lib/: set O_CLOEXEC on all fds

As found by
  git grep -E '(open|setmntent|pipe2?)\(' |
    grep -vE '((zfs|zpool)_|fd|dl|lzc_re|pidfile_|g_)open\('

FreeBSD's pidfile_open() says nothing about the flags of the files it
opens, but we can't do anything about it anyway; the implementation does
open all files with O_CLOEXEC

Consider this output with zpool.d/media appended with
"pid=$$; (ls -l /proc/$pid/fd > /dev/tty)":
  $ /sbin/zpool iostat -vc media
  lrwx------ 0 -> /dev/pts/0
  l-wx------ 1 -> 'pipe:[3278500]'
  l-wx------ 2 -> /dev/null
  lrwx------ 3 -> /dev/zfs
  lr-x------ 4 -> /proc/31895/mounts
  lrwx------ 5 -> /dev/zfs
  lr-x------ 10 -> /usr/lib/zfs-linux/zpool.d/media
vs
  $ ./zpool iostat -vc vendor,upath,iostat,media
  lrwx------ 0 -> /dev/pts/0
  l-wx------ 1 -> 'pipe:[3279887]'
  l-wx------ 2 -> /dev/null
  lr-x------ 10 -> /usr/lib/zfs-linux/zpool.d/media

Signed-off-by: Ahelenia Ziemiańska <[email protected]>

Author: nabijaczleweli

include/sys/zfs_context.h

@@ -638,8 +638,8 @@ extern void delay(clock_t ticks);
 #define	NN_NUMBUF_SZ	(6)
 
 extern uint64_t physmem;
-extern char *random_path;
-extern char *urandom_path;
+extern const char *random_path;
+extern const char *urandom_path;
 
 extern int highbit64(uint64_t i);
 extern int lowbit64(uint64_t i);

lib/libshare/os/freebsd/nfs.c

@@ -66,7 +66,7 @@ static int
 nfs_exports_lock(void)
 {
 	nfs_lock_fd = open(ZFS_EXPORTS_LOCK,
-	    O_RDWR | O_CREAT, 0600);
+	    O_RDWR | O_CREAT | O_CLOEXEC, 0600);
 	if (nfs_lock_fd == -1) {
 		fprintf(stderr, "failed to lock %s: %s\n",
 		    ZFS_EXPORTS_LOCK, strerror(errno));
@@ -228,8 +228,8 @@ nfs_copy_entries(char *filename, const char *mountpoint)
 	int error = SA_OK;
 	char *line;
 
-	FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "r");
-	FILE *newfp = fopen(filename, "w+");
+	FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "re");
+	FILE *newfp = fopen(filename, "w+e");
 	if (newfp == NULL) {
 		fprintf(stderr, "failed to open %s file: %s", filename,
 		    strerror(errno));
@@ -291,7 +291,7 @@ nfs_enable_share(sa_share_impl_t impl_share)
 		return (error);
 	}
 
-	FILE *fp = fopen(filename, "a+");
+	FILE *fp = fopen(filename, "a+e");
 	if (fp == NULL) {
 		fprintf(stderr, "failed to open %s file: %s", filename,
 		    strerror(errno));
@@ -368,7 +368,7 @@ nfs_is_shared(sa_share_impl_t impl_share)
 	char *mntpoint = impl_share->sa_mountpoint;
 	size_t mntlen = strlen(mntpoint);
 
-	FILE *fp = fopen(ZFS_EXPORTS_FILE, "r");
+	FILE *fp = fopen(ZFS_EXPORTS_FILE, "re");
 	if (fp == NULL)
 		return (B_FALSE);
 

lib/libshare/os/linux/nfs.c

@@ -66,7 +66,7 @@ static int
 nfs_exports_lock(void)
 {
 	nfs_lock_fd = open(ZFS_EXPORTS_LOCK,
-	    O_RDWR | O_CREAT, 0600);
+	    O_RDWR | O_CREAT | O_CLOEXEC, 0600);
 	if (nfs_lock_fd == -1) {
 		fprintf(stderr, "failed to lock %s: %s\n",
 		    ZFS_EXPORTS_LOCK, strerror(errno));
@@ -453,7 +453,7 @@ nfs_add_entry(const char *filename, const char *sharepath,
 	if (linux_opts == NULL)
 		linux_opts = "";
 
