2 This file is part of systemd.
4 Copyright 2008-2012 Kay Sievers <kay@vrfy.org>
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
29 #include <sys/socket.h>
31 #include <arpa/inet.h>
32 #include <linux/netlink.h>
33 #include <linux/filter.h>
36 #include "libudev-private.h"
37 #include "socket-util.h"
40 * SECTION:libudev-monitor
41 * @short_description: device event source
43 * Connects to a device event source.
49 * Opaque object handling an event source.
55 union sockaddr_union snl;
56 union sockaddr_union snl_trusted_sender;
57 union sockaddr_union snl_destination;
59 struct udev_list filter_subsystem_list;
60 struct udev_list filter_tag_list;
64 enum udev_monitor_netlink_group {
70 #define UDEV_MONITOR_MAGIC 0xfeedcafe
71 struct udev_monitor_netlink_header {
72 /* "libudev" prefix to distinguish libudev and kernel messages */
75 * magic to protect against daemon <-> library message format mismatch
76 * used in the kernel from socket filter rules; needs to be stored in network order
79 /* total length of header structure known to the sender */
80 unsigned int header_size;
81 /* properties string buffer */
82 unsigned int properties_off;
83 unsigned int properties_len;
85 * hashes of primary device properties strings, to let libudev subscribers
86 * use in-kernel socket filters; values need to be stored in network order
88 unsigned int filter_subsystem_hash;
89 unsigned int filter_devtype_hash;
90 unsigned int filter_tag_bloom_hi;
91 unsigned int filter_tag_bloom_lo;
94 static struct udev_monitor *udev_monitor_new(struct udev *udev)
96 struct udev_monitor *udev_monitor;
98 udev_monitor = calloc(1, sizeof(struct udev_monitor));
99 if (udev_monitor == NULL)
101 udev_monitor->refcount = 1;
102 udev_monitor->udev = udev;
103 udev_list_init(udev, &udev_monitor->filter_subsystem_list, false);
104 udev_list_init(udev, &udev_monitor->filter_tag_list, true);
108 struct udev_monitor *udev_monitor_new_from_netlink_fd(struct udev *udev, const char *name, int fd)
110 struct udev_monitor *udev_monitor;
117 group = UDEV_MONITOR_NONE;
118 else if (streq(name, "udev"))
119 group = UDEV_MONITOR_UDEV;
120 else if (streq(name, "kernel"))
121 group = UDEV_MONITOR_KERNEL;
125 udev_monitor = udev_monitor_new(udev);
126 if (udev_monitor == NULL)
130 udev_monitor->sock = socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_KOBJECT_UEVENT);
131 if (udev_monitor->sock == -1) {
132 udev_err(udev, "error getting socket: %m\n");
137 udev_monitor->bound = true;
138 udev_monitor->sock = fd;
141 udev_monitor->snl.nl.nl_family = AF_NETLINK;
142 udev_monitor->snl.nl.nl_groups = group;
144 /* default destination for sending */
145 udev_monitor->snl_destination.nl.nl_family = AF_NETLINK;
146 udev_monitor->snl_destination.nl.nl_groups = UDEV_MONITOR_UDEV;
152 * udev_monitor_new_from_netlink:
153 * @udev: udev library context
154 * @name: name of event source
156 * Create new udev monitor and connect to a specified event
157 * source. Valid sources identifiers are "udev" and "kernel".
159 * Applications should usually not connect directly to the
160 * "kernel" events, because the devices might not be useable
161 * at that time, before udev has configured them, and created
162 * device nodes. Accessing devices at the same time as udev,
163 * might result in unpredictable behavior. The "udev" events
164 * are sent out after udev has finished its event processing,
165 * all rules have been processed, and needed device nodes are
168 * The initial refcount is 1, and needs to be decremented to
169 * release the resources of the udev monitor.
