1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * NETLINK Generic Netlink Family 4 * 5 * Authors: Jamal Hadi Salim 6 * Thomas Graf <tgraf@suug.ch> 7 * Johannes Berg <johannes@sipsolutions.net> 8 */ 9 10 #include <linux/module.h> 11 #include <linux/kernel.h> 12 #include <linux/slab.h> 13 #include <linux/errno.h> 14 #include <linux/types.h> 15 #include <linux/socket.h> 16 #include <linux/string_helpers.h> 17 #include <linux/skbuff.h> 18 #include <linux/mutex.h> 19 #include <linux/bitmap.h> 20 #include <linux/rwsem.h> 21 #include <linux/idr.h> 22 #include <net/sock.h> 23 #include <net/genetlink.h> 24 25 static DEFINE_MUTEX(genl_mutex); /* serialization of message processing */ 26 static DECLARE_RWSEM(cb_lock); 27 28 atomic_t genl_sk_destructing_cnt = ATOMIC_INIT(0); 29 DECLARE_WAIT_QUEUE_HEAD(genl_sk_destructing_waitq); 30 31 void genl_lock(void) 32 { 33 mutex_lock(&genl_mutex); 34 } 35 EXPORT_SYMBOL(genl_lock); 36 37 void genl_unlock(void) 38 { 39 mutex_unlock(&genl_mutex); 40 } 41 EXPORT_SYMBOL(genl_unlock); 42 43 static void genl_lock_all(void) 44 { 45 down_write(&cb_lock); 46 genl_lock(); 47 } 48 49 static void genl_unlock_all(void) 50 { 51 genl_unlock(); 52 up_write(&cb_lock); 53 } 54 55 static DEFINE_IDR(genl_fam_idr); 56 57 /* 58 * Bitmap of multicast groups that are currently in use. 59 * 60 * To avoid an allocation at boot of just one unsigned long, 61 * declare it global instead. 62 * Bit 0 is marked as already used since group 0 is invalid. 63 * Bit 1 is marked as already used since the drop-monitor code 64 * abuses the API and thinks it can statically use group 1. 65 * That group will typically conflict with other groups that 66 * any proper users use. 67 * Bit 16 is marked as used since it's used for generic netlink 68 * and the code no longer marks pre-reserved IDs as used. 69 * Bit 17 is marked as already used since the VFS quota code 70 * also abused this API and relied on family == group ID, we 71 * cater to that by giving it a static family and group ID. 72 * Bit 18 is marked as already used since the PMCRAID driver 73 * did the same thing as the VFS quota code (maybe copied?) 74 */ 75 static unsigned long mc_group_start = 0x3 | BIT(GENL_ID_CTRL) | 76 BIT(GENL_ID_VFS_DQUOT) | 77 BIT(GENL_ID_PMCRAID); 78 static unsigned long *mc_groups = &mc_group_start; 79 static unsigned long mc_groups_longs = 1; 80 81 /* We need the last attribute with non-zero ID therefore a 2-entry array */ 82 static struct nla_policy genl_policy_reject_all[] = { 83 { .type = NLA_REJECT }, 84 { .type = NLA_REJECT }, 85 }; 86 87 static int genl_ctrl_event(int event, const struct genl_family *family, 88 const struct genl_multicast_group *grp, 89 int grp_id); 90 91 static void 92 genl_op_fill_in_reject_policy(const struct genl_family *family, 93 struct genl_ops *op) 94 { 95 BUILD_BUG_ON(ARRAY_SIZE(genl_policy_reject_all) - 1 != 1); 96 97 if (op->policy || op->cmd < family->resv_start_op) 98 return; 99 100 op->policy = genl_policy_reject_all; 101 op->maxattr = 1; 102 } 103 104 static void 105 genl_op_fill_in_reject_policy_split(const struct genl_family *family, 106 struct genl_split_ops *op) 107 { 108 if (op->policy) 109 return; 110 111 op->policy = genl_policy_reject_all; 112 op->maxattr = 1; 113 } 114 115 static const struct genl_family *genl_family_find_byid(unsigned int id) 116 { 117 return idr_find(&genl_fam_idr, id); 118 } 119 120 static const struct genl_family *genl_family_find_byname(char *name) 121 { 122 const struct genl_family *family; 123 unsigned int id; 124 125 idr_for_each_entry(&genl_fam_idr, family, id) 126 if (strcmp(family->name, name) == 0) 127 return family; 128 129 return NULL; 130 } 131 132 struct genl_op_iter { 133 const struct genl_family *family; 134 struct genl_split_ops doit; 135 struct genl_split_ops dumpit; 136 int cmd_idx; 137 int entry_idx; 138 u32 cmd; 139 u8 flags; 140 }; 141 142 static void genl_op_from_full(const struct genl_family *family, 143 unsigned int i, struct genl_ops *op) 144 { 145 *op = family->ops[i]; 146 147 if (!op->maxattr) 148 op->maxattr = family->maxattr; 149 if (!op->policy) 150 op->policy = family->policy; 151 152 genl_op_fill_in_reject_policy(family, op); 153 } 154 155 static int genl_get_cmd_full(u32 cmd, const struct genl_family *family, 156 struct genl_ops *op) 157 { 158 int i; 159 160 for (i = 0; i < family->n_ops; i++) 161 if (family->ops[i].cmd == cmd) { 162 genl_op_from_full(family, i, op); 163 return 0; 164 } 165 166 return -ENOENT; 167 } 168 169 static void genl_op_from_small(const struct genl_family *family, 170 unsigned int i, struct genl_ops *op) 171 { 172 memset(op, 0, sizeof(*op)); 173 op->doit = family->small_ops[i].doit; 174 op->dumpit = family->small_ops[i].dumpit; 175 op->cmd = family->small_ops[i].cmd; 176 op->internal_flags = family->small_ops[i].internal_flags; 177 op->flags = family->small_ops[i].flags; 178 op->validate = family->small_ops[i].validate; 179 180 op->maxattr = family->maxattr; 181 op->policy = family->policy; 182 183 genl_op_fill_in_reject_policy(family, op); 184 } 185 186 static int genl_get_cmd_small(u32 cmd, const struct genl_family *family, 187 struct genl_ops *op) 188 { 189 int i; 190 191 for (i = 0; i < family->n_small_ops; i++) 192 if (family->small_ops[i].cmd == cmd) { 193 genl_op_from_small(family, i, op); 194 return 0; 195 } 196 197 return -ENOENT; 198 } 199 200 static void genl_op_from_split(struct genl_op_iter *iter) 201 { 202 const struct genl_family *family = iter->family; 203 int i, cnt = 0; 204 205 i = iter->entry_idx - family->n_ops - family->n_small_ops; 206 207 if (family->split_ops[i + cnt].flags & GENL_CMD_CAP_DO) { 208 iter->doit = family->split_ops[i + cnt]; 209 genl_op_fill_in_reject_policy_split(family, &iter->doit); 210 cnt++; 211 } else { 212 memset(&iter->doit, 0, sizeof(iter->doit)); 213 } 214 215 if (i + cnt < family->n_split_ops && 216 family->split_ops[i + cnt].flags & GENL_CMD_CAP_DUMP) { 217 iter->dumpit = family->split_ops[i + cnt]; 218 genl_op_fill_in_reject_policy_split(family, &iter->dumpit); 219 cnt++; 220 } else { 221 memset(&iter->dumpit, 0, sizeof(iter->dumpit)); 222 } 223 224 WARN_ON(!cnt); 225 iter->entry_idx += cnt; 226 } 227 228 static int 229 genl_get_cmd_split(u32 cmd, u8 flag, const struct genl_family *family, 230 struct genl_split_ops *op) 231 { 232 int i; 233 234 for (i = 0; i < family->n_split_ops; i++) 235 if (family->split_ops[i].cmd == cmd && 236 family->split_ops[i].flags & flag) { 237 *op = family->split_ops[i]; 238 return 0; 239 } 240 241 return -ENOENT; 242 } 243 244 static int 245 genl_cmd_full_to_split(struct genl_split_ops *op, 246 const struct genl_family *family, 247 const struct genl_ops *full, u8 flags) 248 { 249 if ((flags & GENL_CMD_CAP_DO && !full->doit) || 250 (flags & GENL_CMD_CAP_DUMP && !full->dumpit)) { 251 memset(op, 0, sizeof(*op)); 252 return -ENOENT; 253 } 254 255 if (flags & GENL_CMD_CAP_DUMP) { 256 op->start = full->start; 257 op->dumpit = full->dumpit; 258 op->done = full->done; 259 } else { 260 op->pre_doit = family->pre_doit; 261 op->doit = full->doit; 262 op->post_doit = family->post_doit; 263 } 264 265 if (flags & GENL_CMD_CAP_DUMP && 266 full->validate & GENL_DONT_VALIDATE_DUMP) { 267 op->policy = NULL; 268 op->maxattr = 0; 269 } else { 270 op->policy = full->policy; 271 op->maxattr = full->maxattr; 272 } 273 274 op->cmd = full->cmd; 275 op->internal_flags = full->internal_flags; 276 op->flags = full->flags; 277 op->validate = full->validate; 278 279 /* Make sure flags include the GENL_CMD_CAP_DO / GENL_CMD_CAP_DUMP */ 280 op->flags |= flags; 281 282 return 0; 283 } 284 285 /* Must make sure that op is initialized to 0 on failure */ 286 static int 287 genl_get_cmd(u32 cmd, u8 flags, const struct genl_family *family, 288 struct genl_split_ops *op) 289 { 290 struct genl_ops full; 291 int err; 292 293 err = genl_get_cmd_full(cmd, family, &full); 294 if (err == -ENOENT) 295 err = genl_get_cmd_small(cmd, family, &full); 296 /* Found one of legacy forms */ 297 if (err == 0) 298 return genl_cmd_full_to_split(op, family, &full, flags); 299 300 err = genl_get_cmd_split(cmd, flags, family, op); 301 if (err) 302 memset(op, 0, sizeof(*op)); 303 return err; 304 } 305 306 /* For policy dumping only, get ops of both do and dump. 307 * Fail if both are missing, genl_get_cmd() will zero-init in case of failure. 308 */ 309 static int 310 genl_get_cmd_both(u32 cmd, const struct genl_family *family, 311 struct genl_split_ops *doit, struct genl_split_ops *dumpit) 312 { 313 int err1, err2; 314 315 err1 = genl_get_cmd(cmd, GENL_CMD_CAP_DO, family, doit); 316 err2 = genl_get_cmd(cmd, GENL_CMD_CAP_DUMP, family, dumpit); 317 318 return err1 && err2 ? -ENOENT : 0; 319 } 320 321 static bool 322 genl_op_iter_init(const struct genl_family *family, struct genl_op_iter *iter) 323 { 324 iter->family = family; 325 iter->cmd_idx = 0; 326 iter->entry_idx = 0; 327 328 iter->flags = 0; 329 330 return iter->family->n_ops + 331 iter->family->n_small_ops + 332 iter->family->n_split_ops; 333 } 334 335 static bool genl_op_iter_next(struct genl_op_iter *iter) 336 { 337 const struct genl_family *family = iter->family; 338 bool legacy_op = true; 339 struct genl_ops op; 340 341 if (iter->entry_idx < family->n_ops) { 342 genl_op_from_full(family, iter->entry_idx, &op); 343 } else if (iter->entry_idx < family->n_ops + family->n_small_ops) { 344 genl_op_from_small(family, iter->entry_idx - family->n_ops, 345 &op); 346 } else if (iter->entry_idx < 347 family->n_ops + family->n_small_ops + family->n_split_ops) { 348 legacy_op = false; 349 /* updates entry_idx */ 350 genl_op_from_split(iter); 351 } else { 352 return false; 353 } 354 355 iter->cmd_idx++; 356 357 if (legacy_op) { 358 iter->entry_idx++; 359 360 genl_cmd_full_to_split(&iter->doit, family, 361 &op, GENL_CMD_CAP_DO); 362 genl_cmd_full_to_split(&iter->dumpit, family, 363 &op, GENL_CMD_CAP_DUMP); 364 } 365 366 iter->cmd = iter->doit.cmd | iter->dumpit.cmd; 367 iter->flags = iter->doit.flags | iter->dumpit.flags; 368 369 return true; 370 } 371 372 static void 373 genl_op_iter_copy(struct genl_op_iter *dst, struct genl_op_iter *src) 374 { 375 *dst = *src; 376 } 377 378 static unsigned int genl_op_iter_idx(struct genl_op_iter *iter) 379 { 380 return iter->cmd_idx; 381 } 382 383 static int genl_allocate_reserve_groups(int n_groups, int *first_id) 384 { 385 unsigned long *new_groups; 386 int start = 0; 387 int i; 388 int id; 389 bool fits; 390 391 do { 392 if (start == 0) 393 id = find_first_zero_bit(mc_groups, 394 mc_groups_longs * 395 BITS_PER_LONG); 396 else 397 id = find_next_zero_bit(mc_groups, 398 mc_groups_longs * BITS_PER_LONG, 399 start); 400 401 fits = true; 402 for (i = id; 403 i < min_t(int, id + n_groups, 404 mc_groups_longs * BITS_PER_LONG); 405 i++) { 406 if (test_bit(i, mc_groups)) { 407 start = i; 408 fits = false; 409 break; 410 } 411 } 412 413 if (id + n_groups > mc_groups_longs * BITS_PER_LONG) { 414 unsigned long new_longs = mc_groups_longs + 415 BITS_TO_LONGS(n_groups); 416 size_t nlen = new_longs * sizeof(unsigned long); 417 418 if (mc_groups == &mc_group_start) { 419 new_groups = kzalloc(nlen, GFP_KERNEL); 420 if (!new_groups) 421 return -ENOMEM; 422 mc_groups = new_groups; 423 *mc_groups = mc_group_start; 424 } else { 425 new_groups = krealloc(mc_groups, nlen, 426 GFP_KERNEL); 427 if (!new_groups) 428 return -ENOMEM; 429 mc_groups = new_groups; 430 for (i = 0; i < BITS_TO_LONGS(n_groups); i++) 431 mc_groups[mc_groups_longs + i] = 0; 432 } 433 mc_groups_longs = new_longs; 434 } 435 } while (!fits); 436 437 for (i = id; i < id + n_groups; i++) 438 set_bit(i, mc_groups); 439 *first_id = id; 440 return 0; 441 } 442 443 static struct genl_family genl_ctrl; 444 445 static int genl_validate_assign_mc_groups(struct genl_family *family) 446 { 447 int first_id; 448 int