Add additional kernel interfaces for setting close-on-exec on fds

when creating them: pipe2(), dup3(), accept4(), MSG_CMSG_CLOEXEC,
SOCK_CLOEXEC.  Includes SOCK_NONBLOCK support.

ok matthew@

8 files changed, 203 insertions, 39 deletions

diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc
index a93eb967e32..0fbb0bda402 100644
--- a/lib/libc/sys/Makefile.inc
+++ b/lib/libc/sys/Makefile.inc
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile.inc,v 1.120 2014/08/14 17:55:28 tobias Exp $
+#	$OpenBSD: Makefile.inc,v 1.121 2014/08/31 01:42:36 guenther Exp $
 #	$NetBSD: Makefile.inc,v 1.35 1995/10/16 23:49:07 jtc Exp $
 #	@(#)Makefile.inc	8.1 (Berkeley) 6/17/93
 
@@ -26,10 +26,10 @@ SRCS+=	stack_protector.c
 # below:
 ASM=	__get_tcb.o __getcwd.o __semctl.o __set_tcb.o __syscall.o \
 	__sysctl.o __threxit.o __thrsigdivert.o __thrsleep.o \
-	__thrwakeup.o accept.o access.o acct.o adjfreq.o adjtime.o \
+	__thrwakeup.o accept.o accept4.o access.o acct.o adjfreq.o adjtime.o \
 	bind.o chdir.o chflags.o chmod.o chown.o chroot.o \
 	clock_getres.o clock_gettime.o clock_settime.o close.o \
-	closefrom.o connect.o dup.o dup2.o execve.o faccessat.o \
+	closefrom.o connect.o dup.o dup2.o dup3.o execve.o faccessat.o \
 	fchdir.o fchflags.o fchmod.o fchmodat.o fchown.o \
 	fchownat.o fcntl.o fhopen.o fhstat.o fhstatfs.o \
 	flock.o fpathconf.o fstat.o fstatat.o fstatfs.o \
@@ -45,7 +45,8 @@ ASM=	__get_tcb.o __getcwd.o __semctl.o __set_tcb.o __syscall.o \
 	mknod.o mknodat.o mlock.o mlockall.o mount.o mprotect.o \
 	msgctl.o msgget.o msgrcv.o msgsnd.o msync.o munlock.o \
 	munlockall.o munmap.o nanosleep.o nfssvc.o \
-	open.o openat.o pathconf.o pipe.o poll.o ppoll.o profil.o pselect.o \
+	open.o openat.o pathconf.o pipe.o pipe2.o \
+	poll.o ppoll.o profil.o pselect.o \
 	quotactl.o read.o readlink.o readlinkat.o readv.o reboot.o \
 	recvfrom.o recvmsg.o rename.o renameat.o revoke.o rmdir.o \
 	sched_yield.o select.o semget.o semop.o sendmsg.o sendsyslog.o sendto.o \
@@ -223,6 +224,7 @@ MAN+=	__get_tcb.2 __thrsigdivert.2 __thrsleep.2 _exit.2 accept.2 \
 MLINKS+=__get_tcb.2 __set_tcb.2
 MLINKS+=__thrsleep.2 __thrwakeup.2
 MLINKS+=_exit.2 _Exit.2
+MLINKS+=accept.2 accept4.2
 MLINKS+=access.2 faccessat.2
 MLINKS+=brk.2 sbrk.2
 MLINKS+=chdir.2 fchdir.2
@@ -232,6 +234,7 @@ MLINKS+=chown.2 fchown.2 chown.2 fchownat.2 chown.2 lchown.2
 MLINKS+=clock_gettime.2 clock_getres.2
 MLINKS+=clock_gettime.2 clock_settime.2
 MLINKS+=dup.2 dup2.2
+MLINKS+=dup.2 dup3.2
 MLINKS+=execve.2 exect.2
 MLINKS+=fhopen.2 fhstat.2 fhopen.2 fhstatfs.2
 MLINKS+=fsync.2 fdatasync.2
@@ -263,6 +266,7 @@ MLINKS+=mlockall.2 munlockall.2
 MLINKS+=mount.2 unmount.2
 MLINKS+=open.2 openat.2
 MLINKS+=pathconf.2 fpathconf.2
+MLINKS+=pipe.2 pipe2.2
 MLINKS+=poll.2 ppoll.2
 MLINKS+=read.2 readv.2 read.2 pread.2 read.2 preadv.2
 MLINKS+=readlink.2 readlinkat.2
diff --git a/lib/libc/sys/accept.2 b/lib/libc/sys/accept.2
index e600414c3db..e043f79bd63 100644
--- a/lib/libc/sys/accept.2
+++ b/lib/libc/sys/accept.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: accept.2,v 1.26 2013/07/17 05:42:11 schwarze Exp $
+.\"	$OpenBSD: accept.2,v 1.27 2014/08/31 01:42:36 guenther Exp $
 .\"	$NetBSD: accept.2,v 1.7 1996/01/31 20:14:42 mycroft Exp $
