kernel/usermode_driver.c - linux - Git at Google

 // SPDX-License-Identifier: GPL-2.0-only
 /*
  * umd - User mode driver support
  */
 #include <linux/shmem_fs.h>
 #include <linux/pipe_fs_i.h>
 #include <linux/mount.h>
 #include <linux/fs_struct.h>
 #include <linux/task_work.h>
 #include <linux/usermode_driver.h>

 static struct vfsmount *blob_to_mnt(const void *data, size_t len, const char *name)
 {
 	struct file_system_type *type;
 	struct vfsmount *mnt;
 	struct file *file;
 	ssize_t written;
 	loff_t pos = 0;

 	type = get_fs_type("tmpfs");
 	if (!type)
 		return ERR_PTR(-ENODEV);

 	mnt = kern_mount(type);
 	put_filesystem(type);
 	if (IS_ERR(mnt))
 		return mnt;

 	file = file_open_root_mnt(mnt, name, O_CREAT | O_WRONLY, 0700);
 	if (IS_ERR(file)) {
 		mntput(mnt);
 		return ERR_CAST(file);
 	}

 	written = kernel_write(file, data, len, &pos);
 	if (written != len) {
 		int err = written;
 		if (err >= 0)
 			err = -ENOMEM;
 		filp_close(file, NULL);
 		mntput(mnt);
 		return ERR_PTR(err);
 	}

 	fput(file);

 	/* Flush delayed fput so exec can open the file read-only */
 	flush_delayed_fput();
 	task_work_run();
 	return mnt;
 }

 /**
  * umd_load_blob - Remember a blob of bytes for fork_usermode_driver
  * @info: information about usermode driver
  * @data: a blob of bytes that can be executed as a file
  * @len:  The lentgh of the blob
  *
  */
 int umd_load_blob(struct umd_info *info, const void *data, size_t len)
 {
 	struct vfsmount *mnt;

 	if (WARN_ON_ONCE(info->wd.dentry || info->wd.mnt))
 		return -EBUSY;

 	mnt = blob_to_mnt(data, len, info->driver_name);
 	if (IS_ERR(mnt))
 		return PTR_ERR(mnt);

 	info->wd.mnt = mnt;
 	info->wd.dentry = mnt->mnt_root;
 	return 0;
 }
 EXPORT_SYMBOL_GPL(umd_load_blob);

 /**
  * umd_unload_blob - Disassociate @info from a previously loaded blob
  * @info: information about usermode driver
  *
  */
 int umd_unload_blob(struct umd_info *info)
 {
 	if (WARN_ON_ONCE(!info->wd.mnt ||
 			 !info->wd.dentry ||
 			 info->wd.mnt->mnt_root != info->wd.dentry))
 		return -EINVAL;

 	kern_unmount(info->wd.mnt);
 	info->wd.mnt = NULL;
 	info->wd.dentry = NULL;
 	return 0;
 }
 EXPORT_SYMBOL_GPL(umd_unload_blob);

 static int umd_setup(struct subprocess_info *info, struct cred *new)
 {
 	struct umd_info *umd_info = info->data;
 	struct file *from_umh[2];
 	struct file *to_umh[2];
 	int err;

 	/* create pipe to send data to umh */
 	err = create_pipe_files(to_umh, 0);
 	if (err)
 		return err;
 	err = replace_fd(0, to_umh[0], 0);
 	fput(to_umh[0]);
 	if (err < 0) {
 		fput(to_umh[1]);
 		return err;
 	}

 	/* create pipe to receive data from umh */
 	err = create_pipe_files(from_umh, 0);
 	if (err) {
 		fput(to_umh[1]);
 		replace_fd(0, NULL, 0);
 		return err;
 	}
 	err = replace_fd(1, from_umh[1], 0);
 	fput(from_umh[1]);
 	if (err < 0) {
 		fput(to_umh[1]);
 		replace_fd(0, NULL, 0);
 		fput(from_umh[0]);
 		return err;
 	}

 	set_fs_pwd(current->fs, &umd_info->wd);
 	umd_info->pipe_to_umh = to_umh[1];
 	umd_info->pipe_from_umh = from_umh[0];
 	umd_info->tgid = get_pid(task_tgid(current));
 	return 0;
 }

 static void umd_cleanup(struct subprocess_info *info)
 {
 	struct umd_info *umd_info = info->data;

