2 * Copyright (C) 2013-2015 Kay Sievers
3 * Copyright (C) 2013-2015 Greg Kroah-Hartman <gregkh@linuxfoundation.org>
4 * Copyright (C) 2013-2015 Daniel Mack <daniel@zonque.org>
5 * Copyright (C) 2013-2015 David Herrmann <dh.herrmann@gmail.com>
6 * Copyright (C) 2013-2015 Linux Foundation
7 * Copyright (C) 2014-2015 Djalal Harouni <tixxdz@opendz.org>
9 * kdbus is free software; you can redistribute it and/or modify it under
10 * the terms of the GNU Lesser General Public License as published by the
11 * Free Software Foundation; either version 2.1 of the License, or (at
12 * your option) any later version.
15 #include <linux/file.h>
17 #include <linux/idr.h>
18 #include <linux/init.h>
19 #include <linux/kdev_t.h>
20 #include <linux/module.h>
21 #include <linux/mutex.h>
22 #include <linux/poll.h>
23 #include <linux/rwsem.h>
24 #include <linux/sched.h>
25 #include <linux/sizes.h>
26 #include <linux/slab.h>
27 #include <linux/uaccess.h>
28 #include <linux/syscalls.h>
31 #include "connection.h"
42 static int kdbus_args_verify(struct kdbus_args *args)
44 struct kdbus_item *item;
48 KDBUS_ITEMS_FOREACH(item, args->items, args->items_size) {
49 struct kdbus_arg *arg = NULL;
51 if (!KDBUS_ITEM_VALID(item, args->items, args->items_size))
54 for (i = 0; i < args->argc; ++i)
55 if (args->argv[i].type == item->type)
62 ret = kdbus_item_validate(item);
66 if (arg->item && !arg->multiple)
72 if (!KDBUS_ITEMS_END(item, args->items, args->items_size))
78 static int kdbus_args_negotiate(struct kdbus_args *args)
80 struct kdbus_item __user *user;
81 struct kdbus_item *negotiation;
85 * If KDBUS_FLAG_NEGOTIATE is set, we overwrite the flags field with
86 * the set of supported flags. Furthermore, if an KDBUS_ITEM_NEGOTIATE
87 * item is passed, we iterate its payload (array of u64, each set to an
88 * item type) and clear all unsupported item-types to 0.
89 * The caller might do this recursively, if other flags or objects are
90 * embedded in the payload itself.
93 if (args->cmd->flags & KDBUS_FLAG_NEGOTIATE) {
94 if (put_user(args->allowed_flags & ~KDBUS_FLAG_NEGOTIATE,
99 if (args->argc < 1 || args->argv[0].type != KDBUS_ITEM_NEGOTIATE ||
103 negotiation = args->argv[0].item;
104 user = (struct kdbus_item __user *)
105 ((u8 __user *)args->user +
106 ((u8 *)negotiation - (u8 *)args->cmd));
107 num = KDBUS_ITEM_PAYLOAD_SIZE(negotiation) / sizeof(u64);
109 for (i = 0; i < num; ++i) {
110 for (j = 0; j < args->argc; ++j)
111 if (negotiation->data64[i] == args->argv[j].type)
117 /* this item is not supported, clear it out */
118 negotiation->data64[i] = 0;
119 if (put_user(negotiation->data64[i], &user->data64[i]))
127 * __kdbus_args_parse() - parse payload of kdbus command
128 * @args: object to parse data into
129 * @is_cmd: whether this is a command or msg payload
130 * @argp: user-space location of command payload to parse
131 * @type_size: overall size of command payload to parse
132 * @items_offset: offset of items array in command payload
133 * @out: output variable to store pointer to copied payload
135 * This parses the ioctl payload at user-space location @argp into @args. @args
136 * must be pre-initialized by the caller to reflect the supported flags and
137 * items of this command. This parser will then copy the command payload into
138 * kernel-space, verify correctness and consistency and cache pointers to parsed
139 * items and other data in @args.
141 * If this function succeeded, you must call kdbus_args_clear() to release
142 * allocated resources before destroying @args.
144 * This can also be used to import kdbus_msg objects. In that case, @is_cmd must
145 * be set to 'false' and the 'return_flags' field will not be touched (as it
146 * doesn't exist on kdbus_msg).
148 * Return: On failure a negative error code is returned. Otherwise, 1 is
149 * returned if negotiation was requested, 0 if not.
