2 This file is part of systemd.
4 Copyright 2008-2012 Kay Sievers <kay@vrfy.org>
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
29 #include <sys/socket.h>
31 #include <arpa/inet.h>
32 #include <linux/netlink.h>
33 #include <linux/filter.h>
36 #include "libudev-private.h"
37 #include "socket-util.h"
40 * SECTION:libudev-monitor
41 * @short_description: device event source
43 * Connects to a device event source.
49 * Opaque object handling an event source.
55 union sockaddr_union snl;
56 union sockaddr_union snl_trusted_sender;
57 union sockaddr_union snl_destination;
59 struct udev_list filter_subsystem_list;
60 struct udev_list filter_tag_list;
64 enum udev_monitor_netlink_group {
70 #define UDEV_MONITOR_MAGIC 0xfeedcafe
71 struct udev_monitor_netlink_header {
72 /* "libudev" prefix to distinguish libudev and kernel messages */
75 * magic to protect against daemon <-> library message format mismatch
76 * used in the kernel from socket filter rules; needs to be stored in network order
79 /* total length of header structure known to the sender */
80 unsigned int header_size;
81 /* properties string buffer */
82 unsigned int properties_off;
83 unsigned int properties_len;
85 * hashes of primary device properties strings, to let libudev subscribers
86 * use in-kernel socket filters; values need to be stored in network order
88 unsigned int filter_subsystem_hash;
89 unsigned int filter_devtype_hash;
90 unsigned int filter_tag_bloom_hi;
91 unsigned int filter_tag_bloom_lo;
94 static struct udev_monitor *udev_monitor_new(struct udev *udev)
96 struct udev_monitor *udev_monitor;
98 udev_monitor = calloc(1, sizeof(struct udev_monitor));
99 if (udev_monitor == NULL)
101 udev_monitor->refcount = 1;
102 udev_monitor->udev = udev;
103 udev_list_init(udev, &udev_monitor->filter_subsystem_list, false);
104 udev_list_init(udev, &udev_monitor->filter_tag_list, true);
108 struct udev_monitor *udev_monitor_new_from_netlink_fd(struct udev *udev, const char *name, int fd)
110 struct udev_monitor *udev_monitor;
117 group = UDEV_MONITOR_NONE;
118 else if (streq(name, "udev"))
119 group = UDEV_MONITOR_UDEV;
120 else if (streq(name, "kernel"))
121 group = UDEV_MONITOR_KERNEL;
125 udev_monitor = udev_monitor_new(udev);
126 if (udev_monitor == NULL)
130 udev_monitor->sock = socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_KOBJECT_UEVENT);
131 if (udev_monitor->sock == -1) {
132 udev_err(udev, "error getting socket: %m\n");
137 udev_monitor->bound = true;
138 udev_monitor->sock = fd;
141 udev_monitor->snl.nl.nl_family = AF_NETLINK;
142 udev_monitor->snl.nl.nl_groups = group;
144 /* default destination for sending */
145 udev_monitor->snl_destination.nl.nl_family = AF_NETLINK;
146 udev_monitor->snl_destination.nl.nl_groups = UDEV_MONITOR_UDEV;
152 * udev_monitor_new_from_netlink:
153 * @udev: udev library context
154 * @name: name of event source
156 * Create new udev monitor and connect to a specified event
157 * source. Valid sources identifiers are "udev" and "kernel".
159 * Applications should usually not connect directly to the
160 * "kernel" events, because the devices might not be useable
161 * at that time, before udev has configured them, and created
162 * device nodes. Accessing devices at the same time as udev,
163 * might result in unpredictable behavior. The "udev" events
164 * are sent out after udev has finished its event processing,
165 * all rules have been processed, and needed device nodes are
168 * The initial refcount is 1, and needs to be decremented to
169 * release the resources of the udev monitor.
