From f39138ea4813f48de95a1e7568fbda9f7493beff Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Fri, 9 Dec 2016 09:22:29 +0100 Subject: [PATCH 1/6] shared: add nm_auto_close and nm_auto_fclose We already have gs_fd_close, which however doesn't preserve errno and only checks for fd != -1. Add our own define. Downside is, we have to include stdio.h and errno.h, which effectively ends up to be included *everywhere*. (cherry picked from commit 312cea870dfbc363da44074bd6f56ccd283c5420) --- shared/nm-utils/nm-macros-internal.h | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/shared/nm-utils/nm-macros-internal.h b/shared/nm-utils/nm-macros-internal.h index b6b6bdee42..de90e3f58b 100644 --- a/shared/nm-utils/nm-macros-internal.h +++ b/shared/nm-utils/nm-macros-internal.h @@ -22,7 +22,9 @@ #ifndef __NM_MACROS_INTERNAL_H__ #define __NM_MACROS_INTERNAL_H__ +#include #include +#include #include "nm-glib.h" @@ -59,7 +61,31 @@ _nm_auto_free_gstring_impl (GString **str) } #define nm_auto_free_gstring nm_auto(_nm_auto_free_gstring_impl) -/********************************************************/ +static inline void +_nm_auto_close_impl (int *pfd) +{ + if (*pfd >= 0) { + int errsv = errno; + + (void) close (*pfd); + errno = errsv; + } +} +#define nm_auto_close nm_auto(_nm_auto_close_impl) + +static inline void +_nm_auto_fclose_impl (FILE **pfd) +{ + if (*pfd) { + int errsv = errno; + + (void) fclose (*pfd); + errno = errsv; + } +} +#define nm_auto_fclose nm_auto(_nm_auto_fclose_impl) + +/*****************************************************************************/ /* http://stackoverflow.com/a/11172679 */ #define _NM_UTILS_MACRO_FIRST(...) __NM_UTILS_MACRO_FIRST_HELPER(__VA_ARGS__, throwaway) From f16a9a229995fb39416157483eb14f214e616617 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Fri, 9 Dec 2016 09:27:02 +0100 Subject: [PATCH 2/6] device/wwan: use nm_auto_close instead of gs_fd_close (cherry picked from commit ed299cc8605a8291a61b3a514f8dc20390b18c77) --- src/devices/wwan/nm-modem.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/devices/wwan/nm-modem.c b/src/devices/wwan/nm-modem.c index bf3aa3b281..57e63415e0 100644 --- a/src/devices/wwan/nm-modem.c +++ b/src/devices/wwan/nm-modem.c @@ -496,18 +496,18 @@ ppp_stats (NMPPPManager *ppp_manager, static gboolean port_speed_is_zero (const char *port) { - struct termios options; - gs_fd_close int fd = -1; + struct termios options; + nm_auto_close int fd = -1; - fd = open (port, O_RDWR | O_NONBLOCK | O_NOCTTY); - if (fd < 0) + fd = open (port, O_RDWR | O_NONBLOCK | O_NOCTTY); + if (fd < 0) return FALSE; - memset (&options, 0, sizeof (struct termios)); - if (tcgetattr (fd, &options) != 0) - return FALSE; + memset (&options, 0, sizeof (struct termios)); + if (tcgetattr (fd, &options) != 0) + return FALSE; - return cfgetospeed (&options) == B0; + return cfgetospeed (&options) == B0; } static NMActStageReturn From 8705a16d4875070f27aa00dafb237fac2943cd68 Mon Sep 17 00:00:00 2001 From: Kai-Heng Feng Date: Wed, 7 Dec 2016 18:15:13 +0800 Subject: [PATCH 3/6] platform: add a new function nmp_utils_open_sysctl() A race condition may happen when NetworkManager opens sysfs and udev renames interface name at the same time. Thomas Haller provides a new function [1] which can avoid the race condition when opening sysfs. This patch is a direct copy from [1]. [1] https://mail.gnome.org/archives/networkmanager-list/2016-December/msg00004.html Signed-off-by: Kai-Heng Feng (cherry picked from commit 713c74f6e4a88f874cf3e9908b3fb153f2ea5b83) --- src/platform/nm-platform-utils.c | 51 ++++++++++++++++++++++++++++++++ src/platform/nm-platform-utils.h | 2 ++ 2 files changed, 53 insertions(+) diff --git a/src/platform/nm-platform-utils.c b/src/platform/nm-platform-utils.c