1 /* SPDX-License-Identifier: LGPL-2.1+ */
4 #include <linux/filter.h>
5 #include <linux/netlink.h>
6 #include <sys/socket.h>
11 #include "MurmurHash2.h"
12 #include "alloc-util.h"
13 #include "device-monitor-private.h"
14 #include "device-private.h"
15 #include "device-util.h"
17 #include "format-util.h"
20 #include "mount-util.h"
22 #include "socket-util.h"
23 #include "string-util.h"
26 struct sd_device_monitor
{
30 union sockaddr_union snl
;
31 union sockaddr_union snl_trusted_sender
;
34 Hashmap
*subsystem_filter
;
39 sd_event_source
*event_source
;
40 int64_t event_priority
;
41 sd_device_monitor_handler_t callback
;
45 #define UDEV_MONITOR_MAGIC 0xfeedcafe
47 typedef struct monitor_netlink_header
{
48 /* "libudev" prefix to distinguish libudev and kernel messages */
50 /* Magic to protect against daemon <-> Library message format mismatch
51 * Used in the kernel from socket filter rules; needs to be stored in network order */
53 /* Total length of header structure known to the sender */
55 /* Properties string buffer */
56 unsigned properties_off
;
57 unsigned properties_len
;
58 /* Hashes of primary device properties strings, to let libudev subscribers
59 * use in-kernel socket filters; values need to be stored in network order */
60 unsigned filter_subsystem_hash
;
61 unsigned filter_devtype_hash
;
62 unsigned filter_tag_bloom_hi
;
63 unsigned filter_tag_bloom_lo
;
64 } monitor_netlink_header
;
66 static int monitor_set_nl_address(sd_device_monitor
*m
) {
67 union sockaddr_union snl
;
72 /* Get the address the kernel has assigned us.
73 * It is usually, but not necessarily the pid. */
74 addrlen
= sizeof(struct sockaddr_nl
);
75 if (getsockname(m
->sock
, &snl
.sa
, &addrlen
) < 0)
78 m
->snl
.nl
.nl_pid
= snl
.nl
.nl_pid
;
82 int device_monitor_allow_unicast_sender(sd_device_monitor
*m
, sd_device_monitor
*sender
) {
83 assert_return(m
, -EINVAL
);
84 assert_return(sender
, -EINVAL
);
86 m
->snl_trusted_sender
.nl
.nl_pid
= sender
->snl
.nl
.nl_pid
;
90 _public_
int sd_device_monitor_set_receive_buffer_size(sd_device_monitor
*m
, size_t size
) {
91 int r
, n
= (int) size
;
93 assert_return(m
, -EINVAL
);
94 assert_return((size_t) n
!= size
, -EINVAL
);
96 if (setsockopt_int(m
->sock
, SOL_SOCKET
, SO_RCVBUF
, n
) < 0) {
97 r
= setsockopt_int(m
->sock
, SOL_SOCKET
, SO_RCVBUFFORCE
, n
);
105 int device_monitor_disconnect(sd_device_monitor
*m
) {
108 m
->sock
= safe_close(m
->sock
);
112 int device_monitor_get_fd(sd_device_monitor
*m
) {
113 assert_return(m
, -EINVAL
);
118 int device_monitor_new_full(sd_device_monitor
**ret
, MonitorNetlinkGroup group
, int fd
) {
119 _cleanup_(sd_device_monitor_unrefp
) sd_device_monitor
*m
= NULL
;
120 _cleanup_close_
int sock
= -1;
123 assert_return(ret
, -EINVAL
);
124 assert_return(group
>= 0 && group
< _MONITOR_NETLINK_GROUP_MAX
, -EINVAL
);
126 if (group
== MONITOR_GROUP_UDEV
&&
127 access("/run/udev/control", F_OK
) < 0 &&
128 dev_is_devtmpfs() <= 0) {
131 * We do not support subscribing to uevents if no instance of
132 * udev is running. Uevents would otherwise broadcast the
133 * processing data of the host into containers, which is not
136 * Containers will currently not get any udev uevents, until
137 * a supporting infrastructure is available.
