From d69cfcf598efee9b55b3d5b88eb4b50d66c1ed90 Mon Sep 17 00:00:00 2001
From: David Smith <dsmith@redhat.com>
Date: Thu, 24 Mar 2016 09:35:25 -0500
Subject: [PATCH] Make sure monitor pipe file descriptors are marked
 close-on-exec.

* staprun/relay.c (init_relayfs): Make sure pipe fds are marked
  close-on-exec.
* staprun/common.c (pipe_cloexec): New function.
* staprun/staprun.h: Add pipe_cloexec() prototype.
---
 staprun/common.c  | 24 ++++++++++++++++++++++++
 staprun/relay.c   |  2 +-
 staprun/staprun.h |  1 +
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/staprun/common.c b/staprun/common.c
index 51d5aee1d..010bcbbe8 100644
--- a/staprun/common.c
+++ b/staprun/common.c
@@ -581,6 +581,8 @@ err:
  * when calling open() and openat() to avoid this race condition. When
  * O_CLOEXEC isn't available, the best we can do is call fcntl()
  * immediately after open() is called.
+ *
+ * The same logic applies to openat() and pipe().
  */
 
 int open_cloexec(const char *pathname, int flags, mode_t mode)
@@ -617,6 +619,28 @@ int openat_cloexec(int dirfd, const char *pathname, int flags, mode_t mode)
 }
 #endif
 
+int pipe_cloexec(int pipefd[2])
+{
+#ifdef O_CLOEXEC
+	return pipe2(pipefd, O_CLOEXEC);
+#else
+	int rc = pipe(pipefd);
+	if (rc == 0) {
+		if (set_clexec(pipefd[0]) < 0 || set_clexec(pipefd[1] < 0)) {
+			goto err;
+		}
+	}
+	return rc;
+
+err:
+	close(pipefd[0]);
+	close(pipefd[1]);
+	pipefd[0] = -1;
+	pipefd[1] = -1;
+	return -1;
+#endif
+}
+
 /**
  *      send_request - send request to kernel over control channel
  *      @type: the relay-app command id
diff --git a/staprun/relay.c b/staprun/relay.c
index 06576f793..b06c9d0dd 100644
--- a/staprun/relay.c
+++ b/staprun/relay.c
@@ -393,7 +393,7 @@ int init_relayfs(void)
 			}
 		} else
 			if (monitor) {
-				if (pipe(monitor_pfd)) {
+				if (pipe_cloexec(monitor_pfd)) {
 					perr("Couldn't create pipe");
 					return -1;
 				}
diff --git a/staprun/staprun.h b/staprun/staprun.h
index 0a03030ab..8e0c664c1 100644
--- a/staprun/staprun.h
+++ b/staprun/staprun.h
@@ -224,6 +224,7 @@ int open_cloexec(const char *pathname, int flags, mode_t mode);
 #ifdef HAVE_OPENAT
 int openat_cloexec(int dirfd, const char *pathname, int flags, mode_t mode);
 #endif
+int pipe_cloexec(int pipefd[2]);
 void closefrom(int lowfd);
 
 /* monitor.c function */
-- 
2.43.5