1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * NETLINK Generic Netlink Family 4 * 5 * Authors: Jamal Hadi Salim 6 * Thomas Graf <tgraf@suug.ch> 7 * Johannes Berg <johannes@sipsolutions.net> 8 */ 9 10 #include <linux/module.h> 11 #include <linux/kernel.h> 12 #include <linux/slab.h> 13 #include <linux/errno.h> 14 #include <linux/types.h> 15 #include <linux/socket.h> 16 #include <linux/string.h> 17 #include <linux/skbuff.h> 18 #include <linux/mutex.h> 19 #include <linux/bitmap.h> 20 #include <linux/rwsem.h> 21 #include <linux/idr.h> 22 #include <net/sock.h> 23 #include <net/genetlink.h> 24 25 static DEFINE_MUTEX(genl_mutex); /* serialization of message processing */ 26 static DECLARE_RWSEM(cb_lock); 27 28 atomic_t genl_sk_destructing_cnt = ATOMIC_INIT(0); 29 DECLARE_WAIT_QUEUE_HEAD(genl_sk_destructing_waitq); 30 31 void genl_lock(void) 32 { 33 mutex_lock(&genl_mutex); 34 } 35 EXPORT_SYMBOL(genl_lock); 36 37 void genl_unlock(void) 38 { 39 mutex_unlock(&genl_mutex); 40 } 41 EXPORT_SYMBOL(genl_unlock); 42 43 static void genl_lock_all(void) 44 { 45 down_write(&cb_lock); 46 genl_lock(); 47 } 48 49 static void genl_unlock_all(void) 50 { 51 genl_unlock(); 52 up_write(&cb_lock); 53 } 54 55 static DEFINE_IDR(genl_fam_idr); 56 57 /* 58 * Bitmap of multicast groups that are currently in use. 59 * 60 * To avoid an allocation at boot of just one unsigned long, 61 * declare it global instead. 62 * Bit 0 is marked as already used since group 0 is invalid. 63 * Bit 1 is marked as already used since the drop-monitor code 64 * abuses the API and thinks it can statically use group 1. 65 * That group will typically conflict with other groups that 66 * any proper users use. 67 * Bit 16 is marked as used since it's used for generic netlink 68 * and the code no longer marks pre-reserved IDs as used. 69 * Bit 17 is marked as already used since the VFS quota code 70 * also abused this API and relied on family == group ID, we 71 * cater to that by giving it a static family and group ID. 72 * Bit 18 is marked as already used since the PMCRAID driver 73 * did the same thing as the VFS quota code (maybe copied?) 74 */ 75 static unsigned long mc_group_start = 0x3 | BIT(GENL_ID_CTRL) | 76 BIT(GENL_ID_VFS_DQUOT) | 77 BIT(GENL_ID_PMCRAID); 78 static unsigned long *mc_groups = &mc_group_start; 79 static unsigned long mc_groups_longs = 1; 80 81 /* We need the last attribute with non-zero ID therefore a 2-entry array */ 82 static struct nla_policy genl_policy_reject_all[] = { 83 { .type = NLA_REJECT }, 84 { .type = NLA_REJECT }, 85 }; 86 87 static int genl_ctrl_event(int event, const struct genl_family *family, 88 const struct genl_multicast_group *grp, 89 int grp_id); 90 91 static void 92 genl_op_fill_in_reject_policy(const struct genl_family *family, 93 struct genl_ops *op) 94 { 95 BUILD_BUG_ON(ARRAY_SIZE(genl_policy_reject_all) - 1 != 1); 96 97 if (op->policy || op->cmd < family->resv_start_op) 98 return; 99 100 op->policy = genl_policy_reject_all; 101 op->maxattr = 1; 102 } 103 104 static void 105 genl_op_fill_in_reject_policy_split(const struct genl_family *family, 106 struct genl_split_ops *op) 107 { 108 if (op->policy) 109 return; 110 111 op->policy = genl_policy_reject_all; 112 op->maxattr = 1; 113 } 114 115 static const struct genl_family *genl_family_find_byid(unsigned int id) 116 { 117 return idr_find(&genl_fam_idr, id); 118 } 119 120 static const struct genl_family *genl_family_find_byname(char *name) 121 { 122 const struct genl_family *family; 123 unsigned int id; 124 125 idr_for_each_entry(&genl_fam_idr, family, id) 126 if (strcmp(family->name, name) == 0) 127 return family; 128 129 return NULL; 130 } 131 132 struct genl_op_iter { 133 const struct genl_family *family; 134 struct genl_split_ops doit; 135 struct genl_split_ops dumpit; 136 int cmd_idx; 137 int entry_idx; 138 u32 cmd; 139 u8 flags; 140 }; 141 142 static void genl_op_from_full(const struct genl_family *family, 143 unsigned int i, struct genl_ops *op) 144 { 145 *op = family->ops[i]; 146 147 if (!op->maxattr) 148 op->maxattr = family->maxattr; 149 if (!op->policy) 150 op->policy = family->policy; 151 152 genl_op_fill_in_reject_policy(family, op); 153 } 154 155 static int genl_get_cmd_full(u32 cmd, const struct genl_family *family, 156 struct genl_ops *op) 157 { 158 int i; 159 160 for (i = 0; i < family->n_ops; i++) 161 if (family->ops[i].cmd == cmd) { 162 genl_op_from_full(family, i, op); 163 return 0; 164 } 165 166 return -ENOENT; 167 } 168 169 static void genl_op_from_small(const struct genl_family *family, 170 unsigned int i, struct genl_ops *op) 171 { 172 memset(op, 0, sizeof(*op)); 173 op->doit = family->small_ops[i].doit; 174 op->dumpit = family->small_ops[i].dumpit; 175 op->cmd = family->small_ops[i].cmd; 176 op->internal_flags = family->small_ops[i].internal_flags; 177 op->flags = family->small_ops[i].flags; 178 op->validate = family->small_ops[i].validate; 179 180 op->maxattr = family->maxattr; 181 op->policy = family->policy; 182 183 genl_op_fill_in_reject_policy(family, op); 184 } 185 186 static int genl_get_cmd_small(u32 cmd, const struct genl_family *family, 187 struct genl_ops *op) 188 { 189 int i; 190 191 for (i = 0; i < family->n_small_ops; i++) 192 if (family->small_ops[i].cmd == cmd) { 193 genl_op_from_small(family, i, op); 194 return 0; 195 } 196 197 return -ENOENT; 198 } 199 200 static void genl_op_from_split(struct genl_op_iter *iter) 201 { 202 const struct genl_family *family = iter->family; 203 int i, cnt = 0; 204 205 i = iter->entry_idx - family->n_ops - family->n_small_ops; 206 207 if (family->split_ops[i + cnt].flags & GENL_CMD_CAP_DO) { 208 iter->doit = family->split_ops[i + cnt]; 209 genl_op_fill_in_reject_policy_split(family, &iter->doit); 210 cnt++; 211 } else { 212 memset(&iter->doit, 0, sizeof(iter->doit)); 213 } 214 215 if (i + cnt < family->n_split_ops && 216 family->split_ops[i + cnt].flags & GENL_CMD_CAP_DUMP) { 217 iter->dumpit = family->split_ops[i + cnt]; 218 genl_op_fill_in_reject_policy_split(family, &iter->dumpit); 219 cnt++; 220 } else { 221 memset(&iter->dumpit, 0, sizeof(iter->dumpit)); 222 } 223 224 WARN_ON(!cnt); 225 iter->entry_idx += cnt; 226 } 227 228 static int 229 genl_get_cmd_split(u32 cmd, u8 flag, const struct genl_family *family, 230 struct genl_split_ops *op) 231 { 232 int i; 233 234 for (i = 0; i < family->n_split_ops; i++) 235 if (family->split_ops[i].cmd == cmd && 236 family->split_ops[i].flags & flag) { 237 *op = family->split_ops[i]; 238 return 0; 239 } 240 241 return -ENOENT; 242 } 243 244 static int 245 genl_cmd_full_to_split(struct genl_split_ops *op, 246 const struct genl_family *family, 247 const struct genl_ops *full, u8 flags) 248 { 249 if ((flags & GENL_CMD_CAP_DO && !full->doit) || 250 (flags & GENL_CMD_CAP_DUMP && !full->dumpit)) { 251 memset(op, 0, sizeof(*op)); 252 return -ENOENT; 253 } 254 255 if (flags & GENL_CMD_CAP_DUMP) { 256 op->start = full->start; 257 op->dumpit = full->dumpit; 258 op->done = full->done; 259 } else { 260 op->pre_doit = family->pre_doit; 261 op->doit = full->doit; 262 op->post_doit = family->post_doit; 263 } 264 265 if (flags & GENL_CMD_CAP_DUMP && 266 full->validate & GENL_DONT_VALIDATE_DUMP) { 267 op->policy = NULL; 268 op->maxattr = 0; 269 } else { 270 op->policy = full->policy; 271 op->maxattr = full->maxattr; 272 } 273 274 op->cmd = full->cmd; 275 op->internal_flags = full->internal_flags; 276 op->flags = full->flags; 277 op->validate = full->validate; 278 279 /* Make sure flags include the GENL_CMD_CAP_DO / GENL_CMD_CAP_DUMP */ 280 op->flags |= flags; 281 282 return 0; 283 } 284 285 static int 286 genl_get_cmd(u32 cmd, u8 flags, const struct genl_family *family, 287 struct genl_split_ops *op) 288 { 289 struct genl_ops full; 290 int err; 291 292 err = genl_get_cmd_full(cmd, family, &full); 293 if (err == -ENOENT) 294 err = genl_get_cmd_small(cmd, family, &full); 295 /* Found one of legacy forms */ 296 if (err == 0) 297 return genl_cmd_full_to_split(op, family, &full, flags); 298 299 err = genl_get_cmd_split(cmd, flags, family, op); 300 if (err) 301 memset(op, 0, sizeof(*op)); 302 return err; 303 } 304 305 static bool 306 genl_op_iter_init(const struct genl_family *family, struct genl_op_iter *iter) 307 { 308 iter->family = family; 309 iter->cmd_idx = 0; 310 iter->entry_idx = 0; 311 312 iter->flags = 0; 313 314 return iter->family->n_ops + 315 iter->family->n_small_ops + 316 iter->family->n_split_ops; 317 } 318 319 static bool genl_op_iter_next(struct genl_op_iter *iter) 320 { 321 const struct genl_family *family = iter->family; 322 bool legacy_op = true; 323 struct genl_ops op; 324 325 if (iter->entry_idx < family->n_ops) { 326 genl_op_from_full(family, iter->entry_idx, &op); 327 } else if (iter->entry_idx < family->n_ops + family->n_small_ops) { 328 genl_op_from_small(family, iter->entry_idx - family->n_ops, 329 &op); 330 } else if (iter->entry_idx < 331 family->n_ops + family->n_small_ops + family->n_split_ops) { 332 legacy_op = false; 333 /* updates entry_idx */ 334 genl_op_from_split(iter); 335 } else { 336 return false; 337 } 338 339 iter->cmd_idx++; 340 341 if (legacy_op) { 342 iter->entry_idx++; 343 344 genl_cmd_full_to_split(&iter->doit, family, 345 &op, GENL_CMD_CAP_DO); 346 genl_cmd_full_to_split(&iter->dumpit, family, 347 &op, GENL_CMD_CAP_DUMP); 348 } 349 350 iter->cmd = iter->doit.cmd | iter->dumpit.cmd; 351 iter->flags = iter->doit.flags | iter->dumpit.flags; 352 353 return true; 354 } 355 356 static void 357 genl_op_iter_copy(struct genl_op_iter *dst, struct genl_op_iter *src) 358 { 359 *dst = *src; 360 } 361 362 static unsigned int genl_op_iter_idx(struct genl_op_iter *iter) 363 { 364 return iter->cmd_idx; 365 } 366 367 static int genl_allocate_reserve_groups(int n_groups, int *first_id) 368 { 369 unsigned long *new_groups; 370 int start = 0; 371 int i; 372 int id; 373 bool fits; 374 375 do { 376 if (start == 0) 377 id = find_first_zero_bit(mc_groups, 378 mc_groups_longs * 379 BITS_PER_LONG); 380 else 381 id = find_next_zero_bit(mc_groups, 382 mc_groups_longs * BITS_PER_LONG, 383 start); 384 385 fits = true; 386 for (i = id; 387 i < min_t(int, id + n_groups, 388 mc_groups_longs * BITS_PER_LONG); 389 i++) { 390 if (test_bit(i, mc_groups)) { 391 start = i; 392 fits = false; 393 break; 394 } 395 } 396 397 if (id + n_groups > mc_groups_longs * BITS_PER_LONG) { 398 unsigned long new_longs = mc_groups_longs + 399 BITS_TO_LONGS(n_groups); 400 size_t nlen = new_longs * sizeof(unsigned long); 401 402 if (mc_groups == &mc_group_start) { 403 new_groups = kzalloc(nlen, GFP_KERNEL); 404 if (!new_groups) 405 return -ENOMEM; 406 mc_groups = new_groups; 407 *mc_groups = mc_group_start; 408 } else { 409 new_groups = krealloc(mc_groups, nlen, 410 GFP_KERNEL); 411 if (!new_groups) 412 return -ENOMEM; 413 mc_groups = new_groups; 414 for (i = 0; i < BITS_TO_LONGS(n_groups); i++) 415 mc_groups[mc_groups_longs + i] = 0; 416 } 417 mc_groups_longs = new_longs; 418 } 419 } while (!fits); 420 421 for (i = id; i < id + n_groups; i++) 422 set_bit(i, mc_groups); 423 *first_id = id; 424 return 0; 425 } 426 427 static struct genl_family genl_ctrl; 428 429 static int genl_validate_assign_mc_groups(struct genl_family *family) 430 { 431 int first_id; 432 int n_groups = family->n_mcgrps; 433 int err = 0, i; 434 bool groups_allocated = false; 435 436 if (!n_groups) 437 return 0; 438 439 for (i = 0; i < n_groups; i++) { 440 const struct genl_multicast_group *grp = &family->mcgrps[i]; 441 442 if (WARN_ON(grp->name[0] == '\0')) 443 return -EINVAL; 444 if (WARN_ON(memchr(grp->name, '\0', GENL_NAMSIZ) == NULL)) 445 return -EINVAL; 446 } 447 448 /* special-case our own group and hacks */ 449 if (family == &genl_ctrl) { 450 first_id = GENL_ID_CTRL; 451 BUG_ON(n_groups != 1); 452 } else if (strcmp(family->name, "NET_DM") == 0) { 453 first_id = 1; 454 BUG_ON(n_groups != 1); 455 } else if (family->id == GENL_ID_VFS_DQUOT) { 456 first_id = GENL_ID_VFS_DQUOT; 457 BUG_ON(n_groups != 1); 458 } else if (family->id == GENL_ID_PMCRAID) { 459 first_id = GENL_ID_PMCRAID; 460 BUG_ON(n_groups != 1); 461 } else { 462 groups_allocated = true; 463 err = genl_allocate_reserve_groups(n_groups, &first_id); 464 if (err) 465 return err; 466 } 467 468 family->mcgrp_offset = first_id; 469 470 /* if still initializing, can't and don't need to realloc bitmaps */ 471 if (!init_net.genl_sock) 472 return 0; 473 474 if (family->netnsok) { 475 struct net *net; 476 477 netlink_table_grab(); 478 rcu_read_lock(); 479 for_each_net_rcu(net) { 480 err = __netlink_change_ngroups(net->genl_sock, 481 mc_groups_longs * BITS_PER_LONG); 482 if (err) { 483 /* 484 * No need to roll back, can only fail if 485 * memory allocation fails and then the 486 * number of _possible_ groups has been 487 * increased on some sockets which is ok. 488 */ 489 break; 490 } 491 } 492 rcu_read_unlock(); 493 netlink_table_ungrab(); 494 } else { 495 err = netlink_change_ngroups(init_net.genl_sock, 496 mc_groups_longs * BITS_PER_LONG); 497 } 498 499 if (groups_allocated && err) { 500 for (i = 0; i < family->n_mcgrps; i++) 501 clear_bit(family->mcgrp_offset + i, mc_groups); 502 } 503 504 return err; 505 } 506 507 static void genl_unregister_mc_groups(const struct genl_family *family) 508 { 509 struct net *net; 510 int i; 511 512 netlink_table_grab(); 513 rcu_read_lock(); 514 for_each_net_rcu(net) { 515 for (i = 0; i < family->n_mcgrps; i++) 516 __netlink_clear_multicast_users( 517 net->genl_sock, family->mcgrp_offset + i); 518 } 519 rcu_read_unlock(); 520 netlink_table_ungrab(); 521 522 for (i = 0; i < family->n_mcgrps; i++) { 523 int grp_id = family->mcgrp_offset + i; 524 525 if (grp_id != 1) 526 clear_bit(grp_id, mc_groups); 527 genl_ctrl_event(CTRL_CMD_DELMCAST_GRP, family, 528 &family->mcgrps[i], grp_id); 529 } 530 } 531 532 static bool genl_split_op_check(const struct genl_split_ops *op) 533 { 534 if (WARN_ON(hweight8(op->flags & (GENL_CMD_CAP_DO | 535 GENL_CMD_CAP_DUMP)) != 1)) 536 return true; 537 return false; 538 } 539 540 static int genl_validate_ops(const struct genl_family *family) 541 { 542 struct genl_op_iter i, j; 543 unsigned int s; 544 545 if (WARN_ON(family->n_ops && !family->ops) || 546 WARN_ON(family->n_small_ops && !family->small_ops) || 547 WARN_ON(family->n_split_ops && !family->split_ops)) 548 return -EINVAL; 549 550 for (genl_op_iter_init(family, &i); genl_op_iter_next(&i); ) { 551 if (!(i.flags & (GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP))) 552 return -EINVAL; 553 554 if (WARN_ON(i.cmd >= family->resv_start_op && 555 (i.doit.validate || i.dumpit.validate))) 556 return -EINVAL; 557 558 genl_op_iter_copy(&j, &i); 559 while (genl_op_iter_next(&j)) { 560 if (i.cmd == j.cmd) 561 return -EINVAL; 562 } 563 } 564 565 if (family->n_split_ops) { 566 if (genl_split_op_check(&family->split_ops[0])) 567 return -EINVAL; 568 } 569 570 for (s = 1; s < family->n_split_ops; s++) { 571 const struct genl_split_ops *a, *b; 572 573 a = &family->split_ops[s - 1]; 574 b = &family->split_ops[s]; 575 576 if (genl_split_op_check(b)) 577 return -EINVAL; 578 579 /* Check sort order */ 580 if (a->cmd < b->cmd) 581 continue; 582 583 if (a->internal_flags != b->internal_flags || 584 ((a->flags ^ b->flags) & ~(GENL_CMD_CAP_DO | 585 GENL_CMD_CAP_DUMP))) { 586 WARN_ON(1); 587 return -EINVAL; 588 } 589 590 if ((a->flags & GENL_CMD_CAP_DO) && 591 (b->flags & GENL_CMD_CAP_DUMP)) 592 continue; 593 594 WARN_ON(1); 595 return -EINVAL; 596 } 597 598 return 0; 599 } 600 601 /** 602 * genl_register_family - register a generic netlink family 603 * @family: generic netlink family 604 * 605 * Registers the specified family after validating it first. Only one 606 * family may be registered with the same family name or identifier. 607 * 608 * The family's ops, multicast groups and module pointer must already 609 * be assigned. 610 * 611 * Return 0 on success or a negative error code. 612 */ 613 int genl_register_family(struct genl_family *family) 614 { 615 int err, i; 616 int start = GENL_START_ALLOC, end = GENL_MAX_ID; 617 618 err = genl_validate_ops(family); 619 if (err) 620 return err; 621 622 genl_lock_all(); 623 624 if (genl_family_find_byname(family->name)) { 625 err = -EEXIST; 626 goto errout_locked; 627 } 628 629 /* 630 * Sadly, a few cases need to be special-cased 631 * due to them having previously abused the API 632 * and having used their family ID also as their 633 * multicast group ID, so we use reserved IDs 634 * for both to be sure we can do that mapping. 635 */ 636 if (family == &genl_ctrl) { 637 /* and this needs to be special for initial family lookups */ 638 start = end = GENL_ID_CTRL; 639 } else if (strcmp(family->name, "pmcraid") == 0) { 640 start = end = GENL_ID_PMCRAID; 641 } else if (strcmp(family->name, "VFS_DQUOT") == 0) { 642 start = end = GENL_ID_VFS_DQUOT; 643 } 644 645 family->id = idr_alloc_cyclic(&genl_fam_idr, family, 646 start, end + 1, GFP_KERNEL); 647 if (family->id < 0) { 648 err = family->id; 649 goto errout_locked; 650 } 651 652 err = genl_validate_assign_mc_groups(family); 653 if (err) 654 goto errout_remove; 655 656 genl_unlock_all(); 657 658 /* send all events */ 659 genl_ctrl_event(CTRL_CMD_NEWFAMILY, family, NULL, 0); 660 for (i = 0; i < family->n_mcgrps; i++) 661 genl_ctrl_event(CTRL_CMD_NEWMCAST_GRP, family, 662 &family->mcgrps[i], family->mcgrp_offset + i); 663 664 return 0; 665 666 errout_remove: 667 idr_remove(&genl_fam_idr, family->id); 668 errout_locked: 669 genl_unlock_all(); 670 return err; 671 } 672 EXPORT_SYMBOL(genl_register_family); 673 674 /** 675 * genl_unregister_family - unregister generic netlink family 676 * @family: generic netlink family 677 * 678 * Unregisters the specified family. 