openzfs · nabijaczleweli · Mar 10, 2021 · Mar 11, 2021 · Mar 10, 2021 · Mar 11, 2021
diff --git a/include/sys/zfs_context.h b/include/sys/zfs_context.h
@@ -638,8 +638,8 @@ extern void delay(clock_t ticks);
 #define	NN_NUMBUF_SZ	(6)
 
 extern uint64_t physmem;
-extern char *random_path;
-extern char *urandom_path;
+extern const char *random_path;
+extern const char *urandom_path;
 
 extern int highbit64(uint64_t i);
 extern int lowbit64(uint64_t i);

diff --git a/lib/libshare/os/freebsd/nfs.c b/lib/libshare/os/freebsd/nfs.c
@@ -66,7 +66,7 @@ static int
 nfs_exports_lock(void)
 {
 	nfs_lock_fd = open(ZFS_EXPORTS_LOCK,
-	    O_RDWR | O_CREAT, 0600);
+	    O_RDWR | O_CREAT | O_CLOEXEC, 0600);
 	if (nfs_lock_fd == -1) {
 		fprintf(stderr, "failed to lock %s: %s\n",
 		    ZFS_EXPORTS_LOCK, strerror(errno));
@@ -228,8 +228,8 @@ nfs_copy_entries(char *filename, const char *mountpoint)
 	int error = SA_OK;
 	char *line;
 
-	FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "r");
-	FILE *newfp = fopen(filename, "w+");
+	FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "re");
+	FILE *newfp = fopen(filename, "w+e");
 	if (newfp == NULL) {
 		fprintf(stderr, "failed to open %s file: %s", filename,
 		    strerror(errno));
@@ -291,7 +291,7 @@ nfs_enable_share(sa_share_impl_t impl_share)
 		return (error);
 	}
 
-	FILE *fp = fopen(filename, "a+");
+	FILE *fp = fopen(filename, "a+e");
 	if (fp == NULL) {
 		fprintf(stderr, "failed to open %s file: %s", filename,
 		    strerror(errno));
@@ -368,7 +368,7 @@ nfs_is_shared(sa_share_impl_t impl_share)
 	char *mntpoint = impl_share->sa_mountpoint;
 	size_t mntlen = strlen(mntpoint);
 
-	FILE *fp = fopen(ZFS_EXPORTS_FILE, "r");
+	FILE *fp = fopen(ZFS_EXPORTS_FILE, "re");
 	if (fp == NULL)
 		return (B_FALSE);
 

diff --git a/lib/libshare/os/linux/nfs.c b/lib/libshare/os/linux/nfs.c
@@ -66,7 +66,7 @@ static int
 nfs_exports_lock(void)
 {
 	nfs_lock_fd = open(ZFS_EXPORTS_LOCK,
-	    O_RDWR | O_CREAT, 0600);
+	    O_RDWR | O_CREAT | O_CLOEXEC, 0600);
 	if (nfs_lock_fd == -1) {
 		fprintf(stderr, "failed to lock %s: %s\n",
 		    ZFS_EXPORTS_LOCK, strerror(errno));
@@ -453,7 +453,7 @@ nfs_add_entry(const char *filename, const char *sharepath,
 	if (linux_opts == NULL)
 		linux_opts = "";
 
-	FILE *fp = fopen(filename, "a+");
+	FILE *fp = fopen(filename, "a+e");
 	if (fp == NULL) {
 		fprintf(stderr, "failed to open %s file: %s", filename,
 		    strerror(errno));
@@ -489,8 +489,8 @@ nfs_copy_entries(char *filename, const char *mountpoint)
 	size_t buflen = 0;
 	int error = SA_OK;
 
-	FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "r");
-	FILE *newfp = fopen(filename, "w+");
+	FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "re");
+	FILE *newfp = fopen(filename, "w+e");
 	if (newfp == NULL) {
 		fprintf(stderr, "failed to open %s file: %s", filename,
 		    strerror(errno));
@@ -632,7 +632,7 @@ nfs_is_shared(sa_share_impl_t impl_share)
 	size_t buflen = 0;
 	char *buf = NULL;
 
