I'm trying to use netlink sockets to exchange messages between user-space and kernel space...i send a message from user-space to kernel-space and all works well but when i try to reply from kernel-space, system freezes. In particular i schedule with a workqueue a function that create the message and send to user-space using netlink_unicast function...here some kernel code:
void wq_func(struct work_queue *wq)
{
struct sk_buff *resp = alloc_skb(NLMSG_LENGTH(100), GFP_KERNEL);
if (!resp)
{
printk(KERN_INFO "alloc_skb failed");
return;
}
struct nlmsghdr *nlh = (struct nlmsghdr *)skb_put(resp, NLMSG_LENGTH(100));
memset(nlh, 0, NLMSG_LENGTH(100));
nlh->nlmsg_len = NLMSG_LENGTH(100);
nlh->nlmsg_pid = 0;
nlh->nlmsg_flags = 0;
strcpy(NLMSG_DATA(nlh), "From kernel: Yes i'm here!");
NETLINK_CB(resp).pid = 0;
NETLINK_CB(resp).dst_group = 0;
printk(KERN_INFO "Trying to send a netlink message to pid %d", pid);
int err = netlink_unicast(s, resp, pid, MSG_DONTWAIT);
if (err < 0)
printk(KERN_ALERT "Error sending message to user-space");
kfree_skb(resp);
}
DECLARE_WORK(wq, wq_func);
static void input_nl(struct sk_buff *buff)
{
printk(KERN_INFO "Received message socket NETLINK_TEST");
if (buff == NULL)
{
printk(KERN_ALERT "NULL sk_buff!");
return;
}
struct nlmsghdr *nlh = (struct nlmsghdr *)buff->data;
printk(KERN_INFO "Received netlink message from pid %d: %s", nlh->nlmsg_pid, NLMSG_DATA(nlh));
pid = nlh->nlmsg_pid;
schedule_work(&wq);
}
int __init knl_init()
{
printk(KERN_INFO "knl module loaded");
s = netlink_kernel_create(&init_net, NETLINK_TEST, 0, input_nl, NULL, THIS_MODULE);
if (s == NULL)
return -1;
return 0;
}
If i try to comment the call to netlink_unicast kernel doesn't freeze. From user-space i can send a message correctly. I remember that the same code worked well in the past and i 'm very surprised about this strange error now.
Any idea?
Thank you all!
I tried to remove kfree_skb call after netlink_unicast call and all works...so, why the system hangs with that call? Where should i free allocated sk_buff?
netlink_unicast() takes ownership of the skb and frees it itself.
After calling netlink_unicast you cannot free struct sk_buff
Related
My Driver Code :
static irqreturn_t pwm_cnt_interrupt(int irq, void *data)
{
printk("==> %s\r\n", __func__);
return IRQ_HANDLED;
}
static int ecap_cnt_probe(struct platform_device *pdev)
{
pc = devm_kzalloc(&pdev->dev, sizeof(*pc), GFP_KERNEL);
if (!pc)
return -ENOMEM;
clk = devm_clk_get(&pdev->dev, "fck");
if (IS_ERR(clk)) {
if (of_device_is_compatible(np, "ti,counter-ecap")) {
dev_warn(&pdev->dev, "Binding is obsolete.\n");
clk = devm_clk_get(pdev->dev.parent, "fck");
}
}
if (IS_ERR(clk)) {
dev_err(&pdev->dev, "failed to get clock\n");
return PTR_ERR(clk);
}
pc->clk_rate = clk_get_rate(clk);
if (!pc->clk_rate) {
dev_err(&pdev->dev, "failed to get clock rate\n");
return -EINVAL;
}
/* Get PWM IRQ number */
ecapirq = platform_get_irq(pdev, 0);
if (ecapirq < 0) {
printk(KERN_ERR "Could not get IRQ");
return -EINVAL;
}
printk(KERN_DEBUG "irq = %d\n", ecapirq);
oreore_dentry = debugfs_create_file("counter", 0666, NULL, &value, &fops);
if(request_irq(ecapirq, pwm_cnt_interrupt, IRQF_SHARED,
"counter", (void *)&counter)) {
printk(KERN_ERR "pwm counter: Can't allocate irq %d\n",
ecapirq);
return -EBUSY;
}
enable_irq(ecapirq);
return 0;
}
My Interrupt got registed in /proc/interrupts
But, Its not get triggered.
