Message ID | 1528987172-19810-3-git-send-email-yamada.masahiro@socionext.com |
---|---|
State | Changes Requested, archived |
Delegated to: | David Miller |
Headers | show |
Series | net: bpfilter: clean-up build rules | expand |
On Thu, Jun 14, 2018 at 11:39:31PM +0900, Masahiro Yamada wrote: > What we want here is to embed a user-space program into the kernel. > Instead of the complex ELF magic, let's simply wrap it in the assembly > with the '.incbin' directive. > > Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> > --- > > Changes in v2: > - Rebase > > net/bpfilter/Makefile | 15 ++------------- > net/bpfilter/bpfilter_kern.c | 11 +++++------ > net/bpfilter/bpfilter_umh_blob.S | 7 +++++++ > 3 files changed, 14 insertions(+), 19 deletions(-) > create mode 100644 net/bpfilter/bpfilter_umh_blob.S > > diff --git a/net/bpfilter/Makefile b/net/bpfilter/Makefile > index e0bbe75..39c6980 100644 > --- a/net/bpfilter/Makefile > +++ b/net/bpfilter/Makefile > @@ -15,18 +15,7 @@ ifeq ($(CONFIG_BPFILTER_UMH), y) > HOSTLDFLAGS += -static > endif > > -# a bit of elf magic to convert bpfilter_umh binary into a binary blob > -# inside bpfilter_umh.o elf file referenced by > -# _binary_net_bpfilter_bpfilter_umh_start symbol > -# which bpfilter_kern.c passes further into umh blob loader at run-time > -quiet_cmd_copy_umh = GEN $@ > - cmd_copy_umh = echo ':' > $(obj)/.bpfilter_umh.o.cmd; \ > - $(OBJCOPY) -I binary -O `$(OBJDUMP) -f $<|grep format|cut -d' ' -f8` \ > - -B `$(OBJDUMP) -f $<|grep architecture|cut -d, -f1|cut -d' ' -f2` \ > - --rename-section .data=.init.rodata $< $@ > - > -$(obj)/bpfilter_umh.o: $(obj)/bpfilter_umh > - $(call cmd,copy_umh) > +$(obj)/bpfilter_umh_blob.o: $(obj)/bpfilter_umh > > obj-$(CONFIG_BPFILTER_UMH) += bpfilter.o > -bpfilter-objs += bpfilter_kern.o bpfilter_umh.o > +bpfilter-objs += bpfilter_kern.o bpfilter_umh_blob.o > diff --git a/net/bpfilter/bpfilter_kern.c b/net/bpfilter/bpfilter_kern.c > index 0952257..6de3ae5 100644 > --- a/net/bpfilter/bpfilter_kern.c > +++ b/net/bpfilter/bpfilter_kern.c > @@ -10,11 +10,8 @@ > #include <linux/file.h> > #include "msgfmt.h" > > -#define UMH_start _binary_net_bpfilter_bpfilter_umh_start > -#define UMH_end _binary_net_bpfilter_bpfilter_umh_end > - > -extern char UMH_start; > -extern char UMH_end; > +extern char bpfilter_umh_start; > +extern char bpfilter_umh_end; > > static struct umh_info info; > /* since ip_getsockopt() can run in parallel, serialize access to umh */ > @@ -93,7 +90,9 @@ static int __init load_umh(void) > int err; > > /* fork usermode process */ > - err = fork_usermode_blob(&UMH_start, &UMH_end - &UMH_start, &info); > + err = fork_usermode_blob(&bpfilter_umh_end, > + &bpfilter_umh_end - &bpfilter_umh_start, > + &info); > if (err) > return err; > pr_info("Loaded bpfilter_umh pid %d\n", info.pid); > diff --git a/net/bpfilter/bpfilter_umh_blob.S b/net/bpfilter/bpfilter_umh_blob.S > new file mode 100644 > index 0000000..40311d1 > --- /dev/null > +++ b/net/bpfilter/bpfilter_umh_blob.S > @@ -0,0 +1,7 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > + .section .init.rodata, "a" > + .global bpfilter_umh_start > +bpfilter_umh_start: > + .incbin "net/bpfilter/bpfilter_umh" > + .global bpfilter_umh_end > +bpfilter_umh_end: for some reason it doesn't work. fork_usermode_blob() returns ENOEXEC You should be able to test it simply running 'iptables -L'. Without this patch you should see: [ 12.696937] bpfilter: Loaded bpfilter_umh pid 225 Started bpfilter where first line comes from kernel module and second from umh.