-	FILE *fp = fopen(ZFS_EXPORTS_FILE, "r");
+	FILE *fp = fopen(ZFS_EXPORTS_FILE, "re");
 	if (fp == NULL) {
 		return (B_FALSE);
 	}

diff --git a/lib/libshare/os/linux/smb.c b/lib/libshare/os/linux/smb.c
@@ -107,7 +107,7 @@ smb_retrieve_shares(void)
 		if (!S_ISREG(eStat.st_mode))
 			continue;
 
-		if ((share_file_fp = fopen(file_path, "r")) == NULL) {
+		if ((share_file_fp = fopen(file_path, "re")) == NULL) {
 			rc = SA_SYSTEM_ERR;
 			goto out;
 		}

diff --git a/lib/libspl/os/linux/gethostid.c b/lib/libspl/os/linux/gethostid.c
@@ -45,7 +45,7 @@ get_spl_hostid(void)
 		return (hostid & HOSTID_MASK);
 	}
 
-	f = fopen("/sys/module/spl/parameters/spl_hostid", "r");
+	f = fopen("/sys/module/spl/parameters/spl_hostid", "re");
 	if (!f)
 		return (0);
 
@@ -74,7 +74,7 @@ get_system_hostid(void)
 		unsigned long hostid;
 		int hostid_size = 4;  /* 4 bytes regardless of arch */
 
-		fd = open("/etc/hostid", O_RDONLY);
+		fd = open("/etc/hostid", O_RDONLY | O_CLOEXEC);
 		if (fd >= 0) {
 			rc = read(fd, &hostid, hostid_size);
 			if (rc > 0)

diff --git a/lib/libspl/os/linux/getmntany.c b/lib/libspl/os/linux/getmntany.c
@@ -128,9 +128,9 @@ getextmntent(const char *path, struct extmnttab *entry, struct stat64 *statbuf)
 
 
 #ifdef HAVE_SETMNTENT
-	if ((fp = setmntent(MNTTAB, "r")) == NULL) {
+	if ((fp = setmntent(MNTTAB, "re")) == NULL) {
 #else
-	if ((fp = fopen(MNTTAB, "r")) == NULL) {
+	if ((fp = fopen(MNTTAB, "re")) == NULL) {
 #endif
 		(void) fprintf(stderr, "cannot open %s\n", MNTTAB);
 		return (-1);

diff --git a/lib/libuutil/uu_open.c b/lib/libuutil/uu_open.c
@@ -36,12 +36,6 @@
 #include <stdio.h>
 #include <unistd.h>
 
-#ifdef _LP64
-#define	TMPPATHFMT	"%s/uu%ld"
-#else /* _LP64 */
-#define	TMPPATHFMT	"%s/uu%lld"
-#endif /* _LP64 */
-
 /*ARGSUSED*/
 int
 uu_open_tmp(const char *dir, uint_t uflags)
@@ -55,7 +49,7 @@ uu_open_tmp(const char *dir, uint_t uflags)
 	for (;;) {
 		(void) snprintf(fname, PATH_MAX, "%s/uu%lld", dir, gethrtime());
 
-		f = open(fname, O_CREAT | O_EXCL | O_RDWR, 0600);
+		f = open(fname, O_CREAT | O_EXCL | O_RDWR | O_CLOEXEC, 0600);
 
 		if (f >= 0 || errno != EEXIST)
 			break;

diff --git a/lib/libzfs/libzfs_crypto.c b/lib/libzfs/libzfs_crypto.c
@@ -51,12 +51,6 @@
  * technically ok if the salt is known to the attacker).
  */
 
-typedef enum key_locator {
-	KEY_LOCATOR_NONE,
-	KEY_LOCATOR_PROMPT,
-	KEY_LOCATOR_URI
-} key_locator_t;
-
 #define	MIN_PASSPHRASE_LEN 8
 #define	MAX_PASSPHRASE_LEN 512
 #define	MAX_KEY_PROMPT_ATTEMPTS 3
@@ -77,7 +71,7 @@ pkcs11_get_urandom(uint8_t *buf, size_t bytes)
 	int rand;
 	ssize_t bytes_read = 0;
 
