diff mbox series

[bpf-next,v3] bpf: Fix issue with bpf preload module taking over stdout/stdin of kernel.

Message ID 20220225185923.2535519-1-fallentree@fb.com (mailing list archive)
State Accepted
Commit 80bebebdac935473568c27d4f1349dc8f9809bf7
Delegated to: BPF
Headers show
Series [bpf-next,v3] bpf: Fix issue with bpf preload module taking over stdout/stdin of kernel. | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for bpf-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers warning 8 maintainers not CCed: qiang.zhang@windriver.com kpsingh@kernel.org daniel@iogearbox.net john.fastabend@gmail.com kafai@fb.com songliubraving@fb.com yhs@fb.com netdev@vger.kernel.org
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes fail Problems with Fixes tag: 2
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch warning WARNING: 'trys' may be misspelled - perhaps 'tries'? WARNING: Block comments use * on subsequent lines WARNING: Block comments use a trailing */ on a separate line
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-next-PR success PR summary
bpf/vmtest-bpf-next success VM_Test

Commit Message

Yucong Sun Feb. 25, 2022, 6:59 p.m. UTC 
In a previous commit (1), BPF preload process was switched from user mode
process to use in-kernel light skeleton instead. However, in the kernel context
the available FD starts from 0, instead of normally 3 for user mode process.
The preload process also left two FDs open, taking over FD 0 and 1. This later
caused issues when kernel trys to setup stdin/stdout/stderr for init process,
assuming FD 0,1,2 are available.

As seen here:

Before fix:
ls -lah /proc/1/fd/*

lrwx------1 root root 64 Feb 23 17:20 /proc/1/fd/0 -> /dev/null
lrwx------ 1 root root 64 Feb 23 17:20 /proc/1/fd/1 -> /dev/null
lrwx------ 1 root root 64 Feb 23 17:20 /proc/1/fd/2 -> /dev/console
lrwx------ 1 root root 64 Feb 23 17:20 /proc/1/fd/6 -> /dev/console
lrwx------ 1 root root 64 Feb 23 17:20 /proc/1/fd/7 -> /dev/console

After Fix / Normal:

ls -lah /proc/1/fd/*

lrwx------ 1 root root 64 Feb 24 21:23 /proc/1/fd/0 -> /dev/console
lrwx------ 1 root root 64 Feb 24 21:23 /proc/1/fd/1 -> /dev/console
lrwx------ 1 root root 64 Feb 24 21:23 /proc/1/fd/2 -> /dev/console

In this patch:
  - skel_closenz was changed to skel_closegez to correctly handle
    FD=0 case.
  - various places detecting FD > 0 was changed to FD >= 0.
  - Call iterators_skel__detach() funciton to release FDs after links
  are obtained.

1: commit cb80ddc ("bpf: Convert bpf_preload.ko to use light skeleton.")

Fixes: commit cb80ddc ("bpf: Convert bpf_preload.ko to use light skeleton.")
Signed-off-by: Yucong Sun <fallentree@fb.com>

V3 -> V1: removed all changes related to handle fd=0.
V2 -> V1: rename skel_closenez to skel_closegez, added comment as
requested.
---
 kernel/bpf/preload/bpf_preload_kern.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

Comments

patchwork-bot+netdevbpf@kernel.org Feb. 25, 2022, 9 p.m. UTC | #1 
Hello:

This patch was applied to bpf/bpf-next.git (master)
by Andrii Nakryiko <andrii@kernel.org>:

On Fri, 25 Feb 2022 10:59:24 -0800 you wrote:
> In a previous commit (1), BPF preload process was switched from user mode
> process to use in-kernel light skeleton instead. However, in the kernel context
> the available FD starts from 0, instead of normally 3 for user mode process.
> The preload process also left two FDs open, taking over FD 0 and 1. This later
> caused issues when kernel trys to setup stdin/stdout/stderr for init process,
> assuming FD 0,1,2 are available.
> 
> [...]

Here is the summary with links:
  - [bpf-next,v3] bpf: Fix issue with bpf preload module taking over stdout/stdin of kernel.
    https://git.kernel.org/bpf/bpf-next/c/80bebebdac93

You are awesome, thank you!
diff mbox series

Patch

diff --git a/kernel/bpf/preload/bpf_preload_kern.c b/kernel/bpf/preload/bpf_preload_kern.c
index 30207c048d36..13cd0d146dd7 100644
--- a/kernel/bpf/preload/bpf_preload_kern.c
+++ b/kernel/bpf/preload/bpf_preload_kern.c
@@ -54,6 +54,16 @@  static int load_skel(void)
 		err = PTR_ERR(progs_link);
 		goto out;
 	}
+	/* Avoid taking over stdin/stdout/stderr of init process. This also
+	   makes skel_closenz() no-op later in free_links_and_skel(). */
+	if (skel->links.dump_bpf_map_fd < 3) {
+		close_fd(skel->links.dump_bpf_map_fd);
+		skel->links.dump_bpf_map_fd = 0;
+	}
+	if (skel->links.dump_bpf_prog_fd < 3) {
+		close_fd(skel->links.dump_bpf_prog_fd);
+		skel->links.dump_bpf_prog_fd = 0;
+	}
 	return 0;
 out:
 	free_links_and_skel();