index 068801ee69..bcac19c98c 100644 --- a/src/platform/nm-platform-utils.c +++ b/src/platform/nm-platform-utils.c @@ -31,6 +31,7 @@ #include #include #include +#include #include "nm-utils.h" #include "nm-setting-wired.h" @@ -41,6 +42,8 @@ * ethtool ******************************************************************/ +extern char *if_indextoname (unsigned int __ifindex, char *__ifname); + static gboolean ethtool_get (const char *name, gpointer edata) { @@ -558,3 +561,51 @@ nmp_utils_ip_config_source_to_string (NMIPConfigSource source, char *buf, gsize return buf; } +int +nmp_utils_open_sysctl(int ifindex, const char *ifname) +{ + #define SYS_CLASS_NET "/sys/class/net/" + char ifname_buf[IFNAMSIZ]; + guint try_count = 0; + char sysdir[NM_STRLEN (SYS_CLASS_NET) + IFNAMSIZ + 1] = SYS_CLASS_NET; + char fd_buf[256]; + int fd; + int fd_ifindex; + ssize_t nn; + + while (++try_count < 4) { + if (!ifname) { + ifname = if_indextoname (ifindex, ifname_buf); + if (!ifname) + return -1; + } + + nm_utils_ifname_cpy (&sysdir[NM_STRLEN (SYS_CLASS_NET)], ifname); + fd = open (sysdir, O_DIRECTORY); + if (fd < 0) + goto next; + fd_ifindex = openat (fd, "ifindex", 0); + if (fd_ifindex < 0) { + close (fd); + goto next; + } + /* read ifindex file, and compare it to @ifindex. If match, return fd. */ + nn = nm_utils_fd_read_loop (fd_ifindex, fd_buf, sizeof (fd_buf) - 1, FALSE); + if (nn < 0) { + close (fd); + close (fd_ifindex); + goto next; + } + fd_buf[sizeof (fd_buf) - 1] = '\0'; + + if (ifindex != _nm_utils_ascii_str_to_int64 (fd_buf, 10, 1, G_MAXINT, -1)) { + close (fd); + close (fd_ifindex); + goto next; + } + return fd; +next: + ifname = NULL; + } + return -1; +} diff --git a/src/platform/nm-platform-utils.h b/src/platform/nm-platform-utils.h index 456c08652d..0be03135a0 100644 --- a/src/platform/nm-platform-utils.h +++ b/src/platform/nm-platform-utils.h @@ -60,4 +60,6 @@ NMIPConfigSource nmp_utils_ip_config_source_coerce_from_rtprot (NMIPConfigSource NMIPConfigSource nmp_utils_ip_config_source_round_trip_rtprot (NMIPConfigSource source) _nm_const; const char * nmp_utils_ip_config_source_to_string (NMIPConfigSource source, char *buf, gsize len); +int nmp_utils_open_sysctl(int ifindex, const char *ifname); + #endif /* __NM_PLATFORM_UTILS_H__ */ From e196ff7553bfc54f8d6e70b922861659d7c0a0a7 Mon Sep 17 00:00:00 2001 From: Kai-Heng Feng Date: Wed, 7 Dec 2016 18:40:09 +0800 Subject: [PATCH 4/6] platform: wifi: use nmp_utils_open_sysctl() to check if device is wifi Since function nmp_utils_open_sysctl() can avoid race condition, use it in wifi_utils_is_wifi() to open sysfs and correctly check if it's a wifi device. https://bugzilla.gnome.org/show_bug.cgi?id=775613 Signed-off-by: Kai-Heng Feng (cherry picked from commit b95556eb781a18ee1c96470f40b9e1e162b0ee60) --- src/platform/nm-linux-platform.c | 2 +- src/platform/wifi/wifi-utils.c | 33 +++++++++++++++++++++++--------- src/platform/wifi/wifi-utils.h | 2 +- 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/src/platform/nm-linux-platform.c b/src/platform/nm-linux-platform.c index d24dee241d..60f748dfb1 100644 --- a/src/platform/nm-linux-platform.c +++ b/src/platform/nm-linux-platform.c @@ -721,7 +721,7 @@ _linktype_get_type (NMPlatform *platform, } /* Fallback for drivers that don't call SET_NETDEV_DEVTYPE() */ - if (wifi_utils_is_wifi (ifname)) + if (wifi_utils_is_wifi (ifindex, ifname)) return NM_LINK_TYPE_WIFI; if (arptype == ARPHRD_ETHER) { diff --git a/src/platform/wifi/wifi-utils.c b/src/platform/wifi/wifi-utils.c index b7fe86bbe1..96c2be4a67 100644 --- a/src/platform/wifi/wifi-utils.c +++ b/src/platform/wifi/wifi-utils.c @@ -26,6 +26,7 @@ #include #include #include +#include #include "wifi-utils-private.h" #include "wifi-utils-nl80211.h" @@ -34,6 +35,8 @@ #endif #include "nm-core-utils.h" +#include "platform/nm-platform-utils.h" + gpointer wifi_data_new (const char *iface, int ifindex, gsize len) { @@ -180,23 +183,35 @@ wifi_utils_deinit (WifiData *data) } gboolean -wifi_utils_is_wifi (const char *iface) +wifi_utils_is_wifi (int ifindex, const char *ifname) { - char phy80211_path[NM_STRLEN ("/sys/class/net/123456789012345/phy80211\0") + 100 /*safety*/]; + int fd_sysnet; + int fd_phy80211; struct stat s; - g_return_val_if_fail (iface != NULL, FALSE); + g_return_val_if_fail (ifname != NULL, FALSE); - nm_sprintf_buf (phy80211_path, - "/sys/class/net/%s/phy80211", - NM_ASSERT_VALID_PATH_COMPONENT (iface)); - nm_assert (strlen (phy80211_path) < sizeof (phy80211_path) - 1); + fd_sysnet = nmp_utils_open_sysctl (ifindex, ifname); + if (fd_sysnet < 0) + return FALSE; - if ((stat (phy80211_path, &s) == 0 && (s.st_mode & S_IFDIR))) + fd_phy80211 = openat (fd_sysnet, "phy80211", 0); + if (fd_phy80211 < 0) { + close (fd_sysnet); + return FALSE; + } + + if ((fstat (fd_phy80211, &s) == 0 && (s.st_mode & S_IFDIR))) { + close (fd_sysnet); + close (fd_phy80211); return TRUE; + } + + close (fd_sysnet); + close (fd_phy80211); #if HAVE_WEXT - if (wifi_wext_is_wifi (iface)) + if (wifi_wext_is_wifi (ifname)) return TRUE; #endif diff --git a/src/platform/wifi/wifi-utils.h b/src/platform/wifi/wifi-utils.h index 8e2b93f1f0..3dca2ac1d5 100644 --- a/src/platform/wifi/wifi-utils.h +++ b/src/platform/wifi/wifi-utils.h @@ -28,7 +28,7 @@ typedef struct WifiData WifiData; -gboolean wifi_utils_is_wifi (const char *iface); +gboolean wifi_utils_is_wifi (int ifindex, const char *ifname); WifiData *wifi_utils_init (const char *iface, int ifindex, gboolean check_scan); From fea11a91a3ebc70bbf59ac9597a4dfa5e979af54 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Thu, 8 Dec 2016 13:55:17 +0100 Subject: [PATCH 5/6] platform: refactor nmp_utils_sysctl_open_netdir() - use nm_auto_close cleanup attribute - optionally, return the found ifname - don't stat "phy80211". If such an entity can be opened, just assume it's a directory. (cherry picked from commit 76876e896c242fd82d048743ffcf2c0481442dc5) --- src/platform/nm-platform-utils.c | 94 +++++++++++++++++++++----------- src/platform/nm-platform-utils.h | 4 +- src/platform/wifi/wifi-utils.c | 23 ++++---- 3 files changed, 76 insertions(+), 45 deletions(-) diff --git a/src/platform/nm-platform-utils.c b/src/platform/nm-platform-utils.c index bcac19c98c..67bcf02ab7 100644 --- a/src/platform/nm-platform-utils.c +++ b/src/platform/nm-platform-utils.c @@ -38,12 +38,12 @@ #include "nm-core-utils.h" +extern char *if_indextoname (unsigned int __ifindex, char *__ifname); + /****************************************************************** * ethtool ******************************************************************/ -extern char *if_indextoname (unsigned int __ifindex, char *__ifname); - static gboolean ethtool_get (const char *name, gpointer edata) { @@ -561,51 +561,83 @@ nmp_utils_ip_config_source_to_string (NMIPConfigSource source, char *buf, gsize return buf; } +/** + * nmp_utils_sysctl_open_netdir: + * @ifindex: the ifindex for which to open "/sys/class/net/%s" + * @ifname_guess: (allow-none): optional argument, if present used as initial + * guess as the current name for @ifindex. If guessed right, + * it saves an addtional if_indextoname() call. + * @out_ifname: (allow-none): if present, must be at least IFNAMSIZ + * characters. On success, this will contain the actual ifname + * found while opening the directory. + * + * Returns: a negative value on failure, on success returns the open fd + * to the "/sys/class/net/%s" directory for @ifindex. + */ int -nmp_utils_open_sysctl(int ifindex, const char *ifname) +nmp_utils_sysctl_open_netdir (int