On Wed, Dec 04, 2019 at 11:20:35PM -0500, Wenbo Zhang wrote:
>
> +BPF_CALL_3(bpf_get_file_path, char *, dst, u32, size, int, fd)
> +{
> + struct file *f;
> + char *p;
> + int ret = -EBADF;
> +
> + /* Ensure we're in user context which is safe for the helper to
> + * run. This helper has no business in a kthread.
> + */
> + if (unlikely(in_interrupt() ||
> + current->flags & (PF_KTHREAD | PF_EXITING))) {
> + ret = -EPERM;
> + goto error;
> + }
> +
> + /* Use fget_raw instead of fget to support O_PATH, and it doesn't
> + * have any sleepable code, so it's ok to be here.
> + */
> + f = fget_raw(fd);
> + if (!f)
> + goto error;
> +
> + /* For unmountable pseudo filesystem, it seems to have no meaning
> + * to get their fake paths as they don't have path, and to be no
> + * way to validate this function pointer can be always safe to call
> + * in the current context.
> + */
> + if (f->f_path.dentry->d_op && f->f_path.dentry->d_op->d_dname) {
> + ret = -EINVAL;
> + fput(f);
> + goto error;
> + }
> +
> + /* After filter unmountable pseudo filesytem, d_path won't call
> + * dentry->d_op->d_name(), the normally path doesn't have any
> + * sleepable code, and despite it uses the current macro to get
> + * fs_struct (current->fs), we've already ensured we're in user
> + * context, so it's ok to be here.
> + */
> + p = d_path(&f->f_path, dst, size);
Above 'if's are not enough to make sure that it won't dead lock.
Allowing it in tracing_func_proto() means that it's available to kprobe too.
Hence deadlock is possible. Please see previous email thread.
This helper is safe in tracepoint+bpf only.
