Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3491793pxf;
        Mon, 29 Mar 2021 03:53:41 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxqO6KaGtqDZAejK4gSWtGV/b9zhFt/RAPD6jnPRnSI2DQ9pSOF5IQWRhjhpNIbnQLTzn/k
X-Received: by 2002:a17:906:6c4:: with SMTP id v4mr27284244ejb.198.1617015220758;
        Mon, 29 Mar 2021 03:53:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617015220; cv=none;
        d=google.com; s=arc-20160816;
        b=s4OUPr0LlGu6b7YuPTmUsMSyaTLcXFUTL98Q7v2/J+Z2d9Y411RGfyRe4wI1H5pT+i
         BiDdHAJ4WBRDi4Z6r7+CpbHh/qhcIc5eqdJLC3c6yTZSWYuYdIC41QCfdp7XAPvKsvAh
         dn9zMtRLZ5lQN+N9I9ZpPg/yUBqa3GbyEBsPq2aawNjoiKWDDTmgdPQItoPHPrZyerb+
         dwHnaOgROB3uM6ydnB9UnR82sWdm/0tGLsehXcWEtsH3fIH/+TqFZBbb6JxXEijHhpMg
         FLUUY5Nx2JlvttW5YaneNsu3jqkRrjFm9wMFjh1cYv34TvDI9EtSGK8KclYBJF6L+JO4
         tgjg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=GxirbmBfLxxZXrSaZl5cNDRrJRH6CWRPifesjfm7J9M=;
        b=U/MFpUIakuy5GYIpL5/AzZNJ/ZkaWKlONgUaEUV7A9DQvBfJEJo4OZtiCg6v4KkxzC
         MZaT7s50FcLOTm89aaI4Twv/8bhgMroQZzdcaQRot8uxWgsuXzoLCtGcpZ8Vg1sc3K8q
         r4+Y8Z6LTpvPmusnlEhV1BHoXdpm+OIe5XTfn15mDKFTDFQ+H8vNnhMUMCzAUq6AkDwW
         6JHJUPk0j3jjtr4DvV6K12tGJYmERXi6IOoW6tmfIBabMoh7sx8IJJQylXBOkiWuWLfu
         bKAHHTwF+PeeudeUZR6wdNYhpT65RCplvOEUrCp4iPFC7HIUWhKKwRTVu7+5WJl3PPHy
         Ec1A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="D/krM/LB";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id ds10si2292077ejc.709.2021.03.29.03.53.18;
        Mon, 29 Mar 2021 03:53:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="D/krM/LB";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235415AbhC2Imt (ORCPT <rfc822;mahfouz.saif.elyazal@gmail.com>
        + 99 others); Mon, 29 Mar 2021 04:42:49 -0400
Received: from mail.kernel.org ([198.145.29.99]:41658 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S232506AbhC2IYh (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Mar 2021 04:24:37 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 7204F6197F;
        Mon, 29 Mar 2021 08:24:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1617006277;
        bh=BWha6g2ReB6vQK8qQFmrEzo3gadJxJSoJqqOplO8hSo=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=D/krM/LBRrCJaWkOa/aB9iyzS/I8Ey4k7tL+PsNJjENiKpXSXYKXuRmwXCc3qGNe+
         6ZU7kvJN1sL1aRRLLV7/ak+RPlFKXb8d+ICqwBjSUvor+MbKEsF4j88V1ZnwlzQ7N2
         LWHzzooGmmkfurC5w3zlTjB0zbvq+7rnjJltq1/Y=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Kumar Kartikeya Dwivedi <memxor@gmail.com>,
        Daniel Borkmann <daniel@iogearbox.net>,
        =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= <toke@redhat.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 147/221] libbpf: Use SOCK_CLOEXEC when opening the netlink socket
Date:   Mon, 29 Mar 2021 09:57:58 +0200
Message-Id: <20210329075634.077253001@linuxfoundation.org>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210329075629.172032742@linuxfoundation.org>
References: <20210329075629.172032742@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Kumar Kartikeya Dwivedi <memxor@gmail.com>

[ Upstream commit 58bfd95b554f1a23d01228672f86bb489bdbf4ba ]

Otherwise, there exists a small window between the opening and closing
of the socket fd where it may leak into processes launched by some other
thread.

Fixes: 949abbe88436 ("libbpf: add function to setup XDP")
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Link: https://lore.kernel.org/bpf/20210317115857.6536-1-memxor@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/lib/bpf/netlink.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/lib/bpf/netlink.c b/tools/lib/bpf/netlink.c
index 4dd73de00b6f..d2cb28e9ef52 100644
--- a/tools/lib/bpf/netlink.c
+++ b/tools/lib/bpf/netlink.c
@@ -40,7 +40,7 @@ static int libbpf_netlink_open(__u32 *nl_pid)
 	memset(&sa, 0, sizeof(sa));
 	sa.nl_family = AF_NETLINK;
 
-	sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+	sock = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_ROUTE);
 	if (sock < 0)
 		return -errno;
 
-- 
2.30.1