171 * Returns: a new udev monitor, or #NULL, in case of an error
173 _public_ struct udev_monitor *udev_monitor_new_from_netlink(struct udev *udev, const char *name)
175 return udev_monitor_new_from_netlink_fd(udev, name, -1);
178 static inline void bpf_stmt(struct sock_filter *inss, unsigned int *i,
179 unsigned short code, unsigned int data)
181 struct sock_filter *ins = &inss[*i];
188 static inline void bpf_jmp(struct sock_filter *inss, unsigned int *i,
189 unsigned short code, unsigned int data,
190 unsigned short jt, unsigned short jf)
192 struct sock_filter *ins = &inss[*i];
202 * udev_monitor_filter_update:
203 * @udev_monitor: monitor
205 * Update the installed socket filter. This is only needed,
206 * if the filter was removed or changed.
208 * Returns: 0 on success, otherwise a negative error value.
210 _public_ int udev_monitor_filter_update(struct udev_monitor *udev_monitor)
212 struct sock_filter ins[512];
213 struct sock_fprog filter;
215 struct udev_list_entry *list_entry;
218 if (udev_list_get_entry(&udev_monitor->filter_subsystem_list) == NULL &&
219 udev_list_get_entry(&udev_monitor->filter_tag_list) == NULL)
222 memset(ins, 0x00, sizeof(ins));
225 /* load magic in A */
226 bpf_stmt(ins, &i, BPF_LD|BPF_W|BPF_ABS, offsetof(struct udev_monitor_netlink_header, magic));
227 /* jump if magic matches */
228 bpf_jmp(ins, &i, BPF_JMP|BPF_JEQ|BPF_K, UDEV_MONITOR_MAGIC, 1, 0);
229 /* wrong magic, pass packet */
230 bpf_stmt(ins, &i, BPF_RET|BPF_K, 0xffffffff);
232 if (udev_list_get_entry(&udev_monitor->filter_tag_list) != NULL) {
235 /* count tag matches, to calculate end of tag match block */
237 udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_monitor->filter_tag_list))
240 /* add all tags matches */
241 udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_monitor->filter_tag_list)) {
242 uint64_t tag_bloom_bits = util_string_bloom64(udev_list_entry_get_name(list_entry));
243 uint32_t tag_bloom_hi = tag_bloom_bits >> 32;
244 uint32_t tag_bloom_lo = tag_bloom_bits & 0xffffffff;
246 /* load device bloom bits in A */
247 bpf_stmt(ins, &i, BPF_LD|BPF_W|BPF_ABS, offsetof(struct udev_monitor_netlink_header, filter_tag_bloom_hi));
248 /* clear bits (tag bits & bloom bits) */
249 bpf_stmt(ins, &i, BPF_ALU|BPF_AND|BPF_K, tag_bloom_hi);
250 /* jump to next tag if it does not match */
251 bpf_jmp(ins, &i, BPF_JMP|BPF_JEQ|BPF_K, tag_bloom_hi, 0, 3);
253 /* load device bloom bits in A */
254 bpf_stmt(ins, &i, BPF_LD|BPF_W|BPF_ABS, offsetof(struct udev_monitor_netlink_header, filter_tag_bloom_lo));
255 /* clear bits (tag bits & bloom bits) */
256 bpf_stmt(ins, &i, BPF_ALU|BPF_AND|BPF_K, tag_bloom_lo);
257 /* jump behind end of tag match block if tag matches */
259 bpf_jmp(ins, &i, BPF_JMP|BPF_JEQ|BPF_K, tag_bloom_lo, 1 + (tag_matches * 6), 0);
262 /* nothing matched, drop packet */
263 bpf_stmt(ins, &i, BPF_RET|BPF_K, 0);
266 /* add all subsystem matches */
267 if (udev_list_get_entry(&udev_monitor->filter_subsystem_list) != NULL) {
268 udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_monitor->filter_subsystem_list)) {