n_groups = family->n_mcgrps; 449 int err = 0, i; 450 bool groups_allocated = false; 451 452 if (!n_groups) 453 return 0; 454 455 for (i = 0; i < n_groups; i++) { 456 const struct genl_multicast_group *grp = &family->mcgrps[i]; 457 458 if (WARN_ON(grp->name[0] == '\0')) 459 return -EINVAL; 460 if (WARN_ON(!string_is_terminated(grp->name, GENL_NAMSIZ))) 461 return -EINVAL; 462 } 463 464 /* special-case our own group and hacks */ 465 if (family == &genl_ctrl) { 466 first_id = GENL_ID_CTRL; 467 BUG_ON(n_groups != 1); 468 } else if (strcmp(family->name, "NET_DM") == 0) { 469 first_id = 1; 470 BUG_ON(n_groups != 1); 471 } else if (family->id == GENL_ID_VFS_DQUOT) { 472 first_id = GENL_ID_VFS_DQUOT; 473 BUG_ON(n_groups != 1); 474 } else if (family->id == GENL_ID_PMCRAID) { 475 first_id = GENL_ID_PMCRAID; 476 BUG_ON(n_groups != 1); 477 } else { 478 groups_allocated = true; 479 err = genl_allocate_reserve_groups(n_groups, &first_id); 480 if (err) 481 return err; 482 } 483 484 family->mcgrp_offset = first_id; 485 486 /* if still initializing, can't and don't need to realloc bitmaps */ 487 if (!init_net.genl_sock) 488 return 0; 489 490 if (family->netnsok) { 491 struct net *net; 492 493 netlink_table_grab(); 494 rcu_read_lock(); 495 for_each_net_rcu(net) { 496 err = __netlink_change_ngroups(net->genl_sock, 497 mc_groups_longs * BITS_PER_LONG); 498 if (err) { 499 /* 500 * No need to roll back, can only fail if 501 * memory allocation fails and then the 502 * number of _possible_ groups has been 503 * increased on some sockets which is ok. 504 */ 505 break; 506 } 507 } 508 rcu_read_unlock(); 509 netlink_table_ungrab(); 510 } else { 511 err = netlink_change_ngroups(init_net.genl_sock, 512 mc_groups_longs * BITS_PER_LONG); 513 } 514 515 if (groups_allocated && err) { 516 for (i = 0; i < family->n_mcgrps; i++) 517 clear_bit(family->mcgrp_offset + i, mc_groups); 518 } 519 520 return err; 521 } 522 523 static void genl_unregister_mc_groups(const struct genl_family *family) 524 { 525 struct net *net; 526 int i; 527 528 netlink_table_grab(); 529 rcu_read_lock(); 530 for_each_net_rcu(net) { 531 for (i = 0; i < family->n_mcgrps; i++) 532 __netlink_clear_multicast_users( 533 net->genl_sock, family->mcgrp_offset + i); 534 } 535 rcu_read_unlock(); 536 netlink_table_ungrab(); 537 538 for (i = 0; i < family->n_mcgrps; i++) { 539 int grp_id = family->mcgrp_offset + i; 540 541 if (grp_id != 1) 542 clear_bit(grp_id, mc_groups); 543 genl_ctrl_event(CTRL_CMD_DELMCAST_GRP, family, 544 &family->mcgrps[i], grp_id); 545 } 546 } 547 548 static bool genl_split_op_check(const struct genl_split_ops *op) 549 { 550 if (WARN_ON(hweight8(op->flags & (GENL_CMD_CAP_DO | 551 GENL_CMD_CAP_DUMP)) != 1)) 552 return true; 553 return false; 554 } 555 556 static int genl_validate_ops(const struct genl_family *family) 557 { 558 struct genl_op_iter i, j; 559 unsigned int s; 560 561 if (WARN_ON(family->n_ops && !family->ops) || 562 WARN_ON(family->n_small_ops && !family->small_ops) || 563 WARN_ON(family->n_split_ops && !family->split_ops)) 564 return -EINVAL; 565 566 for (genl_op_iter_init(family, &i); genl_op_iter_next(&i); ) { 567 if (!(i.flags & (GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP))) 568 return -EINVAL; 569 570 if (WARN_ON(i.cmd >= family->resv_start_op && 571 (i.doit.validate || i.dumpit.validate))) 572 return -EINVAL; 573 574 genl_op_iter_copy(&j, &i); 575 while (genl_op_iter_next(&j)) { 576 if (i.cmd == j.cmd) 577 return -EINVAL; 578 } 579 } 580 581 if (family->n_split_ops) { 582 if (genl_split_op_check(&family->split_ops[0])) 583 return -EINVAL; 584 } 585 586 for (s = 1; s < family->n_split_ops; s++) { 587 const struct genl_split_ops *a, *b; 588 589 a = &family->split_ops[s - 1]; 590 b = &family->split_ops[s]; 591 592 if (genl_split_op_check(b)) 593 return -EINVAL; 594 595 /* Check sort order */ 596 if (a->cmd < b->cmd) 597 continue; 598 599 if (a->internal_flags != b->internal_flags || 600 ((a->flags ^ b->flags) & ~(GENL_CMD_CAP_DO | 601 GENL_CMD_CAP_DUMP))) { 602 WARN_ON(1); 603 return -EINVAL; 604 } 605 606 if ((a->flags & GENL_CMD_CAP_DO) && 607 (b->flags & GENL_CMD_CAP_DUMP)) 608 continue; 609 610 WARN_ON(1); 611 return -EINVAL; 612 } 613 614 return 0; 615 } 616 617 /** 618 * genl_register_family - register a generic netlink family 619 * @family: generic netlink family 620 * 621 * Registers the specified family after validating it first. Only one 622 * family may be registered with the same family name or identifier. 623 * 624 * The family's ops, multicast groups and module pointer must already 625 * be assigned. 626 * 627 * Return 0 on success or a negative error code. 628 */ 629 int genl_register_family(struct genl_family *family) 630 { 631 int err, i; 632 int start = GENL_START_ALLOC, end = GENL_MAX_ID; 633 634 err = genl_validate_ops(family); 635 if (err) 636 return err; 637 638 genl_lock_all(); 639 640 if (genl_family_find_byname(family->name)) { 641 err = -EEXIST; 642 goto errout_locked; 643 } 644 645 /* 646 * Sadly, a few cases need to be special-cased 647 * due to them having previously abused the API 648 * and having used their family ID also as their 649 * multicast group ID, so we use reserved IDs 650 * for both to be sure we can do that mapping. 651 */ 652 if (family == &genl_ctrl) { 653 /* and this needs to be special for initial family lookups */ 654 start = end = GENL_ID_CTRL; 655 } else if (strcmp(family->name, "pmcraid") == 0) { 656 start = end = GENL_ID_PMCRAID; 657 } else if (strcmp(family->name, "VFS_DQUOT") == 0) { 658 start = end = GENL_ID_VFS_DQUOT; 659 } 660 661 family->id = idr_alloc_cyclic(&genl_fam_idr, family, 662 start, end + 1, GFP_KERNEL); 663 if (family->id < 0) { 664 err = family->id; 665 goto errout_locked; 666 } 667 668 err = genl_validate_assign_mc_groups(family); 669 if (err) 670 goto errout_remove; 671 672 genl_unlock_all(); 673 674 /* send all events */ 675 genl_ctrl_event(CTRL_CMD_NEWFAMILY, family, NULL, 0); 676 for (i = 0; i < family->n_mcgrps; i++) 677 genl_ctrl_event(CTRL_CMD_NEWMCAST_GRP, family, 678 &family->mcgrps[i], family->mcgrp_offset + i); 679 680 return 0; 681 682 errout_remove: 683 idr_remove(&genl_fam_idr, family->id); 684 errout_locked: 685 genl_unlock_all(); 686 return err; 687 } 688 EXPORT_SYMBOL(genl_register_family); 689 690 /** 691 * genl_unregister_family - unregister generic netlink family 692 * @family: generic netlink family 693 * 694 * Unregisters the specified family. 