151 int __kdbus_args_parse(struct kdbus_args *args, bool is_cmd, void __user *argp,
152 size_t type_size, size_t items_offset, void **out)
157 ret = kdbus_copy_from_user(&user_size, argp, sizeof(user_size));
161 if (user_size < type_size)
163 if (user_size > KDBUS_CMD_MAX_SIZE)
166 if (user_size <= sizeof(args->cmd_buf)) {
167 if (copy_from_user(args->cmd_buf, argp, user_size))
169 args->cmd = (void*)args->cmd_buf;
171 args->cmd = memdup_user(argp, user_size);
172 if (IS_ERR(args->cmd))
173 return PTR_ERR(args->cmd);
176 if (args->cmd->size != user_size) {
182 args->cmd->return_flags = 0;
184 args->items = (void *)((u8 *)args->cmd + items_offset);
185 args->items_size = args->cmd->size - items_offset;
186 args->is_cmd = is_cmd;
188 if (args->cmd->flags & ~args->allowed_flags) {
193 ret = kdbus_args_verify(args);
197 ret = kdbus_args_negotiate(args);
201 /* mandatory items must be given (but not on negotiation) */
202 if (!(args->cmd->flags & KDBUS_FLAG_NEGOTIATE)) {
203 for (i = 0; i < args->argc; ++i)
204 if (args->argv[i].mandatory && !args->argv[i].item) {
211 return !!(args->cmd->flags & KDBUS_FLAG_NEGOTIATE);
214 return kdbus_args_clear(args, ret);
218 * kdbus_args_clear() - release allocated command resources
219 * @args: object to release resources of
220 * @ret: return value of this command
222 * This frees all allocated resources on @args and copies the command result
223 * flags into user-space. @ret is usually returned unchanged by this function,
224 * so it can be used in the final 'return' statement of the command handler.
226 * Return: -EFAULT if return values cannot be copied into user-space, otherwise
227 * @ret is returned unchanged.
229 int kdbus_args_clear(struct kdbus_args *args, int ret)
234 if (!IS_ERR_OR_NULL(args->cmd)) {
235 if (args->is_cmd && put_user(args->cmd->return_flags,
236 &args->user->return_flags))
238 if (args->cmd != (void*)args->cmd_buf)
247 * enum kdbus_handle_type - type an handle can be of
248 * @KDBUS_HANDLE_NONE: no type set, yet
249 * @KDBUS_HANDLE_BUS_OWNER: bus owner
250 * @KDBUS_HANDLE_EP_OWNER: endpoint owner
251 * @KDBUS_HANDLE_CONNECTED: endpoint connection after HELLO
253 enum kdbus_handle_type {
255 KDBUS_HANDLE_BUS_OWNER,
256 KDBUS_HANDLE_EP_OWNER,
257 KDBUS_HANDLE_CONNECTED,
261 * struct kdbus_handle - handle to the kdbus system
263 * @type: type of this handle (KDBUS_HANDLE_*)
264 * @bus_owner: bus this handle owns
265 * @ep_owner: endpoint this handle owns
266 * @conn: connection this handle owns
268 struct kdbus_handle {
271 enum kdbus_handle_type type;
273 struct kdbus_bus *bus_owner;
274 struct kdbus_ep *ep_owner;
275 struct kdbus_conn *conn;
279 static int kdbus_handle_open(struct inode *inode, struct file *file)
281 struct kdbus_handle *handle;
282 struct kdbus_node *node;
285 node = kdbus_node_from_inode(inode);
286 if (!kdbus_node_acquire(node))
289 handle = kzalloc(sizeof(*handle), GFP_KERNEL);
295 mutex_init(&handle->lock);
296 handle->type = KDBUS_HANDLE_NONE;
298 file->private_data = handle;
302 kdbus_node_release(node);
306 static int kdbus_handle_release(struct inode *inode, struct file *file)
308 struct kdbus_handle *handle = file->private_data;
310 switch (handle->type) {
311 case KDBUS_HANDLE_BUS_OWNER:
312 if (handle->bus_owner) {
313 kdbus_node_deactivate(&handle->bus_owner->node);
314 kdbus_bus_unref(handle->bus_owner);
317 case KDBUS_HANDLE_EP_OWNER:
318 if (handle->ep_owner) {
319 kdbus_node_deactivate(&handle->ep_owner->node);
320 kdbus_ep_unref(handle->ep_owner);
323 case KDBUS_HANDLE_CONNECTED:
324 kdbus_conn_disconnect(handle->conn, false);
325 kdbus_conn_unref(handle->conn);
327 case KDBUS_HANDLE_NONE:
328 /* nothing to clean up */
337 static long kdbus_handle_ioctl_control(struct file *file, unsigned int cmd,
340 struct kdbus_handle *handle = file->private_data;
341 struct kdbus_node *node = file_inode(file)->i_private;
342 struct kdbus_domain *domain;
345 if (!kdbus_node_acquire(node))
349 * The parent of control-nodes is always a domain, make sure to pin it
350 * so the parent is actually valid.