139 * We do not set a netlink multicast group here, so the socket
140 * will not receive any messages.
143 log_debug("The udev service seems not to be active, disabling the monitor");
144 group
= MONITOR_GROUP_NONE
;
148 sock
= socket(PF_NETLINK
, SOCK_RAW
|SOCK_CLOEXEC
|SOCK_NONBLOCK
, NETLINK_KOBJECT_UEVENT
);
150 return log_debug_errno(errno
, "Failed to create socket: %m");
153 m
= new(sd_device_monitor
, 1);
157 *m
= (sd_device_monitor
) {
159 .sock
= fd
>= 0 ? fd
: TAKE_FD(sock
),
161 .snl
.nl
.nl_family
= AF_NETLINK
,
162 .snl
.nl
.nl_groups
= group
,
166 r
= monitor_set_nl_address(m
);
168 return log_debug_errno(r
, "Failed to set netlink address: %m");
175 _public_
int sd_device_monitor_new(sd_device_monitor
**ret
) {
176 return device_monitor_new_full(ret
, MONITOR_GROUP_UDEV
, -1);
179 _public_
int sd_device_monitor_stop(sd_device_monitor
*m
) {
180 assert_return(m
, -EINVAL
);
182 m
->event_source
= sd_event_source_unref(m
->event_source
);
183 (void) device_monitor_disconnect(m
);
188 static int device_monitor_event_handler(sd_event_source
*s
, int fd
, uint32_t revents
, void *userdata
) {
189 _cleanup_(sd_device_unrefp
) sd_device
*device
= NULL
;
190 sd_device_monitor
*m
= userdata
;
194 if (device_monitor_receive_device(m
, &device
) <= 0)
198 return m
->callback(m
, device
, m
->userdata
);
203 _public_
int sd_device_monitor_start(sd_device_monitor
*m
, sd_device_monitor_handler_t callback
, void *userdata
, const char *description
) {
204 _cleanup_(sd_event_source_unrefp
) sd_event_source
*s
= NULL
;
207 assert_return(m
, -EINVAL
);
210 r
= sd_device_monitor_attach_event(m
, NULL
, 0);
215 r
= device_monitor_enable_receiving(m
);
219 m
->callback
= callback
;
220 m
->userdata
= userdata
;
222 r
= sd_event_add_io(m
->event
, &s
, m
->sock
, EPOLLIN
, device_monitor_event_handler
, m
);
226 r
= sd_event_source_set_priority(s
, m
->event_priority
);
231 r
= sd_event_source_set_description(s
, description
);
236 m
->event_source
= TAKE_PTR(s
);
241 _public_
int sd_device_monitor_detach_event(sd_device_monitor
*m
) {
242 assert_return(m
, -EINVAL
);
244 (void) sd_device_monitor_stop(m
);
245 m
->event
= sd_event_unref(m
->event
);
250 _public_
int sd_device_monitor_attach_event(sd_device_monitor
*m
, sd_event
*event
, int64_t priority
) {
253 assert_return(m
, -EINVAL
);
254 assert_return(!m
->event
, -EBUSY
);
257 m
->event
= sd_event_ref(event
);
259 r
= sd_event_default(&m
->event
);
264 m
->event_priority
= priority
;
269 _public_ sd_event
*sd_device_monitor_get_event(sd_device_monitor
*m
) {
270 assert_return(m
, NULL
);
275 int device_monitor_enable_receiving(sd_device_monitor
*m
) {
278 assert_return(m
, -EINVAL
);
280 if (!m
->filter_uptodate
) {
281 r
= sd_device_monitor_filter_update(m
);
283 return log_debug_errno(r
, "Failed to update filter: %m");
287 if (bind(m
->sock
, &m
->snl
.sa
, sizeof(struct sockaddr_nl
)) < 0)
288 return log_debug_errno(errno
, "Failed to bind monitoring socket to event source: %m");
293 r
= monitor_set_nl_address(m
);
295 return log_debug_errno(r
, "Failed to set address: %m");