679 * 680 * Returns 0 on success or a negative error code. 681 */ 682 int genl_unregister_family(const struct genl_family *family) 683 { 684 genl_lock_all(); 685 686 if (!genl_family_find_byid(family->id)) { 687 genl_unlock_all(); 688 return -ENOENT; 689 } 690 691 genl_unregister_mc_groups(family); 692 693 idr_remove(&genl_fam_idr, family->id); 694 695 up_write(&cb_lock); 696 wait_event(genl_sk_destructing_waitq, 697 atomic_read(&genl_sk_destructing_cnt) == 0); 698 genl_unlock(); 699 700 genl_ctrl_event(CTRL_CMD_DELFAMILY, family, NULL, 0); 701 702 return 0; 703 } 704 EXPORT_SYMBOL(genl_unregister_family); 705 706 /** 707 * genlmsg_put - Add generic netlink header to netlink message 708 * @skb: socket buffer holding the message 709 * @portid: netlink portid the message is addressed to 710 * @seq: sequence number (usually the one of the sender) 711 * @family: generic netlink family 712 * @flags: netlink message flags 713 * @cmd: generic netlink command 714 * 715 * Returns pointer to user specific header 716 */ 717 void *genlmsg_put(struct sk_buff *skb, u32 portid, u32 seq, 718 const struct genl_family *family, int flags, u8 cmd) 719 { 720 struct nlmsghdr *nlh; 721 struct genlmsghdr *hdr; 722 723 nlh = nlmsg_put(skb, portid, seq, family->id, GENL_HDRLEN + 724 family->hdrsize, flags); 725 if (nlh == NULL) 726 return NULL; 727 728 hdr = nlmsg_data(nlh); 729 hdr->cmd = cmd; 730 hdr->version = family->version; 731 hdr->reserved = 0; 732 733 return (char *) hdr + GENL_HDRLEN; 734 } 735 EXPORT_SYMBOL(genlmsg_put); 736 737 static struct genl_dumpit_info *genl_dumpit_info_alloc(void) 738 { 739 return kmalloc(sizeof(struct genl_dumpit_info), GFP_KERNEL); 740 } 741 742 static void genl_dumpit_info_free(const struct genl_dumpit_info *info) 743 { 744 kfree(info); 745 } 746 747 static struct nlattr ** 748 genl_family_rcv_msg_attrs_parse(const struct genl_family *family, 749 struct nlmsghdr *nlh, 750 struct netlink_ext_ack *extack, 751 const struct genl_split_ops *ops, 752 int hdrlen, 753 enum genl_validate_flags no_strict_flag) 754 { 755 enum netlink_validation validate = ops->validate & no_strict_flag ? 756 NL_VALIDATE_LIBERAL : 757 NL_VALIDATE_STRICT; 758 struct nlattr **attrbuf; 759 int err; 760 761 if (!ops->maxattr) 762 return NULL; 763 764 attrbuf = kmalloc_array(ops->maxattr + 1, 765 sizeof(struct nlattr *), GFP_KERNEL); 766 if (!attrbuf) 767 return ERR_PTR(-ENOMEM); 768 769 err = __nlmsg_parse(nlh, hdrlen, attrbuf, ops->maxattr, ops->policy, 770 validate, extack); 771 if (err) { 772 kfree(attrbuf); 773 return ERR_PTR(err); 774 } 775 return attrbuf; 776 } 777 778 static void genl_family_rcv_msg_attrs_free(struct nlattr **attrbuf) 779 { 780 kfree(attrbuf); 781 } 782 783 struct genl_start_context { 784 const struct genl_family *family; 785 struct nlmsghdr *nlh; 786 struct netlink_ext_ack *extack; 787 const struct genl_split_ops *ops; 788 int hdrlen; 789 }; 790 791 static int genl_start(struct netlink_callback *cb) 792 { 793 struct genl_start_context *ctx = cb->data; 794 const struct genl_split_ops *ops; 795 struct genl_dumpit_info *info; 796 struct nlattr **attrs = NULL; 797 int rc = 0; 798 799 ops = ctx->ops; 800 if (!(ops->validate & GENL_DONT_VALIDATE_DUMP) && 801 ctx->nlh->nlmsg_len < nlmsg_msg_size(ctx->hdrlen)) 802 return -EINVAL; 803 804 attrs = genl_family_rcv_msg_attrs_parse(ctx->family, ctx->nlh, ctx->extack, 805 ops, ctx->hdrlen, 806 GENL_DONT_VALIDATE_DUMP_STRICT); 807 if (IS_ERR(attrs)) 808 return PTR_ERR(attrs); 809 810 info = genl_dumpit_info_alloc(); 811 if (!info) { 812 genl_family_rcv_msg_attrs_free(attrs); 813 return -ENOMEM; 814 } 815 info->family = ctx->family; 816 info->op = *ops; 817 info->attrs = attrs; 818 819 cb->data = info; 820 if (ops->start) { 821 if (!ctx->family->parallel_ops) 822 genl_lock(); 823 rc = ops->start(cb); 824 if (!ctx->family->parallel_ops) 825 genl_unlock(); 826 } 827 828 if (rc) { 829 genl_family_rcv_msg_attrs_free(info->attrs); 830 genl_dumpit_info_free(info); 831 cb->data = NULL; 832 } 833 return rc; 834 } 835 836 static int genl_lock_dumpit(struct sk_buff *skb, struct netlink_callback *cb) 837 { 838 const struct genl_split_ops *ops = &genl_dumpit_info(cb)->op; 839 int rc; 840 841 genl_lock(); 842 rc = ops->dumpit(skb, cb); 843 genl_unlock(); 844 return rc; 845 } 846 847 static int genl_lock_done(struct netlink_callback *cb) 848 { 849 const struct genl_dumpit_info *info = genl_dumpit_info(cb); 850 const struct genl_split_ops *ops = &info->op; 851 int rc = 0; 852 853 if (ops->done) { 854 genl_lock(); 855 rc = ops->done(cb); 856 genl_unlock(); 857 } 858 genl_family_rcv_msg_attrs_free(info->attrs); 859 genl_dumpit_info_free(info); 860 return rc; 861 } 862 863 static int genl_parallel_done(struct netlink_callback *cb) 864 { 865 const struct genl_dumpit_info *info = genl_dumpit_info(cb); 866 const struct genl_split_ops *ops = &info->op; 867 int rc = 0; 868 869 if (ops->done) 870 rc = ops->done(cb); 871 genl_family_rcv_msg_attrs_free(info->attrs); 872 genl_dumpit_info_free(info); 873 return rc; 874 } 875 876 static int genl_family_rcv_msg_dumpit(const struct genl_family *family, 877 struct sk_buff *skb, 878 struct nlmsghdr *nlh, 879 struct netlink_ext_ack *extack, 880 const struct genl_split_ops *ops, 881 int hdrlen, struct net *net) 882 { 883 struct genl_start_context ctx; 884 int err; 885 886 ctx.family = family; 887 ctx.nlh = nlh; 888 ctx.extack = extack; 889 ctx.ops = ops; 890 ctx.hdrlen = hdrlen; 891 892 if (!family->parallel_ops) { 893 struct netlink_dump_control c = { 894 .module = family->module, 895 .data = &ctx, 896 .start = genl_start, 897 .dump = genl_lock_dumpit, 898 .done = genl_lock_done, 899 }; 900 901 genl_unlock(); 902 err = __netlink_dump_start(net->genl_sock, skb, nlh, &c); 903 genl_lock(); 904 } else { 905 struct netlink_dump_control c = { 906 .module = family->module, 907 .data = &ctx, 908 .start = genl_start, 909 .dump = ops->dumpit, 910 .done = genl_parallel_done, 911 }; 912 913 err = __netlink_dump_start(net->genl_sock, skb, nlh, &c); 914 } 915 916 return err; 917 } 918 919 static int genl_family_rcv_msg_doit(const struct genl_family *family, 920 struct sk_buff *skb, 921 struct nlmsghdr *nlh, 922 struct netlink_ext_ack *extack, 923 const struct genl_split_ops *ops, 924 int hdrlen, struct net *net) 925 { 926 struct nlattr **attrbuf; 927 struct genl_info info; 928 int err; 929 930 attrbuf = genl_family_rcv_msg_attrs_parse(family, nlh, extack, 931 ops, hdrlen, 932 GENL_DONT_VALIDATE_STRICT); 933 if (IS_ERR(attrbuf)) 934 return PTR_ERR(attrbuf); 935 936 info.snd_seq = nlh->nlmsg_seq; 937 info.snd_portid = NETLINK_CB(skb).portid; 938 info.nlhdr = nlh; 939 info.genlhdr = nlmsg_data(nlh); 940 info.userhdr = nlmsg_data(nlh) + GENL_HDRLEN; 941 info.attrs = attrbuf; 942 info.extack = extack; 943 genl_info_net_set(&info, net); 944 memset(&info.user_ptr, 0, sizeof(info.user_ptr)); 945 946 if (ops->pre_doit) { 947 err = ops->pre_doit(ops, skb, &info); 948 if (err) 949 goto out; 950 } 951 952 err = ops->doit(skb, &info); 953 954 if (ops->post_doit) 955 ops->post_doit(ops, skb, &info); 956 957 out: 958 genl_family_rcv_msg_attrs_free(attrbuf); 959 960 return err; 961 } 962 963 static int genl_header_check(const struct genl_family *family, 964 struct nlmsghdr *nlh, struct genlmsghdr *hdr, 965 struct netlink_ext_ack *extack) 966 { 967 u16 flags; 968 969 /* Only for commands added after we started validating */ 970 if (hdr->cmd < family->resv_start_op) 971 return 0; 972 973 if (hdr->reserved) { 974 NL_SET_ERR_MSG(extack, "genlmsghdr.reserved field is not 0"); 975 return -EINVAL; 976 } 977 978 /* Old netlink flags have pretty loose semantics, allow only the flags 979 * consumed by the core where we can enforce the meaning. 980 */ 981 flags = nlh->nlmsg_flags; 982 if ((flags & NLM_F_DUMP) == NLM_F_DUMP) /* DUMP is 2 bits */ 983 flags &= ~NLM_F_DUMP; 984 if (flags & ~(NLM_F_REQUEST | NLM_F_ACK | NLM_F_ECHO)) { 985 NL_SET_ERR_MSG(extack, 986 "ambiguous or reserved bits set in nlmsg_flags"); 987 return -EINVAL; 988 } 989 990 return 0; 991 } 992 993 static int genl_family_rcv_msg(const struct genl_family *family, 994 struct sk_buff *skb, 995 struct nlmsghdr *nlh, 996 struct netlink_ext_ack *extack) 997 { 998 struct net *net = sock_net(skb->sk); 999 struct genlmsghdr *hdr = nlmsg_data(nlh); 1000 struct genl_split_ops op; 1001 int hdrlen; 1002 u8 flags; 1003 1004 /* this family doesn't exist in this netns */ 1005 if (!family->netnsok && !net_eq(net, &init_net)) 1006 return -ENOENT; 1007 1008 hdrlen = GENL_HDRLEN + family->hdrsize; 1009 if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) 1010 return -EINVAL; 1011 1012 if (genl_header_check(family, nlh, hdr, extack)) 1013 return -EINVAL; 1014 1015 flags = (nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP ? 1016 GENL_CMD_CAP_DUMP : GENL_CMD_CAP_DO; 1017 if (genl_get_cmd(hdr->cmd, flags, family, &op)) 1018 return -EOPNOTSUPP; 1019 1020 if ((op.flags & GENL_ADMIN_PERM) && 1021 !netlink_capable(skb, CAP_NET_ADMIN)) 1022 return -EPERM; 1023 1024 if ((op.flags & GENL_UNS_ADMIN_PERM) && 1025 !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) 1026 return -EPERM; 1027 1028 if (flags & GENL_CMD_CAP_DUMP) 1029 return genl_family_rcv_msg_dumpit(family, skb, nlh, extack, 1030 &op, hdrlen, net); 1031 else 1032 return genl_family_rcv_msg_doit(family, skb, nlh, extack, 1033 &op, hdrlen, net); 1034 } 1035 1036 static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, 1037 struct netlink_ext_ack *extack) 1038 { 1039 const struct genl_family *family; 1040 int err; 1041 1042 family = genl_family_find_byid(nlh->nlmsg_type); 1043 if (family == NULL) 1044 return -ENOENT; 1045 1046 if (!family->parallel_ops) 1047 genl_lock(); 1048 1049 err = genl_family_rcv_msg(family, skb, nlh, extack); 1050 1051 if (!family->parallel_ops) 1052 genl_unlock(); 1053 1054 return err; 1055 } 1056 1057 static void genl_rcv(struct sk_buff *skb) 1058 { 1059 down_read(&cb_lock); 1060 netlink_rcv_skb(skb, &genl_rcv_msg); 1061 up_read(&cb_lock); 1062 } 1063 1064 /************************************************************************** 1065 * Controller 1066 **************************************************************************/ 1067 1068 static struct genl_family genl_ctrl; 1069 1070 static int ctrl_fill_info(const struct genl_family *family, u32 portid, u32 seq, 1071 u32 flags, struct sk_buff *skb, u8 cmd) 1072 { 1073 struct genl_op_iter i; 1074 void *hdr; 1075 1076 hdr = genlmsg_put(skb, portid, seq, &genl_ctrl, flags, cmd); 1077 if (hdr == NULL) 1078 return -1; 1079 1080 if (nla_put_string(skb, CTRL_ATTR_FAMILY_NAME, family->name) || 1081 nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, family->id) || 1082 nla_put_u32(skb, CTRL_ATTR_VERSION, family->version) || 1083 nla_put_u32(skb, CTRL_ATTR_HDRSIZE, family->hdrsize) || 1084 nla_put_u32(skb, CTRL_ATTR_MAXATTR, family->maxattr)) 1085 goto nla_put_failure; 1086 1087 if (genl_op_iter_init(family, &i)) { 1088 struct nlattr *nla_ops; 1089 1090 nla_ops = nla_nest_start_noflag(skb, CTRL_ATTR_OPS); 1091 if (nla_ops == NULL) 1092 goto nla_put_failure; 1093 1094 while (genl_op_iter_next(&i)) { 1095 struct nlattr *nest; 1096 u32 op_flags; 1097 1098 op_flags = i.flags; 1099 if (i.doit.policy || i.dumpit.policy) 1100 op_flags |= GENL_CMD_CAP_HASPOL; 1101 1102 nest = nla_nest_start_noflag(skb, genl_op_iter_idx(&i)); 1103 if (nest == NULL) 1104 goto nla_put_failure; 1105 1106 if (nla_put_u32(skb, CTRL_ATTR_OP_ID, i.cmd) || 1107 