269 unsigned int hash = util_string_hash32(udev_list_entry_get_name(list_entry));
271 /* load device subsystem value in A */
272 bpf_stmt(ins, &i, BPF_LD|BPF_W|BPF_ABS, offsetof(struct udev_monitor_netlink_header, filter_subsystem_hash));
273 if (udev_list_entry_get_value(list_entry) == NULL) {
274 /* jump if subsystem does not match */
275 bpf_jmp(ins, &i, BPF_JMP|BPF_JEQ|BPF_K, hash, 0, 1);
277 /* jump if subsystem does not match */
278 bpf_jmp(ins, &i, BPF_JMP|BPF_JEQ|BPF_K, hash, 0, 3);
280 /* load device devtype value in A */
281 bpf_stmt(ins, &i, BPF_LD|BPF_W|BPF_ABS, offsetof(struct udev_monitor_netlink_header, filter_devtype_hash));
282 /* jump if value does not match */
283 hash = util_string_hash32(udev_list_entry_get_value(list_entry));
284 bpf_jmp(ins, &i, BPF_JMP|BPF_JEQ|BPF_K, hash, 0, 1);
287 /* matched, pass packet */
288 bpf_stmt(ins, &i, BPF_RET|BPF_K, 0xffffffff);
290 if (i+1 >= ELEMENTSOF(ins))
294 /* nothing matched, drop packet */
295 bpf_stmt(ins, &i, BPF_RET|BPF_K, 0);
298 /* matched, pass packet */
299 bpf_stmt(ins, &i, BPF_RET|BPF_K, 0xffffffff);
302 memset(&filter, 0x00, sizeof(filter));
305 err = setsockopt(udev_monitor->sock, SOL_SOCKET, SO_ATTACH_FILTER, &filter, sizeof(filter));
309 int udev_monitor_allow_unicast_sender(struct udev_monitor *udev_monitor, struct udev_monitor *sender)
311 udev_monitor->snl_trusted_sender.nl.nl_pid = sender->snl.nl.nl_pid;
315 * udev_monitor_enable_receiving:
316 * @udev_monitor: the monitor which should receive events
318 * Binds the @udev_monitor socket to the event source.
320 * Returns: 0 on success, otherwise a negative error value.
322 _public_ int udev_monitor_enable_receiving(struct udev_monitor *udev_monitor)
327 if (udev_monitor->snl.nl.nl_family == 0)
330 udev_monitor_filter_update(udev_monitor);
332 if (!udev_monitor->bound) {
333 err = bind(udev_monitor->sock,
334 &udev_monitor->snl.sa, sizeof(struct sockaddr_nl));
336 udev_monitor->bound = true;
340 union sockaddr_union snl;
344 * get the address the kernel has assigned us
345 * it is usually, but not necessarily the pid
347 addrlen = sizeof(struct sockaddr_nl);
348 err = getsockname(udev_monitor->sock, &snl.sa, &addrlen);
350 udev_monitor->snl.nl.nl_pid = snl.nl.nl_pid;
352 udev_err(udev_monitor->udev, "bind failed: %m\n");
356 /* enable receiving of sender credentials */
357 setsockopt(udev_monitor->sock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on));
362 * udev_monitor_set_receive_buffer_size:
363 * @udev_monitor: the monitor which should receive events
364 * @size: the size in bytes
366 * Set the size of the kernel socket buffer. This call needs the
367 * appropriate privileges to succeed.
369 * Returns: 0 on success, otherwise -1 on error.
371 _public_ int udev_monitor_set_receive_buffer_size(struct udev_monitor *udev_monitor, int size)
373 if (udev_monitor == NULL)
375 return setsockopt(udev_monitor->sock, SOL_SOCKET, SO_RCVBUFFORCE, &size, sizeof(size));
378 int udev_monitor_disconnect(struct udev_monitor *udev_monitor)
382 err = close(udev_monitor->sock);
383 udev_monitor->sock = -1;
389 * @udev_monitor: udev monitor
391 * Take a reference of a udev monitor.