-	FILE *fp = fopen(filename, "a+");
+	FILE *fp = fopen(filename, "a+e");
 	if (fp == NULL) {
 		fprintf(stderr, "failed to open %s file: %s", filename,
 		    strerror(errno));
@@ -489,8 +489,8 @@ nfs_copy_entries(char *filename, const char *mountpoint)
 	size_t buflen = 0;
 	int error = SA_OK;
 
-	FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "r");
-	FILE *newfp = fopen(filename, "w+");
+	FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "re");
+	FILE *newfp = fopen(filename, "w+e");
 	if (newfp == NULL) {
 		fprintf(stderr, "failed to open %s file: %s", filename,
 		    strerror(errno));
@@ -632,7 +632,7 @@ nfs_is_shared(sa_share_impl_t impl_share)
 	size_t buflen = 0;
 	char *buf = NULL;
 
-	FILE *fp = fopen(ZFS_EXPORTS_FILE, "r");
+	FILE *fp = fopen(ZFS_EXPORTS_FILE, "re");
 	if (fp == NULL) {
 		return (B_FALSE);
 	}

lib/libshare/os/linux/smb.c

@@ -107,7 +107,7 @@ smb_retrieve_shares(void)
 		if (!S_ISREG(eStat.st_mode))
 			continue;
 
-		if ((share_file_fp = fopen(file_path, "r")) == NULL) {
+		if ((share_file_fp = fopen(file_path, "re")) == NULL) {
 			rc = SA_SYSTEM_ERR;
 			goto out;
 		}

lib/libspl/os/linux/gethostid.c

@@ -45,7 +45,7 @@ get_spl_hostid(void)
 		return (hostid & HOSTID_MASK);
 	}
 
-	f = fopen("/sys/module/spl/parameters/spl_hostid", "r");
+	f = fopen("/sys/module/spl/parameters/spl_hostid", "re");
 	if (!f)
 		return (0);
 
@@ -74,7 +74,7 @@ get_system_hostid(void)
 		unsigned long hostid;
 		int hostid_size = 4;  /* 4 bytes regardless of arch */
 
-		fd = open("/etc/hostid", O_RDONLY);
+		fd = open("/etc/hostid", O_RDONLY | O_CLOEXEC);
 		if (fd >= 0) {
 			rc = read(fd, &hostid, hostid_size);
 			if (rc > 0)

lib/libspl/os/linux/getmntany.c

@@ -128,9 +128,9 @@ getextmntent(const char *path, struct extmnttab *entry, struct stat64 *statbuf)
 
 
 #ifdef HAVE_SETMNTENT
-	if ((fp = setmntent(MNTTAB, "r")) == NULL) {
+	if ((fp = setmntent(MNTTAB, "re")) == NULL) {
 #else
-	if ((fp = fopen(MNTTAB, "r")) == NULL) {
+	if ((fp = fopen(MNTTAB, "re")) == NULL) {
 #endif
 		(void) fprintf(stderr, "cannot open %s\n", MNTTAB);
 		return (-1);

lib/libuutil/uu_open.c

@@ -36,12 +36,6 @@
 #include <stdio.h>
 #include <unistd.h>
 
-#ifdef _LP64
-#define	TMPPATHFMT	"%s/uu%ld"
-#else /* _LP64 */
-#define	TMPPATHFMT	"%s/uu%lld"
-#endif /* _LP64 */
-
 /*ARGSUSED*/
 int
 uu_open_tmp(const char *dir, uint_t uflags)
@@ -55,7 +49,7 @@ uu_open_tmp(const char *dir, uint_t uflags)
 	for (;;) {
 		(void) snprintf(fname, PATH_MAX, "%s/uu%lld", dir, gethrtime());
 
-		f = open(fname, O_CREAT | O_EXCL | O_RDWR, 0600);
+		f = open(fname, O_CREAT | O_EXCL | O_RDWR | O_CLOEXEC, 0600);
 
 		if (f >= 0 || errno != EEXIST)
 			break;

lib/libzfs/libzfs_crypto.c

@@ -71,7 +71,7 @@ pkcs11_get_urandom(uint8_t *buf, size_t bytes)
 	int rand;
 	ssize_t bytes_read = 0;
 
