Macro get_unused_fd() allocates a file descriptor without enabling close-on-exec: it calls function get_unused_fd_flags() without O_CLOEXEC flag. This can be seen as an unsafe default: in most case close-on-exec should be enabled to not leak file descriptor across exec(). This patch removes get_unused_fd() instead of updating it to use O_CLOEXEC so that out of tree modules won't be affect by a runtime behavor change which might introduce other kind of bug. It's better to catch the change at build time, making it easier to fix. Removing the macro will also promote use of get_unused_fd_flags() (or anon_inode_getfd()) with flags provided by userspace. Or, if flags cannot be given by userspace, with flags set to O_CLOEXEC set by default. Link: http://lkml.kernel.org/r/cover.1401630396.git.ydroneaud@xxxxxxxxxx Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Yann Droneaud <ydroneaud@xxxxxxxxxx> --- include/linux/file.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/linux/file.h b/include/linux/file.h index 4d69123377a2..f87d30882a24 100644 --- a/include/linux/file.h +++ b/include/linux/file.h @@ -66,7 +66,6 @@ extern void set_close_on_exec(unsigned int fd, int flag); extern bool get_close_on_exec(unsigned int fd); extern void put_filp(struct file *); extern int get_unused_fd_flags(unsigned flags); -#define get_unused_fd() get_unused_fd_flags(0) extern void put_unused_fd(unsigned int fd); extern void fd_install(unsigned int fd, struct file *file); -- 1.9.3 -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
