1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * kernel userspace event delivery 4 * 5 * Copyright (C) 2004 Red Hat, Inc. All rights reserved. 6 * Copyright (C) 2004 Novell, Inc. All rights reserved. 7 * Copyright (C) 2004 IBM, Inc. All rights reserved. 8 * 9 * Authors: 10 * Robert Love <rml@novell.com> 11 * Kay Sievers <kay.sievers@vrfy.org> 12 * Arjan van de Ven <arjanv@redhat.com> 13 * Greg Kroah-Hartman <greg@kroah.com> 14 */ 15 16 #include <linux/spinlock.h> 17 #include <linux/string.h> 18 #include <linux/kobject.h> 19 #include <linux/export.h> 20 #include <linux/kmod.h> 21 #include <linux/slab.h> 22 #include <linux/socket.h> 23 #include <linux/skbuff.h> 24 #include <linux/netlink.h> 25 #include <linux/uuid.h> 26 #include <linux/ctype.h> 27 #include <net/sock.h> 28 #include <net/netlink.h> 29 #include <net/net_namespace.h> 30 31 32 u64 uevent_seqnum; 33 #ifdef CONFIG_UEVENT_HELPER 34 char uevent_helper[UEVENT_HELPER_PATH_LEN] = CONFIG_UEVENT_HELPER_PATH; 35 #endif 36 37 struct uevent_sock { 38 struct list_head list; 39 struct sock *sk; 40 }; 41 42 #ifdef CONFIG_NET 43 static LIST_HEAD(uevent_sock_list); 44 #endif 45 46 /* This lock protects uevent_seqnum and uevent_sock_list */ 47 static DEFINE_MUTEX(uevent_sock_mutex); 48 49 /* the strings here must match the enum in include/linux/kobject.h */ 50 static const char *kobject_actions[] = { 51 [KOBJ_ADD] = "add", 52 [KOBJ_REMOVE] = "remove", 53 [KOBJ_CHANGE] = "change", 54 [KOBJ_MOVE] = "move", 55 [KOBJ_ONLINE] = "online", 56 [KOBJ_OFFLINE] = "offline", 57 [KOBJ_BIND] = "bind", 58 [KOBJ_UNBIND] = "unbind", 59 }; 60 61 static int kobject_action_type(const char *buf, size_t count, 62 enum kobject_action *type, 63 const char **args) 64 { 65 enum kobject_action action; 66 size_t count_first; 67 const char *args_start; 68 int ret = -EINVAL; 69 70 if (count && (buf[count-1] == '\n' || buf[count-1] == '\0')) 71 count--; 72 73 if (!count) 74 goto out; 75 76 args_start = strnchr(buf, count, ' '); 77 if (args_start) { 78 count_first = args_start - buf; 79 args_start = args_start + 1; 80 } else 81 count_first = count; 82 83 for (action = 0; action < ARRAY_SIZE(kobject_actions); action++) { 84 if (strncmp(kobject_actions[action], buf, count_first) != 0) 85 continue; 86 if (kobject_actions[action][count_first] != '\0') 87 continue; 88 if (args) 89 *args = args_start; 90 *type = action; 91 ret = 0; 92 break; 93 } 94 out: 95 return ret; 96 } 97 98 static const char *action_arg_word_end(const char *buf, const char *buf_end, 99 char delim) 100 { 101 const char *next = buf; 102 103 while (next <= buf_end && *next != delim) 104 if (!isalnum(*next++)) 105 return NULL; 106 107 if (next == buf) 108 return NULL; 109 110 return next; 111 } 112 113 static int kobject_action_args(const char *buf, size_t count, 114 struct kobj_uevent_env **ret_env) 115 { 116 struct kobj_uevent_env *env = NULL; 117 const char *next, *buf_end, *key; 118 int key_len; 119 int r = -EINVAL; 120 121 if (count && (buf[count - 1] == '\n' || buf[count - 1] == '\0')) 122 count--; 123 124 if (!count) 125 return -EINVAL; 126 127 env = kzalloc(sizeof(*env), GFP_KERNEL); 128 if (!env) 129 return -ENOMEM; 130 131 /* first arg is UUID */ 132 if (count < UUID_STRING_LEN || !uuid_is_valid(buf) || 133 add_uevent_var(env, "SYNTH_UUID=%.