695 * 696 * Returns 0 on success or a negative error code. 697 */ 698 int genl_unregister_family(const struct genl_family *family) 699 { 700 genl_lock_all(); 701 702 if (!genl_family_find_byid(family->id)) { 703 genl_unlock_all(); 704 return -ENOENT; 705 } 706 707 genl_unregister_mc_groups(family); 708 709 idr_remove(&genl_fam_idr, family->id); 710 711 up_write(&cb_lock); 712 wait_event(genl_sk_destructing_waitq, 713 atomic_read(&genl_sk_destructing_cnt) == 0); 714 genl_unlock(); 715 716 genl_ctrl_event(CTRL_CMD_DELFAMILY, family, NULL, 0); 717 718 return 0; 719 } 720 EXPORT_SYMBOL(genl_unregister_family); 721 722 /** 723 * genlmsg_put - Add generic netlink header to netlink message 724 * @skb: socket buffer holding the message 725 * @portid: netlink portid the message is addressed to 726 * @seq: sequence number (usually the one of the sender) 727 * @family: generic netlink family 728 * @flags: netlink message flags 729 * @cmd: generic netlink command 730 * 731 * Returns pointer to user specific header 732 */ 733 void *genlmsg_put(struct sk_buff *skb, u32 portid, u32 seq, 734 const struct genl_family *family, int flags, u8 cmd) 735 { 736 struct nlmsghdr *nlh; 737 struct genlmsghdr *hdr; 738 739 nlh = nlmsg_put(skb, portid, seq, family->id, GENL_HDRLEN + 740 family->hdrsize, flags); 741 if (nlh == NULL) 742 return NULL; 743 744 hdr = nlmsg_data(nlh); 745 hdr->cmd = cmd; 746 hdr->version = family->version; 747 hdr->reserved = 0; 748 749 return (char *) hdr + GENL_HDRLEN; 750 } 751 EXPORT_SYMBOL(genlmsg_put); 752 753 static struct genl_dumpit_info *genl_dumpit_info_alloc(void) 754 { 755 return kmalloc(sizeof(struct genl_dumpit_info), GFP_KERNEL); 756 } 757 758 static void genl_dumpit_info_free(const struct genl_dumpit_info *info) 759 { 760 kfree(info); 761 } 762 763 static struct nlattr ** 764 genl_family_rcv_msg_attrs_parse(const struct genl_family *family, 765 struct nlmsghdr *nlh, 766 struct netlink_ext_ack *extack, 767 const struct genl_split_ops *ops, 768 int hdrlen, 769 enum genl_validate_flags no_strict_flag) 770 { 771 enum netlink_validation validate = ops->validate & no_strict_flag ? 772 NL_VALIDATE_LIBERAL : 773 NL_VALIDATE_STRICT; 774 struct nlattr **attrbuf; 775 int err; 776 777 if (!ops->maxattr) 778 return NULL; 779 780 attrbuf = kmalloc_array(ops->maxattr + 1, 781 sizeof(struct nlattr *), GFP_KERNEL); 782 if (!attrbuf) 783 return ERR_PTR(-ENOMEM); 784 785 err = __nlmsg_parse(nlh, hdrlen, attrbuf, ops->maxattr, ops->policy, 786 validate, extack); 787 if (err) { 788 kfree(attrbuf); 789 return ERR_PTR(err); 790 } 791 return attrbuf; 792 } 793 794 static void genl_family_rcv_msg_attrs_free(struct nlattr **attrbuf) 795 { 796 kfree(attrbuf); 797 } 798 799 struct genl_start_context { 800 const struct genl_family *family; 801 struct nlmsghdr *nlh; 802 struct netlink_ext_ack *extack; 803 const struct genl_split_ops *ops; 804 int hdrlen; 805 }; 806 807 static int genl_start(struct netlink_callback *cb) 808 { 809 struct genl_start_context *ctx = cb->data; 810 const struct genl_split_ops *ops; 811 struct genl_dumpit_info *info; 812 struct nlattr **attrs = NULL; 813 int rc = 0; 814 815 ops = ctx->ops; 816 if (!(ops->validate & GENL_DONT_VALIDATE_DUMP) && 817 ctx->nlh->nlmsg_len < nlmsg_msg_size(ctx->hdrlen)) 818 return -EINVAL; 819 820 attrs = genl_family_rcv_msg_attrs_parse(ctx->family, ctx->nlh, ctx->extack, 821 ops, ctx->hdrlen, 822 GENL_DONT_VALIDATE_DUMP_STRICT); 823 if (IS_ERR(attrs)) 824 return PTR_ERR(attrs); 825 826 info = genl_dumpit_info_alloc(); 827 if (!info) { 828 genl_family_rcv_msg_attrs_free(attrs); 829 return -ENOMEM; 830 } 831 info->family = ctx->family; 832 info->op = *ops; 833 info->attrs = attrs; 834 835 cb->data = info; 836 if (ops->start) { 837 if (!ctx->family->parallel_ops) 838 genl_lock(); 839 rc = ops->start(cb); 840 if (!ctx->family->parallel_ops) 841 genl_unlock(); 842 } 843 844 if (rc) { 845 genl_family_rcv_msg_attrs_free(info->attrs); 846 genl_dumpit_info_free(info); 847 cb->data = NULL; 848 } 849 return rc; 850 } 851 852 static int genl_lock_dumpit(struct sk_buff *skb, struct netlink_callback *cb) 853 { 854 const struct genl_split_ops *ops = &genl_dumpit_info(cb)->op; 855 int rc; 856 857 genl_lock(); 858 rc = ops->dumpit(skb, cb); 859 genl_unlock(); 860 return rc; 861 } 862 863 static int genl_lock_done(struct netlink_callback *cb) 864 { 865 const struct genl_dumpit_info *info = genl_dumpit_info(cb); 866 const struct genl_split_ops *ops = &info->op; 867 int rc = 0; 868 869 if (ops->done) { 870 genl_lock(); 871 rc = ops->done(cb); 872 genl_unlock(); 873 } 874 genl_family_rcv_msg_attrs_free(info->attrs); 875 genl_dumpit_info_free(info); 876 return rc; 877 } 878 879 static int genl_parallel_done(struct netlink_callback *cb) 880 { 881 const struct genl_dumpit_info *info = genl_dumpit_info(cb); 882 const struct genl_split_ops *ops = &info->op; 883 int rc = 0; 884 885 if (ops->done) 886 rc = ops->done(cb); 887 genl_family_rcv_msg_attrs_free(info->attrs); 888 genl_dumpit_info_free(info); 889 return rc; 890 } 891 892 static int genl_family_rcv_msg_dumpit(const struct genl_family *family, 893 struct sk_buff *skb, 894 struct nlmsghdr *nlh, 895 struct netlink_ext_ack *extack, 896 const struct genl_split_ops *ops, 897 int hdrlen, struct net *net) 898 { 899 struct genl_start_context ctx; 900 int err; 901 902 ctx.family = family; 903 ctx.nlh = nlh; 904 ctx.extack = extack; 905 ctx.ops = ops; 906 ctx.hdrlen = hdrlen; 907 908 if (!family->parallel_ops) { 909 struct netlink_dump_control c = { 910 .module = family->module, 911 .data = &ctx, 912 .start = genl_start, 913 .dump = genl_lock_dumpit, 914 .done = genl_lock_done, 915 .extack = extack, 916 }; 917 918 genl_unlock(); 919 err = __netlink_dump_start(net->genl_sock, skb, nlh, &c); 920 genl_lock(); 921 } else { 922 struct netlink_dump_control c = { 923 .module = family->module, 924 .data = &ctx, 925 .start = genl_start, 926 .dump = ops->dumpit, 927 .done = genl_parallel_done, 928 .extack = extack, 929 }; 930 931 err = __netlink_dump_start(net->genl_sock, skb, nlh, &c); 932 } 933 934 return err; 935 } 936 937 static int genl_family_rcv_msg_doit(const struct genl_family *family, 938 struct sk_buff *skb, 939 struct nlmsghdr *nlh, 940 struct netlink_ext_ack *extack, 941 const struct genl_split_ops *ops, 942 int hdrlen, struct net *net) 943 { 944 struct nlattr **attrbuf; 945 struct genl_info info; 946 int err; 947 948 attrbuf = genl_family_rcv_msg_attrs_parse(family, nlh, extack, 949 ops, hdrlen, 950 GENL_DONT_VALIDATE_STRICT); 951 if (IS_ERR(attrbuf)) 952 return PTR_ERR(attrbuf); 953 954 info.snd_seq = nlh->nlmsg_seq; 955 info.snd_portid = NETLINK_CB(skb).portid; 956 info.nlhdr = nlh; 957 info.genlhdr = nlmsg_data(nlh); 958 info.userhdr = nlmsg_data(nlh) + GENL_HDRLEN; 959 info.attrs = attrbuf; 960 info.extack = extack; 961 genl_info_net_set(&info, net); 962 memset(&info.user_ptr, 0, sizeof(info.user_ptr)); 963 964 if (ops->pre_doit) { 965 err = ops->pre_doit(ops, skb, &info); 966 if (err) 967 goto out; 968 } 969 970 err = ops->doit(skb, &info); 971 972 if (ops->post_doit) 973 ops->post_doit(ops, skb, &info); 974 975 out: 976 genl_family_rcv_msg_attrs_free(attrbuf); 977 978 return err; 979 } 980 981 static int genl_header_check(const struct genl_family *family, 982 struct nlmsghdr *nlh, struct genlmsghdr *hdr, 983 struct netlink_ext_ack *extack) 984 { 985 u16 flags; 986 987 /* Only for commands added after we started validating */ 988 if (hdr->cmd < family->resv_start_op) 989 return 0; 990 991 if (hdr->reserved) { 992 NL_SET_ERR_MSG(extack, "genlmsghdr.reserved field is not 0"); 993 return -EINVAL; 994 } 995 996 /* Old netlink flags have pretty loose semantics, allow only the flags 997 * consumed by the core where we can enforce the meaning. 998 */ 999 flags = nlh->nlmsg_flags; 1000 if ((flags & NLM_F_DUMP) == NLM_F_DUMP) /* DUMP is 2 bits */ 1001 flags &= ~NLM_F_DUMP; 1002 if (flags & ~(NLM_F_REQUEST | NLM_F_ACK | NLM_F_ECHO)) { 1003 NL_SET_ERR_MSG(extack, 1004 "ambiguous or reserved bits set in nlmsg_flags"); 1005 return -EINVAL; 1006 } 1007 1008 return 0; 1009 } 1010 1011 static int genl_family_rcv_msg(const struct genl_family *family, 1012 struct sk_buff *skb, 1013 struct nlmsghdr *nlh, 1014 struct netlink_ext_ack *extack) 1015 { 1016 struct net *net = sock_net(skb->sk); 1017 struct genlmsghdr *hdr = nlmsg_data(nlh); 1018 struct genl_split_ops op; 1019 int hdrlen; 1020 u8 flags; 1021 1022 /* this family doesn't exist in this netns */ 1023 if (!family->netnsok && !net_eq(net, &init_net)) 1024 return -ENOENT; 1025 1026 hdrlen = GENL_HDRLEN + family->hdrsize; 1027 if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) 1028 return -EINVAL; 1029 1030 if (genl_header_check(family, nlh, hdr, extack)) 1031 return -EINVAL; 1032 1033 flags = (nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP ? 1034 GENL_CMD_CAP_DUMP : GENL_CMD_CAP_DO; 1035 if (genl_get_cmd(hdr->cmd, flags, family, &op)) 1036 return -EOPNOTSUPP; 1037 1038 if ((op.flags & GENL_ADMIN_PERM) && 1039 !netlink_capable(skb, CAP_NET_ADMIN)) 1040 return -EPERM; 1041 1042 if ((op.flags & GENL_UNS_ADMIN_PERM) && 1043 !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) 1044 return -EPERM; 1045 1046 if (flags & GENL_CMD_CAP_DUMP) 1047 return genl_family_rcv_msg_dumpit(family, skb, nlh, extack, 1048 &op, hdrlen, net); 1049 else 1050 return genl_family_rcv_msg_doit(family, skb, nlh, extack, 1051 &op, hdrlen, net); 1052 } 1053 1054 static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, 1055 struct netlink_ext_ack *extack) 1056 { 1057 const struct genl_family *family; 1058 int err; 1059 1060 family = genl_family_find_byid(nlh->nlmsg_type); 1061 if (family == NULL) 1062 return -ENOENT; 1063 1064 if (!family->parallel_ops) 1065 genl_lock(); 1066 1067 err = genl_family_rcv_msg(family, skb, nlh, extack); 1068 1069 if (!family->parallel_ops) 1070 genl_unlock(); 1071 1072 return err; 1073 } 1074 1075 static void genl_rcv(struct sk_buff *skb) 1076 { 1077 down_read(&cb_lock); 1078 netlink_rcv_skb(skb, &genl_rcv_msg); 1079 up_read(&cb_lock); 1080 } 1081 1082 /************************************************************************** 1083 * Controller 1084 **************************************************************************/ 1085 1086 static struct genl_family genl_ctrl; 1087 1088 static int ctrl_fill_info(const struct genl_family *family, u32 portid, u32 seq, 1089 u32 flags, struct sk_buff *skb, u8 cmd) 1090 { 1091 struct genl_op_iter i; 1092 void *hdr; 1093 1094 hdr = genlmsg_put(skb, portid, seq, &genl_ctrl, flags, cmd); 1095 if (hdr == NULL) 1096 return -1; 1097 1098 if (nla_put_string(skb, CTRL_ATTR_FAMILY_NAME, family->name) || 1099 nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, family->id) || 1100 nla_put_u32(skb, CTRL_ATTR_VERSION, family->version) || 1101 nla_put_u32(skb, CTRL_ATTR_HDRSIZE, family->hdrsize) || 1102 nla_put_u32(skb, CTRL_ATTR_MAXATTR, family->maxattr)) 1103 goto nla_put_failure; 1104 1105 if (genl_op_iter_init(family, &i)) { 1106 struct nlattr *nla_ops; 1107 1108 nla_ops = nla_nest_start_noflag(skb, CTRL_ATTR_OPS); 1109 if (nla_ops == NULL) 1110 goto nla_put_failure; 1111 1112 while (genl_op_iter_next(&i)) { 1113 struct nlattr *nest; 1114 u32 op_flags; 1115 