-	rand = open("/dev/urandom", O_RDONLY);
+	rand = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
 
 	if (rand < 0)
 		return (rand);
@@ -468,7 +468,7 @@ get_key_material_file(libzfs_handle_t *hdl, const char *uri,
 	if (strlen(uri) < 7)
 		return (EINVAL);
 
-	if ((f = fopen(uri + 7, "r")) == NULL) {
+	if ((f = fopen(uri + 7, "re")) == NULL) {
 		ret = errno;
 		errno = 0;
 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

lib/libzfs/libzfs_diff.c

@@ -697,7 +697,7 @@ setup_differ_info(zfs_handle_t *zhp, const char *fromsnap,
 {
 	di->zhp = zhp;
 
-	di->cleanupfd = open(ZFS_DEV, O_RDWR);
+	di->cleanupfd = open(ZFS_DEV, O_RDWR | O_CLOEXEC);
 	VERIFY(di->cleanupfd >= 0);
 
 	if (get_snapshot_names(di, fromsnap, tosnap) != 0)
@@ -731,7 +731,7 @@ zfs_show_diffs(zfs_handle_t *zhp, int outfd, const char *fromsnap,
 		return (-1);
 	}
 
-	if (pipe(pipefd)) {
+	if (pipe2(pipefd, O_CLOEXEC)) {
 		zfs_error_aux(zhp->zfs_hdl, strerror(errno));
 		teardown_differ_info(&di);
 		return (zfs_error(zhp->zfs_hdl, EZFS_PIPEFAILED, errbuf));

lib/libzfs/libzfs_iter.c

@@ -565,7 +565,7 @@ zfs_iter_mounted(zfs_handle_t *zhp, zfs_iter_f func, void *data)
 	FILE *mnttab;
 	int err = 0;
 
-	if ((mnttab = fopen(MNTTAB, "r")) == NULL)
+	if ((mnttab = fopen(MNTTAB, "re")) == NULL)
 		return (ENOENT);
 
 	while (err == 0 && getmntent(mnttab, &entry) == 0) {

lib/libzfs/libzfs_pool.c

@@ -4809,13 +4809,11 @@ zpool_load_compat(const char *compatibility,
 	 * as they're only needed if the filename is relative
 	 * which will be checked during the openat().
 	 */
-#ifdef O_PATH
-	sdirfd = open(ZPOOL_SYSCONF_COMPAT_D, O_DIRECTORY | O_PATH);
-	ddirfd = open(ZPOOL_DATA_COMPAT_D, O_DIRECTORY | O_PATH);
-#else
-	sdirfd = open(ZPOOL_SYSCONF_COMPAT_D, O_DIRECTORY | O_RDONLY);
-	ddirfd = open(ZPOOL_DATA_COMPAT_D, O_DIRECTORY | O_RDONLY);
+#ifndef O_PATH
+#define	O_PATH O_RDONLY
 #endif
+	sdirfd = open(ZPOOL_SYSCONF_COMPAT_D, O_DIRECTORY | O_PATH | O_CLOEXEC);
+	ddirfd = open(ZPOOL_DATA_COMPAT_D, O_DIRECTORY | O_PATH | O_CLOEXEC);
 
 	(void) strlcpy(filenames, compatibility, ZFS_MAXPROPLEN);
 	file = strtok_r(filenames, ",", &ps);

lib/libzfs/libzfs_sendrecv.c

@@ -2207,7 +2207,7 @@ zfs_send(zfs_handle_t *zhp, const char *fromsnap, const char *tosnap,
 		++holdseq;
 		(void) snprintf(sdd.holdtag, sizeof (sdd.holdtag),
 		    ".send-%d-%llu", getpid(), (u_longlong_t)holdseq);
-		sdd.cleanup_fd = open(ZFS_DEV, O_RDWR);
+		sdd.cleanup_fd = open(ZFS_DEV, O_RDWR | O_CLOEXEC);
 		if (sdd.cleanup_fd < 0) {
 			err = errno;
 			goto stderr_out;

lib/libzfs/libzfs_util.c

@@ -884,13 +884,13 @@ libzfs_run_process_impl(const char *path, char *argv[], char *env[], int flags,
 	 * Setup a pipe between our child and parent process if we're
 	 * reading stdout.
 	 */
-	if ((lines != NULL) && pipe(link) == -1)
+	if ((lines != NULL) && pipe2(link, O_CLOEXEC) == -1)
 		return (-EPIPE);
 
