qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/3] linux user: make execfd global (like exec path) and keep

From: Андрей Аладьев
Subject: Re: [PATCH 1/3] linux user: make execfd global (like exec path) and keep it open
Date: Wed, 19 Aug 2020 00:42:59 +0300
Hello. I want to explain situation we have in qemu today.
It looks simple, but gives complex problems.

Please open "linux-user/main.c":

execfd = qemu_getauxval(AT_EXECFD);
if (execfd == 0) {
  execfd = open(exec_path, O_RDONLY);
  if (execfd < 0) { ... }
}
...
close(execfd);

We may take AT_EXECFD and than close it.
After that AT_EXECFD will store closed fd.
Kernel doesn't block closing of AT_EXECFD.

Same problem exists in linux-user/syscall.c:

if (is_proc_myself(pathname, "exe")) {
  int execfd = qemu_getauxval(AT_EXECFD);
  return execfd ? execfd : safe_openat(dirfd, exec_path, flags, mode);
}

We are providing AT_EXECFD value for user and he closes it.
Than we are providing same AT_EXECFD value once again.
This fd has already been closed.

I've just re-analyzed patch and agree with you that dup/clone will be broken.
We shouldn't provide global execfd.
So these patches are wrong.

I am going to create new patches tomorrow.
It will block closing of AT_EXECFD and remove additional AT_EXECFD usage.
I will try to add several tests for this functionality.

Thank you.

вт, 18 авг. 2020 г. в 18:23, Laurent Vivier <laurent@vivier.eu>:
Le 18/08/2020 à 01:57, Andrew Aladjev a écrit :
> User opens /proc/self/exe symlink, than kernel should create /proc/self/fd/<execfd> symlink. We should be able to detect both exe and fd/<execfd> symlinks to provide common behaviour. The easiest solution is to make execfd global and keep it open. This solution looks acceptable because exec_path is already global.
>
> Signed-off-by: Andrew Aladjev <aladjev.andrew@gmail.com>
> ---
>  linux-user/elfload.c |  3 ++-
>  linux-user/exit.c    |  7 +++++--
>  linux-user/main.c    |  2 +-
>  linux-user/qemu.h    |  1 +
>  linux-user/syscall.c | 18 ++++++++++++++----
>  5 files changed, 23 insertions(+), 8 deletions(-)
>
> diff --git a/linux-user/elfload.c b/linux-user/elfload.c
> index fe9dfe795d..dfaf937ab9 100644
> --- a/linux-user/elfload.c
> +++ b/linux-user/elfload.c
> @@ -2363,6 +2363,7 @@ void probe_guest_base(const char *image_name, abi_ulong guest_loaddr,

>     IMAGE_NAME is the filename of the image, to use in error messages.
>     IMAGE_FD is the open file descriptor for the image.
> +   WARNING: IMAGE_FD won't be closed.

>     BPRM_BUF is a copy of the beginning of the file; this of course
>     contains the elf file header at offset 0.  It is assumed that this
> @@ -2632,7 +2633,6 @@ static void load_elf_image(const char *image_name, int image_fd,

>      mmap_unlock();

> -    close(image_fd);
>      return;

>   exit_read:
> @@ -2666,6 +2666,7 @@ static void load_elf_interp(const char *filename, struct image_info *info,
>      }

>      load_elf_image(filename, fd, info, NULL, bprm_buf);
> +    close(fd);
>      return;

>   exit_perror:
> diff --git a/linux-user/exit.c b/linux-user/exit.c
> index 1594015444..f0626fc432 100644
> --- a/linux-user/exit.c
> +++ b/linux-user/exit.c
> @@ -28,12 +28,15 @@ extern void __gcov_dump(void);

>  void preexit_cleanup(CPUArchState *env, int code)
>  {
> +    close(execfd);
> +
>  #ifdef CONFIG_GPROF
>          _mcleanup();
>  #endif
>  #ifdef CONFIG_GCOV
>          __gcov_dump();
>  #endif
> -        gdb_exit(env, code);
> -        qemu_plugin_atexit_cb();
> +
> +    gdb_exit(env, code);
> +    qemu_plugin_atexit_cb();
>  }
> diff --git a/linux-user/main.c b/linux-user/main.c
> index 75c9785157..27644a831a 100644
> --- a/linux-user/main.c
> +++ b/linux-user/main.c
> @@ -49,6 +49,7 @@
>  #include "crypto/init.h"

>  char *exec_path;
> +int execfd;

>  int singlestep;
>  static const char *argv0;
> @@ -629,7 +630,6 @@ int main(int argc, char **argv, char **envp)
>      int target_argc;
>      int i;
>      int ret;
> -    int execfd;
>      int log_mask;
>      unsigned long max_reserved_va;

> diff --git a/linux-user/qemu.h b/linux-user/qemu.h
> index 5c964389c1..f99be78d42 100644
> --- a/linux-user/qemu.h
> +++ b/linux-user/qemu.h
> @@ -156,6 +156,7 @@ typedef struct TaskState {
>  } __attribute__((aligned(16))) TaskState;

>  extern char *exec_path;
> +extern int execfd;
>  void init_task_state(TaskState *ts);
>  void task_settid(TaskState *);
>  void stop_all_tasks(void);
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 945fc25279..5741c72733 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -7613,8 +7613,7 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags,
>      };

>      if (is_proc_myself(pathname, "exe")) {
> -        int execfd = qemu_getauxval(AT_EXECFD);
> -        return execfd ? execfd : safe_openat(dirfd, exec_path, flags, mode);
> +        return execfd;
>      }

>      for (fake_open = fakes; fake_open->filename; fake_open++) {
> @@ -7872,8 +7871,19 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
>          return ret;
>  #endif
>      case TARGET_NR_close:
> -        fd_trans_unregister(arg1);
> -        return get_errno(close(arg1));
> +        {
> +            int fd = arg1;
> +            if (fd == execfd) {
> +                /*
> +                 * We don't need to close execfd.
> +                 * It will be closed on QEMU exit.
> +                 */
> +                return 0;
> +            }

Why do you prevent the user to close it?

It's his own responsability if he breaks something.

And for instance, doing that breaks a call to dup() if it was done on
purpose.

Except that, the patch looks good.

Thanks,
Laurent
reply via email to
[Prev in Thread] Current Thread [Next in Thread]