linux/net/bpfilter/bpfilter_kern.c
<<
>>
Prefs 
   1// SPDX-License-Identifier: GPL-2.0
   2#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
   3#include <linux/init.h>
   4#include <linux/module.h>
   5#include <linux/umh.h>
   6#include <linux/bpfilter.h>
   7#include <linux/sched.h>
   8#include <linux/sched/signal.h>
   9#include <linux/fs.h>
  10#include <linux/file.h>
  11#include "msgfmt.h"
  12
  13extern char bpfilter_umh_start;
  14extern char bpfilter_umh_end;
  15
  16static struct umh_info info;
  17/* since ip_getsockopt() can run in parallel, serialize access to umh */
  18static DEFINE_MUTEX(bpfilter_lock);
  19
  20static void shutdown_umh(struct umh_info *info)
  21{
  22        struct task_struct *tsk;
  23
  24        if (!info->pid)
  25                return;
  26        tsk = pid_task(find_vpid(info->pid), PIDTYPE_PID);
  27        if (tsk)
  28                force_sig(SIGKILL, tsk);
  29        fput(info->pipe_to_umh);
  30        fput(info->pipe_from_umh);
  31        info->pid = 0;
  32}
  33
  34static void __stop_umh(void)
  35{
  36        if (IS_ENABLED(CONFIG_INET)) {
  37                bpfilter_process_sockopt = NULL;
  38                shutdown_umh(&info);
  39        }
  40}
  41
  42static void stop_umh(void)
  43{
  44        mutex_lock(&bpfilter_lock);
  45        __stop_umh();
  46        mutex_unlock(&bpfilter_lock);
  47}
  48
  49static int __bpfilter_process_sockopt(struct sock *sk, int optname,
  50                                      char __user *optval,
  51                                      unsigned int optlen, bool is_set)
  52{
  53        struct mbox_request req;
  54        struct mbox_reply reply;
  55        loff_t pos;
  56        ssize_t n;
  57        int ret = -EFAULT;
  58
  59        req.is_set = is_set;
  60        req.pid = current->pid;
  61        req.cmd = optname;
  62        req.addr = (long)optval;
  63        req.len = optlen;
  64        mutex_lock(&bpfilter_lock);
  65        if (!info.pid)
  66                goto out;
  67        n = __kernel_write(info.pipe_to_umh, &req, sizeof(req), &pos);
  68        if (n != sizeof(req)) {
  69                pr_err("write fail %zd\n", n);
  70                __stop_umh();
  71                ret = -EFAULT;
  72                goto out;
  73        }
  74        pos = 0;
  75        n = kernel_read(info.pipe_from_umh, &reply, sizeof(reply), &pos);
  76        if (n != sizeof(reply)) {
  77                pr_err("read fail %zd\n", n);
  78                __stop_umh();
  79                ret = -EFAULT;
  80                goto out;
  81        }
  82        ret = reply.status;
  83out:
  84        mutex_unlock(&bpfilter_lock);
  85        return ret;
  86}
  87
  88static int __init load_umh(void)
  89{
  90        int err;
  91
  92        /* fork usermode process */
  93        err = fork_usermode_blob(&bpfilter_umh_start,
  94                                 &bpfilter_umh_end - &bpfilter_umh_start,
  95                                 &info);
  96        if (err)
  97                return err;
  98        pr_info("Loaded bpfilter_umh pid %d\n", info.pid);
  99
 100        /* health check that usermode process started correctly */
 101        if (__bpfilter_process_sockopt(NULL, 0, 0, 0, 0) != 0) {
 102                stop_umh();
 103                return -EFAULT;
 104        }
 105        if (IS_ENABLED(CONFIG_INET))
 106                bpfilter_process_sockopt = &__bpfilter_process_sockopt;
 107
 108        return 0;
 109}
 110
 111static void __exit fini_umh(void)
 112{
 113        stop_umh();
 114}
 115module_init(load_umh);
 116module_exit(fini_umh);
 117MODULE_LICENSE("GPL");
 118
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.