I have connected UART with my pwm interrupt pin. I m sending data using uart port. my irq handler is not get called at that time.
Need help on this.
I have written a kernel module and userspace program such that the kernel module sends netlink multicast messages, and the userspace program reads these messages and prints them out. The kernel module and userspace program are available here (https://github.com/akshayknarayan/netlink-test) and replicated below. The code was adapted from this post: Multicast from kernel to user space via Netlink in C
If line 69 of the userspace program (the call to usleep) is commented out, then everything works; once the kernel module is loaded, it repeatedly multicasts messages and the userspace program prints them out.
However, if line 69 of the userspace program is uncommented, within a second of loading the kernel module, my VM hangs and becomes unresponsive.
Why is this the case? How can I prevent the kernel from hanging?
Linux ubuntu-xenial 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Userspace program:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <linux/netlink.h>
#include <unistd.h>
/* Multicast group, consistent in both kernel prog and user prog. */
#define MYMGRP 22
int nl_open(void) {
int sock;
struct sockaddr_nl addr;
int group = MYMGRP;
sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_USERSOCK);
if (sock < 0) {
printf("sock < 0.\n");
return sock;
}
memset((void *) &addr, 0, sizeof(addr));
addr.nl_family = AF_NETLINK;
addr.nl_pid = getpid();
if (bind(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
printf("bind < 0.\n");
return -1;
}
if (setsockopt(sock, 270, NETLINK_ADD_MEMBERSHIP, &group, sizeof(group)) < 0) {
printf("setsockopt < 0\n");
return -1;
}
return sock;
}
void nl_recv(int sock) {
struct sockaddr_nl nladdr;
struct msghdr msg;
struct iovec iov;
char buffer[65536];
int ret;
iov.iov_base = (void *) buffer;
iov.iov_len = sizeof(buffer);
msg.msg_name = (void *) &(nladdr);
msg.msg_namelen = sizeof(nladdr);
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
ret = recvmsg(sock, &msg, 0);
if (ret < 0)
printf("ret < 0.\n");
else
printf("Received message payload: %s\n", (char*) NLMSG_DATA((struct nlmsghdr *) &buffer));
}
int main(int argc, char *argv[]) {
int nls;
nls = nl_open();
if (nls < 0)
return nls;
while (1) {
nl_recv(nls);
usleep(5000);
}
return 0;
}
Kernel module:
#include <linux/module.h>
#include <linux/netlink.h>
#include <linux/skbuff.h>
#include <linux/gfp.h>
#include <net/sock.h>
#define MYMGRP 22
struct sock *nl_sk = NULL;
static struct timer_list timer;
void nl_send_msg(unsigned long data) {
struct sk_buff *skb_out;
struct nlmsghdr *nlh;
int res;
char *msg = "hello from kernel!\n";
int msg_size = strlen(msg);
skb_out = nlmsg_new(
NLMSG_ALIGN(msg_size), // #payload: size of the message payload
GFP_KERNEL // #flags: the type of memory to allocate.