 	/* cleanup if umh_setup() was successful but exec failed */
 	if (info->retval)
 		umd_cleanup_helper(umd_info);
 }

 /**
  * umd_cleanup_helper - release the resources which were allocated in umd_setup
  * @info: information about usermode driver
  */
 void umd_cleanup_helper(struct umd_info *info)
 {
 	fput(info->pipe_to_umh);
 	fput(info->pipe_from_umh);
 	put_pid(info->tgid);
 	info->tgid = NULL;
 }
 EXPORT_SYMBOL_GPL(umd_cleanup_helper);

 /**
  * fork_usermode_driver - fork a usermode driver
  * @info: information about usermode driver (shouldn't be NULL)
  *
  * Returns either negative error or zero which indicates success in
  * executing a usermode driver. In such case 'struct umd_info *info'
  * is populated with two pipes and a tgid of the process. The caller is
  * responsible for health check of the user process, killing it via
  * tgid, and closing the pipes when user process is no longer needed.
  */
 int fork_usermode_driver(struct umd_info *info)
 {
 	struct subprocess_info *sub_info;
 	const char *argv[] = { info->driver_name, NULL };
 	int err;

 	if (WARN_ON_ONCE(info->tgid))
 		return -EBUSY;

 	err = -ENOMEM;
 	sub_info = call_usermodehelper_setup(info->driver_name,
 					     (char **)argv, NULL, GFP_KERNEL,
 					     umd_setup, umd_cleanup, info);
 	if (!sub_info)
 		goto out;

 	err = call_usermodehelper_exec(sub_info, UMH_WAIT_EXEC);
 out:
 	return err;
 }
 EXPORT_SYMBOL_GPL(fork_usermode_driver);
	// SPDX-License-Identifier: GPL-2.0-only
	/*
	* umd - User mode driver support
	*/
	#include <linux/shmem_fs.h>
	#include <linux/pipe_fs_i.h>
	#include <linux/mount.h>
	#include <linux/fs_struct.h>
	#include <linux/task_work.h>
	#include <linux/usermode_driver.h>

	static struct vfsmount blob_to_mnt(const void data, size_t len, const char *name)
	{
	struct file_system_type *type;
	struct vfsmount *mnt;
	struct file *file;
	ssize_t written;
	loff_t pos = 0;

	type = get_fs_type("tmpfs");
	if (!type)
	return ERR_PTR(-ENODEV);

	mnt = kern_mount(type);
	put_filesystem(type);
	if (IS_ERR(mnt))
	return mnt;

	file = file_open_root_mnt(mnt, name, O_CREAT \| O_WRONLY, 0700);
	if (IS_ERR(file)) {
	mntput(mnt);
	return ERR_CAST(file);
	}

	written = kernel_write(file, data, len, &pos);
	if (written != len) {
	int err = written;
	if (err >= 0)
	err = -ENOMEM;
	filp_close(file, NULL);
	mntput(mnt);
	return ERR_PTR(err);
	}

	fput(file);

	/* Flush delayed fput so exec can open the file read-only */
	flush_delayed_fput();
	task_work_run();
	return mnt;
	}

	/**
	* umd_load_blob - Remember a blob of bytes for fork_usermode_driver
	* @info: information about usermode driver
	* @data: a blob of bytes that can be executed as a file
	* @len: The lentgh of the blob
	*
	*/
	int umd_load_blob(struct umd_info info, const void data, size_t len)
	{
	struct vfsmount *mnt;

	if (WARN_ON_ONCE(info->wd.dentry \|\| info->wd.mnt))
	return -EBUSY;

	mnt = blob_to_mnt(data, len, info->driver_name);
	if (IS_ERR(mnt))
	return PTR_ERR(mnt);

	info->wd.mnt = mnt;
	info->wd.dentry = mnt->mnt_root;
	return 0;
	}
	EXPORT_SYMBOL_GPL(umd_load_blob);

