blob: 0b35212ffc3d0a60ae796bb98bf2ad7232b541aa [file] [log] [blame]
Eric W. Biederman884c5e62020-06-26 12:23:00 -05001// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * umd - User mode driver support
4 */
5#include <linux/shmem_fs.h>
6#include <linux/pipe_fs_i.h>
Eric W. Biedermane2dc9bf2020-06-25 13:12:59 -05007#include <linux/mount.h>
8#include <linux/fs_struct.h>
9#include <linux/task_work.h>
Eric W. Biederman884c5e62020-06-26 12:23:00 -050010#include <linux/usermode_driver.h>
11
Eric W. Biedermane2dc9bf2020-06-25 13:12:59 -050012static struct vfsmount *blob_to_mnt(const void *data, size_t len, const char *name)
13{
14 struct file_system_type *type;
15 struct vfsmount *mnt;
16 struct file *file;
17 ssize_t written;
18 loff_t pos = 0;
19
20 type = get_fs_type("tmpfs");
21 if (!type)
22 return ERR_PTR(-ENODEV);
23
24 mnt = kern_mount(type);
25 put_filesystem(type);
26 if (IS_ERR(mnt))
27 return mnt;
28
29 file = file_open_root(mnt->mnt_root, mnt, name, O_CREAT | O_WRONLY, 0700);
30 if (IS_ERR(file)) {
31 mntput(mnt);
32 return ERR_CAST(file);
33 }
34
35 written = kernel_write(file, data, len, &pos);
36 if (written != len) {
37 int err = written;
38 if (err >= 0)
39 err = -ENOMEM;
40 filp_close(file, NULL);
41 mntput(mnt);
42 return ERR_PTR(err);
43 }
44
45 fput(file);
46
47 /* Flush delayed fput so exec can open the file read-only */
48 flush_delayed_fput();
49 task_work_run();
50 return mnt;
51}
52
53/**
54 * umd_load_blob - Remember a blob of bytes for fork_usermode_driver
55 * @info: information about usermode driver
56 * @data: a blob of bytes that can be executed as a file
57 * @len: The lentgh of the blob
58 *
59 */
60int umd_load_blob(struct umd_info *info, const void *data, size_t len)
61{
62 struct vfsmount *mnt;
63
64 if (WARN_ON_ONCE(info->wd.dentry || info->wd.mnt))
65 return -EBUSY;
66
67 mnt = blob_to_mnt(data, len, info->driver_name);
68 if (IS_ERR(mnt))
69 return PTR_ERR(mnt);
70
71 info->wd.mnt = mnt;
72 info->wd.dentry = mnt->mnt_root;
73 return 0;
74}
75EXPORT_SYMBOL_GPL(umd_load_blob);
76
77/**
78 * umd_unload_blob - Disassociate @info from a previously loaded blob
79 * @info: information about usermode driver
80 *
81 */
82int umd_unload_blob(struct umd_info *info)
83{
84 if (WARN_ON_ONCE(!info->wd.mnt ||
85 !info->wd.dentry ||
86 info->wd.mnt->mnt_root != info->wd.dentry))
87 return -EINVAL;
88
89 kern_unmount(info->wd.mnt);
90 info->wd.mnt = NULL;
91 info->wd.dentry = NULL;
92 return 0;
93}
94EXPORT_SYMBOL_GPL(umd_unload_blob);
95
Eric W. Biederman884c5e62020-06-26 12:23:00 -050096static int umd_setup(struct subprocess_info *info, struct cred *new)
97{
Eric W. Biederman74be2d32020-06-26 11:16:06 -050098 struct umd_info *umd_info = info->data;
Eric W. Biederman884c5e62020-06-26 12:23:00 -050099 struct file *from_umh[2];
100 struct file *to_umh[2];
101 int err;
102
103 /* create pipe to send data to umh */
104 err = create_pipe_files(to_umh, 0);
105 if (err)
106 return err;
107 err = replace_fd(0, to_umh[0], 0);
108 fput(to_umh[0]);
109 if (err < 0) {
110 fput(to_umh[1]);
111 return err;
112 }
113
114 /* create pipe to receive data from umh */
115 err = create_pipe_files(from_umh, 0);
116 if (err) {
117 fput(to_umh[1]);
118 replace_fd(0, NULL, 0);
119 return err;
120 }
121 err = replace_fd(1, from_umh[1], 0);
122 fput(from_umh[1]);
