diff --git a/include/sys/zfs_context.h b/include/sys/zfs_context.h index 6cdcc6d309..3fb390c3f6 100644 --- a/include/sys/zfs_context.h +++ b/include/sys/zfs_context.h @@ -638,8 +638,8 @@ extern void delay(clock_t ticks); #define NN_NUMBUF_SZ (6) extern uint64_t physmem; -extern char *random_path; -extern char *urandom_path; +extern const char *random_path; +extern const char *urandom_path; extern int highbit64(uint64_t i); extern int lowbit64(uint64_t i); diff --git a/lib/libshare/os/freebsd/nfs.c b/lib/libshare/os/freebsd/nfs.c index 5951b9eafa..f11e77b849 100644 --- a/lib/libshare/os/freebsd/nfs.c +++ b/lib/libshare/os/freebsd/nfs.c @@ -66,7 +66,7 @@ static int nfs_exports_lock(void) { nfs_lock_fd = open(ZFS_EXPORTS_LOCK, - O_RDWR | O_CREAT, 0600); + O_RDWR | O_CREAT | O_CLOEXEC, 0600); if (nfs_lock_fd == -1) { fprintf(stderr, "failed to lock %s: %s\n", ZFS_EXPORTS_LOCK, strerror(errno)); @@ -228,8 +228,8 @@ nfs_copy_entries(char *filename, const char *mountpoint) int error = SA_OK; char *line; - FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "r"); - FILE *newfp = fopen(filename, "w+"); + FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "re"); + FILE *newfp = fopen(filename, "w+e"); if (newfp == NULL) { fprintf(stderr, "failed to open %s file: %s", filename, strerror(errno)); @@ -291,7 +291,7 @@ nfs_enable_share(sa_share_impl_t impl_share) return (error); } - FILE *fp = fopen(filename, "a+"); + FILE *fp = fopen(filename, "a+e"); if (fp == NULL) { fprintf(stderr, "failed to open %s file: %s", filename, strerror(errno)); @@ -368,7 +368,7 @@ nfs_is_shared(sa_share_impl_t impl_share) char *mntpoint = impl_share->sa_mountpoint; size_t mntlen = strlen(mntpoint); - FILE *fp = fopen(ZFS_EXPORTS_FILE, "r"); + FILE *fp = fopen(ZFS_EXPORTS_FILE, "re"); if (fp == NULL) return (B_FALSE); diff --git a/lib/libshare/os/linux/nfs.c b/lib/libshare/os/linux/nfs.c index 1efa321b7b..21d52953fa 100644 --- a/lib/libshare/os/linux/nfs.c +++ b/lib/libshare/os/linux/nfs.c @@ -66,7 +66,7 @@ static int nfs_exports_lock(void) { nfs_lock_fd = open(ZFS_EXPORTS_LOCK, - O_RDWR | O_CREAT, 0600); + O_RDWR | O_CREAT | O_CLOEXEC, 0600); if (nfs_lock_fd == -1) { fprintf(stderr, "failed to lock %s: %s\n", ZFS_EXPORTS_LOCK, strerror(errno)); @@ -453,7 +453,7 @@ nfs_add_entry(const char *filename, const char *sharepath, if (linux_opts == NULL) linux_opts = ""; - FILE *fp = fopen(filename, "a+"); + FILE *fp = fopen(filename, "a+e"); if (fp == NULL) { fprintf(stderr, "failed to open %s file: %s", filename, strerror(errno)); @@ -489,8 +489,8 @@ nfs_copy_entries(char *filename, const char *mountpoint) size_t buflen = 0; int error = SA_OK; - FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "r"); - FILE *newfp = fopen(filename, "w+"); + FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "re"); + FILE *newfp = fopen(filename, "w+e"); if (newfp == NULL) { fprintf(stderr, "failed to open %s file: %s", filename, strerror(errno)); @@ -632,7 +632,7 @@ nfs_is_shared(sa_share_impl_t impl_share) size_t buflen = 0; char *buf = NULL; - FILE *fp = fopen(ZFS_EXPORTS_FILE, "r"); + FILE *fp = fopen(ZFS_EXPORTS_FILE, "re"); if (fp == NULL) { return (B_FALSE); } diff --git a/lib/libshare/os/linux/smb.c b/lib/libshare/os/linux/smb.c index 3dcf666eb6..45811ff268 100644 --- a/lib/libshare/os/linux/smb.c +++ b/lib/libshare/os/linux/smb.c @@ -107,7 +107,7 @@ smb_retrieve_shares(void) if (!S_ISREG(eStat.st_mode)) continue; - if ((share_file_fp = fopen(file_path, "r")) == NULL) { + if ((share_file_fp = fopen(file_path, "re")) == NULL) { rc = SA_SYSTEM_ERR; goto out; } diff --git a/lib/libspl/os/linux/gethostid.c b/lib/libspl/os/linux/gethostid.c index 1eb93f4411..457d5bf6fa 100644 --- a/lib/libspl/os/linux/gethostid.c +++ b/lib/libspl/os/linux/gethostid.c @@ -45,7 +45,7 @@ get_spl_hostid(void) return (hostid & HOSTID_MASK); } - f = fopen("/sys/module/spl/parameters/spl_hostid", "r"); + f = fopen("/sys/module/spl/parameters/spl_hostid", "re"); if (!f) return (0); @@ -74,7 +74,7 @@ get_system_hostid(void) unsigned long hostid; int hostid_size = 4; /* 4 bytes regardless of arch */ - fd = open("/etc/hostid", O_RDONLY); + fd = open("/etc/hostid", O_RDONLY | O_CLOEXEC); if (fd >= 0) { rc = read(fd, &hostid, hostid_size); if (rc > 0) diff --git a/lib/libspl/os/linux/getmntany.c b/lib/libspl/os/linux/getmntany.c index f42fcc0478..c7201363fd 100644 --- a/lib/libspl/os/linux/getmntany.c +++ b/lib/libspl/os/linux/getmntany.c @@ -128,9 +128,9 @@ getextmntent(const char *path, struct extmnttab *entry, struct stat64 *statbuf) #ifdef HAVE_SETMNTENT - if ((fp = setmntent(MNTTAB, "r")) == NULL) { + if ((fp = setmntent(MNTTAB, "re")) == NULL) { #else - if ((fp = fopen(MNTTAB, "r")) == NULL) { + if ((fp = fopen(MNTTAB, "re")) == NULL) { #endif (void) fprintf(stderr, "cannot open %s\n", MNTTAB); return (-1); diff --git a/lib/libuutil/uu_open.c b/lib/libuutil/uu_open.c index cf5c5450b8..73117753c6 100644 --- a/lib/libuutil/uu_open.c +++ b/lib/libuutil/uu_open.c @@ -36,12 +36,6 @@ #include #include -#ifdef _LP64 -#define TMPPATHFMT "%s/uu%ld" -#else /* _LP64 */ -#define TMPPATHFMT "%s/uu%lld" -#endif /* _LP64 */ - /*ARGSUSED*/ int uu_open_tmp(const char *dir, uint_t uflags) @@ -55,7 +49,7 @@ uu_open_tmp(const char *dir, uint_t uflags) for (;;) { (void) snprintf(fname, PATH_MAX, "%s/uu%lld", dir, gethrtime()); - f = open(fname, O_CREAT | O_EXCL | O_RDWR, 0600); + f = open(fname, O_CREAT | O_EXCL | O_RDWR | O_CLOEXEC, 0600); if (f >= 0 || errno != EEXIST) break; diff --git a/lib/libzfs/libzfs_crypto.c b/lib/libzfs/libzfs_crypto.c index bd4d835686..773fea5cdd 100644 --- a/lib/libzfs/libzfs_crypto.c +++ b/lib/libzfs/libzfs_crypto.c @@ -71,7 +71,7 @@ pkcs11_get_urandom(uint8_t *buf, size_t bytes) int rand; ssize_t bytes_read = 0; - rand = open("/dev/urandom", O_RDONLY); + rand = open("/dev/urandom", O_RDONLY | O_CLOEXEC); if (rand < 0) return (rand); @@ -468,7 +468,7 @@ get_key_material_file(libzfs_handle_t *hdl, const char *uri, if (strlen(uri) < 7) return (EINVAL); - if ((f = fopen(uri + 7, "r")) == NULL) { + if ((f = fopen(uri + 7, "re")) == NULL) { ret = errno; errno = 0; zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, diff --git a/lib/libzfs/libzfs_diff.c b/lib/libzfs/libzfs_diff.c index 7941a58830..12e079b0ee 100644 --- a/lib/libzfs/libzfs_diff.c +++ b/lib/libzfs/libzfs_diff.c @@ -697,7 +697,7 @@ setup_differ_info(zfs_handle_t *zhp, const char *fromsnap, { di->zhp = zhp; - di->cleanupfd = open(ZFS_DEV, O_RDWR); + di->cleanupfd = open(ZFS_DEV, O_RDWR | O_CLOEXEC); VERIFY(di->cleanupfd >= 0); if (get_snapshot_names(di, fromsnap, tosnap) != 0) @@ -731,7 +731,7 @@ zfs_show_diffs(zfs_handle_t *zhp, int outfd, const char *fromsnap, return (-1); } - if (pipe(pipefd)) { + if (pipe2(pipefd, O_CLOEXEC)) { zfs_error_aux(zhp->zfs_hdl, strerror(errno)); teardown_differ_info(&di); return (zfs_error(zhp->zfs_hdl, EZFS_PIPEFAILED, errbuf)); diff --git a/lib/libzfs/libzfs_iter.c b/lib/libzfs/libzfs_iter.c index 7ee326bc69..7806e21cd9 100644 --- a/lib/libzfs/libzfs_iter.c +++ b/lib/libzfs/libzfs_iter.c @@ -565,7 +565,7 @@ zfs_iter_mounted(zfs_handle_t *zhp, zfs_iter_f func, void *data) FILE *mnttab; int err = 0; - if ((mnttab = fopen(MNTTAB, "r")) == NULL) + if ((mnttab = fopen(MNTTAB, "re")) == NULL) return (ENOENT); while (err == 0 && getmntent(mnttab, &entry) == 0) { diff --git a/lib/libzfs/libzfs_pool.c b/lib/libzfs/libzfs_pool.c index 9ef97cd677..12de6887d1 100644 --- a/lib/libzfs/libzfs_pool.c +++ b/lib/libzfs/libzfs_pool.c @@ -4809,13 +4809,11 @@ zpool_load_compat(const char *compatibility, * as they're only needed if the filename is relative * which will be checked during the openat(). */ -#ifdef O_PATH - sdirfd = open(ZPOOL_SYSCONF_COMPAT_D, O_DIRECTORY | O_PATH); - ddirfd = open(ZPOOL_DATA_COMPAT_D, O_DIRECTORY | O_PATH); -#else - sdirfd = open(ZPOOL_SYSCONF_COMPAT_D, O_DIRECTORY | O_RDONLY); - ddirfd = open(ZPOOL_DATA_COMPAT_D, O_DIRECTORY | O_RDONLY); +#ifndef O_PATH +#define O_PATH O_RDONLY #endif + sdirfd = open(ZPOOL_SYSCONF_COMPAT_D, O_DIRECTORY | O_PATH | O_CLOEXEC); + ddirfd = open(ZPOOL_DATA_COMPAT_D, O_DIRECTORY | O_PATH | O_CLOEXEC); (void) strlcpy(filenames, compatibility, ZFS_MAXPROPLEN); file = strtok_r(filenames, ",", &ps); diff --git a/lib/libzfs/libzfs_sendrecv.c b/lib/libzfs/libzfs_sendrecv.c index ee593f8dbd..3476575521 100644 --- a/lib/libzfs/libzfs_sendrecv.c +++ b/lib/libzfs/libzfs_sendrecv.c @@ -2217,7 +2217,7 @@ zfs_send(zfs_handle_t *zhp, const char *fromsnap, const char *tosnap, ++holdseq; (void) snprintf(sdd.holdtag, sizeof (sdd.holdtag), ".send-%d-%llu", getpid(), (u_longlong_t)holdseq); - sdd.cleanup_fd = open(ZFS_DEV, O_RDWR); + sdd.cleanup_fd = open(ZFS_DEV, O_RDWR | O_CLOEXEC); if (sdd.cleanup_fd < 0) { err = errno; goto stderr_out; diff --git a/lib/libzfs/libzfs_util.c b/lib/libzfs/libzfs_util.c index 7c2f84c7a2..01537b5359 100644 --- a/lib/libzfs/libzfs_util.c +++ b/lib/libzfs/libzfs_util.c @@ -884,13 +884,13 @@ libzfs_run_process_impl(const char *path, char *argv[], char *env[], int flags, * Setup a pipe between our child and parent process if we're * reading stdout. */ - if ((lines != NULL) && pipe(link) == -1) + if ((lines != NULL) && pipe2(link, O_CLOEXEC) == -1) return (-EPIPE); pid = vfork(); if (pid == 0) { /* Child process */ - devnull_fd = open("/dev/null", O_WRONLY); + devnull_fd = open("/dev/null", O_WRONLY | O_CLOEXEC); if (devnull_fd < 0) _exit(-1); @@ -900,15 +900,11 @@ libzfs_run_process_impl(const char *path, char *argv[], char *env[], int flags, else if (lines != NULL) { /* Save the output to lines[] */ dup2(link[1], STDOUT_FILENO); - close(link[0]); - close(link[1]); } if (!(flags & STDERR_VERBOSE)) (void) dup2(devnull_fd, STDERR_FILENO); - close(devnull_fd); - if (flags & NO_DEFAULT_PATH) { if (env == NULL) execv(path, argv); @@ -1144,7 +1140,7 @@ zfs_path_to_zhandle(libzfs_handle_t *hdl, const char *path, zfs_type_t argtype) } /* Reopen MNTTAB to prevent reading stale data from open file */ - if (freopen(MNTTAB, "r", hdl->libzfs_mnttab) == NULL) + if (freopen(MNTTAB, "re", hdl->libzfs_mnttab) == NULL) return (NULL); if (getextmntent(path, &entry, &statbuf) != 0) diff --git a/lib/libzfs/os/linux/libzfs_pool_os.c b/lib/libzfs/os/linux/libzfs_pool_os.c index e4f03aa43b..747b5652f7 100644 --- a/lib/libzfs/os/linux/libzfs_pool_os.c +++ b/lib/libzfs/os/linux/libzfs_pool_os.c @@ -62,7 +62,7 @@ zpool_relabel_disk(libzfs_handle_t *hdl, const char *path, const char *msg) { int fd, error; - if ((fd = open(path, O_RDWR|O_DIRECT)) < 0) { + if ((fd = open(path, O_RDWR|O_DIRECT|O_CLOEXEC)) < 0) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "cannot " "relabel '%s': unable to open device: %d"), path, errno); return (zfs_error(hdl, EZFS_OPENFAILED, msg)); @@ -107,7 +107,7 @@ read_efi_label(nvlist_t *config, diskaddr_t *sb) (void) snprintf(diskname, sizeof (diskname), "%s%s", DISK_ROOT, strrchr(path, '/')); - if ((fd = open(diskname, O_RDONLY|O_DIRECT)) >= 0) { + if ((fd = open(diskname, O_RDONLY|O_DIRECT|O_CLOEXEC)) >= 0) { struct dk_gpt *vtoc; if ((err = efi_alloc_and_read(fd, &vtoc)) >= 0) { @@ -159,7 +159,7 @@ zpool_label_disk_check(char *path) struct dk_gpt *vtoc; int fd, err; - if ((fd = open(path, O_RDONLY|O_DIRECT)) < 0) + if ((fd = open(path, O_RDONLY|O_DIRECT|O_CLOEXEC)) < 0) return (errno); if ((err = efi_alloc_and_read(fd, &vtoc)) != 0) { @@ -190,7 +190,7 @@ zpool_label_name(char *label_name, int label_size) uint64_t id = 0; int fd; - fd = open("/dev/urandom", O_RDONLY); + fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC); if (fd >= 0) { if (read(fd, &id, sizeof (id)) != sizeof (id)) id = 0; @@ -241,7 +241,7 @@ zpool_label_disk(libzfs_handle_t *hdl, zpool_handle_t *zhp, const char *name) (void) snprintf(path, sizeof (path), "%s/%s", DISK_ROOT, name); - if ((fd = open(path, O_RDWR|O_DIRECT|O_EXCL)) < 0) { + if ((fd = open(path, O_RDWR|O_DIRECT|O_EXCL|O_CLOEXEC)) < 0) { /* * This shouldn't happen. We've long since verified that this * is a valid device. diff --git a/lib/libzfs/os/linux/libzfs_sendrecv_os.c b/lib/libzfs/os/linux/libzfs_sendrecv_os.c index eeb1f07f2d..ac7ab95a39 100644 --- a/lib/libzfs/os/linux/libzfs_sendrecv_os.c +++ b/lib/libzfs/os/linux/libzfs_sendrecv_os.c @@ -35,7 +35,7 @@ void libzfs_set_pipe_max(int infd) { - FILE *procf = fopen("/proc/sys/fs/pipe-max-size", "r"); + FILE *procf = fopen("/proc/sys/fs/pipe-max-size", "re"); if (procf != NULL) { unsigned long max_psize; diff --git a/lib/libzfs/os/linux/libzfs_util_os.c b/lib/libzfs/os/linux/libzfs_util_os.c index 918a43f7d0..e2482c5713 100644 --- a/lib/libzfs/os/linux/libzfs_util_os.c +++ b/lib/libzfs/os/linux/libzfs_util_os.c @@ -143,7 +143,7 @@ libzfs_load_module_impl(const char *module) start = gethrtime(); do { - fd = open(ZFS_DEV, O_RDWR); + fd = open(ZFS_DEV, O_RDWR | O_CLOEXEC); if (fd >= 0) { (void) close(fd); return (0); @@ -195,7 +195,7 @@ zfs_version_kernel(char *version, int len) int fd; int rlen; - if ((fd = open(ZFS_SYSFS_DIR "/version", O_RDONLY)) == -1) + if ((fd = open(ZFS_SYSFS_DIR "/version", O_RDONLY | O_CLOEXEC)) == -1) return (-1); if ((rlen = read(fd, version, len)) == -1) { diff --git a/lib/libzpool/kernel.c b/lib/libzpool/kernel.c index ca35789936..e96a1d7521 100644 --- a/lib/libzpool/kernel.c +++ b/lib/libzpool/kernel.c @@ -723,15 +723,15 @@ lowbit64(uint64_t i) return (__builtin_ffsll(i)); } -char *random_path = "/dev/random"; -char *urandom_path = "/dev/urandom"; +const char *random_path = "/dev/random"; +const char *urandom_path = "/dev/urandom"; static int random_fd = -1, urandom_fd = -1; void random_init(void) { - VERIFY((random_fd = open(random_path, O_RDONLY)) != -1); - VERIFY((urandom_fd = open(urandom_path, O_RDONLY)) != -1); + VERIFY((random_fd = open(random_path, O_RDONLY | O_CLOEXEC)) != -1); + VERIFY((urandom_fd = open(urandom_path, O_RDONLY | O_CLOEXEC)) != -1); } void diff --git a/lib/libzpool/util.c b/lib/libzpool/util.c index 2da2375a1d..20cabe7c2e 100644 --- a/lib/libzpool/util.c +++ b/lib/libzpool/util.c @@ -259,7 +259,7 @@ pool_active(void *unused, const