Received: by 10.192.165.148 with SMTP id m20csp672687imm; Fri, 4 May 2018 18:01:53 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpmIpEMZXh0hkr1EByCbN4u5qTXM3t51HItgVFIEQIr1iYsi+V+o8+ROakkbvcinE4S1LRK X-Received: by 2002:a63:b008:: with SMTP id h8-v6mr23874436pgf.448.1525482113721; Fri, 04 May 2018 18:01:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525482113; cv=none; d=google.com; s=arc-20160816; b=jhuJ14CgypEMWg/iJdvPaV80EBb7UQgM+QPDgUIFwlE5uJTN12LbNF6liOBAFLTbAC soB2GK6kd39y1ynAsuYGum8qmYiXem4FO3AlM2IurooZFsi58N7DaAIn0XVycRJ739Tj 87+ClgdPTvSQVtDCw18OPjEjiLq5EESGSzN+ve1INLGJsn39OLJOLRLSC4CPRFisNKNk Qal6xwPRUnXFoAjeUam8aPUhYK7VDhfUYI99Z7M7/pe+WS8r1YWFEkkZ+mozEm82qt1j uXqYi5xzyDyhcktWUn5sUZ4v+xS1mZD4rkG8Q3o1iqlUsSCMp522/JedkFjyQXEQfYKS NMFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=3CyNBKwTx1k6VI7SWCX/1OJmHh/WQQE8oT2jjstU1Gk=; b=0xwCDj5MZpe5NTN2PJa/ElIMNE5FPgq9/AoGwQrkhNYgxmCTagUTJxHRU5ceSk69jr Sid8rylVBUt12ybb7roTWcZNpHzL9RS0WQvAZiv/ol1P9XNrAoiuyLyBpf+cNZ1aO2vv amukew9fhkc4c/ywTUv4wpLlH8VbPKZgGZZ0jzwIxkIGtv1xzIZNFa3UszfOnJM51Nmk knX2p1TAtiAF5B6RTjGbbiiDfF339gk0X+p4Pb/ZkVdI5iU0XpDuPHTWonFAQLquyb+d 2GRmqFJnESW2sB74WhrnJjfhJN2TFgPrE0FNpFjl/H9yP2Pugh+mC8RvCV57nTGIJpLR Qjeg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=HkWdZENe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g1-v6si8316702pld.11.2018.05.04.18.01.18; Fri, 04 May 2018 18:01:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=HkWdZENe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751845AbeEEBBD (ORCPT + 99 others); Fri, 4 May 2018 21:01:03 -0400 Received: from mail-pg0-f66.google.com ([74.125.83.66]:34742 "EHLO mail-pg0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751684AbeEEBBB (ORCPT ); Fri, 4 May 2018 21:01:01 -0400 Received: by mail-pg0-f66.google.com with SMTP id g20-v6so9819239pgv.1; Fri, 04 May 2018 18:01:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=3CyNBKwTx1k6VI7SWCX/1OJmHh/WQQE8oT2jjstU1Gk=; b=HkWdZENeX1wIm521t2KlScyV5s+aKMP93TfqznFIPfVFnZdq7TUZyA56b5S8BSYfw9 Vepw7fx/blE303eRYBP8QpL9FuuOcoeHvwx8XOhUb2ZzZEYuZHYKCFuFh/rhosIj6mDt 0DvzBAAR9TKuFnV/j6UcFE//cix88SNtp4dAdInrnAKfZKjHkrJQqmvbb04FyANKm+Wz MjuDlWEY8HTWwuv3CA1XQAnPZdhP4oFWbNxjuH/c1ynYL771oHw+tFu9efAJVwR21bmO H6BrUYXs/eRbTuF2B9Pgv7ExEhoXSq6gN2XHidM2cXFXikijN0Bzj5vAcqIAXDjyFueD DCKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=3CyNBKwTx1k6VI7SWCX/1OJmHh/WQQE8oT2jjstU1Gk=; b=jogrNRHJ4uJ/u4ibhec/wwET9lQRn012bnuCE86cyPM1UBFfjojEDxNi7L3o66acDG 6tRJ9WnL6+aOl4yNocQZXY8SsyY7c0/sKZ8UOHMrbXj9BteiWo+qzcP/95iyU3n9ULXf 6MAW7yPebCYk7DsHZI1fxCP096lhFeuhWFF/HtGdYa8sho04jLC8LHK6eOpJfqIE4hsA Z8ZFVDRWBk3Asz20E/o/Q1B5CZ7DnnaGMKCQ30l9VVc5X9bv15nSIslKTqyinZ2CkSyd ZuNBvrDlou0iq8Aa+sXFKd0P7kMGtvCUmb1azXut4b1SGzyJhEdsSKu3DCP2SeNA/Br6 AxaA== X-Gm-Message-State: ALQs6tB0HZMmnowdGgA4rrTV4Yc7EW1bilgeScgsipx8e1xnG9mARy7l Cr/T/TuujbwRiMHNOwI5e/4= X-Received: by 10.98.238.21 with SMTP id e21mr24347939pfi.203.1525482061095; Fri, 04 May 2018 18:01:01 -0700 (PDT) Received: from ast-mbp ([2620:10d:c090:180::1:f46c]) by smtp.gmail.com with ESMTPSA id p6sm31430946pfg.157.2018.05.04.18.00.