26.01.2024 14:01, Daniel P. Berrangé: []
We should try to use O_CLOEXEC everywhere, but at the same time QEMU links to a large number of libraries, and we can't assume that they've reliably used O_CLOEXEC. Non-QEMU owned code that is mapped in process likely dwarfs QEMU owned code by a factor of x10.
There are quite a few points here. As I already mentioned, qemu is one of very few software out here which is this paranoid, - I know no other software which does this. External libs are being fixed too, and that's the proper place to do that. Please note that currently we only close all files when executing scripts to setup/teardown tap interfaces, but not, say, when spawning a process to receive migration stream and in some other places, where such closing might be much more important. This close_all_open_fd() can check all FDs it finds open for O_CLOEXEC as a debugging aid, - maybe we missed something in qemu already. After it's done, we'll have much better confidence already. And something else I forgot to mention :) /mjt