);
if (!skb_out) {
printk(KERN_ERR "Failed to allocate new skb\n");
return;
}
nlh = nlmsg_put(
skb_out, // #skb: socket buffer to store message in
0, // #portid: netlink PORTID of requesting application
0, // #seq: sequence number of message
NLMSG_DONE, // #type: message type
msg_size, // #payload: length of message payload
0 // #flags: message flags
);
memcpy(nlmsg_data(nlh), msg, msg_size+1);
res = nlmsg_multicast(
nl_sk, // #sk: netlink socket to spread messages to
skb_out, // #skb: netlink message as socket buffer
0, // #portid: own netlink portid to avoid sending to yourself
MYMGRP, // #group: multicast group id
GFP_KERNEL // #flags: allocation flags
);
if (res < 0) {
printk(KERN_INFO "Error while sending to user: %d\n", res);
} else {
mod_timer(&timer, jiffies + msecs_to_jiffies(1));
}
}
static int __init nl_init(void) {
struct netlink_kernel_cfg cfg = {};
printk(KERN_INFO "init NL\n");
nl_sk = netlink_kernel_create(&init_net, NETLINK_USERSOCK, &cfg);
if (!nl_sk) {
printk(KERN_ALERT "Error creating socket.\n");
return -10;
}
init_timer(&timer);
timer.function = nl_send_msg;
timer.expires = jiffies + 1000;
timer.data = 0;
add_timer(&timer);
nl_send_msg(0);
return 0;
}
static void __exit nl_exit(void) {
printk(KERN_INFO "exit NL\n");
del_timer_sync(&timer);
netlink_kernel_release(nl_sk);
}
module_init(nl_init);
module_exit(nl_exit);
MODULE_LICENSE("GPL");
For posterity: I believe the problem was the allocation in nlmsg_new, which should not occur inside an interrupt handler (the timer handler, nl_send_msg), as explained here.
Without the sleep, I believe nlmsg_new does not need to sleep when allocating, so the requirement that an interrupt handler not sleep is not violated. However, if the userspace process lags behind the kernel, it is possible for the kernel to sleep during the allocation, causing a hang.
I am writing a part of kernel module which transfers skbuff from one interface out to another interface. Ex all packet coming on eth0, gets forwarded out to on eth1. The problem even the first packet I intend to transmit is resulting in kernel crash in dev_queue_xmit(). Can anyone help me understand whats going wrong here ?. Kernel Panic occurs in
<2>kernel BUG at net/core/skbuff.c:927!
code sample function that I am using to transmit packet is as below. Please let me know.
enter code here
int txPktOnOtherIf(struct sk_buff *skb, struct net_device *tdev)
{
int reservedSpace=max((int)LL_RESERVED_SPACE(tdev),(int)sizeof(struct ethhdr));
int buffLen = reservedSpace - sizeof(struct ethhdr) + skb->len + skb->dev->needed_tailroom;
struct sk_buff* nskb = NULL;
int err = 0;
printk("ReservedSpace is %d and buffer len is %d",reservedSpace,buffLen);
nskb = alloc_skb(buffLen, GFP_KERNEL);
if (!nskb) {
printk("Couldn't allocate SKB\n");
return -1;
}
skb_reserve(nskb, reservedSpace);
skb_reset_network_header(nskb);
skb_put(nskb, skb->len - sizeof(struct ethhdr));
skb_push(nskb, sizeof(struct ethhdr));
skb_reset_mac_header(nskb);
skb_reset_mac_len(nskb);
err = skb_store_bits(nskb, 0, skb->data, skb->len);
if (err) {
kfree_skb(nskb);
printk("Error %d storing to SKB\n", err);
return -1;
}
nskb->dev = tdev;
nskb->protocol = skb->protocol;
skb_get(nskb);
err = dev_queue_xmit(nskb);
err = net_xmit_eval(err);
if (err) {
kfree_skb(nskb);
printk("Error %d sending frame\n", err);
return -1;
}
return 0;
}
Here is what I did:
A user space process uses malloc() to allocate memory on the heap and fills it with a specific pattern of characters and then spells out the address returned by the malloc().