123 if (err < 0) {
124 fput(to_umh[1]);
125 replace_fd(0, NULL, 0);
126 fput(from_umh[0]);
127 return err;
128 }
129
Eric W. Biedermane2dc9bf2020-06-25 13:12:59 -0500130 set_fs_pwd(current->fs, &umd_info->wd);
Eric W. Biederman74be2d32020-06-26 11:16:06 -0500131 umd_info->pipe_to_umh = to_umh[1];
132 umd_info->pipe_from_umh = from_umh[0];
Eric W. Biederman1c340ea2020-06-25 16:48:26 -0500133 umd_info->tgid = get_pid(task_tgid(current));
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500134 return 0;
135}
136
137static void umd_cleanup(struct subprocess_info *info)
138{
Eric W. Biederman74be2d32020-06-26 11:16:06 -0500139 struct umd_info *umd_info = info->data;
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500140
141 /* cleanup if umh_setup() was successful but exec failed */
142 if (info->retval) {
Eric W. Biederman74be2d32020-06-26 11:16:06 -0500143 fput(umd_info->pipe_to_umh);
144 fput(umd_info->pipe_from_umh);
Eric W. Biederman1c340ea2020-06-25 16:48:26 -0500145 put_pid(umd_info->tgid);
146 umd_info->tgid = NULL;
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500147 }
148}
149
150/**
Eric W. Biedermane2dc9bf2020-06-25 13:12:59 -0500151 * fork_usermode_driver - fork a usermode driver
152 * @info: information about usermode driver (shouldn't be NULL)
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500153 *
Eric W. Biedermane2dc9bf2020-06-25 13:12:59 -0500154 * Returns either negative error or zero which indicates success in
155 * executing a usermode driver. In such case 'struct umd_info *info'
Eric W. Biederman1c340ea2020-06-25 16:48:26 -0500156 * is populated with two pipes and a tgid of the process. The caller is
Eric W. Biedermane2dc9bf2020-06-25 13:12:59 -0500157 * responsible for health check of the user process, killing it via
Eric W. Biederman1c340ea2020-06-25 16:48:26 -0500158 * tgid, and closing the pipes when user process is no longer needed.
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500159 */
Eric W. Biedermane2dc9bf2020-06-25 13:12:59 -0500160int fork_usermode_driver(struct umd_info *info)
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500161{
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500162 struct subprocess_info *sub_info;
Eric W. Biederman33c32602020-06-29 08:28:33 -0500163 const char *argv[] = { info->driver_name, NULL };
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500164 int err;
165
Eric W. Biederman1c340ea2020-06-25 16:48:26 -0500166 if (WARN_ON_ONCE(info->tgid))
167 return -EBUSY;
168
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500169 err = -ENOMEM;
Eric W. Biederman33c32602020-06-29 08:28:33 -0500170 sub_info = call_usermodehelper_setup(info->driver_name,
171 (char **)argv, NULL, GFP_KERNEL,
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500172 umd_setup, umd_cleanup, info);
173 if (!sub_info)
174 goto out;
175
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500176 err = call_usermodehelper_exec(sub_info, UMH_WAIT_EXEC);
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500177out:
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500178 return err;
179}
Eric W. Biedermane2dc9bf2020-06-25 13:12:59 -0500180EXPORT_SYMBOL_GPL(fork_usermode_driver);
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500181
Eric W. Biederman884c5e62020-06-26 12:23:00 -0500182