net: bpfilter: restart bpfilter_umh when error occurred
The bpfilter_umh will be stopped via __stop_umh() when the bpfilter
error occurred.
The bpfilter_umh() couldn't start again because there is no restart
routine.
The section of the bpfilter_umh_{start/end} is no longer .init.rodata
because these area should be reused in the restart routine. hence
the section name is changed to .bpfilter_umh.
The bpfilter_ops->start() is restart callback. it will be called when
bpfilter_umh is stopped.
The stop bit means bpfilter_umh is stopped. this bit is set by both
start and stop routine.
Before this patch,
Test commands:
$ iptables -vnL
$ kill -9 <pid of bpfilter_umh>
$ iptables -vnL
[ 480.045136] bpfilter: write fail -32
$ iptables -vnL
All iptables commands will fail.
After this patch,
Test commands:
$ iptables -vnL
$ kill -9 <pid of bpfilter_umh>
$ iptables -vnL
$ iptables -vnL
Now, all iptables commands will work.
Fixes: d2ba09c17a
("net: add skeleton of bpfilter kernel module")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
5b4cb650e5
commit
61fbf5933d
|
@ -15,6 +15,8 @@ struct bpfilter_umh_ops {
|
||||||
int (*sockopt)(struct sock *sk, int optname,
|
int (*sockopt)(struct sock *sk, int optname,
|
||||||
char __user *optval,
|
char __user *optval,
|
||||||
unsigned int optlen, bool is_set);
|
unsigned int optlen, bool is_set);
|
||||||
|
int (*start)(void);
|
||||||
|
bool stop;
|
||||||
};
|
};
|
||||||
extern struct bpfilter_umh_ops bpfilter_ops;
|
extern struct bpfilter_umh_ops bpfilter_ops;
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -16,13 +16,14 @@ extern char bpfilter_umh_end;
|
||||||
/* since ip_getsockopt() can run in parallel, serialize access to umh */
|
/* since ip_getsockopt() can run in parallel, serialize access to umh */
|
||||||
static DEFINE_MUTEX(bpfilter_lock);
|
static DEFINE_MUTEX(bpfilter_lock);
|
||||||
|
|
||||||
static void shutdown_umh(struct umh_info *info)
|
static void shutdown_umh(void)
|
||||||
{
|
{
|
||||||
struct task_struct *tsk;
|
struct task_struct *tsk;
|
||||||
|
|
||||||
if (!info->pid)
|
if (bpfilter_ops.stop)
|
||||||
return;
|
return;
|
||||||
tsk = get_pid_task(find_vpid(info->pid), PIDTYPE_PID);
|
|
||||||
|
tsk = get_pid_task(find_vpid(bpfilter_ops.info.pid), PIDTYPE_PID);
|
||||||
if (tsk) {
|
if (tsk) {
|
||||||
force_sig(SIGKILL, tsk);
|
force_sig(SIGKILL, tsk);
|
||||||
put_task_struct(tsk);
|
put_task_struct(tsk);
|
||||||
|
@ -31,10 +32,8 @@ static void shutdown_umh(struct umh_info *info)
|
||||||
|
|
||||||
static void __stop_umh(void)
|
static void __stop_umh(void)
|
||||||
{
|
{
|
||||||
if (IS_ENABLED(CONFIG_INET)) {
|
if (IS_ENABLED(CONFIG_INET))
|
||||||
bpfilter_ops.sockopt = NULL;
|
shutdown_umh();
|
||||||
shutdown_umh(&bpfilter_ops.info);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void stop_umh(void)
|
static void stop_umh(void)
|
||||||
|
@ -85,7 +84,7 @@ out:
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int __init load_umh(void)
|
static int start_umh(void)
|
||||||
{
|
{
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
|
@ -95,6 +94,7 @@ static int __init load_umh(void)
|
||||||
&bpfilter_ops.info);
|
&bpfilter_ops.info);
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
|
bpfilter_ops.stop = false;
|
||||||
pr_info("Loaded bpfilter_umh pid %d\n", bpfilter_ops.info.pid);
|
pr_info("Loaded bpfilter_umh pid %d\n", bpfilter_ops.info.pid);
|
||||||
|
|
||||||