Hi Alexei, 2018-06-15 9:47 GMT+09:00 Alexei Starovoitov <alexei.starovoitov@gmail.com>: > On Thu, Jun 14, 2018 at 11:39:31PM +0900, Masahiro Yamada wrote: >> What we want here is to embed a user-space program into the kernel. >> Instead of the complex ELF magic, let's simply wrap it in the assembly >> with the '.incbin' directive. >> >> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> >> --- >> >> Changes in v2: >> - Rebase >> >> net/bpfilter/Makefile | 15 ++------------- >> net/bpfilter/bpfilter_kern.c | 11 +++++------ >> net/bpfilter/bpfilter_umh_blob.S | 7 +++++++ >> 3 files changed, 14 insertions(+), 19 deletions(-) >> create mode 100644 net/bpfilter/bpfilter_umh_blob.S >> >> diff --git a/net/bpfilter/Makefile b/net/bpfilter/Makefile >> index e0bbe75..39c6980 100644 >> --- a/net/bpfilter/Makefile >> +++ b/net/bpfilter/Makefile >> @@ -15,18 +15,7 @@ ifeq ($(CONFIG_BPFILTER_UMH), y) >> HOSTLDFLAGS += -static >> endif >> >> -# a bit of elf magic to convert bpfilter_umh binary into a binary blob >> -# inside bpfilter_umh.o elf file referenced by >> -# _binary_net_bpfilter_bpfilter_umh_start symbol >> -# which bpfilter_kern.c passes further into umh blob loader at run-time >> -quiet_cmd_copy_umh = GEN $@ >> - cmd_copy_umh = echo ':' > $(obj)/.bpfilter_umh.o.cmd; \ >> - $(OBJCOPY) -I binary -O `$(OBJDUMP) -f $<|grep format|cut -d' ' -f8` \ >> - -B `$(OBJDUMP) -f $<|grep architecture|cut -d, -f1|cut -d' ' -f2` \ >> - --rename-section .data=.init.rodata $< $@ >> - >> -$(obj)/bpfilter_umh.o: $(obj)/bpfilter_umh >> - $(call cmd,copy_umh) >> +$(obj)/bpfilter_umh_blob.o: $(obj)/bpfilter_umh >> >> obj-$(CONFIG_BPFILTER_UMH) += bpfilter.o >> -bpfilter-objs += bpfilter_kern.o bpfilter_umh.o >> +bpfilter-objs += bpfilter_kern.o bpfilter_umh_blob.o >> diff --git a/net/bpfilter/bpfilter_kern.c b/net/bpfilter/bpfilter_kern.c >> index 0952257..6de3ae5 100644 >> --- a/net/bpfilter/bpfilter_kern.c >> +++ b/net/bpfilter/bpfilter_kern.c >> @@ -10,11 +10,8 @@ >> #include <linux/file.h> >> #include "msgfmt.h" >> >> -#define UMH_start _binary_net_bpfilter_bpfilter_umh_start >> -#define UMH_end _binary_net_bpfilter_bpfilter_umh_end >> - >> -extern char UMH_start; >> -extern char UMH_end; >> +extern char bpfilter_umh_start; >> +extern char bpfilter_umh_end; >> >> static struct umh_info info; >> /* since ip_getsockopt() can run in parallel, serialize access to umh */ >> @@ -93,7 +90,9 @@ static int __init load_umh(void) >> int err; >> >> /* fork usermode process */ >> - err = fork_usermode_blob(&UMH_start, &UMH_end - &UMH_start, &info); >> + err = fork_usermode_blob(&bpfilter_umh_end, >> + &bpfilter_umh_end - &bpfilter_umh_start, >> + &info); >> if (err) >> return err; >> pr_info("Loaded bpfilter_umh pid %d\n", info.pid); >> diff --git a/net/bpfilter/bpfilter_umh_blob.S b/net/bpfilter/bpfilter_umh_blob.S >> new file mode 100644 >> index 0000000..40311d1 >> --- /dev/null >> +++ b/net/bpfilter/bpfilter_umh_blob.S >> @@ -0,0 +1,7 @@ >> +/* SPDX-License-Identifier: GPL-2.0 */ >> + .section .init.rodata, "a" >> + .global bpfilter_umh_start >> +bpfilter_umh_start: >> + .incbin "net/bpfilter/bpfilter_umh" >> + .global bpfilter_umh_end >> +bpfilter_umh_end: > > for some reason it doesn't work. > fork_usermode_blob() returns ENOEXEC > You should be able to test it simply running 'iptables -L'. > Without this patch you should see: > [ 12.696937] bpfilter: Loaded bpfilter_umh pid 225 > Started bpfilter > > where first line comes from kernel module and second from umh. Sorry for the late reply. Unfortunately, I will be busy for a while. I will come back eventually to check it out, but I cannot tell when. Somebody else sent a patch equivalent to 1/3, so it is fine. 3/3 can go independently, so it will send it as a separate patch for now.
