• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0
2 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
3 #include <linux/init.h>
4 #include <linux/module.h>
5 #include <linux/umh.h>
6 #include <linux/bpfilter.h>
7 #include <linux/sched.h>
8 #include <linux/sched/signal.h>
9 #include <linux/fs.h>
10 #include <linux/file.h>
11 #include "msgfmt.h"
12 
13 extern char bpfilter_umh_start;
14 extern char bpfilter_umh_end;
15 
shutdown_umh(void)16 static void shutdown_umh(void)
17 {
18 	struct umd_info *info = &bpfilter_ops.info;
19 	struct pid *tgid = info->tgid;
20 
21 	if (tgid) {
22 		kill_pid(tgid, SIGKILL, 1);
23 		wait_event(tgid->wait_pidfd, thread_group_exited(tgid));
24 		bpfilter_umh_cleanup(info);
25 	}
26 }
27 
__stop_umh(void)28 static void __stop_umh(void)
29 {
30 	if (IS_ENABLED(CONFIG_INET))
31 		shutdown_umh();
32 }
33 
bpfilter_send_req(struct mbox_request * req)34 static int bpfilter_send_req(struct mbox_request *req)
35 {
36 	struct mbox_reply reply;
37 	loff_t pos = 0;
38 	ssize_t n;
39 
40 	if (!bpfilter_ops.info.tgid)
41 		return -EFAULT;
42 	pos = 0;
43 	n = kernel_write(bpfilter_ops.info.pipe_to_umh, req, sizeof(*req),
44 			   &pos);
45 	if (n != sizeof(*req)) {
46 		pr_err("write fail %zd\n", n);
47 		goto stop;
48 	}
49 	pos = 0;
50 	n = kernel_read(bpfilter_ops.info.pipe_from_umh, &reply, sizeof(reply),
51 			&pos);
52 	if (n != sizeof(reply)) {
53 		pr_err("read fail %zd\n", n);
54 		goto stop;
55 	}
56 	return reply.status;
57 stop:
58 	__stop_umh();
59 	return -EFAULT;
60 }
61 
bpfilter_process_sockopt(struct sock * sk,int optname,sockptr_t optval,unsigned int optlen,bool is_set)62 static int bpfilter_process_sockopt(struct sock *sk, int optname,
63 				    sockptr_t optval, unsigned int optlen,
64 				    bool is_set)
65 {
66 	struct mbox_request req = {
67 		.is_set		= is_set,
68 		.pid		= current->pid,
69 		.cmd		= optname,
70 		.addr		= (uintptr_t)optval.user,
71 		.len		= optlen,
72 	};
73 	if (uaccess_kernel() || sockptr_is_kernel(optval)) {
74 		pr_err("kernel access not supported\n");
75 		return -EFAULT;
76 	}
77 	return bpfilter_send_req(&req);
78 }
79 
start_umh(void)80 static int start_umh(void)
81 {
82 	struct mbox_request req = { .pid = current->pid };
83 	int err;
84 
85 	/* fork usermode process */
86 	err = fork_usermode_driver(&bpfilter_ops.info);
87 	if (err)
88 		return err;
89 	pr_info("Loaded bpfilter_umh pid %d\n", pid_nr(bpfilter_ops.info.tgid));
90 
91 	/* health check that usermode process started correctly */
92 	if (bpfilter_send_req(&req) != 0) {
93 		shutdown_umh();
94 		return -EFAULT;
95 	}
96 
97 	return 0;
98 }
99 
load_umh(void)100 static int __init load_umh(void)
101 {
102 	int err;
103 
104 	err = umd_load_blob(&bpfilter_ops.info,
105 			    &bpfilter_umh_start,
106 			    &bpfilter_umh_end - &bpfilter_umh_start);
107 	if (err)
108 		return err;
109 
110 	mutex_lock(&bpfilter_ops.lock);
111 	err = start_umh();
112 	if (!err && IS_ENABLED(CONFIG_INET)) {
113 		bpfilter_ops.sockopt = &bpfilter_process_sockopt;
114 		bpfilter_ops.start = &start_umh;
115 	}
116 	mutex_unlock(&bpfilter_ops.lock);
117 	if (err)
118 		umd_unload_blob(&bpfilter_ops.info);
119 	return err;
120 }
121 
fini_umh(void)122 static void __exit fini_umh(void)
123 {
124 	mutex_lock(&bpfilter_ops.lock);
125 	if (IS_ENABLED(CONFIG_INET)) {
126 		shutdown_umh();
127 		bpfilter_ops.start = NULL;
128 		bpfilter_ops.sockopt = NULL;
129 	}
130 	mutex_unlock(&bpfilter_ops.lock);
131 
132 	umd_unload_blob(&bpfilter_ops.info);
133 }
134 module_init(load_umh);
135 module_exit(fini_umh);
136 MODULE_LICENSE("GPL");
137 MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver);
138