-	rand = open("/dev/urandom", O_RDONLY);
+	rand = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
 
 	if (rand < 0)
 		return (rand);
@@ -474,7 +468,7 @@ get_key_material_file(libzfs_handle_t *hdl, const char *uri,
 	if (strlen(uri) < 7)
 		return (EINVAL);
 
-	if ((f = fopen(uri + 7, "r")) == NULL) {
+	if ((f = fopen(uri + 7, "re")) == NULL) {
 		ret = errno;
 		errno = 0;
 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
@@ -960,7 +954,7 @@ zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props,
 		}
 
 		ret = populate_create_encryption_params_nvlists(hdl, NULL,
-		    B_FALSE, keyformat, keylocation, props, &wkeydata,
+		    B_TRUE, keyformat, keylocation, props, &wkeydata,
 		    &wkeylen);
 		if (ret != 0)
 			goto out;

diff --git a/lib/libzfs/libzfs_dataset.c b/lib/libzfs/libzfs_dataset.c
@@ -811,7 +811,7 @@ libzfs_mnttab_update(libzfs_handle_t *hdl)
 	struct mnttab entry;
 
 	/* Reopen MNTTAB to prevent reading stale data from open file */
-	if (freopen(MNTTAB, "r", hdl->libzfs_mnttab) == NULL)
+	if (freopen(MNTTAB, "re", hdl->libzfs_mnttab) == NULL)
 		return (ENOENT);
 
 	while (getmntent(hdl->libzfs_mnttab, &entry) == 0) {
@@ -882,7 +882,7 @@ libzfs_mnttab_find(libzfs_handle_t *hdl, const char *fsname,
 			libzfs_mnttab_fini(hdl);
 
 		/* Reopen MNTTAB to prevent reading stale data from open file */
-		if (freopen(MNTTAB, "r", hdl->libzfs_mnttab) == NULL)
+		if (freopen(MNTTAB, "re", hdl->libzfs_mnttab) == NULL)
 			return (ENOENT);
 
 		srch.mnt_special = (char *)fsname;

diff --git a/lib/libzfs/libzfs_diff.c b/lib/libzfs/libzfs_diff.c
@@ -697,7 +697,7 @@ setup_differ_info(zfs_handle_t *zhp, const char *fromsnap,
 {
 	di->zhp = zhp;
 
-	di->cleanupfd = open(ZFS_DEV, O_RDWR);
+	di->cleanupfd = open(ZFS_DEV, O_RDWR | O_CLOEXEC);
 	VERIFY(di->cleanupfd >= 0);
 
 	if (get_snapshot_names(di, fromsnap, tosnap) != 0)
@@ -731,7 +731,7 @@ zfs_show_diffs(zfs_handle_t *zhp, int outfd, const char *fromsnap,
 		return (-1);
 	}
 
-	if (pipe(pipefd)) {
+	if (pipe2(pipefd, O_CLOEXEC)) {
 		zfs_error_aux(zhp->zfs_hdl, strerror(errno));
 		teardown_differ_info(&di);
 		return (zfs_error(zhp->zfs_hdl, EZFS_PIPEFAILED, errbuf));

diff --git a/lib/libzfs/libzfs_iter.c b/lib/libzfs/libzfs_iter.c
@@ -565,7 +565,7 @@ zfs_iter_mounted(zfs_handle_t *zhp, zfs_iter_f func, void *data)
 	FILE *mnttab;
 	int err = 0;
 
-	if ((mnttab = fopen(MNTTAB, "r")) == NULL)
+	if ((mnttab = fopen(MNTTAB, "re")) == NULL)
 		return (ENOENT);
 
 	while (err == 0 && getmntent(mnttab, &entry) == 0) {

diff --git a/lib/libzfs/libzfs_mount.c b/lib/libzfs/libzfs_mount.c
@@ -1517,7 +1517,7 @@ zpool_disable_datasets(zpool_handle_t *zhp, boolean_t force)
 	namelen = strlen(zhp->zpool_name);
 