171 * Returns: a new udev monitor, or #NULL, in case of an error
173 _public_ struct udev_monitor *udev_monitor_new_from_netlink(struct udev *udev, const char *name)
175 return udev_monitor_new_from_netlink_fd(udev, name, -1);
178 static inline void bpf_stmt(struct sock_filter *inss, unsigned int *i,
179 unsigned short code, unsigned int data)
181 struct sock_filter *ins = &inss[*i];
188 static inline void bpf_jmp(struct sock_filter *inss, unsigned int *i,
189 unsigned short code, unsigned int data,
190 unsigned short jt, unsigned short jf)
192 struct sock_filter *ins = &inss[*i];
202 * udev_monitor_filter_update:
203 * @udev_monitor: monitor
205 * Update the installed socket filter. This is only needed,
206 * if the filter was removed or changed.
208 * Returns: 0 on success, otherwise a negative error value.
210 _public_ int udev_monitor_filter_update(struct udev_monitor *udev_monitor)
212 struct sock_filter ins[512];
213 struct sock_fprog filter;
215 struct udev_list_entry *list_entry;
218 if (udev_list_get_entry(&udev_monitor->filter_subsystem_list) == NULL &&
219 udev_list_get_entry(&udev_monitor->filter_tag_list) == NULL)
222 memset(ins, 0x00, sizeof(ins));
225 /* load magic in A */
226 bpf_stmt(ins, &i, BPF_LD|BPF_W|BPF_ABS, offsetof(struct udev_monitor_netlink_header, magic));
227 /* jump if magic matches */
228 bpf_jmp(ins, &i, BPF_JMP|BPF_JEQ|BPF_K, UDEV_MONITOR_MAGIC, 1, 0);
229 /* wrong magic, pass packet */
230 bpf_stmt(ins, &i, BPF_RET|BPF_K, 0xffffffff);
232 if (udev_list_get_entry(&udev_monitor->filter_tag_list) != NULL) {
235 /* count tag matches, to calculate end of tag match block */
237 udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_monitor->filter_tag_list))
240 /* add all tags matches */
241 udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_monitor->filter_tag_list)) {
242 uint64_t tag_bloom_bits = util_string_bloom64(udev_list_entry_get_name(list_entry));
243 uint32_t tag_bloom_hi = tag_bloom_bits >> 32;
244 uint32_t tag_bloom_lo = tag_bloom_bits & 0xffffffff;
246 /* load device bloom bits in A */
247 bpf_stmt(ins, &i, BPF_LD|BPF_W|BPF_ABS, offsetof(struct udev_monitor_netlink_header, filter_tag_bloom_hi));
248 /* clear bits (tag bits & bloom bits) */
249 bpf_stmt(ins, &i, BPF_ALU|BPF_AND|BPF_K, tag_bloom_hi);
250 /* jump to next tag if it does not match */
251 bpf_jmp(ins, &i, BPF_JMP|BPF_JEQ|BPF_K, tag_bloom_hi, 0, 3);
253 /* load device bloom bits in A */
254 bpf_stmt(ins, &i, BPF_LD|BPF_W|BPF_ABS, offsetof(struct udev_monitor_netlink_header, filter_tag_bloom_lo));
255 /* clear bits (tag bits & bloom bits) */
256 bpf_stmt(ins, &i, BPF_ALU|BPF_AND|BPF_K, tag_bloom_lo);
257 /* jump behind end of tag match block if tag matches */
259 bpf_jmp(ins, &i, BPF_JMP|BPF_JEQ|BPF_K, tag_bloom_lo, 1 + (tag_matches * 6), 0);
262 /* nothing matched, drop packet */
263 bpf_stmt(ins, &i, BPF_RET|BPF_K, 0);
266 /* add all subsystem matches */
267 if (udev_list_get_entry(&udev_monitor->filter_subsystem_list) != NULL) {
268 udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_monitor->filter_subsystem_list)) {
269 unsigned int hash = util_string_hash32(udev_list_entry_get_name(list_entry));