393 * Returns: the passed udev monitor
395 _public_ struct udev_monitor *udev_monitor_ref(struct udev_monitor *udev_monitor)
397 if (udev_monitor == NULL)
399 udev_monitor->refcount++;
404 * udev_monitor_unref:
405 * @udev_monitor: udev monitor
407 * Drop a reference of a udev monitor. If the refcount reaches zero,
408 * the bound socket will be closed, and the resources of the monitor
411 * Returns: the passed udev monitor if it has still an active reference, or #NULL otherwise.
413 _public_ struct udev_monitor *udev_monitor_unref(struct udev_monitor *udev_monitor)
415 if (udev_monitor == NULL)
417 udev_monitor->refcount--;
418 if (udev_monitor->refcount > 0)
420 if (udev_monitor->sock >= 0)
421 close(udev_monitor->sock);
422 udev_list_cleanup(&udev_monitor->filter_subsystem_list);
423 udev_list_cleanup(&udev_monitor->filter_tag_list);
429 * udev_monitor_get_udev:
430 * @udev_monitor: udev monitor
432 * Retrieve the udev library context the monitor was created with.
434 * Returns: the udev library context
436 _public_ struct udev *udev_monitor_get_udev(struct udev_monitor *udev_monitor)
438 if (udev_monitor == NULL)
440 return udev_monitor->udev;
444 * udev_monitor_get_fd:
445 * @udev_monitor: udev monitor
447 * Retrieve the socket file descriptor associated with the monitor.
449 * Returns: the socket file descriptor
451 _public_ int udev_monitor_get_fd(struct udev_monitor *udev_monitor)
453 if (udev_monitor == NULL)
455 return udev_monitor->sock;
458 static int passes_filter(struct udev_monitor *udev_monitor, struct udev_device *udev_device)
460 struct udev_list_entry *list_entry;
462 if (udev_list_get_entry(&udev_monitor->filter_subsystem_list) == NULL)
464 udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_monitor->filter_subsystem_list)) {
465 const char *subsys = udev_list_entry_get_name(list_entry);
466 const char *dsubsys = udev_device_get_subsystem(udev_device);
468 const char *ddevtype;
470 if (!streq(dsubsys, subsys))
473 devtype = udev_list_entry_get_value(list_entry);
476 ddevtype = udev_device_get_devtype(udev_device);
477 if (ddevtype == NULL)
479 if (streq(ddevtype, devtype))
485 if (udev_list_get_entry(&udev_monitor->filter_tag_list) == NULL)
487 udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_monitor->filter_tag_list)) {
488 const char *tag = udev_list_entry_get_name(list_entry);
490 if (udev_device_has_tag(udev_device, tag))
497 * udev_monitor_receive_device:
498 * @udev_monitor: udev monitor
500 * Receive data from the udev monitor socket, allocate a new udev
501 * device, fill in the received data, and return the device.
503 * Only socket connections with uid=0 are accepted.
505 * The monitor socket is by default set to NONBLOCK. A variant of poll() on
506 * the file descriptor returned by udev_monitor_get_fd() should to be used to
507 * wake up when new devices arrive, or alternatively the file descriptor
508 * switched into blocking mode.
510 * The initial refcount is 1, and needs to be decremented to
511 * release the resources of the udev device.
