1 // SPDX-License-Identifier: GPL-2.0
2 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
3 #include <linux/init.h>
4 #include <linux/module.h>
6 #include <linux/bpfilter.h>
7 #include <linux/sched.h>
8 #include <linux/sched/signal.h>
10 #include <linux/file.h>
13 extern char bpfilter_umh_start;
14 extern char bpfilter_umh_end;
16 static struct umh_info info;
17 /* since ip_getsockopt() can run in parallel, serialize access to umh */
18 static DEFINE_MUTEX(bpfilter_lock);
20 static void shutdown_umh(struct umh_info *info)
22 struct task_struct *tsk;
26 tsk = pid_task(find_vpid(info->pid), PIDTYPE_PID);
28 force_sig(SIGKILL, tsk);
29 fput(info->pipe_to_umh);
30 fput(info->pipe_from_umh);
34 static void __stop_umh(void)
36 if (IS_ENABLED(CONFIG_INET)) {
37 bpfilter_process_sockopt = NULL;
42 static void stop_umh(void)
44 mutex_lock(&bpfilter_lock);
46 mutex_unlock(&bpfilter_lock);
49 static int __bpfilter_process_sockopt(struct sock *sk, int optname,
51 unsigned int optlen, bool is_set)
53 struct mbox_request req;
54 struct mbox_reply reply;
60 req.pid = current->pid;
62 req.addr = (long)optval;
64 mutex_lock(&bpfilter_lock);
67 n = __kernel_write(info.pipe_to_umh, &req, sizeof(req), &pos);
68 if (n != sizeof(req)) {
69 pr_err("write fail %zd\n", n);
75 n = kernel_read(info.pipe_from_umh, &reply, sizeof(reply), &pos);
76 if (n != sizeof(reply)) {
77 pr_err("read fail %zd\n", n);
84 mutex_unlock(&bpfilter_lock);
88 static int __init load_umh(void)
92 /* fork usermode process */
93 err = fork_usermode_blob(&bpfilter_umh_start,
94 &bpfilter_umh_end - &bpfilter_umh_start,
98 pr_info("Loaded bpfilter_umh pid %d\n", info.pid);
100 /* health check that usermode process started correctly */
101 if (__bpfilter_process_sockopt(NULL, 0, 0, 0, 0) != 0) {
105 if (IS_ENABLED(CONFIG_INET))
106 bpfilter_process_sockopt = &__bpfilter_process_sockopt;
111 static void __exit fini_umh(void)
115 module_init(load_umh);
116 module_exit(fini_umh);
117 MODULE_LICENSE("GPL");