diff options
| author | Kyle Evans <kevans@FreeBSD.org> | 2019-07-31 15:16:51 +0000 |
|---|---|---|
| committer | Kyle Evans <kevans@FreeBSD.org> | 2019-07-31 15:16:51 +0000 |
| commit | b5a7ac997fcb3246a89c5cdd2f7f1584d9d16a61 (patch) | |
| tree | 89636d21c4d3803e550841d933e68ac3e1f6e48d /sys/kern/uipc_shm.c | |
| parent | 43ded0a321a765fc7ad9c68112b6e9f15adf6083 (diff) | |
| download | src-b5a7ac997fcb3246a89c5cdd2f7f1584d9d16a61.tar.gz src-b5a7ac997fcb3246a89c5cdd2f7f1584d9d16a61.zip | |
kern_shm_open: push O_CLOEXEC into caller control
The motivation for this change is to allow wrappers around shm to be written
that don't set CLOEXEC. kern_shm_open currently accepts O_CLOEXEC but sets
it unconditionally. kern_shm_open is used by the shm_open(2) syscall, which
is mandated by POSIX to set CLOEXEC, and CloudABI's sys_fd_create1().
Presumably O_CLOEXEC is intended in the latter caller, but it's unclear from
the context.
sys_shm_open() now unconditionally sets O_CLOEXEC to meet POSIX
requirements, and a comment has been dropped in to kern_fd_open() to explain
the situation and add a pointer to where O_CLOEXEC setting is maintained for
shm_open(2) correctness. CloudABI's sys_fd_create1() also unconditionally
sets O_CLOEXEC to match previous behavior.
This also has the side-effect of making flags correctly reflect the
O_CLOEXEC status on this fd for the rest of kern_shm_open(), but a
glance-over leads me to believe that it didn't really matter.
Reviewed by: kib, markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D21119
Notes
Notes:
svn path=/head/; revision=350464
Diffstat (limited to 'sys/kern/uipc_shm.c')
| -rw-r--r-- | sys/kern/uipc_shm.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/sys/kern/uipc_shm.c b/sys/kern/uipc_shm.c index 0105650d7f93..d393f7818387 100644 --- a/sys/kern/uipc_shm.c +++ b/sys/kern/uipc_shm.c @@ -729,7 +729,14 @@ kern_shm_open(struct thread *td, const char *userpath, int flags, mode_t mode, fdp = td->td_proc->p_fd; cmode = (mode & ~fdp->fd_cmask) & ACCESSPERMS; - error = falloc_caps(td, &fp, &fd, O_CLOEXEC, fcaps); + /* + * shm_open(2) created shm should always have O_CLOEXEC set, as mandated + * by POSIX. We allow it to be unset here so that an in-kernel + * interface may be written as a thin layer around shm, optionally not + * setting CLOEXEC. For shm_open(2), O_CLOEXEC is set unconditionally + * in sys_shm_open() to keep this implementation compliant. + */ + error = falloc_caps(td, &fp, &fd, flags & O_CLOEXEC, fcaps); if (error) return (error); @@ -844,7 +851,8 @@ int sys_shm_open(struct thread *td, struct shm_open_args *uap) { - return (kern_shm_open(td, uap->path, uap->flags, uap->mode, NULL)); + return (kern_shm_open(td, uap->path, uap->flags | O_CLOEXEC, uap->mode, + NULL)); } int |