bpf: Add bpf_sys_close() helper.

Add bpf_sys_close() helper to be used by the syscall/loader program to close
intermediate FDs and other cleanup.
Note this helper must never be allowed inside fdget/fdput bracketing.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20210514003623.28033-11-alexei.starovoitov@gmail.com

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 3cc0735..4cd9a01 100644 (file)
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -4754,6 +4754,12 @@ union bpf_attr {
  *             Find BTF type with given name and kind in vmlinux BTF or in module's BTFs.
  *     Return
  *             Returns btf_id and btf_obj_fd in lower and upper 32 bits.
+ *
+ * long bpf_sys_close(u32 fd)
+ *     Description
+ *             Execute close syscall for given FD.
+ *     Return
+ *             A syscall result.
  */
 #define __BPF_FUNC_MAPPER(FN)          \
        FN(unspec),                     \
@@ -4924,6 +4930,7 @@ union bpf_attr {
        FN(snprintf),                   \
        FN(sys_bpf),                    \
        FN(btf_find_by_name_kind),      \
+       FN(sys_close),                  \
        /* */
 
 /* integer value in 'imm' field of BPF_CALL instruction selects which helper

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index f93ff2e..0f1ce21 100644 (file)
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -4578,6 +4578,23 @@ tracing_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
        return bpf_base_func_proto(func_id);
 }
 
+BPF_CALL_1(bpf_sys_close, u32, fd)
+{
+       /* When bpf program calls this helper there should not be
+        * an fdget() without matching completed fdput().
+        * This helper is allowed in the following callchain only:
+        * sys_bpf->prog_test_run->bpf_prog->bpf_sys_close
+        */
+       return close_fd(fd);
+}
+
+const struct bpf_func_proto bpf_sys_close_proto = {
+       .func           = bpf_sys_close,
+       .gpl_only       = false,
+       .ret_type       = RET_INTEGER,
+       .arg1_type      = ARG_ANYTHING,
+};
+
 static const struct bpf_func_proto *
 syscall_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
 {
@@ -4586,6 +4603,8 @@ syscall_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
                return &bpf_sys_bpf_proto;
        case BPF_FUNC_btf_find_by_name_kind:
                return &bpf_btf_find_by_name_kind_proto;
+       case BPF_FUNC_sys_close:
+               return &bpf_sys_close_proto;
        default:
                return tracing_prog_func_proto(func_id, prog);
        }

diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 3cc0735..4cd9a01 100644 (file)
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -4754,6 +4754,12 @@ union bpf_attr {
  *             Find BTF type with given name and kind in vmlinux BTF or in module's BTFs.
  *     Return
  *             Returns btf_id and btf_obj_fd in lower and upper 32 bits.
+ *
+ * long bpf_sys_close(u32 fd)
+ *     Description
+ *             Execute close syscall for given FD.
+ *     Return
+ *             A syscall result.
  */
 #define __BPF_FUNC_MAPPER(FN)          \
        FN(unspec),                     \
@@ -4924,6 +4930,7 @@ union bpf_attr {
        FN(snprintf),                   \
        FN(sys_bpf),                    \
        FN(btf_find_by_name_kind),      \
+       FN(sys_close),                  \
        /* */
 
 /* integer value in 'imm' field of BPF_CALL instruction selects which helper