[PATCH 0/2] Re: bpfilter causes a leftover kernel process

[PATCH 0/2] Re: bpfilter causes a leftover kernel process

[Olivier Brunel]

On Tue, 16 Oct 2018 16:38:56 +0000
Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:

> On Wed, Sep 5, 2018 at 5:05 PM Olivier Brunel <jjk@jjacky.com> wrote:
> >
> > You'll see in the end that systemd complains that it can't
> > unmount /oldroot (EBUSY), aka the root fs; and that's because of the
> > bpfilter helper, which wasn't killed because it's seen as a kernel
> > thread due to its empty command line and therefore not signaled.  
> 
> thanks for tracking it down.
> can somebody send a patch to give bpfilter non-empty cmdline?
> I think that would be a better fix than tweaking all pid1s.

So I'm not a kernel dev and this would be my first atttempt at a kernel patch,
but I did have a look and came up with the following patch(es) to fix this.
Hopefully I did things right.

It adds a default command line ("usermodehelper") to such processes, so any &
all such helpers will be seen as user process and not kernel threads, but
there's also the possibility to specify a command line to use, here
"bpfilter_umh"

Cheers,


Olivier Brunel (2):
  umh: Add command line to user mode helpers
  net: bpfilter: Set user mode helper's command line

 include/linux/umh.h          |  1 +
 kernel/umh.c                 | 16 ++++++++++++++--
 net/bpfilter/bpfilter_kern.c |  1 +
 3 files changed, 16 insertions(+), 2 deletions(-)

-- 
2.19.0

[PATCH 1/2] umh: Add command line to user mode helpers

[Olivier Brunel]

User mode helpers were spawned without a command line, and because
an empty command line is used by many tools to identify processes as
kernel threads, this could cause some issues.

Notably during killing spree on shutdown, since such helper would then
be skipped (i.e. not killed) which would result in the process remaining
alive, and thus preventing unmouting of the rootfs (as experienced with
the bpfilter umh).

Fixes: 449325b52b7a ("umh: introduce fork_usermode_blob() helper")
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
---
 include/linux/umh.h |  1 +
 kernel/umh.c        | 16 ++++++++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/include/linux/umh.h b/include/linux/umh.h
index 5c812acbb..235f51b62 100644
--- a/include/linux/umh.h
+++ b/include/linux/umh.h
@@ -44,6 +44,7 @@ struct subprocess_info *call_usermodehelper_setup_file(struct file *file,
 			  int (*init)(struct subprocess_info *info, struct cred *new),
 			  void (*cleanup)(struct subprocess_info *), void *data);
 struct umh_info {
+	const char *cmdline;
 	struct file *pipe_to_umh;
 	struct file *pipe_from_umh;
 	pid_t pid;
diff --git a/kernel/umh.c b/kernel/umh.c
index c44985894..0baa672e0 100644
--- a/kernel/umh.c
+++ b/kernel/umh.c
@@ -405,11 +405,19 @@ struct subprocess_info *call_usermodehelper_setup_file(struct file *file,
 		void (*cleanup)(struct subprocess_info *info), void *data)
 {
 	struct subprocess_info *sub_info;
+	struct umh_info *info = data;
+	const char *cmdline = (info->cmdline) ? info->cmdline : "usermodehelper";
 
 	sub_info = kzalloc(sizeof(struct subprocess_info), GFP_KERNEL);
 	if (!sub_info)
 		return NULL;
 
+	sub_info->argv = argv_split(GFP_KERNEL, cmdline, NULL);
+	if (!sub_info->argv) {
+		kfree(sub_info);
+		return NULL;
+	}
+
 	INIT_WORK(&sub_info->work, call_usermodehelper_exec_work);
 	sub_info->path = "none";
 	sub_info->file = file;
@@ -458,10 +466,11 @@ static int umh_pipe_setup(struct subprocess_info *info, struct cred *new)
 	return 0;
 }
 
-static void umh_save_pid(struct subprocess_info *info)
+static void umh_clean_and_save_pid(struct subprocess_info *info)
 {
 	struct umh_info *umh_info = info->data;
 
+	argv_free(info->argv);
 	umh_info->pid = info->pid;
 }
 
@@ -471,6 +480,9 @@ static void umh_save_pid(struct subprocess_info *info)
  * @len: length of the blob
  * @info: information about usermode process (shouldn't be NULL)
  *
+ * If info->cmdline is set it will be used as command line for the
+ * user process, else "usermodehelper" is used.
+ *
  * Returns either negative error or zero which indicates success
  * in executing a blob of bytes as a usermode process. In such
  * case 'struct umh_info *info' is populated with two pipes
@@ -500,7 +512,7 @@ int fork_usermode_blob(void *data, size_t len, struct umh_info *info)
 
 	err = -ENOMEM;
 	sub_info = call_usermodehelper_setup_file(file, umh_pipe_setup,
-						  umh_save_pid, info);
+						  umh_clean_and_save_pid, info);
 	if (!sub_info)
 		goto out;
 
-- 
2.19.0

[PATCH 2/2] net: bpfilter: Set user mode helper's command line

[Olivier Brunel]

Signed-off-by: Olivier Brunel <jjk@jjacky.com>
---
 net/bpfilter/bpfilter_kern.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/bpfilter/bpfilter_kern.c b/net/bpfilter/bpfilter_kern.c
index 94e88f510..7acfc8308 100644
--- a/net/bpfilter/bpfilter_kern.c
+++ b/net/bpfilter/bpfilter_kern.c
@@ -92,6 +92,7 @@ static int __init load_umh(void)
 	int err;
 
 	/* fork usermode process */
+	info.cmdline = "bpfilter_umh";
 	err = fork_usermode_blob(&bpfilter_umh_start,
 				 &bpfilter_umh_end - &bpfilter_umh_start,
 				 &info);
-- 
2.19.0

Re: [PATCH 1/2] umh: Add command line to user mode helpers

[David Miller]

From: Olivier Brunel <jjk@jjacky.com>
Date: Sat, 20 Oct 2018 19:39:56 +0200

> User mode helpers were spawned without a command line, and because
> an empty command line is used by many tools to identify processes as
> kernel threads, this could cause some issues.
> 
> Notably during killing spree on shutdown, since such helper would then
> be skipped (i.e. not killed) which would result in the process remaining
> alive, and thus preventing unmouting of the rootfs (as experienced with
> the bpfilter umh).
> 
> Fixes: 449325b52b7a ("umh: introduce fork_usermode_blob() helper")
> Signed-off-by: Olivier Brunel <jjk@jjacky.com>

Applied.

Re: [PATCH 2/2] net: bpfilter: Set user mode helper's command line

[David Miller]

aFrom: Olivier Brunel <jjk@jjacky.com>
Date: Sat, 20 Oct 2018 19:39:57 +0200

> Signed-off-by: Olivier Brunel <jjk@jjacky.com>

Applied.