ifindex, + const char *ifname_guess, + char *out_ifname) { #define SYS_CLASS_NET "/sys/class/net/" + const char *ifname = ifname_guess; + char ifname_buf_last_try[IFNAMSIZ]; char ifname_buf[IFNAMSIZ]; guint try_count = 0; - char sysdir[NM_STRLEN (SYS_CLASS_NET) + IFNAMSIZ + 1] = SYS_CLASS_NET; + char sysdir[NM_STRLEN (SYS_CLASS_NET) + IFNAMSIZ] = SYS_CLASS_NET; char fd_buf[256]; - int fd; - int fd_ifindex; ssize_t nn; - while (++try_count < 4) { + g_return_val_if_fail (ifindex >= 0, -1); + + ifname_buf_last_try[0] = '\0'; + + for (try_count = 0; try_count < 10; try_count++, ifname = NULL) { + nm_auto_close int fd_dir = -1; + nm_auto_close int fd_ifindex = -1; + int fd; + if (!ifname) { ifname = if_indextoname (ifindex, ifname_buf); if (!ifname) return -1; } - nm_utils_ifname_cpy (&sysdir[NM_STRLEN (SYS_CLASS_NET)], ifname); - fd = open (sysdir, O_DIRECTORY); - if (fd < 0) - goto next; - fd_ifindex = openat (fd, "ifindex", 0); - if (fd_ifindex < 0) { - close (fd); - goto next; - } - /* read ifindex file, and compare it to @ifindex. If match, return fd. */ - nn = nm_utils_fd_read_loop (fd_ifindex, fd_buf, sizeof (fd_buf) - 1, FALSE); - if (nn < 0) { - close (fd); - close (fd_ifindex); - goto next; - } - fd_buf[sizeof (fd_buf) - 1] = '\0'; + nm_assert (nm_utils_iface_valid_name (ifname)); - if (ifindex != _nm_utils_ascii_str_to_int64 (fd_buf, 10, 1, G_MAXINT, -1)) { - close (fd); - close (fd_ifindex); - goto next; - } + if (g_strlcpy (&sysdir[NM_STRLEN (SYS_CLASS_NET)], ifname, IFNAMSIZ) >= IFNAMSIZ) + g_return_val_if_reached (-1); + + /* we only retry, if the name changed since previous attempt. + * Hence, it is extremely unlikely that this loop runes until the + * end of the @try_count. */ + if (nm_streq (ifname, ifname_buf_last_try)) + return -1; + strcpy (ifname_buf_last_try, ifname); + + fd_dir = open (sysdir, O_DIRECTORY | O_CLOEXEC); + if (fd_dir < 0) + continue; + + fd_ifindex = openat (fd_dir, "ifindex", O_CLOEXEC); + if (fd_ifindex < 0) + continue; + + nn = nm_utils_fd_read_loop (fd_ifindex, fd_buf, sizeof (fd_buf) - 2, FALSE); + if (nn <= 0) + continue; + fd_buf[nn] = '\0'; + + if (ifindex != _nm_utils_ascii_str_to_int64 (fd_buf, 10, 1, G_MAXINT, -1)) + continue; + + if (out_ifname) + strcpy (out_ifname, ifname); + + fd = fd_dir; + fd_dir = -1; return fd; -next: - ifname = NULL; } + return -1; } diff --git a/src/platform/nm-platform-utils.h b/src/platform/nm-platform-utils.h index 0be03135a0..92a06fdfa2 100644 --- a/src/platform/nm-platform-utils.h +++ b/src/platform/nm-platform-utils.h @@ -60,6 +60,8 @@ NMIPConfigSource nmp_utils_ip_config_source_coerce_from_rtprot (NMIPConfigSource NMIPConfigSource nmp_utils_ip_config_source_round_trip_rtprot (NMIPConfigSource source) _nm_const; const char * nmp_utils_ip_config_source_to_string (NMIPConfigSource source, char *buf, gsize len); -int nmp_utils_open_sysctl(int ifindex, const char *ifname); +int nmp_utils_sysctl_open_netdir (int ifindex, + const char *ifname_guess, + char *out_ifname); #endif /* __NM_PLATFORM_UTILS_H__ */ diff --git a/src/platform/wifi/wifi-utils.c b/src/platform/wifi/wifi-utils.c index 96c2be4a67..2ce6eb7788 100644 --- a/src/platform/wifi/wifi-utils.c +++ b/src/platform/wifi/wifi-utils.c @@ -187,29 +187,26 @@ wifi_utils_is_wifi (int ifindex, const char *ifname) { int fd_sysnet; int fd_phy80211; - struct stat s; + char ifname_verified[IFNAMSIZ]; - g_return_val_if_fail (ifname != NULL, FALSE); + g_return_val_if_fail (ifindex > 0, FALSE); - fd_sysnet = nmp_utils_open_sysctl (ifindex, ifname); + fd_sysnet = nmp_utils_sysctl_open_netdir (ifindex, ifname, ifname_verified); if (fd_sysnet < 0) return FALSE; - fd_phy80211 = openat (fd_sysnet, "phy80211", 0); - if (fd_phy80211 < 0) { - close (fd_sysnet); - return FALSE; - } + /* there