Fri Feb 16 18:24:08 IST 2007 Mark McLoughlin <markmc@redhat.com>

* qemud/qemud.c, qemud/bridge.c, qemud/iptables.c: fix our FD_CLOEXEC usage so that all fds which should be closed on exec are marked as such and that we leave exec() to do the actual closing.

Fri Feb 16 18:24:08 IST 2007 Mark McLoughlin <markmc@redhat.com>
* qemud/qemud.c, qemud/bridge.c, qemud/iptables.c: fix our FD_CLOEXEC usage so that all fds which should be closed on exec are marked as such and that we leave exec() to do the actual closing.
49dcc264 · Mark McLoughlin · 80820ec7 · 49dcc264 · 49dcc264 · 49dcc264
隐藏空白更改
内联并排

Showing with 38 addition and 49 deletion

ChangeLog ChangeLog +7 -0

qemud/bridge.c qemud/bridge.c +8 -0

qemud/iptables.c qemud/iptables.c +5 -9

qemud/qemud.c qemud/qemud.c +18 -40

未找到文件。
--- a/ChangeLog
+++ b/ChangeLog
+Fri Feb 16 18:24:08 IST 2007 Mark McLoughlin <markmc@redhat.com>
+
+	* qemud/qemud.c, qemud/bridge.c, qemud/iptables.c: fix
+	our FD_CLOEXEC usage so that all fds which should be
+	closed on exec are marked as such and that we leave
+	exec() to do the actual closing.
+	
 Fri Feb 16 18:23:15 IST 2007 Mark McLoughlin <markmc@redhat.com>

 	* qemud/qemud.c: fix qemudEnableIpForwarding() to not leak

--- a/qemud/bridge.c
+++ b/qemud/bridge.c
@@ -54,6 +54,7 @@ int
 brInit(brControl **ctlp)
 {
    int fd;
+    int flags;

    if (!ctlp || *ctlp)
        return EINVAL;
@@ -62,6 +63,13 @@ brInit(brControl **ctlp)
    if (fd < 0)
        return errno;

+    if ((flags = fcntl(fd, F_GETFD)) < 0 ||
+        fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0) {
+        int err = errno;
+        close(fd);
+        return err;
+    }
+
    *ctlp = (brControl *)malloc(sizeof(struct _brControl));
    if (!*ctlp)
        return ENOMEM;

--- a/qemud/iptables.c
+++ b/qemud/iptables.c
@@ -317,15 +317,11 @@ iptablesSpawn(int errors, char * const *argv)
    }

    if (pid == 0) { /* child */
-        int i, open_max = sysconf(_SC_OPEN_MAX);
-
-        for (i = 0; i < open_max; i++) {
-            if (i != STDOUT_FILENO &&
-                i != STDERR_FILENO &&
-                i != STDIN_FILENO)
-                close(i);
-        else if (errors == NO_ERRORS)
-            dup2(null, i);
+        if (errors == NO_ERRORS) {
+            dup2(null, STDIN_FILENO);
+            dup2(null, STDOUT_FILENO);
+            dup2(null, STDERR_FILENO);
+            close(null);
        }

        execvp(argv[0], argv);

--- a/qemud/qemud.c
+++ b/qemud/qemud.c
@@ -85,7 +85,7 @@ static int qemudGoDaemon(void) {
        {
            int stdinfd = -1;
            int stdoutfd = -1;
-            int i, open_max, nextpid;
+            int nextpid;

            if ((stdinfd = open(_PATH_DEVNULL, O_RDONLY)) < 0)
                goto cleanup;
@@ -104,13 +104,6 @@ static int qemudGoDaemon(void) {
                goto cleanup;
            stdoutfd = -1;

-            open_max = sysconf (_SC_OPEN_MAX);
-            for (i = 0; i < open_max; i++)
-                if (i != STDIN_FILENO &&
-                    i != STDOUT_FILENO &&
-                    i != STDERR_FILENO)
-                    close(i);
-
            if (setsid() < 0)
                goto cleanup;

@@ -352,24 +345,9 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket
 }


-static int
-qemudLeaveFdOpen(int *openfds, int fd)
-{
-    int i;
-
-    if (!openfds)
-        return 0;
-
-    for (i = 0; openfds[i] != -1; i++)
-        if (fd == openfds[i])
-            return 1;
-
-    return 0;
-}
-
 static int
 qemudExec(struct qemud_server *server, char **argv,
-          int *retpid, int *outfd, int *errfd, int *openfds) {
+          int *retpid, int *outfd, int *errfd) {
    int pid, null;
    int pipeout[2] = {-1,-1};
    int pipeerr[2] = {-1,-1};
@@ -398,11 +376,13 @@ qemudExec(struct qemud_server *server, char **argv,
        if (outfd) {
            close(pipeout[1]);
            qemudSetNonBlock(pipeout[0]);
+            qemudSetCloseExec(pipeout[0]);
            *outfd = pipeout[0];
        }
        if (errfd) {
            close(pipeerr[1]);
            qemudSetNonBlock(pipeerr[0]);
+            qemudSetCloseExec(pipeerr[0]);
            *errfd = pipeerr[0];
        }
        *retpid = pid;
@@ -423,13 +403,11 @@ qemudExec(struct qemud_server *server, char **argv,
    if (dup2(pipeerr[1] > 0 ? pipeerr[1] : null, STDERR_FILENO) < 0)
        _exit(1);

-    int i, open_max = sysconf (_SC_OPEN_MAX);
-    for (i = 0; i < open_max; i++)
-        if (i != STDOUT_FILENO &&
-            i != STDERR_FILENO &&
-            i != STDIN_FILENO &&
-            !qemudLeaveFdOpen(openfds, i))
-            close(i);
+    close(null);
+    if (pipeout[1] > 0)
+        close(pipeout[1]);
+    if (pipeerr[1] > 0)
+        close(pipeerr[1]);

    execvp(argv[0], argv);

@@ -439,13 +417,13 @@ qemudExec(struct qemud_server *server, char **argv,

 cleanup:
    if (pipeerr[0] > 0)
-        close(pipeerr[0] > 0);
-    if (pipeerr[1])
-        close(pipeerr[1] > 0);
-    if (pipeout[0])
-        close(pipeout[0] > 0);
-    if (pipeout[1])
-        close(pipeout[1] > 0);
+        close(pipeerr[0]);
+    if (pipeerr[1] > 0)
+        close(pipeerr[1]);
+    if (pipeout[0] > 0)
+        close(pipeout[0]);
+    if (pipeout[1] > 0)
+        close(pipeout[1]);
    if (null > 0)
        close(null);
    return -1;
@@ -465,7 +443,7 @@ int qemudStartVMDaemon(struct qemud_server *server,
    if (qemudBuildCommandLine(server, vm, &argv) < 0)
        return -1;

-    if (qemudExec(server, argv, &vm->pid, &vm->stdout, &vm->stderr, vm->tapfds) == 0) {
+    if (qemudExec(server, argv, &vm->pid, &vm->stdout, &vm->stderr) == 0) {
        vm->id = server->nextvmid++;
        ret = 0;
    }
@@ -861,7 +839,7 @@ dhcpStartDhcpDaemon(struct qemud_server *server,
    if (qemudBuildDnsmasqArgv(server, network, &argv) < 0)
        return -1;

-    ret = qemudExec(server, argv, &network->dnsmasqPid, NULL, NULL, NULL);
+    ret = qemudExec(server, argv, &network->dnsmasqPid, NULL, NULL);

    for (i = 0; argv[i]; i++)
        free(argv[i]);