297 /* enable receiving of sender credentials */
298 r
= setsockopt_int(m
->sock
, SOL_SOCKET
, SO_PASSCRED
, true);
300 return log_debug_errno(r
, "Failed to set socket option SO_PASSCRED: %m");
305 static sd_device_monitor
*device_monitor_free(sd_device_monitor
*m
) {
308 (void) sd_device_monitor_detach_event(m
);
310 hashmap_free_free_free(m
->subsystem_filter
);
311 set_free_free(m
->tag_filter
);
316 DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(sd_device_monitor
, sd_device_monitor
, device_monitor_free
);
318 static int passes_filter(sd_device_monitor
*m
, sd_device
*device
) {
319 const char *tag
, *subsystem
, *devtype
, *s
, *d
= NULL
;
323 assert_return(m
, -EINVAL
);
324 assert_return(device
, -EINVAL
);
326 if (hashmap_isempty(m
->subsystem_filter
))
329 r
= sd_device_get_subsystem(device
, &s
);
333 r
= sd_device_get_devtype(device
, &d
);
334 if (r
< 0 && r
!= -ENOENT
)
337 HASHMAP_FOREACH_KEY(devtype
, subsystem
, m
->subsystem_filter
, i
) {
338 if (!streq(s
, subsystem
))
347 if (streq(d
, devtype
))
354 if (set_isempty(m
->tag_filter
))
357 SET_FOREACH(tag
, m
->tag_filter
, i
)
358 if (sd_device_has_tag(device
, tag
) > 0)
364 int device_monitor_receive_device(sd_device_monitor
*m
, sd_device
**ret
) {
365 _cleanup_(sd_device_unrefp
) sd_device
*device
= NULL
;
367 monitor_netlink_header nlh
;
372 .iov_len
= sizeof(buf
)
374 char cred_msg
[CMSG_SPACE(sizeof(struct ucred
))];
375 union sockaddr_union snl
;
376 struct msghdr smsg
= {
379 .msg_control
= cred_msg
,
380 .msg_controllen
= sizeof(cred_msg
),
382 .msg_namelen
= sizeof(snl
),
384 struct cmsghdr
*cmsg
;
386 ssize_t buflen
, bufpos
;
387 bool is_initialized
= false;
392 buflen
= recvmsg(m
->sock
, &smsg
, 0);
395 log_debug_errno(errno
, "Failed to receive message: %m");
399 if (buflen
< 32 || (smsg
.msg_flags
& MSG_TRUNC
))
400 return log_debug_errno(EINVAL
, "Invalid message length.");
402 if (snl
.nl
.nl_groups
== MONITOR_GROUP_NONE
) {
403 /* unicast message, check if we trust the sender */
404 if (m
->snl_trusted_sender
.nl
.nl_pid
== 0 ||
405 snl
.nl
.nl_pid
!= m
->snl_trusted_sender
.nl
.nl_pid
)
406 return log_debug_errno(EAGAIN
, "Unicast netlink message ignored.");
408 } else if (snl
.nl
.nl_groups
== MONITOR_GROUP_KERNEL
) {
409 if (snl
.nl
.nl_pid
> 0)
410 return log_debug_errno(EAGAIN
, "Multicast kernel netlink message from PID %"PRIu32
" ignored.", snl
.nl
.nl_pid
);
413 cmsg
= CMSG_FIRSTHDR(&smsg
);
414 if (!cmsg
|| cmsg
->cmsg_type
!= SCM_CREDENTIALS
)
415 return log_debug_errno(EAGAIN
, "No sender credentials received, message ignored.");
417 cred
= (struct ucred
*) CMSG_DATA(cmsg
);
419 return log_debug_errno(EAGAIN
, "Sender uid="UID_FMT
", message ignored.", cred
->uid
);
421 if (streq(buf
.raw
, "libudev")) {
422 /* udev message needs proper version magic */
423 if (buf
.nlh
.magic
!= htobe32(UDEV_MONITOR_MAGIC
))
424 return log_debug_errno(EAGAIN
, "Invalid message signature (%x != %x)",
425 buf
.nlh
.magic
, htobe32(UDEV_MONITOR_MAGIC
));
427 if (buf
.nlh
.properties_off
+32 > (size_t) buflen
)
428 return log_debug_errno(EAGAIN