might have been a race and ifname might be wrong. Below for checking + * wext, use the possibly improved name that we just verified. */ + ifname = ifname_verified; - if ((fstat (fd_phy80211, &s) == 0 && (s.st_mode & S_IFDIR))) { - close (fd_sysnet); + fd_phy80211 = openat (fd_sysnet, "phy80211", O_CLOEXEC); + close (fd_sysnet); + + if (fd_phy80211 >= 0) { close (fd_phy80211); return TRUE; } - close (fd_sysnet); - close (fd_phy80211); - #if HAVE_WEXT if (wifi_wext_is_wifi (ifname)) return TRUE; From f0d20c945e96495ac6065cd02ea688f4ea37727e Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Sat, 10 Dec 2016 15:28:15 +0100 Subject: [PATCH 6/6] all: use O_CLOEXEC for file descriptors (cherry picked from commit 4bdee37771ae741f4f9548b52c1db53ddf080fe8) --- src/devices/adsl/nm-device-adsl.c | 4 ++-- src/devices/bluetooth/nm-bluez5-dun.c | 4 ++-- src/devices/tests/test-lldp.c | 4 ++-- src/devices/wwan/nm-modem.c | 2 +- src/dns-manager/nm-dns-manager.c | 4 ++-- src/main-utils.c | 2 +- src/nm-core-utils.c | 2 +- src/nm-manager.c | 2 +- src/platform/nm-linux-platform.c | 2 +- src/platform/nm-platform-utils.c | 4 ++-- src/platform/nmp-netns.c | 6 +++--- src/platform/tests/test-common.c | 12 ++++++------ src/platform/wifi/wifi-utils-wext.c | 4 ++-- src/ppp-manager/nm-ppp-manager.c | 4 ++-- src/settings/nm-inotify-helper.c | 2 +- src/settings/plugins/ifcfg-rh/shvar.c | 6 +++--- src/settings/plugins/ifupdown/interface_parser.c | 2 +- src/tests/test-general-with-expect.c | 3 ++- 18 files changed, 35 insertions(+), 34 deletions(-) diff --git a/src/devices/adsl/nm-device-adsl.c b/src/devices/adsl/nm-device-adsl.c index 2ab67c9a91..77c6e119b8 100644 --- a/src/devices/adsl/nm-device-adsl.c +++ b/src/devices/adsl/nm-device-adsl.c @@ -154,7 +154,7 @@ br2684_assign_vcc (NMDeviceAdsl *self, NMSettingAdsl *s_adsl) g_return_val_if_fail (priv->brfd == -1, FALSE); g_return_val_if_fail (priv->nas_ifname != NULL, FALSE); - priv->brfd = socket (PF_ATMPVC, SOCK_DGRAM, ATM_AAL5); + priv->brfd = socket (PF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, ATM_AAL5); if (priv->brfd < 0) { errsv = errno; _LOGE (LOGD_ADSL, "failed to open ATM control socket (%d)", errsv); @@ -338,7 +338,7 @@ br2684_create_iface (NMDeviceAdsl *self, nm_clear_g_source (&priv->nas_update_id); } - fd = socket (PF_ATMPVC, SOCK_DGRAM, ATM_AAL5); + fd = socket (PF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, ATM_AAL5); if (fd < 0) { errsv = errno; _LOGE (LOGD_ADSL, "failed to open ATM control socket (%d)", errsv); diff --git a/src/devices/bluetooth/nm-bluez5-dun.c b/src/devices/bluetooth/nm-bluez5-dun.c index 4c93feba60..aba3a0dd97 100644 --- a/src/devices/bluetooth/nm-bluez5-dun.c +++ b/src/devices/bluetooth/nm-bluez5-dun.c @@ -64,7 +64,7 @@ dun_connect (NMBluez5DunContext *context) .channel = context->rfcomm_channel }; - context->rfcomm_fd = socket (AF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM); + context->rfcomm_fd = socket (AF_BLUETOOTH, SOCK_STREAM | SOCK_CLOEXEC, BTPROTO_RFCOMM); if (context->rfcomm_fd < 0) { int errsv = errno; error = g_error_new (NM_BT_ERROR, NM_BT_ERROR_DUN_CONNECT_FAILED, @@ -112,7 +112,7 @@ dun_connect (NMBluez5DunContext *context) context->rfcomm_id = devid; snprintf (tty, ttylen, "/dev/rfcomm%d", devid); - while ((context->rfcomm_tty_fd = open (tty, O_RDONLY | O_NOCTTY)) < 0 && try--) { + while ((context->rfcomm_tty_fd = open (tty, O_RDONLY | O_NOCTTY | O_CLOEXEC)) < 0 && try--) { if (try) { g_usleep (100 * 1000); continue; diff --git a/src/devices/tests/test-lldp.c b/src/devices/tests/test-lldp.c index ff6f42a970..f6b6af90b2 100644 --- a/src/devices/tests/test-lldp.c +++ b/src/devices/tests/test-lldp.c @@ -352,7 +352,7 @@ _test_recv_fixture_setup (TestRecvFixture *fixture, gconstpointer