271 /* load device subsystem value in A */
272 bpf_stmt(ins, &i, BPF_LD|BPF_W|BPF_ABS, offsetof(struct udev_monitor_netlink_header, filter_subsystem_hash));
273 if (udev_list_entry_get_value(list_entry) == NULL) {
274 /* jump if subsystem does not match */
275 bpf_jmp(ins, &i, BPF_JMP|BPF_JEQ|BPF_K, hash, 0, 1);
277 /* jump if subsystem does not match */
278 bpf_jmp(ins, &i, BPF_JMP|BPF_JEQ|BPF_K, hash, 0, 3);
280 /* load device devtype value in A */
281 bpf_stmt(ins, &i, BPF_LD|BPF_W|BPF_ABS, offsetof(struct udev_monitor_netlink_header, filter_devtype_hash));
282 /* jump if value does not match */
283 hash = util_string_hash32(udev_list_entry_get_value(list_entry));
284 bpf_jmp(ins, &i, BPF_JMP|BPF_JEQ|BPF_K, hash, 0, 1);
287 /* matched, pass packet */
288 bpf_stmt(ins, &i, BPF_RET|BPF_K, 0xffffffff);
290 if (i+1 >= ELEMENTSOF(ins))
294 /* nothing matched, drop packet */
295 bpf_stmt(ins, &i, BPF_RET|BPF_K, 0);
298 /* matched, pass packet */
299 bpf_stmt(ins, &i, BPF_RET|BPF_K, 0xffffffff);
302 memset(&filter, 0x00, sizeof(filter));
305 err = setsockopt(udev_monitor->sock, SOL_SOCKET, SO_ATTACH_FILTER, &filter, sizeof(filter));
306 return err < 0 ? -errno : 0;
309 int udev_monitor_allow_unicast_sender(struct udev_monitor *udev_monitor, struct udev_monitor *sender)
311 udev_monitor->snl_trusted_sender.nl.nl_pid = sender->snl.nl.nl_pid;
315 * udev_monitor_enable_receiving:
316 * @udev_monitor: the monitor which should receive events
318 * Binds the @udev_monitor socket to the event source.
320 * Returns: 0 on success, otherwise a negative error value.
322 _public_ int udev_monitor_enable_receiving(struct udev_monitor *udev_monitor)
327 udev_monitor_filter_update(udev_monitor);
329 if (!udev_monitor->bound) {
330 err = bind(udev_monitor->sock,
331 &udev_monitor->snl.sa, sizeof(struct sockaddr_nl));
333 udev_monitor->bound = true;
337 union sockaddr_union snl;
341 * get the address the kernel has assigned us
342 * it is usually, but not necessarily the pid
344 addrlen = sizeof(struct sockaddr_nl);
345 err = getsockname(udev_monitor->sock, &snl.sa, &addrlen);
347 udev_monitor->snl.nl.nl_pid = snl.nl.nl_pid;
349 udev_err(udev_monitor->udev, "bind failed: %m\n");
353 /* enable receiving of sender credentials */
354 setsockopt(udev_monitor->sock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on));
359 * udev_monitor_set_receive_buffer_size:
360 * @udev_monitor: the monitor which should receive events
361 * @size: the size in bytes
363 * Set the size of the kernel socket buffer. This call needs the
364 * appropriate privileges to succeed.
366 * Returns: 0 on success, otherwise -1 on error.
368 _public_ int udev_monitor_set_receive_buffer_size(struct udev_monitor *udev_monitor, int size)
370 if (udev_monitor == NULL)
372 return setsockopt(udev_monitor->sock, SOL_SOCKET, SO_RCVBUFFORCE, &size, sizeof(size));
375 int udev_monitor_disconnect(struct udev_monitor *udev_monitor)
379 err = close(udev_monitor->sock);
380 udev_monitor->sock = -1;
381 return err < 0 ? -errno : 0;
386 * @udev_monitor: udev monitor
388 * Take a reference of a udev monitor.