diff --git a/net/bpfilter/Makefile b/net/bpfilter/Makefile index e0bbe75..39c6980 100644 --- a/net/bpfilter/Makefile +++ b/net/bpfilter/Makefile @@ -15,18 +15,7 @@ ifeq ($(CONFIG_BPFILTER_UMH), y) HOSTLDFLAGS += -static endif -# a bit of elf magic to convert bpfilter_umh binary into a binary blob -# inside bpfilter_umh.o elf file referenced by -# _binary_net_bpfilter_bpfilter_umh_start symbol -# which bpfilter_kern.c passes further into umh blob loader at run-time -quiet_cmd_copy_umh = GEN $@ - cmd_copy_umh = echo ':' > $(obj)/.bpfilter_umh.o.cmd; \ - $(OBJCOPY) -I binary -O `$(OBJDUMP) -f $<|grep format|cut -d' ' -f8` \ - -B `$(OBJDUMP) -f $<|grep architecture|cut -d, -f1|cut -d' ' -f2` \ - --rename-section .data=.init.rodata $< $@ - -$(obj)/bpfilter_umh.o: $(obj)/bpfilter_umh - $(call cmd,copy_umh) +$(obj)/bpfilter_umh_blob.o: $(obj)/bpfilter_umh obj-$(CONFIG_BPFILTER_UMH) += bpfilter.o -bpfilter-objs += bpfilter_kern.o bpfilter_umh.o +bpfilter-objs += bpfilter_kern.o bpfilter_umh_blob.o diff --git a/net/bpfilter/bpfilter_kern.c b/net/bpfilter/bpfilter_kern.c index 0952257..6de3ae5 100644 --- a/net/bpfilter/bpfilter_kern.c +++ b/net/bpfilter/bpfilter_kern.c @@ -10,11 +10,8 @@ #include <linux/file.h> #include "msgfmt.h" -#define UMH_start _binary_net_bpfilter_bpfilter_umh_start -#define UMH_end _binary_net_bpfilter_bpfilter_umh_end - -extern char UMH_start; -extern char UMH_end; +extern char bpfilter_umh_start; +extern char bpfilter_umh_end; static struct umh_info info; /* since ip_getsockopt() can run in parallel, serialize access to umh */ @@ -93,7 +90,9 @@ static int __init load_umh(void) int err; /* fork usermode process */ - err = fork_usermode_blob(&UMH_start, &UMH_end - &UMH_start, &info); + err = fork_usermode_blob(&bpfilter_umh_end, + &bpfilter_umh_end - &bpfilter_umh_start, + &info); if (err) return err; pr_info("Loaded bpfilter_umh pid %d\n", info.pid); diff --git a/net/bpfilter/bpfilter_umh_blob.S b/net/bpfilter/bpfilter_umh_blob.S new file mode 100644 index 0000000..40311d1 --- /dev/null +++ b/net/bpfilter/bpfilter_umh_blob.S @@ -0,0 +1,7 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + .section .init.rodata, "a" + .global bpfilter_umh_start +bpfilter_umh_start: + .incbin "net/bpfilter/bpfilter_umh" + .global bpfilter_umh_end +bpfilter_umh_end:
What we want here is to embed a user-space program into the kernel. Instead of the complex ELF magic, let's simply wrap it in the assembly with the '.incbin' directive. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> --- Changes in v2: - Rebase net/bpfilter/Makefile | 15 ++------------- net/bpfilter/bpfilter_kern.c | 11 +++++------ net/bpfilter/bpfilter_umh_blob.S | 7 +++++++ 3 files changed, 14 insertions(+), 19 deletions(-) create mode 100644 net/bpfilter/bpfilter_umh_blob.S