*s", UUID_STRING_LEN, buf)) 134 goto out; 135 136 /* 137 * the rest are custom environment variables in KEY=VALUE 138 * format with ' ' delimiter between each KEY=VALUE pair 139 */ 140 next = buf + UUID_STRING_LEN; 141 buf_end = buf + count - 1; 142 143 while (next <= buf_end) { 144 if (*next != ' ') 145 goto out; 146 147 /* skip the ' ', key must follow */ 148 key = ++next; 149 if (key > buf_end) 150 goto out; 151 152 buf = next; 153 next = action_arg_word_end(buf, buf_end, '='); 154 if (!next || next > buf_end || *next != '=') 155 goto out; 156 key_len = next - buf; 157 158 /* skip the '=', value must follow */ 159 if (++next > buf_end) 160 goto out; 161 162 buf = next; 163 next = action_arg_word_end(buf, buf_end, ' '); 164 if (!next) 165 goto out; 166 167 if (add_uevent_var(env, "SYNTH_ARG_%.*s=%.*s", 168 key_len, key, (int) (next - buf), buf)) 169 goto out; 170 } 171 172 r = 0; 173 out: 174 if (r) 175 kfree(env); 176 else 177 *ret_env = env; 178 return r; 179 } 180 181 /** 182 * kobject_synth_uevent - send synthetic uevent with arguments 183 * 184 * @kobj: struct kobject for which synthetic uevent is to be generated 185 * @buf: buffer containing action type and action args, newline is ignored 186 * @count: length of buffer 187 * 188 * Returns 0 if kobject_synthetic_uevent() is completed with success or the 189 * corresponding error when it fails. 190 */ 191 int kobject_synth_uevent(struct kobject *kobj, const char *buf, size_t count) 192 { 193 char *no_uuid_envp[] = { "SYNTH_UUID=0", NULL }; 194 enum kobject_action action; 195 const char *action_args; 196 struct kobj_uevent_env *env; 197 const char *msg = NULL, *devpath; 198 int r; 199 200 r = kobject_action_type(buf, count, &action, &action_args); 201 if (r) { 202 msg = "unknown uevent action string\n"; 203 goto out; 204 } 205 206 if (!action_args) { 207 r = kobject_uevent_env(kobj, action, no_uuid_envp); 208 goto out; 209 } 210 211 r = kobject_action_args(action_args, 212 count - (action_args - buf), &env); 213 if (r == -EINVAL) { 214 msg = "incorrect uevent action arguments\n"; 215 goto out; 216 } 217 218 if (r) 219 goto out; 220 221 r = kobject_uevent_env(kobj, action, env->envp); 222 kfree(env); 223 out: 224 if (r) { 225 devpath = kobject_get_path(kobj, GFP_KERNEL); 226 printk(KERN_WARNING "synth uevent: %s: %s", 227 devpath ?: "unknown device", 228 msg ?: "failed to send uevent"); 229 kfree(devpath); 230 } 231 return r; 232 } 233 234 #ifdef CONFIG_NET 235 static int kobj_bcast_filter(struct sock *dsk, struct sk_buff *skb, void *data) 236 { 237 struct kobject *kobj = data, *ksobj; 238 const struct kobj_ns_type_operations *ops; 239 240 ops = kobj_ns_ops(kobj); 241 if (!ops && kobj->kset) { 242 ksobj = &kobj->kset->kobj; 243 if (ksobj->parent != NULL) 244 ops = kobj_ns_ops(ksobj->parent); 245 } 246 247 if (ops && ops->netlink_ns && kobj->ktype->namespace) { 248 const void *sock_ns, *ns; 249 ns = kobj->ktype->namespace(kobj); 250 sock_ns = ops->netlink_ns(dsk); 251 return sock_ns != ns; 252 } 253 254 return 0; 255 } 256 #endif 257 258 #ifdef CONFIG_UEVENT_HELPER 259 