 	pid = vfork();
 	if (pid == 0) {
 		/* Child process */
-		devnull_fd = open("/dev/null", O_WRONLY);
+		devnull_fd = open("/dev/null", O_WRONLY | O_CLOEXEC);
 
 		if (devnull_fd < 0)
 			_exit(-1);
@@ -900,15 +900,11 @@ libzfs_run_process_impl(const char *path, char *argv[], char *env[], int flags,
 		else if (lines != NULL) {
 			/* Save the output to lines[] */
 			dup2(link[1], STDOUT_FILENO);
-			close(link[0]);
-			close(link[1]);
 		}
 
 		if (!(flags & STDERR_VERBOSE))
 			(void) dup2(devnull_fd, STDERR_FILENO);
 
-		close(devnull_fd);
-
 		if (flags & NO_DEFAULT_PATH) {
 			if (env == NULL)
 				execv(path, argv);
@@ -1144,7 +1140,7 @@ zfs_path_to_zhandle(libzfs_handle_t *hdl, const char *path, zfs_type_t argtype)
 	}
 
 	/* Reopen MNTTAB to prevent reading stale data from open file */
-	if (freopen(MNTTAB, "r", hdl->libzfs_mnttab) == NULL)
+	if (freopen(MNTTAB, "re", hdl->libzfs_mnttab) == NULL)
 		return (NULL);
 
 	if (getextmntent(path, &entry, &statbuf) != 0)

lib/libzfs/os/linux/libzfs_pool_os.c

@@ -62,7 +62,7 @@ zpool_relabel_disk(libzfs_handle_t *hdl, const char *path, const char *msg)
 {
 	int fd, error;
 
-	if ((fd = open(path, O_RDWR|O_DIRECT)) < 0) {
+	if ((fd = open(path, O_RDWR|O_DIRECT|O_CLOEXEC)) < 0) {
 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "cannot "
 		    "relabel '%s': unable to open device: %d"), path, errno);
 		return (zfs_error(hdl, EZFS_OPENFAILED, msg));
@@ -107,7 +107,7 @@ read_efi_label(nvlist_t *config, diskaddr_t *sb)
 
 	(void) snprintf(diskname, sizeof (diskname), "%s%s", DISK_ROOT,
 	    strrchr(path, '/'));
-	if ((fd = open(diskname, O_RDONLY|O_DIRECT)) >= 0) {
+	if ((fd = open(diskname, O_RDONLY|O_DIRECT|O_CLOEXEC)) >= 0) {
 		struct dk_gpt *vtoc;
 
 		if ((err = efi_alloc_and_read(fd, &vtoc)) >= 0) {
@@ -159,7 +159,7 @@ zpool_label_disk_check(char *path)
 	struct dk_gpt *vtoc;
 	int fd, err;
 
-	if ((fd = open(path, O_RDONLY|O_DIRECT)) < 0)
+	if ((fd = open(path, O_RDONLY|O_DIRECT|O_CLOEXEC)) < 0)
 		return (errno);
 
 	if ((err = efi_alloc_and_read(fd, &vtoc)) != 0) {
@@ -190,7 +190,7 @@ zpool_label_name(char *label_name, int label_size)
 	uint64_t id = 0;
 	int fd;
 
-	fd = open("/dev/urandom", O_RDONLY);
+	fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
 	if (fd >= 0) {
 		if (read(fd, &id, sizeof (id)) != sizeof (id))
 			id = 0;
@@ -241,7 +241,7 @@ zpool_label_disk(libzfs_handle_t *hdl, zpool_handle_t *zhp, const char *name)
 
 	(void) snprintf(path, sizeof (path), "%s/%s", DISK_ROOT, name);
 
-	if ((fd = open(path, O_RDWR|O_DIRECT|O_EXCL)) < 0) {
+	if ((fd = open(path, O_RDWR|O_DIRECT|O_EXCL|O_CLOEXEC)) < 0) {
 		/*
 		 * This shouldn't happen.  We've long since verified that this
 		 * is a valid device.