 .\"
 .\" Copyright (c) 1983, 1990, 1991, 1993
@@ -30,16 +30,19 @@
 .\"
 .\"     @(#)accept.2	8.2 (Berkeley) 12/11/93
 .\"
-.Dd $Mdocdate: July 17 2013 $
+.Dd $Mdocdate: August 31 2014 $
 .Dt ACCEPT 2
 .Os
 .Sh NAME
-.Nm accept
+.Nm accept ,
+.Nm accept4
 .Nd accept a connection on a socket
 .Sh SYNOPSIS
-.Fd #include <sys/socket.h>
+.In sys/socket.h
 .Ft int
 .Fn accept "int s" "struct sockaddr *addr" "socklen_t *addrlen"
+.Ft int
+.Fn accept4 "int s" "struct sockaddr *addr" "socklen_t *addrlen" "int flags"
 .Sh DESCRIPTION
 The argument
 .Fa s
@@ -52,9 +55,25 @@ and is listening for connections after a
 The
 .Fn accept
 call extracts the first connection request on the queue of pending
-connections, creates a new socket with the same properties of
+connections, creates a new socket with the same non-blocking I/O mode as
 .Fa s ,
-and allocates a new file descriptor for the socket.
+and allocates a new file descriptor for the socket with the
+close-on-exec flag clear.
+.Pp
+The
+.Fn accept4
+system call is similar, however the non-blocking I/O mode of the
+new socket is determined by the
+.Dv SOCK_NONBLOCK
+flag in the
+.Fa flags
+argument and the close-on-exec flag on the new file descriptor is
+determined by the
+.Dv SOCK_CLOEXEC
+flag in the
+.Fa flags
+argument.
+.Pp
 If no pending connections are present on the queue,
 and the socket is not marked as non-blocking,
 .Fn accept
@@ -151,6 +170,8 @@ if (retcode == -1)
 .Ed
 .Sh ERRORS
 .Fn accept
+and
+.Fn accept4
 will fail if:
 .Bl -tag -width Er
 .It Bq Er EBADF
@@ -182,6 +203,15 @@ The system file table is full.
 .It Bq Er ECONNABORTED
 A connection has been aborted.
 .El
+.Pp
+In addition,
+.Fn accept4
+will fail if
+.Bl -tag -width Er
+.It Bq Er EINVAL
+.Fa flags
+is invalid.
+.El
 .Sh SEE ALSO
 .Xr bind 2 ,
 .Xr connect 2 ,
@@ -194,11 +224,18 @@ The
 .Fn accept
 function conforms to
 .St -p1003.1-2008 .
+The
+.Fn accept4
+function is expected to conform to a future revision of that standard.
 .Sh HISTORY
 The
 .Fn accept
 system call first appeared in
-.Bx 4.1c .
+.Bx 4.1c
+and
+.Fn accept4
+in
+.Ox 5.7 .
 .Sh CAVEATS
 When
 .Er EMFILE
diff --git a/lib/libc/sys/dup.2 b/lib/libc/sys/dup.2
index 463c6f0486f..a0e24d19c15 100644
--- a/lib/libc/sys/dup.2
+++ b/lib/libc/sys/dup.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: dup.2,v 1.16 2013/07/17 05:42:11 schwarze Exp $
+.\"	$OpenBSD: dup.2,v 1.17 2014/08/31 01:42:36 guenther Exp $
 .\"	$NetBSD: dup.2,v 1.4 1995/02/27 12:32:21 cgd Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993
@@ -30,19 +30,24 @@
 .\"
 .\"     @(#)dup.2	8.1 (Berkeley) 6/4/93
 .\"
-.Dd $Mdocdate: July 17 2013 $
+.Dd $Mdocdate: August 31 2014 $
 .Dt DUP 2
 .Os
 .Sh NAME
 .Nm dup ,
-.Nm dup2
+.Nm dup2 ,
+.Nm dup3
 .Nd duplicate an existing file descriptor
 .Sh SYNOPSIS
-.Fd #include <unistd.h>
+.In unistd.h
 .Ft int
 .Fn dup "int oldd"
 .Ft int
 .Fn dup2 "int oldd" "int newd"
+.In fcntl.h
+.In unistd.h
+.Ft int
+.Fn dup3 "int oldd" "int newd" "int flags"
 .Sh DESCRIPTION
 .Fn dup
 duplicates an existing object descriptor and returns its value to
@@ -97,6 +102,32 @@ equals
 .Fa oldd ,
 .Fn dup2
 just returns without affecting the close-on-exec flag.
