arch/arm/mvp/pvtcpkm/pvtcp_off_linux_shim.S


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

/*
 * Linux 2.6.32 and later Kernel module for VMware MVP PVTCP Server
 *
 * Copyright (C) 2010-2012 VMware, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 as published by
 * the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License along with
 * this program; see the file COPYING.  If not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */
#line 5

/**
 * @file
 *
 * @brief PVTCP socket destructor shim.
 *
 * The module reference accounting code for socket destruction in the core
 * Linux kernel does not know about PVTCP sockets, so it does not properly
 * increment/decrement the reference count on pvtcpkm when calling through a
 * function pointer into our destructor. If a module unload is requested on
 * pvtcpkm while a socket is being destroyed, it is possible for the destructor
 * to be preempted after decrementing the module reference count but before
 * returning to the core kernel. If the module code is unmapped before the
 * function return, it is possible that we will attempt to execute unmapped
 * code, resulting in a host crash.
 *
 * This shim proxies socket destruction requests through to the PVTCP socket
 * destructor, then jumps directly to module_put to drop the reference count.
 * module_put will return directly to the caller, eliminating the race.
 */

.text
.p2align 4

.global asmDestructorShim

/**
 *  @brief Socket destructor callback. Calls into pvtcpkm to destroy a socket
 *  and then decrements the refcount.
 *  @param r0 pointer to struct sock
 */

asmDestructorShim:
   push   {lr}
   ldr     r1, targetAddr             @ Destroy socket
   blx     r1
   pop    {lr}
   cmp     r0, #0
   bxne    lr                         @ We shouldn't module_put, just return.
   ldr     r0, owner
   ldr     r1, modulePutAddr          @ Jump to module_put. module_put
   bx      r1                         @ returns directly to caller

owner:
   .word __this_module

targetAddr:
   .word DestructCB

modulePutAddr:
   .word module_put