, "Invalid message length (%u > %zd)",
429 buf
.nlh
.properties_off
+32, buflen
);
431 bufpos
= buf
.nlh
.properties_off
;
433 /* devices received from udev are always initialized */
434 is_initialized
= true;
437 /* kernel message with header */
438 bufpos
= strlen(buf
.raw
) + 1;
439 if ((size_t) bufpos
< sizeof("a@/d") || bufpos
>= buflen
)
440 return log_debug_errno(EAGAIN
, "Invalid message length");
442 /* check message header */
443 if (!strstr(buf
.raw
, "@/"))
444 return log_debug_errno(EAGAIN
, "Invalid message header");
447 r
= device_new_from_nulstr(&device
, (uint8_t*) &buf
.raw
[bufpos
], buflen
- bufpos
);
449 return log_debug_errno(r
, "Failed to create device: %m");
452 device_set_is_initialized(device
);
454 /* Skip device, if it does not pass the current filter */
455 r
= passes_filter(m
, device
);
457 return log_device_debug_errno(device
, r
, "Failed to check received device passing filter: %m");
459 log_device_debug(device
, "Received device does not pass filter, ignoring");
461 *ret
= TAKE_PTR(device
);
466 static uint32_t string_hash32(const char *str
) {
467 return MurmurHash2(str
, strlen(str
), 0);
470 /* Get a bunch of bit numbers out of the hash, and set the bits in our bit field */
471 static uint64_t string_bloom64(const char *str
) {
473 uint32_t hash
= string_hash32(str
);
475 bits
|= 1LLU << (hash
& 63);
476 bits
|= 1LLU << ((hash
>> 6) & 63);
477 bits
|= 1LLU << ((hash
>> 12) & 63);
478 bits
|= 1LLU << ((hash
>> 18) & 63);
482 int device_monitor_send_device(
483 sd_device_monitor
*m
,
484 sd_device_monitor
*destination
,
487 monitor_netlink_header nlh
= {
489 .magic
= htobe32(UDEV_MONITOR_MAGIC
),
490 .header_size
= sizeof nlh
,
492 struct iovec iov
[2] = {
493 { .iov_base
= &nlh
, .iov_len
= sizeof nlh
},
495 struct msghdr smsg
= {
499 /* default destination for sending */
500 union sockaddr_union default_destination
= {
501 .nl
.nl_family
= AF_NETLINK
,
502 .nl
.nl_groups
= MONITOR_GROUP_UDEV
,
504 uint64_t tag_bloom_bits
;
505 const char *buf
, *val
;
513 r
= device_get_properties_nulstr(device
, (const uint8_t **) &buf
, &blen
);
515 return log_debug_errno(r
, "Failed to get device properties: %m");
517 log_debug("Device buffer is too small to contain a valid device");
521 /* fill in versioned header */
522 r
= sd_device_get_subsystem(device
, &val
);
524 return log_device_debug_errno(device
, r
, "Failed to get device subsystem: %m");
525 nlh
.filter_subsystem_hash
= htobe32(string_hash32(val
));
527 if (sd_device_get_devtype(device
, &val
) >= 0)
528 nlh
.filter_devtype_hash
= htobe32(string_hash32(val
));
530 /* add tag bloom filter */
532 FOREACH_DEVICE_TAG(device
, val
)
533 tag_bloom_bits
|= string_bloom64(val
);
535 if (tag_bloom_bits
> 0) {
536 nlh
.filter_tag_bloom_hi
= htobe32(tag_bloom_bits
>> 32);
537 nlh
.filter_tag_bloom_lo
= htobe32(tag_bloom_bits
& 0xffffffff);
540 /* add properties list */
541 nlh
.properties_off
= iov
[0].iov_len
;
542 nlh
.properties_len
= blen
;
543 iov
[1] = (struct iovec
) {
544 .iov_base
= (char*) buf
,
549 * Use custom address for target, or the default one.