352 domain = kdbus_domain_from_node(node->parent);
353 if (!kdbus_node_acquire(&domain->node)) {
354 kdbus_node_release(node);
359 case KDBUS_CMD_BUS_MAKE: {
360 struct kdbus_bus *bus;
362 bus = kdbus_cmd_bus_make(domain, argp);
363 if (IS_ERR_OR_NULL(bus)) {
364 ret = PTR_ERR_OR_ZERO(bus);
368 handle->bus_owner = bus;
369 ret = KDBUS_HANDLE_BUS_OWNER;
378 kdbus_node_release(&domain->node);
379 kdbus_node_release(node);
383 static long kdbus_handle_ioctl_ep(struct file *file, unsigned int cmd,
386 struct kdbus_handle *handle = file->private_data;
387 struct kdbus_node *node = file_inode(file)->i_private;
388 struct kdbus_ep *ep, *file_ep = kdbus_ep_from_node(node);
389 struct kdbus_bus *bus = file_ep->bus;
390 struct kdbus_conn *conn;
393 if (!kdbus_node_acquire(node))
397 case KDBUS_CMD_ENDPOINT_MAKE: {
398 /* creating custom endpoints is a privileged operation */
399 if (!kdbus_ep_is_owner(file_ep, file)) {
404 ep = kdbus_cmd_ep_make(bus, buf);
405 if (IS_ERR_OR_NULL(ep)) {
406 ret = PTR_ERR_OR_ZERO(ep);
410 handle->ep_owner = ep;
411 ret = KDBUS_HANDLE_EP_OWNER;
415 case KDBUS_CMD_HELLO:
416 conn = kdbus_cmd_hello(file_ep, file, buf);
417 if (IS_ERR_OR_NULL(conn)) {
418 ret = PTR_ERR_OR_ZERO(conn);
423 ret = KDBUS_HANDLE_CONNECTED;
431 kdbus_node_release(node);
435 static long kdbus_handle_ioctl_ep_owner(struct file *file, unsigned int command,
438 struct kdbus_handle *handle = file->private_data;
439 struct kdbus_ep *ep = handle->ep_owner;
442 if (!kdbus_node_acquire(&ep->node))
446 case KDBUS_CMD_ENDPOINT_UPDATE:
447 ret = kdbus_cmd_ep_update(ep, buf);
454 kdbus_node_release(&ep->node);
458 static long kdbus_handle_ioctl_connected(struct file *file,
459 unsigned int command, void __user *buf)
461 struct kdbus_handle *handle = file->private_data;
462 struct kdbus_conn *conn = handle->conn;
463 struct kdbus_conn *release_conn = NULL;
467 ret = kdbus_conn_acquire(release_conn);
472 case KDBUS_CMD_BYEBYE:
474 * BYEBYE is special; we must not acquire a connection when
475 * calling into kdbus_conn_disconnect() or we will deadlock,
476 * because kdbus_conn_disconnect() will wait for all acquired
477 * references to be dropped.
479 kdbus_conn_release(release_conn);
481 ret = kdbus_cmd_byebye_unlocked(conn, buf);
483 case KDBUS_CMD_NAME_ACQUIRE:
484 ret = kdbus_cmd_name_acquire(conn, buf);
486 case KDBUS_CMD_NAME_RELEASE:
487 ret = kdbus_cmd_name_release(conn, buf);
490 ret = kdbus_cmd_list(conn, buf);
492 case KDBUS_CMD_CONN_INFO:
493 ret = kdbus_cmd_conn_info(conn, buf);
495 case KDBUS_CMD_BUS_CREATOR_INFO:
496 ret = kdbus_cmd_bus_creator_info(conn, buf);
498 case KDBUS_CMD_UPDATE:
499 ret = kdbus_cmd_update(conn, buf);
501 case KDBUS_CMD_MATCH_ADD:
502 ret = kdbus_cmd_match_add(conn, buf);
504 case KDBUS_CMD_MATCH_REMOVE:
505 ret = kdbus_cmd_match_remove(conn, buf);
508 ret = kdbus_cmd_send(conn, file, buf);
511 ret = kdbus_cmd_recv(conn, buf);
514 ret = kdbus_cmd_free(conn, buf);
521 kdbus_conn_release(release_conn);
525 static long kdbus_handle_ioctl(struct file *file, unsigned int cmd,
528 struct kdbus_handle *handle = file->private_data;
529 struct kdbus_node *node = kdbus_node_from_inode(file_inode(file));
530 void __user *argp = (void __user *)arg;
534 case KDBUS_CMD_BUS_MAKE:
535 case KDBUS_CMD_ENDPOINT_MAKE:
536 case KDBUS_CMD_HELLO:
537 mutex_lock(&handle->lock);
538 if (handle->type == KDBUS_HANDLE_NONE) {
539 if (node->type == KDBUS_NODE_CONTROL)
540 ret = kdbus_handle_ioctl_control(file, cmd,
542 else if (node->type == KDBUS_NODE_ENDPOINT)
543 ret = kdbus_handle_ioctl_ep(file, cmd, argp);
547 * The data given via open() is not sufficient
548 * to setup a kdbus handle. Hence, we require
549 * the user to perform a setup ioctl. This setup
550 * can only be performed once and defines the
551 * type of the handle. The different setup
552 * ioctls are locked against each other so they
553 * cannot race. Once the handle type is set,
554 * the type-dependent ioctls are enabled. To
555 * improve performance, we don't lock those via
556 * handle->lock. Instead, we issue a
557 * write-barrier before performing the
558 * type-change, which pairs with smp_rmb() in
559 * all handlers that access the type field. This
560 * guarantees the handle is fully setup, if
561 * handle->type is set. If handle->type is
562 * unset, you must not make any assumptions
563 * without taking handle->lock.
