Commit f938612d authored Dec 10, 2014 by Yann Droneaud Committed by Linus Torvalds Dec 10, 2014

include/linux/file.h: remove get_unused_fd() macro



Macro get_unused_fd() is used to allocate a file descriptor with default
flags.  Those default flags (0) don't enable close-on-exec.

This can be seen as an unsafe default: in most case close-on-exec should
be enabled to not leak file descriptor across exec().

It would be better to have a "safer" default set of flags, eg.  O_CLOEXEC
must be used to enable close-on-exec.

Instead this patch removes get_unused_fd() so that out of tree modules
won't be affect by a runtime behavor change which might introduce other
kind of bugs: it's better to catch the change at build time, making it
easier to fix.

Removing the macro will also promote use of get_unused_fd_flags() (or
anon_inode_getfd()) with flags provided by userspace.  Or, if flags cannot
be given by userspace, with flags set to O_CLOEXEC by default.

Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 8d10a035

include/linux/file.h

+0 −1

Original line number	Diff line number	Diff line
		@@ -66,7 +66,6 @@ extern void set_close_on_exec(unsigned int fd, int flag);
		extern bool get_close_on_exec(unsigned int fd);
		extern void put_filp(struct file *);
		extern int get_unused_fd_flags(unsigned flags);
		#define get_unused_fd() get_unused_fd_flags(0)
		extern void put_unused_fd(unsigned int fd);

		extern void fd_install(unsigned int fd, struct file *file);

Admin message