390 * Returns: the passed udev monitor
392 _public_ struct udev_monitor *udev_monitor_ref(struct udev_monitor *udev_monitor)
394 if (udev_monitor == NULL)
396 udev_monitor->refcount++;
401 * udev_monitor_unref:
402 * @udev_monitor: udev monitor
404 * Drop a reference of a udev monitor. If the refcount reaches zero,
405 * the bound socket will be closed, and the resources of the monitor
410 _public_ struct udev_monitor *udev_monitor_unref(struct udev_monitor *udev_monitor)
412 if (udev_monitor == NULL)
414 udev_monitor->refcount--;
415 if (udev_monitor->refcount > 0)
417 if (udev_monitor->sock >= 0)
418 close(udev_monitor->sock);
419 udev_list_cleanup(&udev_monitor->filter_subsystem_list);
420 udev_list_cleanup(&udev_monitor->filter_tag_list);
426 * udev_monitor_get_udev:
427 * @udev_monitor: udev monitor
429 * Retrieve the udev library context the monitor was created with.
431 * Returns: the udev library context
433 _public_ struct udev *udev_monitor_get_udev(struct udev_monitor *udev_monitor)
435 if (udev_monitor == NULL)
437 return udev_monitor->udev;
441 * udev_monitor_get_fd:
442 * @udev_monitor: udev monitor
444 * Retrieve the socket file descriptor associated with the monitor.
446 * Returns: the socket file descriptor
448 _public_ int udev_monitor_get_fd(struct udev_monitor *udev_monitor)
450 if (udev_monitor == NULL)
452 return udev_monitor->sock;
455 static int passes_filter(struct udev_monitor *udev_monitor, struct udev_device *udev_device)
457 struct udev_list_entry *list_entry;
459 if (udev_list_get_entry(&udev_monitor->filter_subsystem_list) == NULL)
461 udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_monitor->filter_subsystem_list)) {
462 const char *subsys = udev_list_entry_get_name(list_entry);
463 const char *dsubsys = udev_device_get_subsystem(udev_device);
465 const char *ddevtype;
467 if (!streq(dsubsys, subsys))
470 devtype = udev_list_entry_get_value(list_entry);
473 ddevtype = udev_device_get_devtype(udev_device);
474 if (ddevtype == NULL)
476 if (streq(ddevtype, devtype))
482 if (udev_list_get_entry(&udev_monitor->filter_tag_list) == NULL)
484 udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_monitor->filter_tag_list)) {
485 const char *tag = udev_list_entry_get_name(list_entry);
487 if (udev_device_has_tag(udev_device, tag))
494 * udev_monitor_receive_device:
495 * @udev_monitor: udev monitor
497 * Receive data from the udev monitor socket, allocate a new udev
498 * device, fill in the received data, and return the device.
500 * Only socket connections with uid=0 are accepted.
502 * The monitor socket is by default set to NONBLOCK. A variant of poll() on
503 * the file descriptor returned by udev_monitor_get_fd() should to be used to
504 * wake up when new devices arrive, or alternatively the file descriptor
505 * switched into blocking mode.
507 * The initial refcount is 1, and needs to be decremented to
508 * release the resources of the udev device.