lib/libzfs/os/linux/libzfs_sendrecv_os.c

@@ -35,7 +35,7 @@
 void
 libzfs_set_pipe_max(int infd)
 {
-	FILE *procf = fopen("/proc/sys/fs/pipe-max-size", "r");
+	FILE *procf = fopen("/proc/sys/fs/pipe-max-size", "re");
 
 	if (procf != NULL) {
 		unsigned long max_psize;

lib/libzfs/os/linux/libzfs_util_os.c

@@ -143,7 +143,7 @@ libzfs_load_module_impl(const char *module)
 
 	start = gethrtime();
 	do {
-		fd = open(ZFS_DEV, O_RDWR);
+		fd = open(ZFS_DEV, O_RDWR | O_CLOEXEC);
 		if (fd >= 0) {
 			(void) close(fd);
 			return (0);
@@ -195,7 +195,7 @@ zfs_version_kernel(char *version, int len)
 	int fd;
 	int rlen;
 
-	if ((fd = open(ZFS_SYSFS_DIR "/version", O_RDONLY)) == -1)
+	if ((fd = open(ZFS_SYSFS_DIR "/version", O_RDONLY | O_CLOEXEC)) == -1)
 		return (-1);
 
 	if ((rlen = read(fd, version, len)) == -1) {

lib/libzpool/kernel.c

@@ -723,15 +723,15 @@ lowbit64(uint64_t i)
 	return (__builtin_ffsll(i));
 }
 
-char *random_path = "/dev/random";
-char *urandom_path = "/dev/urandom";
+const char *random_path = "/dev/random";
+const char *urandom_path = "/dev/urandom";
 static int random_fd = -1, urandom_fd = -1;
 
 void
 random_init(void)
 {
-	VERIFY((random_fd = open(random_path, O_RDONLY)) != -1);
-	VERIFY((urandom_fd = open(urandom_path, O_RDONLY)) != -1);
+	VERIFY((random_fd = open(random_path, O_RDONLY | O_CLOEXEC)) != -1);
+	VERIFY((urandom_fd = open(urandom_path, O_RDONLY | O_CLOEXEC)) != -1);
 }
 
 void

lib/libzpool/util.c

@@ -259,7 +259,7 @@ pool_active(void *unused, const char *name, uint64_t guid,
 	 * Use ZFS_IOC_POOL_SYNC to confirm if a pool is active
 	 */
 
-	fd = open(ZFS_DEV, O_RDWR);
+	fd = open(ZFS_DEV, O_RDWR | O_CLOEXEC);
 	if (fd < 0)
 		return (-1);
 

lib/libzutil/os/freebsd/zutil_import_os.c

@@ -127,7 +127,7 @@ zpool_open_func(void *arg)
 	/*
 	 * O_NONBLOCK so we don't hang trying to open things like serial ports.
 	 */
-	if ((fd = open(rn->rn_name, O_RDONLY|O_NONBLOCK)) < 0)
+	if ((fd = open(rn->rn_name, O_RDONLY|O_NONBLOCK|O_CLOEXEC)) < 0)
 		return;
 
 	/*

lib/libzutil/os/linux/zutil_device_path_os.c

@@ -390,7 +390,7 @@ zfs_dev_is_whole_disk(const char *dev_name)
 	struct dk_gpt *label;
 	int fd;
 
-	if ((fd = open(dev_name, O_RDONLY | O_DIRECT)) < 0)
+	if ((fd = open(dev_name, O_RDONLY | O_DIRECT | O_CLOEXEC)) < 0)
 		return (B_FALSE);
 
 	if (efi_alloc_and_init(fd, EFI_NUMPAR, &label) != 0) {

lib/libzutil/os/linux/zutil_import_os.c

@@ -136,9 +136,9 @@ zpool_open_func(void *arg)
 	 * cache which may be stale for multipath devices.  An EINVAL errno
 	 * indicates O_DIRECT is unsupported so fallback to just O_RDONLY.
 	 */
-	fd = open(rn->rn_name, O_RDONLY | O_DIRECT);
+	fd = open(rn->rn_name, O_RDONLY | O_DIRECT | O_CLOEXEC);
 	if ((fd < 0) && (errno == EINVAL))
-		fd = open(rn->rn_name, O_RDONLY);
+		fd = open(rn->rn_name, O_RDONLY | O_CLOEXEC);
 	if ((fd < 0) && (errno == EACCES))
 		hdl->lpc_open_access_error = B_TRUE;
 	if (fd < 0)