nla_put_u32(skb, CTRL_ATTR_OP_FLAGS, op_flags)) 1108 goto nla_put_failure; 1109 1110 nla_nest_end(skb, nest); 1111 } 1112 1113 nla_nest_end(skb, nla_ops); 1114 } 1115 1116 if (family->n_mcgrps) { 1117 struct nlattr *nla_grps; 1118 int i; 1119 1120 nla_grps = nla_nest_start_noflag(skb, CTRL_ATTR_MCAST_GROUPS); 1121 if (nla_grps == NULL) 1122 goto nla_put_failure; 1123 1124 for (i = 0; i < family->n_mcgrps; i++) { 1125 struct nlattr *nest; 1126 const struct genl_multicast_group *grp; 1127 1128 grp = &family->mcgrps[i]; 1129 1130 nest = nla_nest_start_noflag(skb, i + 1); 1131 if (nest == NULL) 1132 goto nla_put_failure; 1133 1134 if (nla_put_u32(skb, CTRL_ATTR_MCAST_GRP_ID, 1135 family->mcgrp_offset + i) || 1136 nla_put_string(skb, CTRL_ATTR_MCAST_GRP_NAME, 1137 grp->name)) 1138 goto nla_put_failure; 1139 1140 nla_nest_end(skb, nest); 1141 } 1142 nla_nest_end(skb, nla_grps); 1143 } 1144 1145 genlmsg_end(skb, hdr); 1146 return 0; 1147 1148 nla_put_failure: 1149 genlmsg_cancel(skb, hdr); 1150 return -EMSGSIZE; 1151 } 1152 1153 static int ctrl_fill_mcgrp_info(const struct genl_family *family, 1154 const struct genl_multicast_group *grp, 1155 int grp_id, u32 portid, u32 seq, u32 flags, 1156 struct sk_buff *skb, u8 cmd) 1157 { 1158 void *hdr; 1159 struct nlattr *nla_grps; 1160 struct nlattr *nest; 1161 1162 hdr = genlmsg_put(skb, portid, seq, &genl_ctrl, flags, cmd); 1163 if (hdr == NULL) 1164 return -1; 1165 1166 if (nla_put_string(skb, CTRL_ATTR_FAMILY_NAME, family->name) || 1167 nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, family->id)) 1168 goto nla_put_failure; 1169 1170 nla_grps = nla_nest_start_noflag(skb, CTRL_ATTR_MCAST_GROUPS); 1171 if (nla_grps == NULL) 1172 goto nla_put_failure; 1173 1174 nest = nla_nest_start_noflag(skb, 1); 1175 if (nest == NULL) 1176 goto nla_put_failure; 1177 1178 if (nla_put_u32(skb, CTRL_ATTR_MCAST_GRP_ID, grp_id) || 1179 nla_put_string(skb, CTRL_ATTR_MCAST_GRP_NAME, 1180 grp->name)) 1181 goto nla_put_failure; 1182 1183 nla_nest_end(skb, nest); 1184 nla_nest_end(skb, nla_grps); 1185 1186 genlmsg_end(skb, hdr); 1187 return 0; 1188 1189 nla_put_failure: 1190 genlmsg_cancel(skb, hdr); 1191 return -EMSGSIZE; 1192 } 1193 1194 static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb) 1195 { 1196 int n = 0; 1197 struct genl_family *rt; 1198 struct net *net = sock_net(skb->sk); 1199 int fams_to_skip = cb->args[0]; 1200 unsigned int id; 1201 1202 idr_for_each_entry(&genl_fam_idr, rt, id) { 1203 if (!rt->netnsok && !net_eq(net, &init_net)) 1204 continue; 1205 1206 if (n++ < fams_to_skip) 1207 continue; 1208 1209 if (ctrl_fill_info(rt, NETLINK_CB(cb->skb).portid, 1210 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1211 skb, CTRL_CMD_NEWFAMILY) < 0) { 1212 n--; 1213 break; 1214 } 1215 } 1216 1217 cb->args[0] = n; 1218 return skb->len; 1219 } 1220 1221 static struct sk_buff *ctrl_build_family_msg(const struct genl_family *family, 1222 u32 portid, int seq, u8 cmd) 1223 { 1224 struct sk_buff *skb; 1225 int err; 1226 1227 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1228 if (skb == NULL) 1229 return ERR_PTR(-ENOBUFS); 1230 1231 err = ctrl_fill_info(family, portid, seq, 0, skb, cmd); 1232 if (err < 0) { 1233 nlmsg_free(skb); 1234 return ERR_PTR(err); 1235 } 1236 1237 return skb; 1238 } 1239 1240 static struct sk_buff * 1241 ctrl_build_mcgrp_msg(const struct genl_family *family, 1242 const struct genl_multicast_group *grp, 1243 int grp_id, u32 portid, int seq, u8 cmd) 1244 { 1245 struct sk_buff *skb; 1246 int err; 1247 1248 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1249 if (skb == NULL) 1250 return ERR_PTR(-ENOBUFS); 1251 1252 err = ctrl_fill_mcgrp_info(family, grp, grp_id, portid, 1253 seq, 0, skb, cmd); 1254 if (err < 0) { 1255 nlmsg_free(skb); 1256 return ERR_PTR(err); 1257 } 1258 1259 return skb; 1260 } 1261 1262 static const struct nla_policy ctrl_policy_family[] = { 1263 [CTRL_ATTR_FAMILY_ID] = { .type = NLA_U16 }, 1264 [CTRL_ATTR_FAMILY_NAME] = { .type = NLA_NUL_STRING, 1265 .len = GENL_NAMSIZ - 1 }, 1266 }; 1267 1268 static int ctrl_getfamily(struct sk_buff *skb, struct genl_info *info) 1269 { 1270 struct sk_buff *msg; 1271 const struct genl_family *res = NULL; 1272 int err = -EINVAL; 1273 1274 if (info->attrs[CTRL_ATTR_FAMILY_ID]) { 1275 u16 id = nla_get_u16(info->attrs[CTRL_ATTR_FAMILY_ID]); 1276 res = genl_family_find_byid(id); 1277 err = -ENOENT; 1278 } 1279 1280 if (info->attrs[CTRL_ATTR_FAMILY_NAME]) { 1281 char *name; 1282 1283 name = nla_data(info->attrs[CTRL_ATTR_FAMILY_NAME]); 1284 res = genl_family_find_byname(name); 1285 #ifdef CONFIG_MODULES 1286 if (res == NULL) { 1287 genl_unlock(); 1288 up_read(&cb_lock); 1289 request_module("net-pf-%d-proto-%d-family-%s", 1290 PF_NETLINK, NETLINK_GENERIC, name); 1291 down_read(&cb_lock); 1292 genl_lock(); 1293 res = genl_family_find_byname(name); 1294 } 1295 #endif 1296 err = -ENOENT; 1297 } 1298 1299 if (res == NULL) 1300 return err; 1301 1302 if (!res->netnsok && !net_eq(genl_info_net(info), &init_net)) { 1303 /* family doesn't exist here */ 1304 return -ENOENT; 1305 } 1306 1307 msg = ctrl_build_family_msg(res, info->snd_portid, info->snd_seq, 1308 CTRL_CMD_NEWFAMILY); 1309 if (IS_ERR(msg)) 1310 return PTR_ERR(msg); 1311 1312 return genlmsg_reply(msg, info); 1313 } 1314 1315 static int genl_ctrl_event(int event, const struct genl_family *family, 1316 const struct genl_multicast_group *grp, 1317 int grp_id) 1318 { 1319 struct sk_buff *msg; 1320 1321 /* genl is still initialising */ 1322 if (!init_net.genl_sock) 1323 return 0; 1324 1325 switch (event) { 1326 case CTRL_CMD_NEWFAMILY: 1327 case CTRL_CMD_DELFAMILY: 1328 WARN_ON(grp); 1329 msg = ctrl_build_family_msg(family, 0, 0, event); 1330 break; 1331 case CTRL_CMD_NEWMCAST_GRP: 1332 case CTRL_CMD_DELMCAST_GRP: 1333 BUG_ON(!grp); 1334 msg = ctrl_build_mcgrp_msg(family, grp, grp_id, 