564 * Note that handle->type is only set once. It
565 * will never change afterwards.
571 mutex_unlock(&handle->lock);
574 case KDBUS_CMD_ENDPOINT_UPDATE:
575 case KDBUS_CMD_BYEBYE:
576 case KDBUS_CMD_NAME_ACQUIRE:
577 case KDBUS_CMD_NAME_RELEASE:
579 case KDBUS_CMD_CONN_INFO:
580 case KDBUS_CMD_BUS_CREATOR_INFO:
581 case KDBUS_CMD_UPDATE:
582 case KDBUS_CMD_MATCH_ADD:
583 case KDBUS_CMD_MATCH_REMOVE:
586 case KDBUS_CMD_FREE: {
587 enum kdbus_handle_type type;
590 * This read-barrier pairs with smp_wmb() of the handle setup.
591 * it guarantees the handle is fully written, in case the
592 * type has been set. It allows us to access the handle without
593 * taking handle->lock, given the guarantee that the type is
594 * only ever set once, and stays constant afterwards.
595 * Furthermore, the handle object itself is not modified in any
596 * way after the type is set. That is, the type-field is the
597 * last field that is written on any handle. If it has not been
598 * set, we must not access the handle here.
603 if (type == KDBUS_HANDLE_EP_OWNER)
604 ret = kdbus_handle_ioctl_ep_owner(file, cmd, argp);
605 else if (type == KDBUS_HANDLE_CONNECTED)
606 ret = kdbus_handle_ioctl_connected(file, cmd, argp);
615 return ret < 0 ? ret : 0;
618 static unsigned int kdbus_handle_poll(struct file *file,
619 struct poll_table_struct *wait)
621 struct kdbus_handle *handle = file->private_data;
622 enum kdbus_handle_type type;
623 unsigned int mask = POLLOUT | POLLWRNORM;
626 * This pairs with smp_wmb() during handle setup. It guarantees that
627 * _iff_ the handle type is set, handle->conn is valid. Furthermore,
628 * _iff_ the type is set, the handle object is constant and never
629 * changed again. If it's not set, we must not access the handle but
630 * bail out. We also must assume no setup has taken place, yet.
635 /* Only a connected endpoint can read/write data */
636 if (type != KDBUS_HANDLE_CONNECTED)
637 return POLLERR | POLLHUP;
639 poll_wait(file, &handle->conn->wait, wait);
642 * Verify the connection hasn't been deactivated _after_ adding the
643 * wait-queue. This guarantees, that if the connection is deactivated
644 * after we checked it, the waitqueue is signaled and we're called
647 if (!kdbus_conn_active(handle->conn))
648 return POLLERR | POLLHUP;
650 if (!list_empty(&handle->conn->queue.msg_list) ||
651 atomic_read(&handle->conn->lost_count) > 0)
652 mask |= POLLIN | POLLRDNORM;
657 static int kdbus_handle_mmap(struct file *file, struct vm_area_struct *vma)
659 struct kdbus_handle *handle = file->private_data;
660 enum kdbus_handle_type type;
664 * This pairs with smp_wmb() during handle setup. It guarantees that
665 * _iff_ the handle type is set, handle->conn is valid. Furthermore,
666 * _iff_ the type is set, the handle object is constant and never
667 * changed again. If it's not set, we must not access the handle but
668 * bail out. We also must assume no setup has taken place, yet.
673 /* Only connected handles have a pool we can map */
674 if (type == KDBUS_HANDLE_CONNECTED)
675 ret = kdbus_pool_mmap(handle->conn->pool, vma);
680 const struct file_operations kdbus_handle_ops = {
681 .owner = THIS_MODULE,
682 .open = kdbus_handle_open,
683 .release = kdbus_handle_release,
684 .poll = kdbus_handle_poll,
685 .llseek = noop_llseek,
686 .unlocked_ioctl = kdbus_handle_ioctl,
687 .mmap = kdbus_handle_mmap,
689 .compat_ioctl = kdbus_handle_ioctl,