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 May 2018 18:01:00 -0700 (PDT) Date: Fri, 4 May 2018 18:00:58 -0700 From: Alexei Starovoitov To: Edward Cree Cc: Alexei Starovoitov , davem@davemloft.net, daniel@iogearbox.net, torvalds@linux-foundation.org, gregkh@linuxfoundation.org, luto@amacapital.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-team@fb.com Subject: Re: [PATCH v2 net-next 2/4] net: add skeleton of bpfilter kernel module Message-ID: <20180505010056.are63gsmf7yrlxpe@ast-mbp> References: <20180503043604.1604587-1-ast@kernel.org> <20180503043604.1604587-3-ast@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: NeoMutt/20180223 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 03, 2018 at 03:23:55PM +0100, Edward Cree wrote: > On 03/05/18 05:36, Alexei Starovoitov wrote: > > bpfilter.ko consists of bpfilter_kern.c (normal kernel module code) > > and user mode helper code that is embedded into bpfilter.ko > > > > The steps to build bpfilter.ko are the following: > > - main.c is compiled by HOSTCC into the bpfilter_umh elf executable file > > - with quite a bit of objcopy and Makefile magic the bpfilter_umh elf file > > is converted into bpfilter_umh.o object file > > with _binary_net_bpfilter_bpfilter_umh_start and _end symbols > > Example: > > $ nm ./bld_x64/net/bpfilter/bpfilter_umh.o > > 0000000000004cf8 T _binary_net_bpfilter_bpfilter_umh_end > > 0000000000004cf8 A _binary_net_bpfilter_bpfilter_umh_size > > 0000000000000000 T _binary_net_bpfilter_bpfilter_umh_start > > - bpfilter_umh.o and bpfilter_kern.o are linked together into bpfilter.ko > > > > bpfilter_kern.c is a normal kernel module code that calls > > the fork_usermode_blob() helper to execute part of its own data > > as a user mode process. > > > > Notice that _binary_net_bpfilter_bpfilter_umh_start - end > > is placed into .init.rodata section, so it's freed as soon as __init > > function of bpfilter.ko is finished. > > As part of __init the bpfilter.ko does first request/reply action > > via two unix pipe provided by fork_usermode_blob() helper to > > make sure that umh is healthy. If not it will kill it via pid. > > > > Later bpfilter_process_sockopt() will be called from bpfilter hooks > > in get/setsockopt() to pass iptable commands into umh via bpfilter.ko > > > > If admin does 'rmmod bpfilter' the __exit code bpfilter.ko will > > kill umh as well. > > > > Signed-off-by: Alexei Starovoitov ... > > +static void stop_umh(void) > > +{ > > + if (bpfilter_process_sockopt) { > I worry about locking here.? Is it possible for two calls to > ?bpfilter_process_sockopt() to run in parallel, both fail, and thus both > ?call stop_umh()?? And if both end up calling shutdown_umh(), we double > ?fput(). I thought iptables sockopt is serialized earlier. Nope. We need to grab the mutex to access these pipes. Will fix. Thanks for spelling nits. Will fix as well.