1116 op_flags = i.flags; 1117 if (i.doit.policy || i.dumpit.policy) 1118 op_flags |= GENL_CMD_CAP_HASPOL; 1119 1120 nest = nla_nest_start_noflag(skb, genl_op_iter_idx(&i)); 1121 if (nest == NULL) 1122 goto nla_put_failure; 1123 1124 if (nla_put_u32(skb, CTRL_ATTR_OP_ID, i.cmd) || 1125 nla_put_u32(skb, CTRL_ATTR_OP_FLAGS, op_flags)) 1126 goto nla_put_failure; 1127 1128 nla_nest_end(skb, nest); 1129 } 1130 1131 nla_nest_end(skb, nla_ops); 1132 } 1133 1134 if (family->n_mcgrps) { 1135 struct nlattr *nla_grps; 1136 int i; 1137 1138 nla_grps = nla_nest_start_noflag(skb, CTRL_ATTR_MCAST_GROUPS); 1139 if (nla_grps == NULL) 1140 goto nla_put_failure; 1141 1142 for (i = 0; i < family->n_mcgrps; i++) { 1143 struct nlattr *nest; 1144 const struct genl_multicast_group *grp; 1145 1146 grp = &family->mcgrps[i]; 1147 1148 nest = nla_nest_start_noflag(skb, i + 1); 1149 if (nest == NULL) 1150 goto nla_put_failure; 1151 1152 if (nla_put_u32(skb, CTRL_ATTR_MCAST_GRP_ID, 1153 family->mcgrp_offset + i) || 1154 nla_put_string(skb, CTRL_ATTR_MCAST_GRP_NAME, 1155 grp->name)) 1156 goto nla_put_failure; 1157 1158 nla_nest_end(skb, nest); 1159 } 1160 nla_nest_end(skb, nla_grps); 1161 } 1162 1163 genlmsg_end(skb, hdr); 1164 return 0; 1165 1166 nla_put_failure: 1167 genlmsg_cancel(skb, hdr); 1168 return -EMSGSIZE; 1169 } 1170 1171 static int ctrl_fill_mcgrp_info(const struct genl_family *family, 1172 const struct genl_multicast_group *grp, 1173 int grp_id, u32 portid, u32 seq, u32 flags, 1174 struct sk_buff *skb, u8 cmd) 1175 { 1176 void *hdr; 1177 struct nlattr *nla_grps; 1178 struct nlattr *nest; 1179 1180 hdr = genlmsg_put(skb, portid, seq, &genl_ctrl, flags, cmd); 1181 if (hdr == NULL) 1182 return -1; 1183 1184 if (nla_put_string(skb, CTRL_ATTR_FAMILY_NAME, family->name) || 1185 nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, family->id)) 1186 goto nla_put_failure; 1187 1188 nla_grps = nla_nest_start_noflag(skb, CTRL_ATTR_MCAST_GROUPS); 1189 if (nla_grps == NULL) 1190 goto nla_put_failure; 1191 1192 nest = nla_nest_start_noflag(skb, 1); 1193 if (nest == NULL) 1194 goto nla_put_failure; 1195 1196 if (nla_put_u32(skb, CTRL_ATTR_MCAST_GRP_ID, grp_id) || 1197 nla_put_string(skb, CTRL_ATTR_MCAST_GRP_NAME, 1198 grp->name)) 1199 goto nla_put_failure; 1200 1201 nla_nest_end(skb, nest); 1202 nla_nest_end(skb, nla_grps); 1203 1204 genlmsg_end(skb, hdr); 1205 return 0; 1206 1207 nla_put_failure: 1208 genlmsg_cancel(skb, hdr); 1209 return -EMSGSIZE; 1210 } 1211 1212 static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb) 1213 { 1214 int n = 0; 1215 struct genl_family *rt; 1216 struct net *net = sock_net(skb->sk); 1217 int fams_to_skip = cb->args[0]; 1218 unsigned int id; 1219 1220 idr_for_each_entry(&genl_fam_idr, rt, id) { 1221 if (!rt->netnsok && !net_eq(net, &init_net)) 1222 continue; 1223 1224 if (n++ < fams_to_skip) 1225 continue; 1226 1227 if (ctrl_fill_info(rt, NETLINK_CB(cb->skb).portid, 1228 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1229 skb, CTRL_CMD_NEWFAMILY) < 0) { 1230 n--; 1231 break; 1232 } 1233 } 1234 1235 cb->args[0] = n; 1236 return skb->len; 1237 } 1238 1239 static struct sk_buff *ctrl_build_family_msg(const struct genl_family *family, 1240 u32 portid, int seq, u8 cmd) 1241 { 1242 struct sk_buff *skb; 1243 int err; 1244 1245 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1246 if (skb == NULL) 1247 return ERR_PTR(-ENOBUFS); 1248 1249 err = ctrl_fill_info(family, portid, seq, 0, skb, cmd); 1250 if (err < 0) { 1251 nlmsg_free(skb); 1252 return ERR_PTR(err); 1253 } 1254 1255 return skb; 1256 } 1257 1258 static struct sk_buff * 1259 ctrl_build_mcgrp_msg(const struct genl_family *family, 1260 const struct genl_multicast_group *grp, 1261 int grp_id, u32 portid, int seq, u8 cmd) 1262 { 1263 struct sk_buff *skb; 1264 int err; 1265 1266 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1267 if (skb == NULL) 1268 return ERR_PTR(-ENOBUFS); 1269 1270 err = ctrl_fill_mcgrp_info(family, grp, grp_id, portid, 1271 seq, 0, skb, cmd); 1272 if (err < 0) { 1273 nlmsg_free(skb); 1274 return ERR_PTR(err); 1275 } 1276 1277 return skb; 1278 } 1279 1280 static const struct nla_policy ctrl_policy_family[] = { 1281 [CTRL_ATTR_FAMILY_ID] = { .type = NLA_U16 }, 1282 [CTRL_ATTR_FAMILY_NAME] = { .type = NLA_NUL_STRING, 1283 .len = GENL_NAMSIZ - 1 }, 1284 }; 1285 1286 static int ctrl_getfamily(struct sk_buff *skb, struct genl_info *info) 1287 { 1288 struct sk_buff *msg; 1289 const struct genl_family *res = NULL; 1290 int err = -EINVAL; 1291 1292 if (info->attrs[CTRL_ATTR_FAMILY_ID]) { 1293 u16 id = nla_get_u16(info->attrs[CTRL_ATTR_FAMILY_ID]); 1294 res = genl_family_find_byid(id); 1295 err = -ENOENT; 1296 } 1297 1298 if (info->attrs[CTRL_ATTR_FAMILY_NAME]) { 1299 char *name; 1300 1301 name = nla_data(info->attrs[CTRL_ATTR_FAMILY_NAME]); 1302 res = genl_family_find_byname(name); 1303 #ifdef CONFIG_MODULES 1304 if (res == NULL) { 1305 genl_unlock(); 1306 up_read(&cb_lock); 1307 request_module("net-pf-%d-proto-%d-family-%s", 1308 PF_NETLINK, NETLINK_GENERIC, name); 1309 down_read(&cb_lock); 1310 genl_lock(); 1311 res = genl_family_find_byname(name); 1312 } 1313 #endif 1314 err = -ENOENT; 1315 } 1316 1317 if (res == NULL) 1318 return err; 1319 1320 if (!res->netnsok && !net_eq(genl_info_net(info), &init_net)) { 1321 /* family doesn't exist here */ 1322 return -ENOENT; 1323 } 1324 1325 msg = ctrl_build_family_msg(res, info->snd_portid, info->snd_seq, 1326 CTRL_CMD_NEWFAMILY); 1327 if (IS_ERR(msg)) 1328 return PTR_ERR(msg); 1329 1330 return genlmsg_reply(msg, info); 1331 } 1332 1333 static int genl_ctrl_event(int event, const struct genl_family *family, 1334 const struct genl_multicast_group *grp, 1335 int grp_id) 1336 { 1337 struct sk_buff *msg; 1338 1339 /* genl is still initialising */ 1340 if (!init_net.genl_sock) 1341 return 0; 1342 1343 switch (event) { 1344 case CTRL_CMD_NEWFAMILY: 1345 case