513 * Returns: a new udev device, or #NULL, in case of an error
515 _public_ struct udev_device *udev_monitor_receive_device(struct udev_monitor *udev_monitor)
517 struct udev_device *udev_device;
520 char cred_msg[CMSG_SPACE(sizeof(struct ucred))];
521 struct cmsghdr *cmsg;
522 union sockaddr_union snl;
527 struct udev_monitor_netlink_header *nlh;
530 if (udev_monitor == NULL)
533 iov.iov_len = sizeof(buf);
534 memset (&smsg, 0x00, sizeof(struct msghdr));
537 smsg.msg_control = cred_msg;
538 smsg.msg_controllen = sizeof(cred_msg);
540 if (udev_monitor->snl.nl.nl_family != 0) {
541 smsg.msg_name = &snl;
542 smsg.msg_namelen = sizeof(snl);
545 buflen = recvmsg(udev_monitor->sock, &smsg, 0);
548 udev_dbg(udev_monitor->udev, "unable to receive message\n");
552 if (buflen < 32 || (size_t)buflen >= sizeof(buf)) {
553 udev_dbg(udev_monitor->udev, "invalid message length\n");
557 if (udev_monitor->snl.nl.nl_family != 0) {
558 if (snl.nl.nl_groups == 0) {
559 /* unicast message, check if we trust the sender */
560 if (udev_monitor->snl_trusted_sender.nl.nl_pid == 0 ||
561 snl.nl.nl_pid != udev_monitor->snl_trusted_sender.nl.nl_pid) {
562 udev_dbg(udev_monitor->udev, "unicast netlink message ignored\n");
565 } else if (snl.nl.nl_groups == UDEV_MONITOR_KERNEL) {
566 if (snl.nl.nl_pid > 0) {
567 udev_dbg(udev_monitor->udev, "multicast kernel netlink message from pid %d ignored\n",
574 cmsg = CMSG_FIRSTHDR(&smsg);
575 if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) {
576 udev_dbg(udev_monitor->udev, "no sender credentials received, message ignored\n");
580 cred = (struct ucred *)CMSG_DATA(cmsg);
581 if (cred->uid != 0) {
582 udev_dbg(udev_monitor->udev, "sender uid=%d, message ignored\n", cred->uid);
586 if (memcmp(buf, "libudev", 8) == 0) {
587 /* udev message needs proper version magic */
588 nlh = (struct udev_monitor_netlink_header *) buf;
589 if (nlh->magic != htonl(UDEV_MONITOR_MAGIC)) {
590 udev_err(udev_monitor->udev, "unrecognized message signature (%x != %x)\n",
591 nlh->magic, htonl(UDEV_MONITOR_MAGIC));
594 if (nlh->properties_off+32 > (size_t)buflen)
596 bufpos = nlh->properties_off;
598 /* kernel message with header */
599 bufpos = strlen(buf) + 1;
600 if ((size_t)bufpos < sizeof("a@/d") || bufpos >= buflen) {
601 udev_dbg(udev_monitor->udev, "invalid message length\n");
605 /* check message header */
606 if (strstr(buf, "@/") == NULL) {
607 udev_dbg(udev_monitor->udev, "unrecognized message header\n");
612 udev_device = udev_device_new(udev_monitor->udev);
613 if (udev_device == NULL)
615 udev_device_set_info_loaded(udev_device);
617 while (bufpos < buflen) {
622 keylen = strlen(key);
625 bufpos += keylen + 1;
626 udev_device_add_property_from_string_parse(udev_device, key);
629 if (udev_device_add_property_from_string_parse_finish(udev_device) < 0) {
630 udev_dbg(udev_monitor->udev, "missing values, invalid device\n");
631 udev_device_unref(udev_device);
635 /* skip device, if it does not pass the current filter */
636 if (!passes_filter(udev_monitor, udev_device)) {
637 struct pollfd pfd[1];
640 udev_device_unref(udev_device);
642 /* if something is queued, get next device */
643 pfd[0].fd = udev_monitor->sock;
644 pfd[0].events = POLLIN;
645 rc = poll(pfd, 1, 0);
654 int udev_monitor_send_device(struct udev_monitor *udev_monitor,
655 struct udev_monitor *destination, struct udev_device *udev_device)
663 struct udev_monitor_netlink_header nlh;
664 struct udev_list_entry *list_entry;
665 uint64_t tag_bloom_bits;
667 if (udev_monitor->snl.nl.nl_family == 0)