The process id and the address of the memory chunk are passed to a kernel module that looks like this:
int init_module(void) {
int res = 0;
struct page *data_page;
struct task_struct *task = NULL;
struct vm_area_struct *next_vma;
struct mm_struct *mm;
task = pid_task(find_vpid(pid), PIDTYPE_PID);
if (pid != -1)
target_process_id = pid;
if (!task) {
printk("Could not find the task struct for process id %d\n", pid);
return 0;
} else {
printk("Found the task <%s>\n", task->comm);
}
mm = task->mm;
if (!mm) {
printk("Could not find the mmap struct for process id %d\n", pid);
return 0;
}
next_vma = find_vma(mm, addr);
down_read(&task->mm->mmap_sem);
res = get_user_pages(task, task->mm, addr, 1, 1, 1, &data_page, NULL);
if (res != 1) {
printk(KERN_INFO "get_user_pages error\n");
up_read(&task->mm->mmap_sem);
return 0;
} else {
printk("Found vma struct and it starts at: %lu\n", next_vma->vm_start);
}
flush_cache_range(next_vma,next_vma->vm_start,next_vma->vm_end);
flush_tlb_range(next_vma,next_vma->vm_start,next_vma->vm_end);
up_read(&task->mm->mmap_sem);
return 0;
}
I added printk() statement to the handle_mm_fault() function in the Linux kernel to track page faults caused by target_process_id (3rd line of code after variable definitions above). Something like this:
if (unlikely(current->pid == target_process_id))
printk("Target process <%d> generated a page fault at address %lu\n", current->pid, address);
Now, what I noticed is that the last printk() statement does not catch anything.
The function init_module is the initialization function for a kernel module. It is inserted into the running kernel using insmod...using the command insmod module.ko pid=<processId> addr=<address>
Any idea what might going wrong?
I want to read and write over Wanpipe driver (a network device driver for Sangoma cards) via socket programming but i get this message error: "resource temporarily unavailable". The card is working and i see it send and receive packets in ifconfig. I have included my code and would be very pleased if somebody help me in this.
A related question: I set the socket to blocking mode but the recv message does not block? how could i block the recv?
int main(void)
{
int sd;
int buflen=WP_HEADER + MAX_PACKET;
char buf[buflen];
struct wan_sockaddr_ll sa;
sd = socket(AF_WANPIPE, SOCK_RAW,0);
if (sd < 0) /* if socket failed to initialize, exit */
{
perror("Error Creating Socket");
exit(1);
}
printf("Socket Descriptor:%d\n",sd);
memset(&sa,0,sizeof(struct wan_sockaddr_ll));
strncpy((char*)sa.sll_card,"wanpipe1",sizeof(sa.sl l_card));
strncpy((char*)sa.sll_device,"w1g1",sizeof(sa.sll_ device));
sa.sll_protocol = htons(PVC_PROT);
sa.sll_family = AF_WANPIPE;
if(bind(sd, (struct sockaddr *)&sa, sizeof(sa)) < 0)
{
perror("error bind failed");
close(sd);
exit(1);
}
int data=0;
int ret=ioctl(sd,FIONBIO,&data);
if (ret < 0)
{
perror("ioctl error!");
close(sd);
return 1;
}
fd_set read_fds;
struct timeval timeout;
timeout.tv_sec = 10;
timeout.tv_usec = 0;
FD_ZERO(&read_fds);
FD_SET(sd,&read_fds);
if(select(sd+1, &read_fds, NULL, NULL, &timeout) < 0)
{
perror("select() error!");
exit(1);
}
if (FD_ISSET(sd,&read_fds))
printf("There is data for reading\n");
else
printf("There is no data for reading\n");*/
// MSG_WAITALL | MSG_PEEK | MSG_OOB
int r=recv(sd,buf,buflen,0);
if (r < 0)
{
perror("Wanpipe raw socket reading");
close(sd);
exit(1);
}
printf("\nNumber of bytes read into the buffer: %d",r);
printf("\nThe read buffer: ");
puts(buf);
close(sd);
}
thank you in advance.