510 * Returns: a new udev device, or #NULL, in case of an error
512 _public_ struct udev_device *udev_monitor_receive_device(struct udev_monitor *udev_monitor)
514 struct udev_device *udev_device;
517 char cred_msg[CMSG_SPACE(sizeof(struct ucred))];
518 struct cmsghdr *cmsg;
519 union sockaddr_union snl;
526 if (udev_monitor == NULL)
529 iov.iov_len = sizeof(buf);
530 memset (&smsg, 0x00, sizeof(struct msghdr));
533 smsg.msg_control = cred_msg;
534 smsg.msg_controllen = sizeof(cred_msg);
535 smsg.msg_name = &snl;
536 smsg.msg_namelen = sizeof(snl);
538 buflen = recvmsg(udev_monitor->sock, &smsg, 0);
541 udev_dbg(udev_monitor->udev, "unable to receive message\n");
545 if (buflen < 32 || (size_t)buflen >= sizeof(buf)) {
546 udev_dbg(udev_monitor->udev, "invalid message length\n");
550 if (snl.nl.nl_groups == 0) {
551 /* unicast message, check if we trust the sender */
552 if (udev_monitor->snl_trusted_sender.nl.nl_pid == 0 ||
553 snl.nl.nl_pid != udev_monitor->snl_trusted_sender.nl.nl_pid) {
554 udev_dbg(udev_monitor->udev, "unicast netlink message ignored\n");
557 } else if (snl.nl.nl_groups == UDEV_MONITOR_KERNEL) {
558 if (snl.nl.nl_pid > 0) {
559 udev_dbg(udev_monitor->udev, "multicast kernel netlink message from pid %d ignored\n",
565 cmsg = CMSG_FIRSTHDR(&smsg);
566 if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) {
567 udev_dbg(udev_monitor->udev, "no sender credentials received, message ignored\n");
571 cred = (struct ucred *)CMSG_DATA(cmsg);
572 if (cred->uid != 0) {
573 udev_dbg(udev_monitor->udev, "sender uid=%d, message ignored\n", cred->uid);
577 udev_device = udev_device_new(udev_monitor->udev);
578 if (udev_device == NULL)
581 if (memcmp(buf, "libudev", 8) == 0) {
582 struct udev_monitor_netlink_header *nlh;
584 /* udev message needs proper version magic */
585 nlh = (struct udev_monitor_netlink_header *) buf;
586 if (nlh->magic != htonl(UDEV_MONITOR_MAGIC)) {
587 udev_err(udev_monitor->udev, "unrecognized message signature (%x != %x)\n",
588 nlh->magic, htonl(UDEV_MONITOR_MAGIC));
589 udev_device_unref(udev_device);
592 if (nlh->properties_off+32 > (size_t)buflen) {
593 udev_device_unref(udev_device);
597 bufpos = nlh->properties_off;
599 /* devices received from udev are always initialized */
600 udev_device_set_is_initialized(udev_device);
602 /* kernel message with header */
603 bufpos = strlen(buf) + 1;
604 if ((size_t)bufpos < sizeof("a@/d") || bufpos >= buflen) {
605 udev_dbg(udev_monitor->udev, "invalid message length\n");
606 udev_device_unref(udev_device);
610 /* check message header */
611 if (strstr(buf, "@/") == NULL) {
612 udev_dbg(udev_monitor->udev, "unrecognized message header\n");
613 udev_device_unref(udev_device);
618 udev_device_set_info_loaded(udev_device);
620 while (bufpos < buflen) {
625 keylen = strlen(key);
628 bufpos += keylen + 1;
629 udev_device_add_property_from_string_parse(udev_device, key);
632 if (udev_device_add_property_from_string_parse_finish(udev_device) < 0) {
633 udev_dbg(udev_monitor->udev, "missing values, invalid device\n");
634 udev_device_unref(udev_device);
638 /* skip device, if it does not pass the current filter */
639 if (!passes_filter(udev_monitor, udev_device)) {
640 struct pollfd pfd[1];
643 udev_device_unref(udev_device);
645 /* if something is queued, get next device */
646 pfd[0].fd = udev_monitor->sock;
647 pfd[0].events = POLLIN;
648 rc = poll(pfd, 1, 0);
657 int udev_monitor_send_device(struct udev_monitor *udev_monitor,
658 struct udev_monitor *destination, struct udev_device *udev_device)
666 struct udev_monitor_netlink_header nlh;
667 struct udev_list_entry *list_entry;