CTRL_CMD_DELFAMILY: 1346 WARN_ON(grp); 1347 msg = ctrl_build_family_msg(family, 0, 0, event); 1348 break; 1349 case CTRL_CMD_NEWMCAST_GRP: 1350 case CTRL_CMD_DELMCAST_GRP: 1351 BUG_ON(!grp); 1352 msg = ctrl_build_mcgrp_msg(family, grp, grp_id, 0, 0, event); 1353 break; 1354 default: 1355 return -EINVAL; 1356 } 1357 1358 if (IS_ERR(msg)) 1359 return PTR_ERR(msg); 1360 1361 if (!family->netnsok) { 1362 genlmsg_multicast_netns(&genl_ctrl, &init_net, msg, 0, 1363 0, GFP_KERNEL); 1364 } else { 1365 rcu_read_lock(); 1366 genlmsg_multicast_allns(&genl_ctrl, msg, 0, 1367 0, GFP_ATOMIC); 1368 rcu_read_unlock(); 1369 } 1370 1371 return 0; 1372 } 1373 1374 struct ctrl_dump_policy_ctx { 1375 struct netlink_policy_dump_state *state; 1376 const struct genl_family *rt; 1377 struct genl_op_iter *op_iter; 1378 u32 op; 1379 u16 fam_id; 1380 u8 dump_map:1, 1381 single_op:1; 1382 }; 1383 1384 static const struct nla_policy ctrl_policy_policy[] = { 1385 [CTRL_ATTR_FAMILY_ID] = { .type = NLA_U16 }, 1386 [CTRL_ATTR_FAMILY_NAME] = { .type = NLA_NUL_STRING, 1387 .len = GENL_NAMSIZ - 1 }, 1388 [CTRL_ATTR_OP] = { .type = NLA_U32 }, 1389 }; 1390 1391 static int ctrl_dumppolicy_start(struct netlink_callback *cb) 1392 { 1393 const struct genl_dumpit_info *info = genl_dumpit_info(cb); 1394 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1395 struct nlattr **tb = info->attrs; 1396 const struct genl_family *rt; 1397 struct genl_op_iter i; 1398 int err; 1399 1400 BUILD_BUG_ON(sizeof(*ctx) > sizeof(cb->ctx)); 1401 1402 if (!tb[CTRL_ATTR_FAMILY_ID] && !tb[CTRL_ATTR_FAMILY_NAME]) 1403 return -EINVAL; 1404 1405 if (tb[CTRL_ATTR_FAMILY_ID]) { 1406 ctx->fam_id = nla_get_u16(tb[CTRL_ATTR_FAMILY_ID]); 1407 } else { 1408 rt = genl_family_find_byname( 1409 nla_data(tb[CTRL_ATTR_FAMILY_NAME])); 1410 if (!rt) 1411 return -ENOENT; 1412 ctx->fam_id = rt->id; 1413 } 1414 1415 rt = genl_family_find_byid(ctx->fam_id); 1416 if (!rt) 1417 return -ENOENT; 1418 1419 ctx->rt = rt; 1420 1421 if (tb[CTRL_ATTR_OP]) { 1422 struct genl_split_ops doit, dump; 1423 1424 ctx->single_op = true; 1425 ctx->op = nla_get_u32(tb[CTRL_ATTR_OP]); 1426 1427 err = genl_get_cmd_both(ctx->op, rt, &doit, &dump); 1428 if (err) { 1429 NL_SET_BAD_ATTR(cb->extack, tb[CTRL_ATTR_OP]); 1430 return err; 1431 } 1432 1433 if (doit.policy) { 1434 err = netlink_policy_dump_add_policy(&ctx->state, 1435 doit.policy, 1436 doit.maxattr); 1437 if (err) 1438 goto err_free_state; 1439 } 1440 if (dump.policy) { 1441 err = netlink_policy_dump_add_policy(&ctx->state, 1442 dump.policy, 1443 dump.maxattr); 1444 if (err) 1445 goto err_free_state; 1446 } 1447 1448 if (!ctx->state) 1449 return -ENODATA; 1450 1451 ctx->dump_map = 1; 1452 return 0; 1453 } 1454 1455 ctx->op_iter = kmalloc(sizeof(*ctx->op_iter), GFP_KERNEL); 1456 if (!ctx->op_iter) 1457 return -ENOMEM; 1458 1459 genl_op_iter_init(rt, ctx->op_iter); 1460 ctx->dump_map = genl_op_iter_next(ctx->op_iter); 1461 1462 for (genl_op_iter_init(rt, &i); genl_op_iter_next(&i); ) { 1463 if (i.doit.policy) { 1464 err = netlink_policy_dump_add_policy(&ctx->state, 1465 i.doit.policy, 1466 i.doit.maxattr); 1467 if (err) 1468 goto err_free_state; 1469 } 1470 if (i.dumpit.policy) { 1471 err = netlink_policy_dump_add_policy(&ctx->state, 1472 i.dumpit.policy, 1473 i.dumpit.maxattr); 1474 if (err) 1475 goto err_free_state; 1476 } 1477 } 1478 1479 if (!ctx->state) { 1480 err = -ENODATA; 1481 goto err_free_op_iter; 1482 } 1483 return 0; 1484 1485 err_free_state: 1486 netlink_policy_dump_free(ctx->state); 1487 err_free_op_iter: 1488 kfree(ctx->op_iter); 1489 return err; 1490 } 1491 1492 static void *ctrl_dumppolicy_prep(struct sk_buff *skb, 1493 struct netlink_callback *cb) 1494 { 1495 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1496 void *hdr; 1497 1498 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, 1499 cb->nlh->nlmsg_seq, &genl_ctrl, 1500 NLM_F_MULTI, CTRL_CMD_GETPOLICY); 1501 if (!hdr) 1502 return NULL; 1503 1504 if (nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, ctx->fam_id)) 1505 return NULL; 1506 1507 return hdr; 1508 } 1509 1510 static int ctrl_dumppolicy_put_op(struct sk_buff *skb, 1511 struct netlink_callback *cb, 1512 struct genl_split_ops *doit, 1513 struct genl_split_ops *dumpit) 1514 { 1515 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1516 struct nlattr *nest_pol, *nest_op; 1517 void *hdr; 1518 int idx; 1519 1520 /* skip if we have nothing to show */ 1521 if (!doit->policy && !dumpit->policy) 1522 return 0; 1523 1524 hdr = ctrl_dumppolicy_prep(skb, cb); 1525 if (!hdr) 1526 return -ENOBUFS; 1527 1528 nest_pol = nla_nest_start(skb, CTRL_ATTR_OP_POLICY); 1529 if (!nest_pol) 1530 goto err; 1531 1532 nest_op = nla_nest_start(skb, doit->cmd); 1533 if (!nest_op) 1534 goto err; 1535 1536 if (doit->policy) { 1537 idx = netlink_policy_dump_get_policy_idx(ctx->state, 1538 doit->policy, 1539 doit->maxattr); 1540 1541 if (nla_put_u32(skb, CTRL_ATTR_POLICY_DO, idx)) 1542 goto err; 1543 } 1544 if (dumpit->policy) { 1545 idx = netlink_policy_dump_get_policy_idx(ctx->state, 1546 dumpit->policy, 1547 dumpit->maxattr); 1548 1549 if (nla_put_u32(skb, CTRL_ATTR_POLICY_DUMP, idx)) 1550 goto err; 1551 } 1552 1553 nla_nest_end(skb, nest_op); 1554 nla_nest_end(skb, nest_pol); 1555 genlmsg_end(skb, hdr); 1556 1557 return 0; 1558 err: 1559 genlmsg_cancel(skb, hdr); 1560 return -ENOBUFS; 1561 } 1562 1563 static int ctrl_dumppolicy(struct sk_buff *skb, struct netlink_callback *cb) 1564 { 1565 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1566 void *hdr; 1567 1568 if (ctx->dump_map) { 1569 if (ctx->single_op) { 1570 struct genl_split_ops doit, dumpit; 1571 1572 if (WARN_ON(genl_get_cmd_both(ctx->op, ctx->rt, 1573 &doit, &dumpit))) 1574 return -ENOENT; 1575 1576 if (ctrl_dumppolicy_put_op(skb, cb, &doit, &dumpit)) 1577 return skb->len; 1578 1579 /* done with the per-op policy index list */ 1580 ctx->dump_map = 