// SPDX-License-Identifier: GPL-2.0-only /* * umd - User mode driver support */ #include <linux/shmem_fs.h> #include <linux/pipe_fs_i.h> #include <linux/mount.h> #include <linux/fs_struct.h> #include <linux/task_work.h> #include <linux/usermode_driver.h> static struct vfsmount *blob_to_mnt(const void *data, size_t len, const char *name) { struct file_system_type *type; struct vfsmount *mnt; struct file *file; ssize_t written; loff_t pos = 0; type = get_fs_type("tmpfs"); if (!type) return ERR_PTR(-ENODEV); mnt = kern_mount(type); put_filesystem(type); if (IS_ERR(mnt)) return mnt; file = file_open_root_mnt(mnt, name, O_CREAT | O_WRONLY, 0700); if (IS_ERR(file)) { mntput(mnt); return ERR_CAST(file); } written = kernel_write(file, data, len, &pos); if (written != len) { int err = written; if (err >= 0) err = -ENOMEM; filp_close(file, NULL); mntput(mnt); return ERR_PTR(err); } fput(file); /* Flush delayed fput so exec can open the file read-only */ flush_delayed_fput(); task_work_run(); return mnt; } /** * umd_load_blob - Remember a blob of bytes for fork_usermode_driver * @info: information about usermode driver * @data: a blob of bytes that can be executed as a file * @len: The lentgh of the blob * */ int umd_load_blob(struct umd_info *info, const void *data, size_t len) { struct vfsmount *mnt; if (WARN_ON_ONCE(info->wd.dentry || info->wd.mnt)) return -EBUSY; mnt = blob_to_mnt(data, len, info->driver_name); if (IS_ERR(mnt)) return PTR_ERR(mnt); info->wd.mnt = mnt; info->wd.dentry = mnt->mnt_root; return 0; } EXPORT_SYMBOL_GPL(umd_load_blob); /** * umd_unload_blob - Disassociate @info from a previously loaded blob * @info: information about usermode driver * */ int umd_unload_blob(struct umd_info *info) { if (WARN_ON_ONCE(!info->wd.mnt || !info->wd.dentry || info->wd.mnt->mnt_root != info->wd.dentry)) return -EINVAL; kern_unmount(info->wd.mnt); info->wd.mnt = NULL; info->wd.dentry = NULL; return 0; } EXPORT_SYMBOL_GPL(umd_unload_blob); static int umd_setup(struct subprocess_info *info, struct cred *new) { struct umd_info *umd_info = info->data; struct file *from_umh[2]; struct file *to_umh[2]; int err; /* create pipe to send data to umh */ err = create_pipe_files(to_umh, 0); if (err) return err; err = replace_fd(0, to_umh[0], 0); fput(to_umh[0]); if (err < 0) { fput(to_umh[1]); return err; } /* create pipe to receive data from umh */ err = create_pipe_files(from_umh, 0); if (err) { fput(to_umh[1]); replace_fd(0, NULL, 0); return err; } err = replace_fd(1, from_umh[1], 0); fput(from_umh[1]); if (err < 0) { fput(to_umh[1]); replace_fd(0, NULL, 0); fput(from_umh[0]); return err; } set_fs_pwd(current->fs, &umd_info->wd); umd_info->pipe_to_umh = to_umh[1]; umd_info->pipe_from_umh = from_umh[0]; umd_info->tgid = get_pid(task_tgid(current)); return 0; } static void umd_cleanup(struct subprocess_info *info) { struct umd_info *umd_info = info->data; /* cleanup if umh_setup() was successful but exec failed */ if (info->retval) umd_cleanup_helper(umd_info); } /** * umd_cleanup_helper - release the resources which were allocated in umd_setup * @info: information about usermode driver */ void umd_cleanup_helper(struct umd_info *info) { fput(info->pipe_to_umh); fput(info->pipe_from_umh); put_pid(info->tgid); info->tgid = NULL; } EXPORT_SYMBOL_GPL(umd_cleanup_helper); /** * fork_usermode_driver - fork a usermode driver * @info: information about usermode driver (shouldn't be NULL) * * Returns either negative error or zero which indicates success in * executing a usermode driver. In such case 'struct umd_info *info' * is populated with two pipes and a tgid of the process. The caller is * responsible for health check of the user process, killing it via * tgid, and closing the pipes when user process is no longer needed. */ int fork_usermode_driver(struct umd_info *info) { struct subprocess_info *sub_info; const char *argv[] = { info->driver_name, NULL }; int err; if (WARN_ON_ONCE(info->tgid)) return -EBUSY; err = -ENOMEM; sub_info = call_usermodehelper_setup(info->driver_name, (char **)argv, NULL, GFP_KERNEL, umd_setup, umd_cleanup, info); if (!sub_info) goto out; err = call_usermodehelper_exec(sub_info, UMH_WAIT_EXEC); out: return err; } EXPORT_SYMBOL_GPL(fork_usermode_driver);