+.Pp
+In
+.Fn dup3 ,
+both the value of the new descriptor and the close-on-exec flag on
+the new file descriptor are specified:
+.Fa newd
+specifies the value and the
+.Dv O_CLOEXEC
+bit in
+.Fa flags
+specifies the close-on-exec flag.
+Unlike
+.Fn dup2 ,
+if
+.Fa oldd
+and
+.Fa newd
+are equal then
+.Fn dup3
+fails.
+Otherwise, if
+.Fa flags
+is zero then
+.Fn dup3
+is identical to a call to
+.Fn dup2 .
 .Sh RETURN VALUES
 The value \-1 is returned if an error occurs in either call.
 The external variable
@@ -114,6 +145,8 @@ Too many descriptors are active.
 .El
 .Pp
 .Fn dup2
+and
+.Fn dup3
 will fail if:
 .Bl -tag -width Er
 .It Bq Er EBADF
@@ -128,6 +161,19 @@ An interrupt was received.
 .It Bq Er EIO
 An I/O error occurred while writing to the file system.
 .El
+.Pp
+In addition,
+.Fn dup3
+will return the following error:
+.Bl -tag -width Er
+.It Bq Er EINVAL
+.Fa oldd
+is equal to
+.Fa newd
+or
+.Fa flags
+is invalid.
+.El
 .Sh SEE ALSO
 .Xr accept 2 ,
 .Xr close 2 ,
@@ -142,14 +188,20 @@ An I/O error occurred while writing to the file system.
 .Fn dup
 and
 .Fn dup2
-are expected to conform to
+conform to
 .St -p1003.1-2008 .
+The
+.Fn dup3
+function is expected to conform to a future revision of that standard.
 .Sh HISTORY
 The
 .Fn dup
 system call first appeared in
-.At v3
-and
+.At v3 ,
 .Fn dup2
 in
-.At v7 .
+.At v7 ,
+and
+.Fn dup3
+in
+.Ox 5.7 .
diff --git a/lib/libc/sys/pipe.2 b/lib/libc/sys/pipe.2
index 825b19e8910..87608cd05cc 100644
--- a/lib/libc/sys/pipe.2
+++ b/lib/libc/sys/pipe.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: pipe.2,v 1.16 2014/08/16 17:33:40 tobias Exp $
+.\"	$OpenBSD: pipe.2,v 1.17 2014/08/31 01:42:36 guenther Exp $
 .\"	$NetBSD: pipe.2,v 1.6 1995/02/27 12:35:27 cgd Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993
@@ -30,16 +30,21 @@
 .\"
 .\"     @(#)pipe.2	8.1 (Berkeley) 6/4/93
 .\"
-.Dd $Mdocdate: August 16 2014 $
+.Dd $Mdocdate: August 31 2014 $
 .Dt PIPE 2
 .Os
 .Sh NAME
-.Nm pipe
+.Nm pipe ,
+.Nm pipe2
 .Nd create descriptor pair for interprocess communication
 .Sh SYNOPSIS
-.Fd #include <unistd.h>
+.In unistd.h
 .Ft int
 .Fn pipe "int fildes[2]"
+.In fcntl.h
+.In unistd.h
+.Ft int
+.Fn pipe2 "int fildes[2]" "int flags"
 .Sh DESCRIPTION
 The
 .Fn pipe
@@ -69,15 +74,32 @@ signal.
 Widowing a pipe is the only way to deliver end-of-file to a reader:
 after the reader consumes any buffered data, reading a widowed pipe
 returns a zero count.
+.Pp
+The
+.Fn pipe2
+function is identical to
+.Fn pipe
+except that the non-blocking I/O mode on both ends of the pipe is
+determined by the
+.Dv O_NONBLOCK
+flag in the
+.Fa flags
+argument and the close-on-exec flag on both the new file descriptors
+is determined by the
+.Dv O_CLOEXEC
+flag in the
+.Fa flags
+argument.