char *name, uint64_t guid, * Use ZFS_IOC_POOL_SYNC to confirm if a pool is active */ - fd = open(ZFS_DEV, O_RDWR); + fd = open(ZFS_DEV, O_RDWR | O_CLOEXEC); if (fd < 0) return (-1); diff --git a/lib/libzutil/os/freebsd/zutil_import_os.c b/lib/libzutil/os/freebsd/zutil_import_os.c index ff2c0789b5..36c4d90aa4 100644 --- a/lib/libzutil/os/freebsd/zutil_import_os.c +++ b/lib/libzutil/os/freebsd/zutil_import_os.c @@ -127,7 +127,7 @@ zpool_open_func(void *arg) /* * O_NONBLOCK so we don't hang trying to open things like serial ports. */ - if ((fd = open(rn->rn_name, O_RDONLY|O_NONBLOCK)) < 0) + if ((fd = open(rn->rn_name, O_RDONLY|O_NONBLOCK|O_CLOEXEC)) < 0) return; /* diff --git a/lib/libzutil/os/linux/zutil_device_path_os.c b/lib/libzutil/os/linux/zutil_device_path_os.c index 1f767bb7a6..1775a45c60 100644 --- a/lib/libzutil/os/linux/zutil_device_path_os.c +++ b/lib/libzutil/os/linux/zutil_device_path_os.c @@ -390,7 +390,7 @@ zfs_dev_is_whole_disk(const char *dev_name) struct dk_gpt *label; int fd; - if ((fd = open(dev_name, O_RDONLY | O_DIRECT)) < 0) + if ((fd = open(dev_name, O_RDONLY | O_DIRECT | O_CLOEXEC)) < 0) return (B_FALSE); if (efi_alloc_and_init(fd, EFI_NUMPAR, &label) != 0) { diff --git a/lib/libzutil/os/linux/zutil_import_os.c b/lib/libzutil/os/linux/zutil_import_os.c index 2e0baecb3b..61c42cf2e3 100644 --- a/lib/libzutil/os/linux/zutil_import_os.c +++ b/lib/libzutil/os/linux/zutil_import_os.c @@ -136,9 +136,9 @@ zpool_open_func(void *arg) * cache which may be stale for multipath devices. An EINVAL errno * indicates O_DIRECT is unsupported so fallback to just O_RDONLY. */ - fd = open(rn->rn_name, O_RDONLY | O_DIRECT); + fd = open(rn->rn_name, O_RDONLY | O_DIRECT | O_CLOEXEC); if ((fd < 0) && (errno == EINVAL)) - fd = open(rn->rn_name, O_RDONLY); + fd = open(rn->rn_name, O_RDONLY | O_CLOEXEC); if ((fd < 0) && (errno == EACCES)) hdl->lpc_open_access_error = B_TRUE; if (fd < 0) diff --git a/lib/libzutil/zutil_import.c b/lib/libzutil/zutil_import.c index c06065250e..ed9ebf9039 100644 --- a/lib/libzutil/zutil_import.c +++ b/lib/libzutil/zutil_import.c @@ -1345,7 +1345,8 @@ zpool_find_import_impl(libpc_handle_t *hdl, importargs_t *iarg, * would prevent a zdb -e of active pools with * no cachefile. */ - fd = open(slice->rn_name, O_RDONLY | O_EXCL); + fd = open(slice->rn_name, + O_RDONLY | O_EXCL | O_CLOEXEC); if (fd >= 0 || iarg->can_be_active) { if (fd >= 0) close(fd); @@ -1437,7 +1438,7 @@ zpool_find_import_cached(libpc_handle_t *hdl, importargs_t *iarg) verify(iarg->poolname == NULL || iarg->guid == 0); - if ((fd = open(iarg->cachefile, O_RDONLY)) < 0) { + if ((fd = open(iarg->cachefile, O_RDONLY | O_CLOEXEC)) < 0) { zutil_error_aux(hdl, "%s", strerror(errno)); (void) zutil_error(hdl, EZFS_BADCACHE, dgettext(TEXT_DOMAIN, "failed to open cache file"));