0, 0, event); 1335 break; 1336 default: 1337 return -EINVAL; 1338 } 1339 1340 if (IS_ERR(msg)) 1341 return PTR_ERR(msg); 1342 1343 if (!family->netnsok) { 1344 genlmsg_multicast_netns(&genl_ctrl, &init_net, msg, 0, 1345 0, GFP_KERNEL); 1346 } else { 1347 rcu_read_lock(); 1348 genlmsg_multicast_allns(&genl_ctrl, msg, 0, 1349 0, GFP_ATOMIC); 1350 rcu_read_unlock(); 1351 } 1352 1353 return 0; 1354 } 1355 1356 struct ctrl_dump_policy_ctx { 1357 struct netlink_policy_dump_state *state; 1358 const struct genl_family *rt; 1359 struct genl_op_iter *op_iter; 1360 u32 op; 1361 u16 fam_id; 1362 u8 dump_map:1, 1363 single_op:1; 1364 }; 1365 1366 static const struct nla_policy ctrl_policy_policy[] = { 1367 [CTRL_ATTR_FAMILY_ID] = { .type = NLA_U16 }, 1368 [CTRL_ATTR_FAMILY_NAME] = { .type = NLA_NUL_STRING, 1369 .len = GENL_NAMSIZ - 1 }, 1370 [CTRL_ATTR_OP] = { .type = NLA_U32 }, 1371 }; 1372 1373 static int ctrl_dumppolicy_start(struct netlink_callback *cb) 1374 { 1375 const struct genl_dumpit_info *info = genl_dumpit_info(cb); 1376 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1377 struct nlattr **tb = info->attrs; 1378 const struct genl_family *rt; 1379 struct genl_op_iter i; 1380 int err; 1381 1382 BUILD_BUG_ON(sizeof(*ctx) > sizeof(cb->ctx)); 1383 1384 if (!tb[CTRL_ATTR_FAMILY_ID] && !tb[CTRL_ATTR_FAMILY_NAME]) 1385 return -EINVAL; 1386 1387 if (tb[CTRL_ATTR_FAMILY_ID]) { 1388 ctx->fam_id = nla_get_u16(tb[CTRL_ATTR_FAMILY_ID]); 1389 } else { 1390 rt = genl_family_find_byname( 1391 nla_data(tb[CTRL_ATTR_FAMILY_NAME])); 1392 if (!rt) 1393 return -ENOENT; 1394 ctx->fam_id = rt->id; 1395 } 1396 1397 rt = genl_family_find_byid(ctx->fam_id); 1398 if (!rt) 1399 return -ENOENT; 1400 1401 ctx->rt = rt; 1402 1403 if (tb[CTRL_ATTR_OP]) { 1404 struct genl_split_ops doit, dump; 1405 1406 ctx->single_op = true; 1407 ctx->op = nla_get_u32(tb[CTRL_ATTR_OP]); 1408 1409 if (genl_get_cmd(ctx->op, GENL_CMD_CAP_DO, rt, &doit) && 1410 genl_get_cmd(ctx->op, GENL_CMD_CAP_DUMP, rt, &dump)) { 1411 NL_SET_BAD_ATTR(cb->extack, tb[CTRL_ATTR_OP]); 1412 return -ENOENT; 1413 } 1414 1415 if (doit.policy) { 1416 err = netlink_policy_dump_add_policy(&ctx->state, 1417 doit.policy, 1418 doit.maxattr); 1419 if (err) 1420 goto err_free_state; 1421 } 1422 if (dump.policy) { 1423 err = netlink_policy_dump_add_policy(&ctx->state, 1424 dump.policy, 1425 dump.maxattr); 1426 if (err) 1427 goto err_free_state; 1428 } 1429 1430 if (!ctx->state) 1431 return -ENODATA; 1432 1433 ctx->dump_map = 1; 1434 return 0; 1435 } 1436 1437 ctx->op_iter = kmalloc(sizeof(*ctx->op_iter), GFP_KERNEL); 1438 if (!ctx->op_iter) 1439 return -ENOMEM; 1440 ctx->dump_map = genl_op_iter_init(rt, ctx->op_iter); 1441 1442 for (genl_op_iter_init(rt, &i); genl_op_iter_next(&i); ) { 1443 if (i.doit.policy) { 1444 err = netlink_policy_dump_add_policy(&ctx->state, 1445 i.doit.policy, 1446 i.doit.maxattr); 1447 if (err) 1448 goto err_free_state; 1449 } 1450 if (i.dumpit.policy) { 1451 err = netlink_policy_dump_add_policy(&ctx->state, 1452 i.dumpit.policy, 1453 i.dumpit.maxattr); 1454 if (err) 1455 goto err_free_state; 1456 } 1457 } 1458 1459 if (!ctx->state) { 1460 err = -ENODATA; 1461 goto err_free_op_iter; 1462 } 1463 return 0; 1464 1465 err_free_state: 1466 netlink_policy_dump_free(ctx->state); 1467 err_free_op_iter: 1468 kfree(ctx->op_iter); 1469 return err; 1470 } 1471 1472 static void *ctrl_dumppolicy_prep(struct sk_buff *skb, 1473 struct netlink_callback *cb) 1474 { 1475 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1476 void *hdr; 1477 1478 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, 1479 cb->nlh->nlmsg_seq, &genl_ctrl, 1480 NLM_F_MULTI, CTRL_CMD_GETPOLICY); 1481 if (!hdr) 1482 return NULL; 1483 1484 if (nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, ctx->fam_id)) 1485 return NULL; 1486 1487 return hdr; 1488 } 1489 1490 static int ctrl_dumppolicy_put_op(struct sk_buff *skb, 1491 struct netlink_callback *cb, 1492 struct genl_split_ops *doit, 1493 struct genl_split_ops *dumpit) 1494 { 1495 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1496 struct nlattr *nest_pol, *nest_op; 1497 void *hdr; 1498 int idx; 1499 1500 /* skip if we have nothing to show */ 1501 if (!doit->policy && !dumpit->policy) 1502 return 0; 1503 1504 hdr = ctrl_dumppolicy_prep(skb, cb); 1505 if (!hdr) 1506 return -ENOBUFS; 1507 1508 nest_pol = nla_nest_start(skb, CTRL_ATTR_OP_POLICY); 1509 if (!nest_pol) 1510 goto err; 1511 1512 nest_op = nla_nest_start(skb, doit->cmd); 1513 if (!nest_op) 1514 goto err; 1515 1516 if (doit->policy) { 1517 idx = netlink_policy_dump_get_policy_idx(ctx->state, 1518 doit->policy, 1519 doit->maxattr); 1520 1521 if (nla_put_u32(skb, CTRL_ATTR_POLICY_DO, idx)) 1522 goto err; 1523 } 1524 if (dumpit->policy) { 1525 idx = netlink_policy_dump_get_policy_idx(ctx->state, 1526 dumpit->policy, 1527 dumpit->maxattr); 1528 1529 if (nla_put_u32(skb, CTRL_ATTR_POLICY_DUMP, idx)) 1530 goto err; 1531 } 1532 1533 nla_nest_end(skb, nest_op); 1534 nla_nest_end(skb, nest_pol); 1535 genlmsg_end(skb, hdr); 1536 1537 return 0; 1538 err: 1539 genlmsg_cancel(skb, hdr); 1540 return -ENOBUFS; 1541 } 1542 1543 static int ctrl_dumppolicy(struct sk_buff *skb, struct netlink_callback *cb) 1544 { 1545 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1546 void *hdr; 1547 1548 if (ctx->dump_map) { 1549 if (ctx->single_op) { 1550 struct genl_split_ops doit, dumpit; 1551 1552 if (genl_get_cmd(ctx->op, GENL_CMD_CAP_DO, 1553 ctx->rt, &doit) && 1554 genl_get_cmd(ctx->op, GENL_CMD_CAP_DUMP, 1555 ctx->rt, &dumpit)) { 1556 WARN_ON(1); 1557 return -ENOENT; 1558 } 1559 1560 if (ctrl_dumppolicy_put_op(skb, cb, &doit, &dumpit)) 1561 return skb->len; 1562 1563 /* done with the per-op policy index list */ 1564 ctx->dump_map = 0; 1565 } 1566 1567 while (ctx->dump_map) { 1568 if (ctrl_dumppolicy_put_op(skb, cb, 1569 &ctx->op_iter->doit, 1570 &ctx->op_iter->dumpit)) 1571 return skb->len; 1572 1573 ctx->dump_map = genl_op_iter_next(ctx->op_iter); 1574 } 1575 } 1576 1577 while (netlink_policy_dump_loop(ctx->state)) { 1578 struct nlattr *nest; 1579 1580 hdr = ctrl_dumppolicy_prep(skb, cb); 1581 if (!hdr) 1582 goto nla_put_failure; 1583 1584 nest = nla_nest_start(skb, CTRL_ATTR_POLICY); 1585 if (!nest) 1586 goto nla_put_failure; 1587 1588 if (netlink_policy_dump_write(skb, ctx->state)) 1589 goto nla_put_failure; 1590 1591 nla_nest_end(skb, nest); 1592 1593 genlmsg_end(skb, hdr); 1594 } 1595 1596 return skb->len; 1597 1598 nla_put_failure: 1599 genlmsg_cancel(skb, hdr); 1600 return skb->len; 1601 } 1602 1603 static int ctrl_dumppolicy_done(struct netlink_callback *cb) 1604 { 1605 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1606 1607 kfree(ctx->op_iter); 1608 netlink_policy_dump_free(ctx->state); 1609 return 0; 1610 } 1611 1612 static const struct genl_split_ops genl_ctrl_ops[] = { 1613 { 1614 .cmd = CTRL_CMD_GETFAMILY, 1615 .validate = GENL_DONT_VALIDATE_STRICT, 1616 .policy = ctrl_policy_family, 1617 .maxattr = ARRAY_SIZE(ctrl_policy_family) - 1, 1618 .doit = ctrl_getfamily, 1619 .flags = GENL_CMD_CAP_DO, 1620 }, 1621 { 1622 .cmd = CTRL_CMD_GETFAMILY, 1623 .validate = GENL_DONT_VALIDATE_DUMP, 1624 .policy = ctrl_policy_family, 1625 .maxattr = ARRAY_SIZE(ctrl_policy_family) - 1, 1626 .dumpit = ctrl_dumpfamily, 1627 .flags = GENL_CMD_CAP_DUMP, 1628 }, 1629 { 1630 .cmd = CTRL_CMD_GETPOLICY, 1631 .policy = ctrl_policy_policy, 1632 .maxattr = ARRAY_SIZE(ctrl_policy_policy) - 1, 1633 .start = ctrl_dumppolicy_start, 1634 .dumpit = ctrl_dumppolicy, 1635 .done = ctrl_dumppolicy_done, 1636 .flags = GENL_CMD_CAP_DUMP, 1637 }, 1638 }; 1639 1640 static const struct genl_multicast_group genl_ctrl_groups[] = { 1641 { .name = "notify", }, 1642 }; 1643 1644 static struct genl_family genl_ctrl __ro_after_init = { 1645 .module = THIS_MODULE, 1646 .split_ops = genl_ctrl_ops, 1647 .n_split_ops = ARRAY_SIZE(genl_ctrl_ops), 1648 .resv_start_op = CTRL_CMD_GETPOLICY + 1, 1649 .mcgrps = genl_ctrl_groups, 1650 .n_mcgrps = ARRAY_SIZE(genl_ctrl_groups), 1651 .id = GENL_ID_CTRL, 1652 .name = "nlctrl", 1653 .version = 0x2, 1654 .netnsok = true, 1655 }; 1656 1657 static int genl_bind(struct net *net, int group) 1658 { 1659 const struct genl_family *family; 1660 unsigned int id; 1661 int ret = 0; 1662 1663 down_read(&cb_lock); 1664 1665 idr_for_each_entry(&genl_fam_idr, family, id) { 1666 const struct genl_multicast_group *grp; 1667 int i; 1668 1669 if (family->n_mcgrps == 0) 1670 continue; 1671 1672 i = group - family->mcgrp_offset; 1673 if (i < 0 || i >= family->n_mcgrps) 1674 continue; 1675 1676 grp = &family->mcgrps[i]; 1677 if ((grp->flags & GENL_UNS_ADMIN_PERM) && 1678 !ns_capable(net->user_ns, CAP_NET_ADMIN)) 1679 ret = -EPERM; 1680 1681 break; 1682 } 1683 1684 up_read(&cb_lock); 1685 return ret; 1686 } 1687 1688 static int __net_init genl_pernet_init(struct net *net) 1689 { 1690 struct netlink_kernel_cfg cfg = { 1691 .input = genl_rcv, 1692 .flags = NL_CFG_F_NONROOT_RECV, 1693 .bind = genl_bind, 1694 }; 1695 1696 /* we'll bump the group number right afterwards */ 1697 net->genl_sock = netlink_kernel_create(net, NETLINK_GENERIC, &cfg); 1698 1699 if (!net->genl_sock && net_eq(net, &init_net)) 1700 panic("GENL: Cannot initialize generic netlink\n"); 1701 1702 if (!net->genl_sock) 1703 return -ENOMEM; 1704 1705 return 0; 1706 } 1707 1708 static void __net_exit genl_pernet_exit(struct net *net) 1709 { 1710 netlink_kernel_release(net->genl_sock); 1711 net->genl_sock = NULL; 1712 } 1713 1714 static struct pernet_operations genl_pernet_ops = { 1715 .init = genl_pernet_init, 1716 .exit = genl_pernet_exit, 1717 }; 1718 1719 static int __init genl_init(void) 1720 { 1721 int err; 1722 1723 err = genl_register_family(&genl_ctrl); 1724 if (err < 0) 1725 goto problem; 1726 1727 err = register_pernet_subsys(&genl_pernet_ops); 1728 if (err) 1729 goto problem; 1730 1731 return 0; 1732 1733 problem: 1734 panic("GENL: Cannot register controller: %d\n", err); 1735 } 1736 1737 core_initcall(genl_init); 1738 1739 static int genlmsg_mcast(struct sk_buff *skb, u32 portid, unsigned long group, 1740 gfp_t flags) 1741 { 1742 struct sk_buff *tmp; 1743 struct net *net, *prev = NULL; 1744 bool delivered = false; 1745 int err; 1746 1747 for_each_net_rcu(net) { 1748 if (prev) { 1749 tmp = skb_clone(skb, flags); 1750 if (!tmp) { 1751 err = -ENOMEM; 1752 goto error; 1753 } 1754 err = nlmsg_multicast(prev->genl_sock, tmp, 1755 portid, group, flags); 1756 if (!err) 1757 delivered = true; 1758 else if (err != -ESRCH) 1759 goto error; 1760 } 1761 1762 prev = net; 1763 } 1764 1765 err = nlmsg_multicast(prev->genl_sock, skb, portid, group, flags); 1766 if (!err) 1767 delivered = true; 1768 else if (err != -ESRCH) 1769 return err; 1770 return delivered ? 0 : -ESRCH; 1771 error: 1772 kfree_skb(skb); 1773 return err; 1774 } 1775 1776 int genlmsg_multicast_allns(const struct genl_family *family, 1777 struct sk_buff *skb, u32 portid, 1778 unsigned int group, gfp_t flags) 1779 { 1780 if (WARN_ON_ONCE(group >= family->n_mcgrps)) 1781 return -EINVAL; 1782 1783 group = family->mcgrp_offset + group; 1784 return genlmsg_mcast(skb, portid, group, flags); 1785 } 1786 EXPORT_SYMBOL(genlmsg_multicast_allns); 1787 1788 void genl_notify(const struct genl_family *family, struct sk_buff *skb, 1789 struct genl_info *info, u32 group, gfp_t flags) 1790 { 1791 struct net *net = genl_info_net(info); 1792 struct sock *sk = net->genl_sock; 1793 1794 if (WARN_ON_ONCE(group >= family->n_mcgrps)) 1795 return; 1796 1797 group = family->mcgrp_offset + group; 1798 nlmsg_notify(sk, skb, info->snd_portid, group, 1799 nlmsg_report(info->nlhdr), flags); 1800 } 1801 EXPORT_SYMBOL(genl_notify); 1802