static int kobj_usermode_filter(struct kobject *kobj) 260 { 261 const struct kobj_ns_type_operations *ops; 262 263 ops = kobj_ns_ops(kobj); 264 if (ops) { 265 const void *init_ns, *ns; 266 ns = kobj->ktype->namespace(kobj); 267 init_ns = ops->initial_ns(); 268 return ns != init_ns; 269 } 270 271 return 0; 272 } 273 274 static int init_uevent_argv(struct kobj_uevent_env *env, const char *subsystem) 275 { 276 int len; 277 278 len = strlcpy(&env->buf[env->buflen], subsystem, 279 sizeof(env->buf) - env->buflen); 280 if (len >= (sizeof(env->buf) - env->buflen)) { 281 WARN(1, KERN_ERR "init_uevent_argv: buffer size too small\n"); 282 return -ENOMEM; 283 } 284 285 env->argv[0] = uevent_helper; 286 env->argv[1] = &env->buf[env->buflen]; 287 env->argv[2] = NULL; 288 289 env->buflen += len + 1; 290 return 0; 291 } 292 293 static void cleanup_uevent_env(struct subprocess_info *info) 294 { 295 kfree(info->data); 296 } 297 #endif 298 299 static int kobject_uevent_net_broadcast(struct kobject *kobj, 300 struct kobj_uevent_env *env, 301 const char *action_string, 302 const char *devpath) 303 { 304 int retval = 0; 305 #if defined(CONFIG_NET) 306 struct sk_buff *skb = NULL; 307 struct uevent_sock *ue_sk; 308 309 /* send netlink message */ 310 list_for_each_entry(ue_sk, &uevent_sock_list, list) { 311 struct sock *uevent_sock = ue_sk->sk; 312 313 if (!netlink_has_listeners(uevent_sock, 1)) 314 continue; 315 316 if (!skb) { 317 /* allocate message with the maximum possible size */ 318 size_t len = strlen(action_string) + strlen(devpath) + 2; 319 char *scratch; 320 321 retval = -ENOMEM; 322 skb = alloc_skb(len + env->buflen, GFP_KERNEL); 323 if (!skb) 324 continue; 325 326 /* add header */ 327 scratch = skb_put(skb, len); 328 sprintf(scratch, "%s@%s", action_string, devpath); 329 330 skb_put_data(skb, env->buf, env->buflen); 331 332 NETLINK_CB(skb).dst_group = 1; 333 } 334 335 retval = netlink_broadcast_filtered(uevent_sock, skb_get(skb), 336 0, 1, GFP_KERNEL, 337 kobj_bcast_filter, 338 kobj); 339 /* ENOBUFS should be handled in userspace */ 340 if (retval == -ENOBUFS || retval == -ESRCH) 341 retval = 0; 342 } 343 consume_skb(skb); 344 #endif 345 return retval; 346 } 347 348 static void zap_modalias_env(struct kobj_uevent_env *env) 349 { 350 static const char modalias_prefix[] = "MODALIAS="; 351 size_t len; 352 int i, j; 353 354 for (i = 0; i < env->envp_idx;) { 355 if (strncmp(env->envp[i], modalias_prefix, 356 sizeof(modalias_prefix) - 1)) { 357 i++; 358 continue; 359 } 360 361 len = strlen(env->envp[i]) + 1; 362 363 if (i != env->envp_idx - 1) { 364 memmove(env->envp[i], env->envp[i + 1], 365 env->buflen - len); 366 367 for (j = i; j < env->envp_idx - 1; j++) 368 env->envp[j] = env->envp[j + 1] - len; 369 } 370 371 env->envp_idx--; 372 env->buflen -= len; 373 } 374 } 375 376 /** 377 * kobject_uevent_env - send an uevent with environmental data 378 * 379 * @kobj: struct kobject that the action is happening to 380 * @action: action that is happening 381 * @envp_ext: pointer to environmental data 382 * 383 * Returns 0 if kobject_uevent_env() is completed with success or the 384 * corresponding error when it fails. 