 .Sh RETURN VALUES
 On successful creation of the pipe, zero is returned.
 Otherwise, a value of \-1 is returned and the variable
 .Va errno
 set to indicate the error.
 .Sh ERRORS
-The
 .Fn pipe
-call will fail if:
+and
+.Fn pipe2
+will succeed unless:
 .Bl -tag -width Er
 .It Bq Er EMFILE
 Too many descriptors are active.
@@ -88,6 +110,15 @@ The
 .Fa fildes
 buffer is in an invalid area of the process's address space.
 .El
+.Pp
+In addition,
+.Fn pipe2
+may return the following error:
+.Bl -tag -width Er
+.It Bq Er EINVAL
+.Fa flags
+is invalid.
+.El
 .Sh SEE ALSO
 .Xr sh 1 ,
 .Xr fork 2 ,
@@ -99,6 +130,9 @@ The
 .Fn pipe
 function conforms to
 .St -p1003.1-2008 .
+The
+.Fn pipe2
+function is expected to conform to a future revision of that standard.
 .Pp
 As an extension, the pipe provided is actually capable of moving
 data bidirectionally.
@@ -113,3 +147,7 @@ function call appeared in
 Since
 .At v4 ,
 it allocates two distinct file descriptors.
+The
+.Fn pipe2
+function appeared in
+.Ox 5.7 .
diff --git a/lib/libc/sys/recv.2 b/lib/libc/sys/recv.2
index 6b8f6b2d7dd..14fe706d196 100644
--- a/lib/libc/sys/recv.2
+++ b/lib/libc/sys/recv.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: recv.2,v 1.40 2014/02/13 07:30:39 guenther Exp $
+.\"	$OpenBSD: recv.2,v 1.41 2014/08/31 01:42:36 guenther Exp $
 .\"	$NetBSD: recv.2,v 1.6 1995/02/27 12:36:08 cgd Exp $
 .\"
 .\" Copyright (c) 1983, 1990, 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)recv.2	8.3 (Berkeley) 2/21/94
 .\"
-.Dd $Mdocdate: February 13 2014 $
+.Dd $Mdocdate: August 31 2014 $
 .Dt RECV 2
 .Os
 .Sh NAME
@@ -39,8 +39,7 @@
 .Nm recvmsg
 .Nd receive a message from a socket
 .Sh SYNOPSIS
-.Fd #include <sys/types.h>
-.Fd #include <sys/socket.h>
+.In sys/socket.h
 .Ft ssize_t
 .Fn recv "int s" "void *buf" "size_t len" "int flags"
 .Ft ssize_t
@@ -116,7 +115,7 @@ The
 .Fa flags
 argument is the bitwise OR of zero or more of the following values:
 .Pp
-.Bl -tag -width "MSG_DONTWAITXX" -offset indent -compact
+.Bl -tag -width "MSG_CMSG_CLOEXECXX" -offset indent -compact
 .It Dv MSG_OOB
 process out-of-band data
 .It Dv MSG_PEEK
@@ -125,6 +124,8 @@ peek at incoming message
 wait for full request or error
 .It Dv MSG_DONTWAIT
 don't block
+.It Dv MSG_CMSG_CLOEXEC
+set the close-on-exec flag on received file descriptors
 .El
 .Pp
 The
@@ -154,6 +155,12 @@ If no data is available,
 is set to
 .Er EAGAIN .
 This flag is not available in strict ANSI or C99 compilation mode.
+The
+.Dv MSG_CMSG_CLOEXEC
+requests that any file descriptors received as ancillary data with
+.Fn recvmsg
+(see below)
+have their close-on-exec flag set.
 .Pp
 The
 .Fn recvmsg
diff --git a/lib/libc/sys/sigaction.2 b/lib/libc/sys/sigaction.2
index 5304ce37b3b..5854d415586 100644
--- a/lib/libc/sys/sigaction.2
+++ b/lib/libc/sys/sigaction.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: sigaction.2,v 1.60 2014/07/21 23:05:12 matthew Exp $
+.\"	$OpenBSD: sigaction.2,v 1.61 2014/08/31 01:42:36 guenther Exp $
 .\"	$NetBSD: sigaction.2,v 1.7 1995/10/12 15:41:16 jtc Exp $
 .\"
 .\" Copyright (c) 1980, 1990, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"	@(#)sigaction.2	8.2 (Berkeley) 4/3/94
 .\"
-.Dd $Mdocdate: July 21 2014 $
+.Dd $Mdocdate: August 31 2014 $
 .Dt SIGACTION 2
 .Os
 .Sh NAME
@@ -628,12 +628,16 @@ and perhaps some others.