0; 1581 } 1582 1583 while (ctx->dump_map) { 1584 if (ctrl_dumppolicy_put_op(skb, cb, 1585 &ctx->op_iter->doit, 1586 &ctx->op_iter->dumpit)) 1587 return skb->len; 1588 1589 ctx->dump_map = genl_op_iter_next(ctx->op_iter); 1590 } 1591 } 1592 1593 while (netlink_policy_dump_loop(ctx->state)) { 1594 struct nlattr *nest; 1595 1596 hdr = ctrl_dumppolicy_prep(skb, cb); 1597 if (!hdr) 1598 goto nla_put_failure; 1599 1600 nest = nla_nest_start(skb, CTRL_ATTR_POLICY); 1601 if (!nest) 1602 goto nla_put_failure; 1603 1604 if (netlink_policy_dump_write(skb, ctx->state)) 1605 goto nla_put_failure; 1606 1607 nla_nest_end(skb, nest); 1608 1609 genlmsg_end(skb, hdr); 1610 } 1611 1612 return skb->len; 1613 1614 nla_put_failure: 1615 genlmsg_cancel(skb, hdr); 1616 return skb->len; 1617 } 1618 1619 static int ctrl_dumppolicy_done(struct netlink_callback *cb) 1620 { 1621 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1622 1623 kfree(ctx->op_iter); 1624 netlink_policy_dump_free(ctx->state); 1625 return 0; 1626 } 1627 1628 static const struct genl_split_ops genl_ctrl_ops[] = { 1629 { 1630 .cmd = CTRL_CMD_GETFAMILY, 1631 .validate = GENL_DONT_VALIDATE_STRICT, 1632 .policy = ctrl_policy_family, 1633 .maxattr = ARRAY_SIZE(ctrl_policy_family) - 1, 1634 .doit = ctrl_getfamily, 1635 .flags = GENL_CMD_CAP_DO, 1636 }, 1637 { 1638 .cmd = CTRL_CMD_GETFAMILY, 1639 .validate = GENL_DONT_VALIDATE_DUMP, 1640 .policy = ctrl_policy_family, 1641 .maxattr = ARRAY_SIZE(ctrl_policy_family) - 1, 1642 .dumpit = ctrl_dumpfamily, 1643 .flags = GENL_CMD_CAP_DUMP, 1644 }, 1645 { 1646 .cmd = CTRL_CMD_GETPOLICY, 1647 .policy = ctrl_policy_policy, 1648 .maxattr = ARRAY_SIZE(ctrl_policy_policy) - 1, 1649 .start = ctrl_dumppolicy_start, 1650 .dumpit = ctrl_dumppolicy, 1651 .done = ctrl_dumppolicy_done, 1652 .flags = GENL_CMD_CAP_DUMP, 1653 }, 1654 }; 1655 1656 static const struct genl_multicast_group genl_ctrl_groups[] = { 1657 { .name = "notify", }, 1658 }; 1659 1660 static struct genl_family genl_ctrl __ro_after_init = { 1661 .module = THIS_MODULE, 1662 .split_ops = genl_ctrl_ops, 1663 .n_split_ops = ARRAY_SIZE(genl_ctrl_ops), 1664 .resv_start_op = CTRL_CMD_GETPOLICY + 1, 1665 .mcgrps = genl_ctrl_groups, 1666 .n_mcgrps = ARRAY_SIZE(genl_ctrl_groups), 1667 .id = GENL_ID_CTRL, 1668 .name = "nlctrl", 1669 .version = 0x2, 1670 .netnsok = true, 1671 }; 1672 1673 static int genl_bind(struct net *net, int group) 1674 { 1675 const struct genl_family *family; 1676 unsigned int id; 1677 int ret = 0; 1678 1679 down_read(&cb_lock); 1680 1681 idr_for_each_entry(&genl_fam_idr, family, id) { 1682 const struct genl_multicast_group *grp; 1683 int i; 1684 1685 if (family->n_mcgrps == 0) 1686 continue; 1687 1688 i = group - family->mcgrp_offset; 1689 if (i < 0 || i >= family->n_mcgrps) 1690 continue; 1691 1692 grp = &family->mcgrps[i]; 1693 if ((grp->flags & GENL_UNS_ADMIN_PERM) && 1694 !ns_capable(net->user_ns, CAP_NET_ADMIN)) 1695 ret = -EPERM; 1696 1697 break; 1698 } 1699 1700 up_read(&cb_lock); 1701 return ret; 1702 } 1703 1704 static int __net_init genl_pernet_init(struct net *net) 1705 { 1706 struct netlink_kernel_cfg cfg = { 1707 .input = genl_rcv, 1708 .flags = NL_CFG_F_NONROOT_RECV, 1709 .bind = genl_bind, 1710 }; 1711 1712 /* we'll bump the group number right afterwards */ 1713 net->genl_sock = netlink_kernel_create(net, NETLINK_GENERIC, &cfg); 1714 1715 if (!net->genl_sock && net_eq(net, &init_net)) 1716 panic("GENL: Cannot initialize generic netlink\n"); 1717 1718 if (!net->genl_sock) 1719 return -ENOMEM; 1720 1721 return 0; 1722 } 1723 1724 static void __net_exit genl_pernet_exit(struct net *net) 1725 { 1726 netlink_kernel_release(net->genl_sock); 1727 net->genl_sock = NULL; 1728 } 1729 1730 static struct pernet_operations genl_pernet_ops = { 1731 .init = genl_pernet_init, 1732 .exit = genl_pernet_exit, 1733 }; 1734 1735 static int __init genl_init(void) 1736 { 1737 int err; 1738 1739 err = genl_register_family(&genl_ctrl); 1740 if (err < 0) 1741 goto problem; 1742 1743 err = register_pernet_subsys(&genl_pernet_ops); 1744 if (err) 1745 goto problem; 1746 1747 return 0; 1748 1749 problem: 1750 panic("GENL: Cannot register controller: %d\n", err); 1751 } 1752 1753 core_initcall(genl_init); 1754 1755 static int genlmsg_mcast(struct sk_buff *skb, u32 portid, unsigned long group, 1756 gfp_t flags) 1757 { 1758 struct sk_buff *tmp; 1759 struct net *net, *prev = NULL; 1760 bool delivered = false; 1761 int err; 1762 1763 for_each_net_rcu(net) { 1764 if (prev) { 1765 tmp = skb_clone(skb, flags); 1766 if (!tmp) { 1767 err = -ENOMEM; 1768 goto error; 1769 } 1770 err = nlmsg_multicast(prev->genl_sock, tmp, 1771 portid, group, flags); 1772 if (!err) 1773 delivered = true; 1774 else if (err != -ESRCH) 1775 goto error; 1776 } 1777 1778 prev = net; 1779 } 1780 1781 err = nlmsg_multicast(prev->genl_sock, skb, portid, group, flags); 1782 if (!err) 1783 delivered = true; 1784 else if (err != -ESRCH) 1785 return err; 1786 return delivered ? 0 : -ESRCH; 1787 error: 1788 kfree_skb(skb); 1789 return err; 1790 } 1791 1792 int genlmsg_multicast_allns(const struct genl_family *family, 1793 struct sk_buff *skb, u32 portid, 1794 unsigned int group, gfp_t flags) 1795 { 1796 if (WARN_ON_ONCE(group >= family->n_mcgrps)) 1797 return -EINVAL; 1798 1799 group = family->mcgrp_offset + group; 1800 return genlmsg_mcast(skb, portid, group, flags); 1801 } 1802 EXPORT_SYMBOL(genlmsg_multicast_allns); 1803 1804 void genl_notify(const struct genl_family *family, struct sk_buff *skb, 1805 struct genl_info *info, u32 group, gfp_t flags) 1806 { 1807 struct net *net = genl_info_net(info); 1808 struct sock *sk = net->genl_sock; 1809 1810 if (WARN_ON_ONCE(group >= family->n_mcgrps)) 1811 return; 1812 1813 group = family->mcgrp_offset + group; 1814 nlmsg_notify(sk, skb, info->snd_portid, group, 1815 nlmsg_report(info->nlhdr), flags); 1816 } 1817 EXPORT_SYMBOL(genl_notify); 1818