Patch "libbpf: Ensure FD >= 3 during bpf_map__reuse_fd()" has been added to the 6.1-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 30 Sep 2024 20:15:16 -0400

This is a note to let you know that I've just added the patch titled

    libbpf: Ensure FD >= 3 during bpf_map__reuse_fd()

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     libbpf-ensure-fd-3-during-bpf_map__reuse_fd.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 637be1d85b6354976dec1a81af51919bfcc4ece6
Author: Andrii Nakryiko <andrii@xxxxxxxxxx>
Date:   Thu May 25 15:13:11 2023 -0700

    libbpf: Ensure FD >= 3 during bpf_map__reuse_fd()
    
    [ Upstream commit 4aadd2920b81b3d7e5c8ac63c7d5d673f3c8aaeb ]
    
    Improve bpf_map__reuse_fd() logic and ensure that dup'ed map FD is
    "good" (>= 3) and has O_CLOEXEC flags. Use fcntl(F_DUPFD_CLOEXEC) for
    that, similarly to ensure_good_fd() helper we already use in low-level
    APIs that work with bpf() syscall.
    
    Suggested-by: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
    Signed-off-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
    Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
    Link: https://lore.kernel.org/bpf/20230525221311.2136408-2-andrii@xxxxxxxxxx
    Stable-dep-of: 04a94133f1b3 ("libbpf: Don't take direct pointers into BTF data from st_ops")
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 25e01addcdb57..b18dab0c80787 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -4342,18 +4342,17 @@ int bpf_map__reuse_fd(struct bpf_map *map, int fd)
 	if (!new_name)
 		return libbpf_err(-errno);
 
-	new_fd = open("/", O_RDONLY | O_CLOEXEC);
+	/*
+	 * Like dup(), but make sure new FD is >= 3 and has O_CLOEXEC set.
+	 * This is similar to what we do in ensure_good_fd(), but without
+	 * closing original FD.
+	 */
+	new_fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
 	if (new_fd < 0) {
 		err = -errno;
 		goto err_free_new_name;
 	}
 
-	new_fd = dup3(fd, new_fd, O_CLOEXEC);
-	if (new_fd < 0) {
-		err = -errno;
-		goto err_close_new_fd;
-	}
-
 	err = zclose(map->fd);
 	if (err) {
 		err = -errno;