/* health check that usermode process started correctly */
|
/* health check that usermode process started correctly */
|
||||||
|
@ -102,14 +102,31 @@ static int __init load_umh(void)
|
||||||
stop_umh();
|
stop_umh();
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
}
|
}
|
||||||
if (IS_ENABLED(CONFIG_INET))
|
|
||||||
bpfilter_ops.sockopt = &__bpfilter_process_sockopt;
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int __init load_umh(void)
|
||||||
|
{
|
||||||
|
int err;
|
||||||
|
|
||||||
|
if (!bpfilter_ops.stop)
|
||||||
|
return -EFAULT;
|
||||||
|
err = start_umh();
|
||||||
|
if (!err && IS_ENABLED(CONFIG_INET)) {
|
||||||
|
bpfilter_ops.sockopt = &__bpfilter_process_sockopt;
|
||||||
|
bpfilter_ops.start = &start_umh;
|
||||||
|
}
|
||||||
|
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
static void __exit fini_umh(void)
|
static void __exit fini_umh(void)
|
||||||
{
|
{
|
||||||
|
if (IS_ENABLED(CONFIG_INET)) {
|
||||||
|
bpfilter_ops.start = NULL;
|
||||||
|
bpfilter_ops.sockopt = NULL;
|
||||||
|
}
|
||||||
stop_umh();
|
stop_umh();
|
||||||
}
|
}
|
||||||
module_init(load_umh);
|
module_init(load_umh);
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/* SPDX-License-Identifier: GPL-2.0 */
|
/* SPDX-License-Identifier: GPL-2.0 */
|
||||||
.section .init.rodata, "a"
|
.section .bpfilter_umh, "a"
|
||||||
.global bpfilter_umh_start
|
.global bpfilter_umh_start
|
||||||
bpfilter_umh_start:
|
bpfilter_umh_start:
|
||||||
.incbin "net/bpfilter/bpfilter_umh"
|
.incbin "net/bpfilter/bpfilter_umh"
|
||||||
|
|
|
@ -14,6 +14,7 @@ EXPORT_SYMBOL_GPL(bpfilter_ops);
|
||||||
|
|
||||||
static void bpfilter_umh_cleanup(struct umh_info *info)
|
static void bpfilter_umh_cleanup(struct umh_info *info)
|
||||||
{
|
{
|
||||||
|
bpfilter_ops.stop = true;
|
||||||
fput(info->pipe_to_umh);
|
fput(info->pipe_to_umh);
|
||||||
fput(info->pipe_from_umh);
|
fput(info->pipe_from_umh);
|
||||||
info->pid = 0;
|
info->pid = 0;
|
||||||
|
@ -23,14 +24,21 @@ static int bpfilter_mbox_request(struct sock *sk, int optname,
|
||||||
char __user *optval,
|
char __user *optval,
|
||||||
unsigned int optlen, bool is_set)
|
unsigned int optlen, bool is_set)
|
||||||
{
|
{
|
||||||
|
int err;
|
||||||
|
|
||||||
if (!bpfilter_ops.sockopt) {
|
if (!bpfilter_ops.sockopt) {
|
||||||
int err = request_module("bpfilter");
|
err = request_module("bpfilter");
|
||||||
|
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
if (!bpfilter_ops.sockopt)
|
if (!bpfilter_ops.sockopt)
|
||||||
return -ECHILD;
|
return -ECHILD;
|
||||||
}
|
}
|
||||||
|
if (bpfilter_ops.stop) {
|
||||||
|
err = bpfilter_ops.start();
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
}
|
||||||
return bpfilter_ops.sockopt(sk, optname, optval, optlen, is_set);
|
return bpfilter_ops.sockopt(sk, optname, optval, optlen, is_set);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -53,6 +61,7 @@ int bpfilter_ip_get_sockopt(struct sock *sk, int optname, char __user *optval,
|
||||||
|
|
||||||
static int __init bpfilter_sockopt_init(void)
|
static int __init bpfilter_sockopt_init(void)
|
||||||
{
|
{
|
||||||
|
bpfilter_ops.stop = true;
|
||||||
bpfilter_ops.info.cmdline = "bpfilter_umh";
|
bpfilter_ops.info.cmdline = "bpfilter_umh";
|
||||||
bpfilter_ops.info.cleanup = &bpfilter_umh_cleanup;
|
bpfilter_ops.info.cleanup = &bpfilter_umh_cleanup;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue