gpu: nvgpu: Mark fds with O_CLOEXEC

There shouldn't be an usecase that an fd, installed by nvgpu, must be shared on exec with the new process. This doesn't only lead to excessive number of fds in the exec process, but also can lead to potential security issues. This patch marks the fds with O_CLOEXEC, so that they get closed on exec. Bug 3583628 Change-Id: I3499b1429ac512b2c172e9e628d0a7a1417d72e3 Signed-off-by: Martin Radev <mradev@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2704350 Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com> Reviewed-by: svc-mobile-cert <svc-mobile-cert@nvidia.com> Reviewed-by: Sagar Kamble <skamble@nvidia.com> Reviewed-by: Konsta Holtta <kholtta@nvidia.com> Reviewed-by: Alex Waterman <alexw@nvidia.com> GVS: Gerrit_Virtual_Submit
2025-12-24 02:22:34 +03:00 · 2022-04-28 14:21:45 +03:00
parent c30afdce02
commit 657daaee9e
5 changed files with 10 additions and 10 deletions
--- a/drivers/gpu/nvgpu/os/linux/ioctl_clk_arb.c
+++ b/drivers/gpu/nvgpu/os/linux/ioctl_clk_arb.c
@@ -327,7 +327,7 @@ static int nvgpu_clk_arb_install_fd(struct gk20a *g,
 		goto fail;
 	}

-	fd = get_unused_fd_flags(O_RDWR);
+	fd = get_unused_fd_flags(O_RDWR | O_CLOEXEC);
 	if (fd < 0) {
 		err = fd;
 		goto fail;