1 // SPDX-License-Identifier: GPL-2.0
2 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
3 #include <linux/init.h>
4 #include <linux/module.h>
5 #include <linux/umh.h>
6 #include <linux/bpfilter.h>
7 #include <linux/sched.h>
8 #include <linux/sched/signal.h>
9 #include <linux/fs.h>
10 #include <linux/file.h>
11 #include "msgfmt.h"
12
13 extern char bpfilter_umh_start;
14 extern char bpfilter_umh_end;
15
16 static struct umh_info info;
17 /* since ip_getsockopt() can run in parallel, serialize access to umh */
18 static DEFINE_MUTEX(bpfilter_lock);
19
shutdown_umh(struct umh_info * info)20 static void shutdown_umh(struct umh_info *info)
21 {
22 struct task_struct *tsk;
23
24 if (!info->pid)
25 return;
26 tsk = get_pid_task(find_vpid(info->pid), PIDTYPE_PID);
27 if (tsk) {
28 force_sig(SIGKILL, tsk);
29 put_task_struct(tsk);
30 }
31 fput(info->pipe_to_umh);
32 fput(info->pipe_from_umh);
33 info->pid = 0;
34 }
35
__stop_umh(void)36 static void __stop_umh(void)
37 {
38 if (IS_ENABLED(CONFIG_INET)) {
39 bpfilter_process_sockopt = NULL;
40 shutdown_umh(&info);
41 }
42 }
43
stop_umh(void)44 static void stop_umh(void)
45 {
46 mutex_lock(&bpfilter_lock);
47 __stop_umh();
48 mutex_unlock(&bpfilter_lock);
49 }
50
__bpfilter_process_sockopt(struct sock * sk,int optname,char __user * optval,unsigned int optlen,bool is_set)51 static int __bpfilter_process_sockopt(struct sock *sk, int optname,
52 char __user *optval,
53 unsigned int optlen, bool is_set)
54 {
55 struct mbox_request req;
56 struct mbox_reply reply;
57 loff_t pos;
58 ssize_t n;
59 int ret = -EFAULT;
60
61 req.is_set = is_set;
62 req.pid = current->pid;
63 req.cmd = optname;
64 req.addr = (long __force __user)optval;
65 req.len = optlen;
66 mutex_lock(&bpfilter_lock);
67 if (!info.pid)
68 goto out;
69 n = __kernel_write(info.pipe_to_umh, &req, sizeof(req), &pos);
70 if (n != sizeof(req)) {
71 pr_err("write fail %zd\n", n);
72 __stop_umh();
73 ret = -EFAULT;
74 goto out;
75 }
76 pos = 0;
77 n = kernel_read(info.pipe_from_umh, &reply, sizeof(reply), &pos);
78 if (n != sizeof(reply)) {
79 pr_err("read fail %zd\n", n);
80 __stop_umh();
81 ret = -EFAULT;
82 goto out;
83 }
84 ret = reply.status;
85 out:
86 mutex_unlock(&bpfilter_lock);
87 return ret;
88 }
89
load_umh(void)90 static int __init load_umh(void)
91 {
92 int err;
93
94 /* fork usermode process */
95 err = fork_usermode_blob(&bpfilter_umh_start,
96 &bpfilter_umh_end - &bpfilter_umh_start,
97 &info);
98 if (err)
99 return err;
100 pr_info("Loaded bpfilter_umh pid %d\n", info.pid);
101
102 /* health check that usermode process started correctly */
103 if (__bpfilter_process_sockopt(NULL, 0, NULL, 0, 0) != 0) {
104 stop_umh();
105 return -EFAULT;
106 }
107 if (IS_ENABLED(CONFIG_INET))
108 bpfilter_process_sockopt = &__bpfilter_process_sockopt;
109
110 return 0;
111 }
112
fini_umh(void)113 static void __exit fini_umh(void)
114 {
115 stop_umh();
116 }
117 module_init(load_umh);
118 module_exit(fini_umh);
119 MODULE_LICENSE("GPL");
120
