 04:24:37 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 7204F6197F; Mon, 29 Mar 2021 08:24:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1617006277; bh=BWha6g2ReB6vQK8qQFmrEzo3gadJxJSoJqqOplO8hSo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=D/krM/LBRrCJaWkOa/aB9iyzS/I8Ey4k7tL+PsNJjENiKpXSXYKXuRmwXCc3qGNe+ 6ZU7kvJN1sL1aRRLLV7/ak+RPlFKXb8d+ICqwBjSUvor+MbKEsF4j88V1ZnwlzQ7N2 LWHzzooGmmkfurC5w3zlTjB0zbvq+7rnjJltq1/Y= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kumar Kartikeya Dwivedi , Daniel Borkmann , =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= , Sasha Levin Subject: [PATCH 5.10 147/221] libbpf: Use SOCK_CLOEXEC when opening the netlink socket Date: Mon, 29 Mar 2021 09:57:58 +0200 Message-Id: <20210329075634.077253001@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210329075629.172032742@linuxfoundation.org> References: <20210329075629.172032742@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Kumar Kartikeya Dwivedi [ Upstream commit 58bfd95b554f1a23d01228672f86bb489bdbf4ba ] Otherwise, there exists a small window between the opening and closing of the socket fd where it may leak into processes launched by some other thread. Fixes: 949abbe88436 ("libbpf: add function to setup XDP") Signed-off-by: Kumar Kartikeya Dwivedi Signed-off-by: Daniel Borkmann Acked-by: Toke Høiland-Jørgensen Link: https://lore.kernel.org/bpf/20210317115857.6536-1-memxor@gmail.com Signed-off-by: Sasha Levin --- tools/lib/bpf/netlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/lib/bpf/netlink.c b/tools/lib/bpf/netlink.c index 4dd73de00b6f..d2cb28e9ef52 100644 --- a/tools/lib/bpf/netlink.c +++ b/tools/lib/bpf/netlink.c @@ -40,7 +40,7 @@ static int libbpf_netlink_open(__u32 *nl_pid) memset(&sa, 0, sizeof(sa)); sa.nl_family = AF_NETLINK; - sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + sock = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_ROUTE); if (sock < 0) return -errno; -- 2.30.1