668 uint64_t tag_bloom_bits;
670 blen = udev_device_get_properties_monitor_buf(udev_device, &buf);
674 /* add versioned header */
675 memset(&nlh, 0x00, sizeof(struct udev_monitor_netlink_header));
676 memcpy(nlh.prefix, "libudev", 8);
677 nlh.magic = htonl(UDEV_MONITOR_MAGIC);
678 nlh.header_size = sizeof(struct udev_monitor_netlink_header);
679 val = udev_device_get_subsystem(udev_device);
680 nlh.filter_subsystem_hash = htonl(util_string_hash32(val));
681 val = udev_device_get_devtype(udev_device);
683 nlh.filter_devtype_hash = htonl(util_string_hash32(val));
684 iov[0].iov_base = &nlh;
685 iov[0].iov_len = sizeof(struct udev_monitor_netlink_header);
687 /* add tag bloom filter */
689 udev_list_entry_foreach(list_entry, udev_device_get_tags_list_entry(udev_device))
690 tag_bloom_bits |= util_string_bloom64(udev_list_entry_get_name(list_entry));
691 if (tag_bloom_bits > 0) {
692 nlh.filter_tag_bloom_hi = htonl(tag_bloom_bits >> 32);
693 nlh.filter_tag_bloom_lo = htonl(tag_bloom_bits & 0xffffffff);
696 /* add properties list */
697 nlh.properties_off = iov[0].iov_len;
698 nlh.properties_len = blen;
699 iov[1].iov_base = (char *)buf;
700 iov[1].iov_len = blen;
702 memset(&smsg, 0x00, sizeof(struct msghdr));
706 * Use custom address for target, or the default one.
708 * If we send to a multicast group, we will get
709 * ECONNREFUSED, which is expected.
711 if (destination != NULL)
712 smsg.msg_name = &destination->snl;
714 smsg.msg_name = &udev_monitor->snl_destination;
715 smsg.msg_namelen = sizeof(struct sockaddr_nl);
716 count = sendmsg(udev_monitor->sock, &smsg, 0);
717 udev_dbg(udev_monitor->udev, "passed %zi bytes to netlink monitor %p\n", count, udev_monitor);
722 * udev_monitor_filter_add_match_subsystem_devtype:
723 * @udev_monitor: the monitor
724 * @subsystem: the subsystem value to match the incoming devices against
725 * @devtype: the devtype value to match the incoming devices against
727 * This filter is efficiently executed inside the kernel, and libudev subscribers
728 * will usually not be woken up for devices which do not match.
730 * The filter must be installed before the monitor is switched to listening mode.
732 * Returns: 0 on success, otherwise a negative error value.
734 _public_ int udev_monitor_filter_add_match_subsystem_devtype(struct udev_monitor *udev_monitor, const char *subsystem, const char *devtype)
736 if (udev_monitor == NULL)
738 if (subsystem == NULL)
740 if (udev_list_entry_add(&udev_monitor->filter_subsystem_list, subsystem, devtype) == NULL)
746 * udev_monitor_filter_add_match_tag:
747 * @udev_monitor: the monitor
748 * @tag: the name of a tag
750 * This filter is efficiently executed inside the kernel, and libudev subscribers
751 * will usually not be woken up for devices which do not match.
753 * The filter must be installed before the monitor is switched to listening mode.
755 * Returns: 0 on success, otherwise a negative error value.
757 _public_ int udev_monitor_filter_add_match_tag(struct udev_monitor *udev_monitor, const char *tag)
759 if (udev_monitor == NULL)
763 if (udev_list_entry_add(&udev_monitor->filter_tag_list, tag, NULL) == NULL)
769 * udev_monitor_filter_remove:
770 * @udev_monitor: monitor
772 * Remove all filters from monitor.
774 * Returns: 0 on success, otherwise a negative error value.
776 _public_ int udev_monitor_filter_remove(struct udev_monitor *udev_monitor)
778 static struct sock_fprog filter = { 0, NULL };
780 udev_list_cleanup(&udev_monitor->filter_subsystem_list);
781 return setsockopt(udev_monitor->sock, SOL_SOCKET, SO_ATTACH_FILTER, &filter, sizeof(filter));