551 * If we send to a multicast group, we will get
552 * ECONNREFUSED, which is expected.
554 smsg
.msg_name
= destination
? &destination
->snl
: &default_destination
;
555 smsg
.msg_namelen
= sizeof(struct sockaddr_nl
);
556 count
= sendmsg(m
->sock
, &smsg
, 0);
558 if (!destination
&& errno
== ECONNREFUSED
) {
559 log_device_debug(device
, "Passed to netlink monitor");
562 return log_device_debug_errno(device
, errno
, "Failed to send device to netlink monitor: %m");
565 log_device_debug(device
, "Passed %zi byte to netlink monitor", count
);
569 static void bpf_stmt(struct sock_filter
*ins
, unsigned *i
,
570 unsigned short code
, unsigned data
) {
571 ins
[(*i
)++] = (struct sock_filter
) {
577 static void bpf_jmp(struct sock_filter
*ins
, unsigned *i
,
578 unsigned short code
, unsigned data
,
579 unsigned short jt
, unsigned short jf
) {
580 ins
[(*i
)++] = (struct sock_filter
) {
588 _public_
int sd_device_monitor_filter_update(sd_device_monitor
*m
) {
589 struct sock_filter ins
[512] = {};
590 struct sock_fprog filter
;
591 const char *subsystem
, *devtype
, *tag
;
595 assert_return(m
, -EINVAL
);
597 if (hashmap_isempty(m
->subsystem_filter
) &&
598 set_isempty(m
->tag_filter
)) {
599 m
->filter_uptodate
= true;
603 /* load magic in A */
604 bpf_stmt(ins
, &i
, BPF_LD
|BPF_W
|BPF_ABS
, offsetof(monitor_netlink_header
, magic
));
605 /* jump if magic matches */
606 bpf_jmp(ins
, &i
, BPF_JMP
|BPF_JEQ
|BPF_K
, UDEV_MONITOR_MAGIC
, 1, 0);
607 /* wrong magic, pass packet */
608 bpf_stmt(ins
, &i
, BPF_RET
|BPF_K
, 0xffffffff);
610 if (!set_isempty(m
->tag_filter
)) {
611 int tag_matches
= set_size(m
->tag_filter
);
613 /* add all tags matches */
614 SET_FOREACH(tag
, m
->tag_filter
, it
) {
615 uint64_t tag_bloom_bits
= string_bloom64(tag
);
616 uint32_t tag_bloom_hi
= tag_bloom_bits
>> 32;
617 uint32_t tag_bloom_lo
= tag_bloom_bits
& 0xffffffff;
619 /* load device bloom bits in A */
620 bpf_stmt(ins
, &i
, BPF_LD
|BPF_W
|BPF_ABS
, offsetof(monitor_netlink_header
, filter_tag_bloom_hi
));
621 /* clear bits (tag bits & bloom bits) */
622 bpf_stmt(ins
, &i
, BPF_ALU
|BPF_AND
|BPF_K
, tag_bloom_hi
);
623 /* jump to next tag if it does not match */
624 bpf_jmp(ins
, &i
, BPF_JMP
|BPF_JEQ
|BPF_K
, tag_bloom_hi
, 0, 3);
626 /* load device bloom bits in A */
627 bpf_stmt(ins
, &i
, BPF_LD
|BPF_W
|BPF_ABS
, offsetof(monitor_netlink_header
, filter_tag_bloom_lo
));
628 /* clear bits (tag bits & bloom bits) */
629 bpf_stmt(ins
, &i
, BPF_ALU
|BPF_AND
|BPF_K
, tag_bloom_lo
);
630 /* jump behind end of tag match block if tag matches */
632 bpf_jmp(ins
, &i
, BPF_JMP
|BPF_JEQ
|BPF_K