385 */ 386 int kobject_uevent_env(struct kobject *kobj, enum kobject_action action, 387 char *envp_ext[]) 388 { 389 struct kobj_uevent_env *env; 390 const char *action_string = kobject_actions[action]; 391 const char *devpath = NULL; 392 const char *subsystem; 393 struct kobject *top_kobj; 394 struct kset *kset; 395 const struct kset_uevent_ops *uevent_ops; 396 int i = 0; 397 int retval = 0; 398 399 pr_debug("kobject: '%s' (%p): %s\n", 400 kobject_name(kobj), kobj, __func__); 401 402 /* search the kset we belong to */ 403 top_kobj = kobj; 404 while (!top_kobj->kset && top_kobj->parent) 405 top_kobj = top_kobj->parent; 406 407 if (!top_kobj->kset) { 408 pr_debug("kobject: '%s' (%p): %s: attempted to send uevent " 409 "without kset!\n", kobject_name(kobj), kobj, 410 __func__); 411 return -EINVAL; 412 } 413 414 kset = top_kobj->kset; 415 uevent_ops = kset->uevent_ops; 416 417 /* skip the event, if uevent_suppress is set*/ 418 if (kobj->uevent_suppress) { 419 pr_debug("kobject: '%s' (%p): %s: uevent_suppress " 420 "caused the event to drop!\n", 421 kobject_name(kobj), kobj, __func__); 422 return 0; 423 } 424 /* skip the event, if the filter returns zero. */ 425 if (uevent_ops && uevent_ops->filter) 426 if (!uevent_ops->filter(kset, kobj)) { 427 pr_debug("kobject: '%s' (%p): %s: filter function " 428 "caused the event to drop!\n", 429 kobject_name(kobj), kobj, __func__); 430 return 0; 431 } 432 433 /* originating subsystem */ 434 if (uevent_ops && uevent_ops->name) 435 subsystem = uevent_ops->name(kset, kobj); 436 else 437 subsystem = kobject_name(&kset->kobj); 438 if (!subsystem) { 439 pr_debug("kobject: '%s' (%p): %s: unset subsystem caused the " 440 "event to drop!\n", kobject_name(kobj), kobj, 441 __func__); 442 return 0; 443 } 444 445 /* environment buffer */ 446 env = kzalloc(sizeof(struct kobj_uevent_env), GFP_KERNEL); 447 if (!env) 448 return -ENOMEM; 449 450 /* complete object path */ 451 devpath = kobject_get_path(kobj, GFP_KERNEL); 452 if (!devpath) { 453 retval = -ENOENT; 454 goto exit; 455 } 456 457 /* default keys */ 458 retval = add_uevent_var(env, "ACTION=%s", action_string); 459 if (retval) 460 goto exit; 461 retval = add_uevent_var(env, "DEVPATH=%s", devpath); 462 if (retval) 463 goto exit; 464 retval = add_uevent_var(env, "SUBSYSTEM=%s", subsystem); 465 if (retval) 466 goto exit; 467 468 /* keys passed in from the caller */ 469 if (envp_ext) { 470 for (i = 0; envp_ext[i]; i++) { 471 retval = add_uevent_var(env, "%s", envp_ext[i]); 472 if (retval) 473 goto exit; 474 } 475 } 476 477 /* let the kset specific function add its stuff */ 478 if (uevent_ops && uevent_ops->uevent) { 479 retval = uevent_ops->uevent(kset, kobj, env); 480 if (retval) { 481 pr_debug("kobject: '%s' (%p): %s: uevent() returned " 482 "%d\n", kobject_name(kobj), kobj, 483 __func__, retval); 484 goto exit; 485 } 486 } 487 488 switch (action) { 489 case KOBJ_ADD: 490 /* 491 * Mark "add" event so we can make sure we deliver "remove" 492 * event to userspace during automatic cleanup. If 493 * the object did send an "add" event, "remove" will 494 * automatically generated by the core, if not already done 495 * by the caller. 