 	/* Reopen MNTTAB to prevent reading stale data from open file */
-	if (freopen(MNTTAB, "r", hdl->libzfs_mnttab) == NULL)
+	if (freopen(MNTTAB, "re", hdl->libzfs_mnttab) == NULL)
 		return (ENOENT);
 
 	used = alloc = 0;

diff --git a/lib/libzfs/libzfs_pool.c b/lib/libzfs/libzfs_pool.c
@@ -4809,13 +4809,11 @@ zpool_load_compat(const char *compatibility,
 	 * as they're only needed if the filename is relative
 	 * which will be checked during the openat().
 	 */
-#ifdef O_PATH
-	sdirfd = open(ZPOOL_SYSCONF_COMPAT_D, O_DIRECTORY | O_PATH);
-	ddirfd = open(ZPOOL_DATA_COMPAT_D, O_DIRECTORY | O_PATH);
-#else
-	sdirfd = open(ZPOOL_SYSCONF_COMPAT_D, O_DIRECTORY | O_RDONLY);
-	ddirfd = open(ZPOOL_DATA_COMPAT_D, O_DIRECTORY | O_RDONLY);
+#ifndef O_PATH
+#define	O_PATH O_RDONLY
 #endif
+	sdirfd = open(ZPOOL_SYSCONF_COMPAT_D, O_DIRECTORY | O_PATH | O_CLOEXEC);
+	ddirfd = open(ZPOOL_DATA_COMPAT_D, O_DIRECTORY | O_PATH | O_CLOEXEC);
 
 	(void) strlcpy(filenames, compatibility, ZFS_MAXPROPLEN);
 	file = strtok_r(filenames, ",", &ps);

diff --git a/lib/libzfs/libzfs_sendrecv.c b/lib/libzfs/libzfs_sendrecv.c
@@ -2207,7 +2207,7 @@ zfs_send(zfs_handle_t *zhp, const char *fromsnap, const char *tosnap,
 		++holdseq;
 		(void) snprintf(sdd.holdtag, sizeof (sdd.holdtag),
 		    ".send-%d-%llu", getpid(), (u_longlong_t)holdseq);
-		sdd.cleanup_fd = open(ZFS_DEV, O_RDWR);
+		sdd.cleanup_fd = open(ZFS_DEV, O_RDWR | O_CLOEXEC);
 		if (sdd.cleanup_fd < 0) {
 			err = errno;
 			goto stderr_out;

diff --git a/lib/libzfs/libzfs_util.c b/lib/libzfs/libzfs_util.c
@@ -884,13 +884,13 @@ libzfs_run_process_impl(const char *path, char *argv[], char *env[], int flags,
 	 * Setup a pipe between our child and parent process if we're
 	 * reading stdout.
 	 */
-	if ((lines != NULL) && pipe(link) == -1)
+	if ((lines != NULL) && pipe2(link, O_CLOEXEC) == -1)
 		return (-EPIPE);
 
 	pid = vfork();
 	if (pid == 0) {
 		/* Child process */
-		devnull_fd = open("/dev/null", O_WRONLY);
+		devnull_fd = open("/dev/null", O_WRONLY | O_CLOEXEC);
 
 		if (devnull_fd < 0)
 			_exit(-1);
@@ -900,15 +900,11 @@ libzfs_run_process_impl(const char *path, char *argv[], char *env[], int flags,
 		else if (lines != NULL) {
 			/* Save the output to lines[] */
 			dup2(link[1], STDOUT_FILENO);
-			close(link[0]);
-			close(link[1]);
 		}
 
 		if (!(flags & STDERR_VERBOSE))
 			(void) dup2(devnull_fd, STDERR_FILENO);
 
-		close(devnull_fd);
-
 		if (flags & NO_DEFAULT_PATH) {
 			if (env == NULL)
 				execv(path, argv);
@@ -1024,15 +1020,15 @@ libzfs_init(void)
 		return (NULL);
 	}
 
-	if ((hdl->libzfs_fd = open(ZFS_DEV, O_RDWR|O_EXCL)) < 0) {
+	if ((hdl->libzfs_fd = open(ZFS_DEV, O_RDWR|O_EXCL|O_CLOEXEC)) < 0) {
 		free(hdl);
 		return (NULL);
 	}
 
