vfio: Add O_CLOEXEC flag to vfio device fd

Add the default O_CLOEXEC flag for device file descriptors. This is generally considered a safer option as it allows the user a race free option to decide whether file descriptors are inherited across exec, with the default avoiding file descriptor leaks. Reported-by: Yann Droneaud <ydroneaud@opteya.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2013-08-22 10:33:41 -06:00 · 2013-08-22 10:33:41 -06:00 · 5d042fbdbb
parent a5d550703d
commit 5d042fbdbb
1 changed files with 1 additions and 1 deletions
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@ -1109,7 +1109,7 @@ static int vfio_group_get_device_fd(struct vfio_group *group, char *buf)
 		 * We can't use anon_inode_getfd() because we need to modify
 		 * the f_mode flags directly to allow more than just ioctls
 		 */
-		ret = get_unused_fd_flags(0);
+		ret = get_unused_fd_flags(O_CLOEXEC);
 		if (ret < 0) {
 			device->ops->release(device->device_data);
 			break;