496 */ 497 kobj->state_add_uevent_sent = 1; 498 break; 499 500 case KOBJ_REMOVE: 501 kobj->state_remove_uevent_sent = 1; 502 break; 503 504 case KOBJ_UNBIND: 505 zap_modalias_env(env); 506 break; 507 508 default: 509 break; 510 } 511 512 mutex_lock(&uevent_sock_mutex); 513 /* we will send an event, so request a new sequence number */ 514 retval = add_uevent_var(env, "SEQNUM=%llu", (unsigned long long)++uevent_seqnum); 515 if (retval) { 516 mutex_unlock(&uevent_sock_mutex); 517 goto exit; 518 } 519 retval = kobject_uevent_net_broadcast(kobj, env, action_string, 520 devpath); 521 mutex_unlock(&uevent_sock_mutex); 522 523 #ifdef CONFIG_UEVENT_HELPER 524 /* call uevent_helper, usually only enabled during early boot */ 525 if (uevent_helper[0] && !kobj_usermode_filter(kobj)) { 526 struct subprocess_info *info; 527 528 retval = add_uevent_var(env, "HOME=/"); 529 if (retval) 530 goto exit; 531 retval = add_uevent_var(env, 532 "PATH=/sbin:/bin:/usr/sbin:/usr/bin"); 533 if (retval) 534 goto exit; 535 retval = init_uevent_argv(env, subsystem); 536 if (retval) 537 goto exit; 538 539 retval = -ENOMEM; 540 info = call_usermodehelper_setup(env->argv[0], env->argv, 541 env->envp, GFP_KERNEL, 542 NULL, cleanup_uevent_env, env); 543 if (info) { 544 retval = call_usermodehelper_exec(info, UMH_NO_WAIT); 545 env = NULL; /* freed by cleanup_uevent_env */ 546 } 547 } 548 #endif 549 550 exit: 551 kfree(devpath); 552 kfree(env); 553 return retval; 554 } 555 EXPORT_SYMBOL_GPL(kobject_uevent_env); 556 557 /** 558 * kobject_uevent - notify userspace by sending an uevent 559 * 560 * @kobj: struct kobject that the action is happening to 561 * @action: action that is happening 562 * 563 * Returns 0 if kobject_uevent() is completed with success or the 564 * corresponding error when it fails. 565 */ 566 int kobject_uevent(struct kobject *kobj, enum kobject_action action) 567 { 568 return kobject_uevent_env(kobj, action, NULL); 569 } 570 EXPORT_SYMBOL_GPL(kobject_uevent); 571 572 /** 573 * add_uevent_var - add key value string to the environment buffer 574 * @env: environment buffer structure 575 * @format: printf format for the key=value pair 576 * 577 * Returns 0 if environment variable was added successfully or -ENOMEM 578 * if no space was available. 579 */ 580 int add_uevent_var(struct kobj_uevent_env *env, const char *format, ...) 581 { 582 va_list args; 583 int len; 584 585 if (env->envp_idx >= ARRAY_SIZE(env->envp)) { 586 WARN(1, KERN_ERR "add_uevent_var: too many keys\n"); 587 return -ENOMEM; 588 } 589 590 va_start(args, format); 591 len = vsnprintf(&env->buf[env->buflen], 592 sizeof(env->buf) - env->buflen, 593 format, args); 594 va_end(args); 595 596 if (len >= (sizeof(env->buf) - env->buflen)) { 597 WARN(1, KERN_ERR "add_uevent_var: buffer size too small\n"); 598 return -ENOMEM; 599 } 600 601 env->envp[env->envp_idx++] = &env->buf[env->buflen]; 602 env->buflen += len + 1; 603 return 0; 604 } 605 EXPORT_SYMBOL_GPL(add_uevent_var); 606 607 #if defined(CONFIG_NET) 608 static int uevent_net_broadcast(struct sock *usk, struct sk_buff *skb, 609 struct netlink_ext_ack *extack) 610 { 611 /* u64 to chars: 2^64 - 1 = 21 chars */ 612 char buf[sizeof("SEQNUM=") + 21]; 613 struct sk_buff *skbc; 614 int ret; 615 616 /* bump and prepare sequence number */ 617 ret = snprintf(buf, sizeof(buf), "SEQNUM=%llu", ++uevent_seqnum); 618 if (ret < 0 || (size_t)ret >= sizeof(buf)) 619 return -ENOMEM; 620 ret++; 621 622 /* verify message does not overflow */ 623 if ((skb->len + ret) > UEVENT_BUFFER_SIZE) { 624 NL_SET_ERR_MSG(extack, "uevent message too big"); 625 return -EINVAL; 626 } 627 628 /* copy skb and extend to accommodate sequence number */ 629 skbc = skb_copy_expand(skb, 0, ret, GFP_KERNEL); 630 if (!skbc) 631 return -ENOMEM; 632 633 /* append sequence number */ 634 skb_put_data(skbc, buf, ret); 635 636 /* remove msg header */ 637 skb_pull(skbc, NLMSG_HDRLEN); 638 639 /* set portid 0 to inform userspace message comes from kernel */ 640 NETLINK_CB(skbc).portid = 0; 641 NETLINK_CB(skbc).dst_group = 1; 642 643 ret = netlink_broadcast(usk, skbc, 0, 1, GFP_KERNEL); 644 /* ENOBUFS should be handled in userspace */ 645 if (ret == -ENOBUFS || ret == -ESRCH) 646 ret = 0; 647 648 return ret; 649 } 650 651 static int uevent_net_rcv_skb(struct sk_buff *skb, struct nlmsghdr *nlh, 652 struct netlink_ext_ack *extack) 653 { 654 struct net *net; 655 int ret; 656 657 if (!nlmsg_data(nlh)) 658 return -EINVAL; 659 660 /* 661 * Verify that we are allowed to send messages to the target 662 * network namespace. The caller must have CAP_SYS_ADMIN in the 663 * owning user namespace of the target network namespace. 664 */ 665 net = sock_net(NETLINK_CB(skb).sk); 666 if (!netlink_ns_capable(skb, net->user_ns, CAP_SYS_ADMIN)) { 667 NL_SET_ERR_MSG(extack, "missing CAP_SYS_ADMIN capability"); 668 return -EPERM; 669 } 670 671 mutex_lock(&uevent_sock_mutex); 672 ret = uevent_net_broadcast(net->uevent_sock->sk, skb, extack); 673 mutex_unlock(&uevent_sock_mutex); 674 675 return ret; 676 } 677 678 static void uevent_net_rcv(struct sk_buff *skb) 679 { 680 netlink_rcv_skb(skb, &uevent_net_rcv_skb); 681 } 682 683 static int uevent_net_init(struct net *net) 684 { 685 struct uevent_sock *ue_sk; 686 struct netlink_kernel_cfg cfg = { 687 .groups = 1, 688 .input = uevent_net_rcv, 689 .flags = NL_CFG_F_NONROOT_RECV 690 }; 691 692 ue_sk = kzalloc(sizeof(*ue_sk), GFP_KERNEL); 693 if (!ue_sk) 694 return -ENOMEM; 695 696 ue_sk->sk = netlink_kernel_create(net, NETLINK_KOBJECT_UEVENT, &cfg); 697 if (!ue_sk->sk) { 698 printk(KERN_ERR 699 "kobject_uevent: unable to create netlink socket!\n"); 700 kfree(ue_sk); 701 return -ENODEV; 702 } 703 704 net->uevent_sock = ue_sk; 705 706 mutex_lock(&uevent_sock_mutex); 707 list_add_tail(&ue_sk->list, &uevent_sock_list); 708 mutex_unlock(&uevent_sock_mutex); 709 return 0; 710 } 711 712 static void uevent_net_exit(struct net *net) 713 { 714 struct uevent_sock *ue_sk = net->uevent_sock; 715 716 mutex_lock(&uevent_sock_mutex); 717 list_del(&ue_sk->list); 718 mutex_unlock(&uevent_sock_mutex); 719 720 netlink_kernel_release(ue_sk->sk); 721 kfree(ue_sk); 722 } 723 724 static struct pernet_operations uevent_net_ops = { 725 .init = uevent_net_init, 726 .exit = uevent_net_exit, 727 }; 728 729 static int __init kobject_uevent_init(void) 730 { 731 return register_pernet_subsys(&uevent_net_ops); 732 } 733 734 735 postcore_initcall(kobject_uevent_init); 736 #endif 737