670 blen = udev_device_get_properties_monitor_buf(udev_device, &buf);
674 /* add versioned header */
675 memset(&nlh, 0x00, sizeof(struct udev_monitor_netlink_header));
676 memcpy(nlh.prefix, "libudev", 8);
677 nlh.magic = htonl(UDEV_MONITOR_MAGIC);
678 nlh.header_size = sizeof(struct udev_monitor_netlink_header);
679 val = udev_device_get_subsystem(udev_device);
680 nlh.filter_subsystem_hash = htonl(util_string_hash32(val));
681 val = udev_device_get_devtype(udev_device);
683 nlh.filter_devtype_hash = htonl(util_string_hash32(val));
684 iov[0].iov_base = &nlh;
685 iov[0].iov_len = sizeof(struct udev_monitor_netlink_header);
687 /* add tag bloom filter */
689 udev_list_entry_foreach(list_entry, udev_device_get_tags_list_entry(udev_device))
690 tag_bloom_bits |= util_string_bloom64(udev_list_entry_get_name(list_entry));
691 if (tag_bloom_bits > 0) {
692 nlh.filter_tag_bloom_hi = htonl(tag_bloom_bits >> 32);
693 nlh.filter_tag_bloom_lo = htonl(tag_bloom_bits & 0xffffffff);
696 /* add properties list */
697 nlh.properties_off = iov[0].iov_len;
698 nlh.properties_len = blen;
699 iov[1].iov_base = (char *)buf;
700 iov[1].iov_len = blen;
702 memset(&smsg, 0x00, sizeof(struct msghdr));
706 * Use custom address for target, or the default one.
708 * If we send to a multicast group, we will get
709 * ECONNREFUSED, which is expected.
711 if (destination != NULL)
712 smsg.msg_name = &destination->snl;
714 smsg.msg_name = &udev_monitor->snl_destination;
715 smsg.msg_namelen = sizeof(struct sockaddr_nl);
716 count = sendmsg(udev_monitor->sock, &smsg, 0);
717 udev_dbg(udev_monitor->udev, "passed %zi bytes to netlink monitor %p\n", count, udev_monitor);
722 * udev_monitor_filter_add_match_subsystem_devtype:
723 * @udev_monitor: the monitor
724 * @subsystem: the subsystem value to match the incoming devices against
725 * @devtype: the devtype value to match the incoming devices against
727 * This filter is efficiently executed inside the kernel, and libudev subscribers
728 * will usually not be woken up for devices which do not match.
730 * The filter must be installed before the monitor is switched to listening mode.
732 * Returns: 0 on success, otherwise a negative error value.
734 _public_ int udev_monitor_filter_add_match_subsystem_devtype(struct udev_monitor *udev_monitor, const char *subsystem, const char *devtype)
736 if (udev_monitor == NULL)
738 if (subsystem == NULL)
740 if (udev_list_entry_add(&udev_monitor->filter_subsystem_list, subsystem, devtype) == NULL)
746 * udev_monitor_filter_add_match_tag:
747 * @udev_monitor: the monitor
748 * @tag: the name of a tag
750 * This filter is efficiently executed inside the kernel, and libudev subscribers
751 * will usually not be woken up for devices which do not match.
753 * The filter must be installed before the monitor is switched to listening mode.
755 * Returns: 0 on success, otherwise a negative error value.
757 _public_ int udev_monitor_filter_add_match_tag(struct udev_monitor *udev_monitor, const char *tag)
759 if (udev_monitor == NULL)
763 if (udev_list_entry_add(&udev_monitor->filter_tag_list, tag, NULL) == NULL)
769 * udev_monitor_filter_remove:
770 * @udev_monitor: monitor
772 * Remove all filters from monitor.
774 * Returns: 0 on success, otherwise a negative error value.
776 _public_ int udev_monitor_filter_remove(struct udev_monitor *udev_monitor)
778 static struct sock_fprog filter = { 0, NULL };
780 udev_list_cleanup(&udev_monitor->filter_subsystem_list);
781 return setsockopt(udev_monitor->sock, SOL_SOCKET, SO_ATTACH_FILTER, &filter, sizeof(filter));
~ianmdlvl / elogind.git / blob