 .Pp
 Extension Interfaces:
 .Pp
+.Fn accept4 ,
 .Fn chflags ,
+.Fn dup3 ,
 .Fn fchflags ,
 .Fn getentropy ,
 .Fn getresgid ,
 .Fn getresuid ,
+.Fn pipe2 ,
 .Fn ppoll ,
+.Fn sendsyslog ,
 .Fn setresgid ,
 .Fn setresuid ,
 .Fn strlcat ,
diff --git a/lib/libc/sys/socket.2 b/lib/libc/sys/socket.2
index d3703d44a93..10f48fe68a7 100644
--- a/lib/libc/sys/socket.2
+++ b/lib/libc/sys/socket.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: socket.2,v 1.37 2014/08/10 07:19:08 guenther Exp $
+.\"	$OpenBSD: socket.2,v 1.38 2014/08/31 01:42:36 guenther Exp $
 .\"	$NetBSD: socket.2,v 1.5 1995/02/27 12:37:53 cgd Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
@@ -30,14 +30,14 @@
 .\"
 .\"     @(#)socket.2	8.1 (Berkeley) 6/4/93
 .\"
-.Dd $Mdocdate: August 10 2014 $
+.Dd $Mdocdate: August 31 2014 $
 .Dt SOCKET 2
 .Os
 .Sh NAME
 .Nm socket
 .Nd create an endpoint for communication
 .Sh SYNOPSIS
-.Fd #include <sys/socket.h>
+.In sys/socket.h
 .Ft int
 .Fn socket "int domain" "int type" "int protocol"
 .Sh DESCRIPTION
@@ -90,12 +90,23 @@ socket may provide a sequenced, reliable,
 two-way connection-based data transmission path for datagrams
 of fixed maximum length; a consumer may be required to read
 an entire packet with each read system call.
-This facility is protocol specific, and presently implemented for
+This facility is protocol specific, and presently implemented only for
 .Dv AF_UNIX .
 .Dv SOCK_RAW
 sockets provide access to internal network protocols and interfaces,
 and are available only to the superuser.
 .Pp
+Any combination of the following flags may additionally be used in the
+.Fa type
+argument:
+.Pp
+.Bl -tag -width "SOCK_NONBLOCKX" -offset indent -compact
+.It SOCK_CLOEXEC
+Set close-on-exec flag on the new descriptor.
+.It SOCK_NONBLOCK
+Set non-blocking I/O mode on the new socket.
+.El
+.Pp
 The
 .Fa protocol
 specifies a particular protocol to be used with the socket.
diff --git a/lib/libc/sys/socketpair.2 b/lib/libc/sys/socketpair.2
index b4131ffea98..bd02dfe4c91 100644
--- a/lib/libc/sys/socketpair.2
+++ b/lib/libc/sys/socketpair.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: socketpair.2,v 1.15 2013/04/08 19:49:55 guenther Exp $
+.\"	$OpenBSD: socketpair.2,v 1.16 2014/08/31 01:42:36 guenther Exp $
 .\"	$NetBSD: socketpair.2,v 1.5 1995/02/27 12:38:00 cgd Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
@@ -30,14 +30,14 @@
 .\"
 .\"     @(#)socketpair.2	8.1 (Berkeley) 6/4/93
 .\"
-.Dd $Mdocdate: April 8 2013 $
+.Dd $Mdocdate: August 31 2014 $
 .Dt SOCKETPAIR 2
 .Os
 .Sh NAME
 .Nm socketpair
 .Nd create a pair of connected sockets
 .Sh SYNOPSIS
-.Fd #include <sys/socket.h>
+.In sys/socket.h
 .Ft int
 .Fn socketpair "int d" "int type" "int protocol" "int sv[2]"
 .Sh DESCRIPTION
@@ -56,6 +56,17 @@ are returned in
 and
 .Fa sv Ns [1] .
 The two sockets are indistinguishable.
+.Pp
+Any combination of the following flags may additionally be used in the
+.Fa type
+argument:
+.Pp
+.Bl -tag -width "SOCK_NONBLOCKX" -offset indent -compact
+.It SOCK_CLOEXEC
+Set close-on-exec flag on both the new descriptors.
+.It SOCK_NONBLOCK
+Set non-blocking I/O mode on both the new sockets.
+.El
 .Sh RETURN VALUES
 A 0 is returned if the call succeeds, \-1 if it fails.
 .Sh ERRORS