, tag_bloom_lo
, 1 + (tag_matches
* 6), 0);
635 /* nothing matched, drop packet */
636 bpf_stmt(ins
, &i
, BPF_RET
|BPF_K
, 0);
639 /* add all subsystem matches */
640 if (!hashmap_isempty(m
->subsystem_filter
)) {
641 HASHMAP_FOREACH_KEY(devtype
, subsystem
, m
->subsystem_filter
, it
) {
642 uint32_t hash
= string_hash32(subsystem
);
644 /* load device subsystem value in A */
645 bpf_stmt(ins
, &i
, BPF_LD
|BPF_W
|BPF_ABS
, offsetof(monitor_netlink_header
, filter_subsystem_hash
));
647 /* jump if subsystem does not match */
648 bpf_jmp(ins
, &i
, BPF_JMP
|BPF_JEQ
|BPF_K
, hash
, 0, 1);
650 hash
= string_hash32(devtype
);
652 /* jump if subsystem does not match */
653 bpf_jmp(ins
, &i
, BPF_JMP
|BPF_JEQ
|BPF_K
, hash
, 0, 3);
654 /* load device devtype value in A */
655 bpf_stmt(ins
, &i
, BPF_LD
|BPF_W
|BPF_ABS
, offsetof(monitor_netlink_header
, filter_devtype_hash
));
656 /* jump if value does not match */
657 bpf_jmp(ins
, &i
, BPF_JMP
|BPF_JEQ
|BPF_K
, hash
, 0, 1);
660 /* matched, pass packet */
661 bpf_stmt(ins
, &i
, BPF_RET
|BPF_K
, 0xffffffff);
663 if (i
+1 >= ELEMENTSOF(ins
))
667 /* nothing matched, drop packet */
668 bpf_stmt(ins
, &i
, BPF_RET
|BPF_K
, 0);
671 /* matched, pass packet */
672 bpf_stmt(ins
, &i
, BPF_RET
|BPF_K
, 0xffffffff);
675 filter
= (struct sock_fprog
) {
679 if (setsockopt(m
->sock
, SOL_SOCKET
, SO_ATTACH_FILTER
, &filter
, sizeof(filter
)) < 0)
682 m
->filter_uptodate
= true;
686 _public_
int sd_device_monitor_filter_add_match_subsystem_devtype(sd_device_monitor
*m
, const char *subsystem
, const char *devtype
) {
687 _cleanup_free_
char *s
= NULL
, *d
= NULL
;
690 assert_return(m
, -EINVAL
);
691 assert_return(subsystem
, -EINVAL
);
693 s
= strdup(subsystem
);
703 r
= hashmap_ensure_allocated(&m
->subsystem_filter
, NULL
);
707 r
= hashmap_put(m
->subsystem_filter
, s
, d
);
712 m
->filter_uptodate
= false;
717 _public_
int sd_device_monitor_filter_add_match_tag(sd_device_monitor
*m
, const char *tag
) {
718 _cleanup_free_
char *t
= NULL
;
721 assert_return(m
, -EINVAL
);
722 assert_return(tag
, -EINVAL
);
728 r
= set_ensure_allocated(&m
->tag_filter
, &string_hash_ops
);
732 r
= set_put(m
->tag_filter
, t
);
739 m
->filter_uptodate
= false;
744 _public_
int sd_device_monitor_filter_remove(sd_device_monitor
*m
) {
745 static const struct sock_fprog filter
= { 0, NULL
};
747 assert_return(m
, -EINVAL
);
749 m
->subsystem_filter
= hashmap_free_free_free(m
->subsystem_filter
);
750 m
->tag_filter
= set_free_free(m
->tag_filter
);
752 if (setsockopt(m
->sock
, SOL_SOCKET
, SO_ATTACH_FILTER
, &filter
, sizeof(filter
)) < 0)
755 m
->filter_uptodate
= true;