 #ifdef HAVE_SETMNTENT
-	if ((hdl->libzfs_mnttab = setmntent(MNTTAB, "r")) == NULL) {
+	if ((hdl->libzfs_mnttab = setmntent(MNTTAB, "re")) == NULL) {
 #else
-	if ((hdl->libzfs_mnttab = fopen(MNTTAB, "r")) == NULL) {
+	if ((hdl->libzfs_mnttab = fopen(MNTTAB, "re")) == NULL) {
 #endif
 		(void) close(hdl->libzfs_fd);
 		free(hdl);
@@ -1144,7 +1140,7 @@ zfs_path_to_zhandle(libzfs_handle_t *hdl, const char *path, zfs_type_t argtype)
 	}
 
 	/* Reopen MNTTAB to prevent reading stale data from open file */
-	if (freopen(MNTTAB, "r", hdl->libzfs_mnttab) == NULL)
+	if (freopen(MNTTAB, "re", hdl->libzfs_mnttab) == NULL)
 		return (NULL);
 
 	if (getextmntent(path, &entry, &statbuf) != 0)

diff --git a/lib/libzfs/os/linux/libzfs_pool_os.c b/lib/libzfs/os/linux/libzfs_pool_os.c
@@ -62,7 +62,7 @@ zpool_relabel_disk(libzfs_handle_t *hdl, const char *path, const char *msg)
 {
 	int fd, error;
 
-	if ((fd = open(path, O_RDWR|O_DIRECT)) < 0) {
+	if ((fd = open(path, O_RDWR|O_DIRECT|O_CLOEXEC)) < 0) {
 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "cannot "
 		    "relabel '%s': unable to open device: %d"), path, errno);
 		return (zfs_error(hdl, EZFS_OPENFAILED, msg));
@@ -107,7 +107,7 @@ read_efi_label(nvlist_t *config, diskaddr_t *sb)
 
 	(void) snprintf(diskname, sizeof (diskname), "%s%s", DISK_ROOT,
 	    strrchr(path, '/'));
-	if ((fd = open(diskname, O_RDONLY|O_DIRECT)) >= 0) {
+	if ((fd = open(diskname, O_RDONLY|O_DIRECT|O_CLOEXEC)) >= 0) {
 		struct dk_gpt *vtoc;
 
 		if ((err = efi_alloc_and_read(fd, &vtoc)) >= 0) {
@@ -159,7 +159,7 @@ zpool_label_disk_check(char *path)
 	struct dk_gpt *vtoc;
 	int fd, err;
 
-	if ((fd = open(path, O_RDONLY|O_DIRECT)) < 0)
+	if ((fd = open(path, O_RDONLY|O_DIRECT|O_CLOEXEC)) < 0)
 		return (errno);
 
 	if ((err = efi_alloc_and_read(fd, &vtoc)) != 0) {
@@ -190,7 +190,7 @@ zpool_label_name(char *label_name, int label_size)
 	uint64_t id = 0;
 	int fd;
 
-	fd = open("/dev/urandom", O_RDONLY);
+	fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
 	if (fd >= 0) {
 		if (read(fd, &id, sizeof (id)) != sizeof (id))
 			id = 0;
@@ -241,7 +241,7 @@ zpool_label_disk(libzfs_handle_t *hdl, zpool_handle_t *zhp, const char *name)
 
 	(void) snprintf(path, sizeof (path), "%s/%s", DISK_ROOT, name);
 
-	if ((fd = open(path, O_RDWR|O_DIRECT|O_EXCL)) < 0) {
+	if ((fd = open(path, O_RDWR|O_DIRECT|O_EXCL|O_CLOEXEC)) < 0) {
 		/*
 		 * This shouldn't happen.  We've long since verified that this
 		 * is a valid device.

diff --git a/lib/libzfs/os/linux/libzfs_sendrecv_os.c b/lib/libzfs/os/linux/libzfs_sendrecv_os.c
@@ -35,7 +35,7 @@
 void
 libzfs_set_pipe_max(int infd)
 {
-	FILE *procf = fopen("/proc/sys/fs/pipe-max-size", "r");
+	FILE *procf = fopen("/proc/sys/fs/pipe-max-size", "re");
 
 	if (procf != NULL) {
 		unsigned long max_psize;