user_data) struct ifreq ifr = { }; int fd, s; - fd = open ("/dev/net/tun", O_RDWR); + fd = open ("/dev/net/tun", O_RDWR | O_CLOEXEC); g_assert (fd >= 0); ifr.ifr_flags = IFF_TAP | IFF_NO_PI; @@ -360,7 +360,7 @@ _test_recv_fixture_setup (TestRecvFixture *fixture, gconstpointer user_data) g_assert (ioctl (fd, TUNSETIFF, &ifr) >= 0); /* Bring the interface up */ - s = socket (AF_INET, SOCK_DGRAM, 0); + s = socket (AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); g_assert (s >= 0); ifr.ifr_flags |= IFF_UP; g_assert (ioctl (s, SIOCSIFFLAGS, &ifr) >= 0); diff --git a/src/devices/wwan/nm-modem.c b/src/devices/wwan/nm-modem.c index 57e63415e0..459d212aad 100644 --- a/src/devices/wwan/nm-modem.c +++ b/src/devices/wwan/nm-modem.c @@ -499,7 +499,7 @@ port_speed_is_zero (const char *port) struct termios options; nm_auto_close int fd = -1; - fd = open (port, O_RDWR | O_NONBLOCK | O_NOCTTY); + fd = open (port, O_RDWR | O_NONBLOCK | O_NOCTTY | O_CLOEXEC); if (fd < 0) return FALSE; diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c index ce8f4d931c..5a758a9e77 100644 --- a/src/dns-manager/nm-dns-manager.c +++ b/src/dns-manager/nm-dns-manager.c @@ -707,7 +707,7 @@ update_resolv_conf (NMDnsManager *self, } } - if ((f = fopen (MY_RESOLV_CONF_TMP, "w")) == NULL) { + if ((f = fopen (MY_RESOLV_CONF_TMP, "we")) == NULL) { errsv = errno; g_set_error (error, NM_MANAGER_ERROR, @@ -1576,7 +1576,7 @@ _check_resconf_immutable (NMDnsManagerResolvConfManager rc_manager) } } - fd = open (_PATH_RESCONF, O_RDONLY); + fd = open (_PATH_RESCONF, O_RDONLY | O_CLOEXEC); if (fd != -1) { if (ioctl (fd, FS_IOC_GETFLAGS, &flags) != -1) immutable = NM_FLAGS_HAS (flags, FS_IMMUTABLE_FL); diff --git a/src/main-utils.c b/src/main-utils.c index c2ed9d1cbb..6497ea25cb 100644 --- a/src/main-utils.c +++ b/src/main-utils.c @@ -94,7 +94,7 @@ nm_main_utils_write_pidfile (const char *pidfile) int fd; gboolean success = FALSE; - if ((fd = open (pidfile, O_CREAT|O_WRONLY|O_TRUNC, 00644)) < 0) { + if ((fd = open (pidfile, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, 00644)) < 0) { fprintf (stderr, _("Opening %s failed: %s\n"), pidfile, strerror (errno)); return FALSE; } diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c index 6988a12436..ed2a871e55 100644 --- a/src/nm-core-utils.c +++ b/src/nm-core-utils.c @@ -2810,7 +2810,7 @@ nm_utils_read_urandom (void *p, size_t nbytes) int r; again: - fd = open ("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY); + fd = open ("/dev/urandom", O_RDONLY | O_CLOEXEC | O_NOCTTY); if (fd < 0) { r = errno; if (r == EINTR) diff --git a/src/nm-manager.c b/src/nm-manager.c index bdc1c10f01..c3d65cd1e4 100644 --- a/src/nm-manager.c +++ b/src/nm-manager.c @@ -5332,7 +5332,7 @@ rfkill_change (NMManager *self, const char *desc, RfKillType rtype, gboolean ena g_return_if_fail (rtype == RFKILL_TYPE_WLAN || rtype == RFKILL_TYPE_WWAN); errno = 0; - fd = open ("/dev/rfkill", O_RDWR); + fd = open ("/dev/rfkill", O_RDWR | O_CLOEXEC); if (fd < 0) { if (errno == EACCES) _LOGW (LOGD_RFKILL, "(%s): failed to open killswitch device", desc); diff --git a/src/platform/nm-linux-platform.c b/src/platform/nm-linux-platform.c index 60f748dfb1..f9f4b088db 100644 --- a/src/platform/nm-linux-platform.c +++ b/src/platform/nm-linux-platform.c @@ -5147,7 +5147,7 @@ tun_add (NMPlatform *platform, const char *name, gboolean tap, _LOGD ("link: add %s '%s' owner %" G_GINT64_FORMAT " group %" G_GINT64_FORMAT, tap ? "tap" : "tun", name, owner, group); - fd = open ("/dev/net/tun", O_RDWR); + fd = open ("/dev/net/tun", O_RDWR | O_CLOEXEC); if (fd < 0) return FALSE; diff --git a/src/platform/nm-platform-utils.c b/src/platform/nm-platform-utils.c index 67bcf02ab7..b939e7836e 100644 --- a/src/platform/nm-platform-utils.c +++ b/src/platform/nm-platform-utils.c @@ -63,7 +63,7 @@ ethtool_get (const char *name, gpointer edata) nm_utils_ifname_cpy (ifr.ifr_name, name); ifr.ifr_data = edata; - fd = socket (PF_INET, SOCK_DGRAM, 0); + fd = socket (PF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); if (fd < 0) { nm_log_err (LOGD_PLATFORM, "ethtool: Could not open socket."); return FALSE; @@ -345,7 +345,7 @@ nmp_utils_mii_supports_carrier_detect (const char *ifname) if (!nmp_utils_device_exists (ifname)) return FALSE; - fd = socket (PF_INET, SOCK_DGRAM, 0); + fd = socket (PF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); if (fd < 0) { nm_log_err (LOGD_PLATFORM, "mii: couldn't open control socket (%s)", ifname); return FALSE; diff --git a/src/platform/nmp-netns.c b/src/platform/nmp-netns.c index 26295855d8..07e134c13f 100644 --- a/src/platform/nmp-netns.c +++ b/src/platform/nmp-netns.c @@ -277,7 +277,7 @@ _netns_new (GError **error) int fd_net, fd_mnt; int errsv; - fd_net = open (PROC_SELF_NS_NET, O_RDONLY); + fd_net = open (PROC_SELF_NS_NET, O_RDONLY | O_CLOEXEC); if (fd_net == -1) { errsv = errno; g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN, @@ -286,7 +286,7 @@ _netns_new (GError **error) return NULL; } - fd_mnt = open (PROC_SELF_NS_MNT, O_RDONLY); + fd_mnt = open (PROC_SELF_NS_MNT, O_RDONLY | O_CLOEXEC); if (fd_mnt == -1) { errsv = errno; g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN, @@ -623,7 +623,7 @@ nmp_netns_bind_to_path (NMPNetns *self, const char *filename, int *out_fd) } if (out_fd) { - if ((fd = open (filename, O_RDONLY)) == -1) { + if ((fd = open (filename, O_RDONLY | O_CLOEXEC)) == -1) { errsv = errno; _LOGE (self, "bind: failed to open %s: %s", filename, g_strerror (errsv)); umount2 (filename, MNT_DETACH); diff --git a/src/platform/tests/test-common.c b/src/platform/tests/test-common.c index b1947a6d11..d636ebeb51 100644 --- a/src/platform/tests/test-common.c +++ b/src/platform/tests/test-common.c @@ -1398,7 +1398,7 @@ nmtstp_namespace_create (int unshare_flags, GError **error) int pipefd_p2c[2]; ssize_t r; - e = pipe (pipefd_c2p); + e = pipe2 (pipefd_c2p, O_CLOEXEC); if (e != 0) { errsv = errno; g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN, @@ -1406,7 +1406,7 @@ nmtstp_namespace_create (int unshare_flags, GError **error) return FALSE; } - e = pipe (pipefd_p2c); + e = pipe2 (pipefd_p2c, O_CLOEXEC); if (e != 0) { errsv = errno; g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN, @@ -1540,7 +1540,7 @@ nmtstp_namespace_get_fd_for_process (pid_t pid, const char *ns_name) nm_sprintf_buf (p, "/proc/%lu/ns/%s", (long unsigned) pid, ns_name); - return open(p, O_RDONLY); + return open(p, O_RDONLY | O_CLOEXEC); } /*****************************************************************************/ @@ -1564,21 +1564,21 @@ unshare_user (void) /* Since Linux 3.19 we have to disable setgroups() in order to map users. * Just proceed if the file is not there. */ - f = fopen ("/proc/self/setgroups", "w"); + f = fopen ("/proc/self/setgroups", "we"); if (f) { fprintf (f, "deny"); fclose (f); } /* Map current UID to root in NS to be created. */ - f = fopen ("/proc/self/uid_map", "w"); + f = fopen ("/proc/self/uid_map", "we"); if (!f) return FALSE; fprintf (f, "0 %d 1", uid); fclose (f); /* Map current GID to root in NS to be created. */ - f = fopen ("/proc/self/gid_map", "w"); + f = fopen ("/proc/self/gid_map", "we"); if (!f) return FALSE; fprintf (f, "0 %d 1", gid); diff --git a/src/platform/wifi/wifi-utils-wext.c b/src/platform/wifi/wifi-utils-wext.c index 66c13764f7..d4ed86ebf2 100644 --- a/src/platform/wifi/wifi-utils-wext.c +++ b/src/platform/wifi/wifi-utils-wext.c @@ -577,7 +577,7 @@ wifi_wext_init (const char *iface, int ifindex, gboolean check_scan) wext->parent.set_mesh_channel = wifi_wext_set_mesh_channel; wext->parent.set_mesh_ssid = wifi_wext_set_mesh_ssid; - wext->fd = socket (PF_INET, SOCK_DGRAM, 0); + wext->fd = socket (PF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); if (wext->fd < 0) goto error; @@ -665,7 +665,7 @@ wifi_wext_is_wifi (const char *iface) if (!nmp_utils_device_exists (iface)) return FALSE; - fd = socket (PF_INET, SOCK_DGRAM, 0); + fd = socket (PF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); if (fd >= 0) { nm_utils_ifname_cpy (iwr.ifr_ifrn.ifrn_name, iface); if (ioctl (fd, SIOCGIWNAME, &iwr) == 0) diff --git a/src/ppp-manager/nm-ppp-manager.c b/src/ppp-manager/nm-ppp-manager.c index f6fcca5df1..34c550fa12 100644 --- a/src/ppp-manager/nm-ppp-manager.c +++ b/src/ppp-manager/nm-ppp-manager.c @@ -197,7 +197,7 @@ monitor_cb (gpointer user_data) if (errno != ENODEV) _LOGW ("could not read ppp stats: %s", strerror (errno)); } else { - g_signal_emit (manager, signals[STATS], 0, + g_signal_emit (manager, signals[STATS], 0, stats.p.ppp_ibytes, stats.p.ppp_obytes); } @@ -214,7 +214,7 @@ monitor_stats (NMPPPManager *manager) if (priv->monitor_fd >= 0) return; - priv->monitor_fd = socket (AF_INET, SOCK_DGRAM, 0); + priv->monitor_fd = socket (AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); if (priv->monitor_fd >= 0) { g_warn_if_fail (priv->monitor_id == 0); if (priv->monitor_id) diff --git a/src/settings/nm-inotify-helper.c b/src/settings/nm-inotify-helper.c index ce15246c5a..46112648eb 100644 --- a/src/settings/nm-inotify-helper.c +++ b/src/settings/nm-inotify-helper.c @@ -128,7 +128,7 @@ init_inotify (NMInotifyHelper *self) GIOChannel *channel; guint source_id; - priv->ifd = inotify_init (); + priv->ifd = inotify_init1 (IN_CLOEXEC); if (priv->ifd == -1) { int errsv = errno; diff --git a/src/settings/plugins/ifcfg-rh/shvar.c b/src/settings/plugins/ifcfg-rh/shvar.c index 75b19d5383..a865c7df0e 100644 --- a/src/settings/plugins/ifcfg-rh/shvar.c +++ b/src/settings/plugins/ifcfg-rh/shvar.c @@ -53,11 +53,11 @@ svOpenFileInternal (const char *name, gboolean create, GError **error) s->fd = -1; if (create) - s->fd = open (name, O_RDWR); /* NOT O_CREAT */ + s->fd = open (name, O_RDWR | O_CLOEXEC); /* NOT O_CREAT */ if (!create || s->fd == -1) { /* try read-only */ - s->fd = open (name, O_RDONLY); /* NOT O_CREAT */ + s->fd = open (name, O_RDONLY | O_CLOEXEC); /* NOT O_CREAT */ if (s->fd == -1) errsv = errno; else @@ -461,7 +461,7 @@ svWriteFile (shvarFile *s, int mode, GError **error) if (s->modified) { if (s->fd == -1) - s->fd = open (s->fileName, O_WRONLY | O_CREAT, mode); + s->fd = open (s->fileName, O_WRONLY | O_CREAT | O_CLOEXEC, mode); if (s->fd == -1) { int errsv = errno; diff --git a/src/settings/plugins/ifupdown/interface_parser.c b/src/settings/plugins/ifupdown/interface_parser.c index 764ba5c93d..3386a6ba49 100644 --- a/src/settings/plugins/ifupdown/interface_parser.c +++ b/src/settings/plugins/ifupdown/interface_parser.c @@ -117,7 +117,7 @@ _recursive_ifparser (const char *eni_file, int quiet) nm_log_warn (LOGD_SETTINGS, "interfaces file %s doesn't exist\n", eni_file); return; } - inp = fopen (eni_file, "r"); + inp = fopen (eni_file, "re"); if (inp == NULL) { if (!quiet) nm_log_warn (LOGD_SETTINGS, "Can't open %s\n", eni_file); diff --git a/src/tests/test-general-with-expect.c b/src/tests/test-general-with-expect.c index ab2b15b5f2..f04c147fe9 100644 --- a/src/tests/test-general-with-expect.c +++ b/src/tests/test-general-with-expect.c @@ -26,6 +26,7 @@ #include #include #include +#include #include "NetworkManagerUtils.h" #include "nm-multi-index.h" @@ -173,7 +174,7 @@ test_nm_utils_kill_child_create_and_join_pgroup (void) int pipefd[2]; pid_t pgid; - err = pipe (pipefd); + err = pipe2 (pipefd, O_CLOEXEC); g_assert (err == 0); pgid = fork();