	/**
	* umd_unload_blob - Disassociate @info from a previously loaded blob
	* @info: information about usermode driver
	*
	*/
	int umd_unload_blob(struct umd_info *info)
	{
	if (WARN_ON_ONCE(!info->wd.mnt \|\|
	!info->wd.dentry \|\|
	info->wd.mnt->mnt_root != info->wd.dentry))
	return -EINVAL;

	kern_unmount(info->wd.mnt);
	info->wd.mnt = NULL;
	info->wd.dentry = NULL;
	return 0;
	}
	EXPORT_SYMBOL_GPL(umd_unload_blob);

	static int umd_setup(struct subprocess_info info, struct cred new)
	{
	struct umd_info *umd_info = info->data;
	struct file *from_umh[2];
	struct file *to_umh[2];
	int err;

	/* create pipe to send data to umh */
	err = create_pipe_files(to_umh, 0);
	if (err)
	return err;
	err = replace_fd(0, to_umh[0], 0);
	fput(to_umh[0]);
	if (err < 0) {
	fput(to_umh[1]);
	return err;
	}

	/* create pipe to receive data from umh */
	err = create_pipe_files(from_umh, 0);
	if (err) {
	fput(to_umh[1]);
	replace_fd(0, NULL, 0);
	return err;
	}
	err = replace_fd(1, from_umh[1], 0);
	fput(from_umh[1]);
	if (err < 0) {
	fput(to_umh[1]);
	replace_fd(0, NULL, 0);
	fput(from_umh[0]);
	return err;
	}

	set_fs_pwd(current->fs, &umd_info->wd);
	umd_info->pipe_to_umh = to_umh[1];
	umd_info->pipe_from_umh = from_umh[0];
	umd_info->tgid = get_pid(task_tgid(current));
	return 0;
	}

	static void umd_cleanup(struct subprocess_info *info)
	{
	struct umd_info *umd_info = info->data;

	/* cleanup if umh_setup() was successful but exec failed */
	if (info->retval)
	umd_cleanup_helper(umd_info);
	}

	/**
	* umd_cleanup_helper - release the resources which were allocated in umd_setup
	* @info: information about usermode driver
	*/
	void umd_cleanup_helper(struct umd_info *info)
	{
	fput(info->pipe_to_umh);
	fput(info->pipe_from_umh);
	put_pid(info->tgid);
	info->tgid = NULL;
	}
	EXPORT_SYMBOL_GPL(umd_cleanup_helper);

	/**
	* fork_usermode_driver - fork a usermode driver
	* @info: information about usermode driver (shouldn't be NULL)
	*
	* Returns either negative error or zero which indicates success in
	* executing a usermode driver. In such case 'struct umd_info *info'
	* is populated with two pipes and a tgid of the process. The caller is
	* responsible for health check of the user process, killing it via
	* tgid, and closing the pipes when user process is no longer needed.
	*/
	int fork_usermode_driver(struct umd_info *info)
	{
	struct subprocess_info *sub_info;
	const char *argv[] = { info->driver_name, NULL };
	int err;

	if (WARN_ON_ONCE(info->tgid))
	return -EBUSY;

	err = -ENOMEM;
	sub_info = call_usermodehelper_setup(info->driver_name,
	(char **)argv, NULL, GFP_KERNEL,
	umd_setup, umd_cleanup, info);
	if (!sub_info)
	goto out;

	err = call_usermodehelper_exec(sub_info, UMH_WAIT_EXEC);
	out:
	return err;
	}
	EXPORT_SYMBOL_GPL(fork_usermode_driver);