1 /* 2 * net/sched/act_api.c Packet action API. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 7 * 2 of the License, or (at your option) any later version. 8 * 9 * Author: Jamal Hadi Salim 10 * 11 * 12 */ 13 14 #include <linux/types.h> 15 #include <linux/kernel.h> 16 #include <linux/string.h> 17 #include <linux/errno.h> 18 #include <linux/slab.h> 19 #include <linux/skbuff.h> 20 #include <linux/init.h> 21 #include <linux/kmod.h> 22 #include <linux/err.h> 23 #include <linux/module.h> 24 #include <net/net_namespace.h> 25 #include <net/sock.h> 26 #include <net/sch_generic.h> 27 #include <net/pkt_cls.h> 28 #include <net/act_api.h> 29 #include <net/netlink.h> 30 31 static void tcf_action_goto_chain_exec(const struct tc_action *a, 32 struct tcf_result *res) 33 { 34 const struct tcf_chain *chain = rcu_dereference_bh(a->goto_chain); 35 36 res->goto_tp = rcu_dereference_bh(chain->filter_chain); 37 } 38 39 static void tcf_free_cookie_rcu(struct rcu_head *p) 40 { 41 struct tc_cookie *cookie = container_of(p, struct tc_cookie, rcu); 42 43 kfree(cookie->data); 44 kfree(cookie); 45 } 46 47 static void tcf_set_action_cookie(struct tc_cookie __rcu **old_cookie, 48 struct tc_cookie *new_cookie) 49 { 50 struct tc_cookie *old; 51 52 old = xchg((__force struct tc_cookie **)old_cookie, new_cookie); 53 if (old) 54 call_rcu(&old->rcu, tcf_free_cookie_rcu); 55 } 56 57 int tcf_action_check_ctrlact(int action, struct tcf_proto *tp, 58 struct tcf_chain **newchain, 59 struct netlink_ext_ack *extack) 60 { 61 int opcode = TC_ACT_EXT_OPCODE(action), ret = -EINVAL; 62 u32 chain_index; 63 64 if (!opcode) 65 ret = action > TC_ACT_VALUE_MAX ? -EINVAL : 0; 66 else if (opcode <= TC_ACT_EXT_OPCODE_MAX || action == TC_ACT_UNSPEC) 67 ret = 0; 68 if (ret) { 69 NL_SET_ERR_MSG(extack, "invalid control action"); 70 goto end; 71 } 72 73 if (TC_ACT_EXT_CMP(action, TC_ACT_GOTO_CHAIN)) { 74 chain_index = action & TC_ACT_EXT_VAL_MASK; 75 if (!tp || !newchain) { 76 ret = -EINVAL; 77 NL_SET_ERR_MSG(extack, 78 "can't goto NULL proto/chain"); 79 goto end; 80 } 81 *newchain = tcf_chain_get_by_act(tp->chain->block, chain_index); 82 if (!*newchain) { 83 ret = -ENOMEM; 84 NL_SET_ERR_MSG(extack, 85 "can't allocate goto_chain"); 86 } 87 } 88 end: 89 return ret; 90 } 91 EXPORT_SYMBOL(tcf_action_check_ctrlact); 92 93 struct tcf_chain *tcf_action_set_ctrlact(struct tc_action *a, int action, 94 struct tcf_chain *goto_chain) 95 { 96 a->tcfa_action = action; 97 rcu_swap_protected(a->goto_chain, goto_chain, 1); 98 return goto_chain; 99 } 100 EXPORT_SYMBOL(tcf_action_set_ctrlact); 101 102 /* XXX: For standalone actions, we don't need a RCU grace period either, because 103 * actions are always connected to filters and filters are already destroyed in 104 * RCU callbacks, so after a RCU grace period actions are already disconnected 105 * from filters. Readers later can not find us. 106 */ 107 static void free_tcf(struct tc_action *p) 108 { 109 struct tcf_chain *chain = rcu_dereference_protected(p->goto_chain, 1); 110 111 free_percpu(p->cpu_bstats); 112 free_percpu(p->cpu_bstats_hw); 113 free_percpu(p->cpu_qstats); 114 115 tcf_set_action_cookie(&p->act_cookie, NULL); 116 if (chain) 117 tcf_chain_put_by_act(chain); 118 119 kfree(p); 120 } 121 122 static void tcf_action_cleanup(struct tc_action *p) 123 { 124 if (p->ops->cleanup) 125 p->ops->cleanup(p); 126 127 gen_kill_estimator(&p->tcfa_rate_est); 128 free_tcf(p); 129 } 130 131 static int __tcf_action_put(struct tc_action *p, bool bind) 132 { 133 struct tcf_idrinfo *idrinfo = p->idrinfo; 134 135 if (refcount_dec_and_mutex_lock(&p->tcfa_refcnt, &idrinfo->lock)) { 136 if (bind) 137 atomic_dec(&p->tcfa_bindcnt); 138 idr_remove(&idrinfo->action_idr, p->tcfa_index); 139 mutex_unlock(&idrinfo->lock); 140 141 tcf_action_cleanup(p); 142 return 1; 143 } 144 145 if (bind) 146 atomic_dec(&p->tcfa_bindcnt); 147 148 return 0; 149 } 150 151 int __tcf_idr_release(struct tc_action *p, bool bind, bool strict) 152 { 153 int ret = 0; 154 155 /* Release with strict==1 and bind==0 is only called through act API 156 * interface (classifiers always bind). Only case when action with 157 * positive reference count and zero bind count can exist is when it was 158 * also created with act API (unbinding last classifier will destroy the 159 * action if it was created by classifier). So only case when bind count 160 * can be changed after initial check is when unbound action is 161 * destroyed by act API while classifier binds to action with same id 162 * concurrently. This result either creation of new action(same behavior 163 * as before), or reusing existing action if concurrent process 164 * increments reference count before action is deleted. Both scenarios 165 * are acceptable. 166 */ 167 if (p) { 168 if (!bind && strict && atomic_read(&p->tcfa_bindcnt) > 0) 169 return -EPERM; 170 171 if (__tcf_action_put(p, bind)) 172 ret = ACT_P_DELETED; 173 } 174 175 return ret; 176 } 177 EXPORT_SYMBOL(__tcf_idr_release); 178 179 static size_t tcf_action_shared_attrs_size(const struct tc_action *act) 180 { 181 struct tc_cookie *act_cookie; 182 u32 cookie_len = 0; 183 184 rcu_read_lock(); 185 act_cookie = rcu_dereference(act->act_cookie); 186 187 if (act_cookie) 188 cookie_len = nla_total_size(act_cookie->len); 189 rcu_read_unlock(); 190 191 return nla_total_size(0) /* action number nested */ 192 + nla_total_size(IFNAMSIZ) /* TCA_ACT_KIND */ 193 + cookie_len /* TCA_ACT_COOKIE */ 194 + nla_total_size(0) /* TCA_ACT_STATS nested */ 195 /* TCA_STATS_BASIC */ 196 + nla_total_size_64bit(sizeof(struct gnet_stats_basic)) 197 /* TCA_STATS_QUEUE */ 198 + nla_total_size_64bit(sizeof(struct gnet_stats_queue)) 199 + nla_total_size(0) /* TCA_OPTIONS nested */ 200 + nla_total_size(sizeof(struct tcf_t)); /* TCA_GACT_TM */ 201 } 202 203 static size_t tcf_action_full_attrs_size(size_t sz) 204 { 205 return NLMSG_HDRLEN /* struct nlmsghdr */ 206 + sizeof(struct tcamsg) 207 + nla_total_size(0) /* TCA_ACT_TAB nested */ 208 + sz; 209 } 210 211 static size_t tcf_action_fill_size(const struct tc_action *act) 212 { 213 size_t sz = tcf_action_shared_attrs_size(act); 214 215 if (act->ops->get_fill_size) 216 return act->ops->get_fill_size(act) + sz; 217 return sz; 218 } 219 220 static int tcf_dump_walker(struct tcf_idrinfo *idrinfo, struct sk_buff *skb, 221 struct netlink_callback *cb) 222 { 223 int err = 0, index = -1, s_i = 0, n_i = 0; 224 u32 act_flags = cb->args[2]; 225 unsigned long jiffy_since = cb->args[3]; 226 struct nlattr *nest; 227 struct idr *idr = &idrinfo->action_idr; 228 struct tc_action *p; 229 unsigned long id = 1; 230 231 mutex_lock(&idrinfo->lock); 232 233 s_i = cb->args[0]; 234 235 idr_for_each_entry_ul(idr, p, id) { 236 index++; 237 if (index < s_i) 238 continue; 239 240 if (jiffy_since && 241 time_after(jiffy_since, 242 (unsigned long)p->tcfa_tm.lastuse)) 243 continue; 244 245 nest = nla_nest_start_noflag(skb, n_i); 246 if (!nest) { 247 index--; 248 goto nla_put_failure; 249 } 250 err = tcf_action_dump_1(skb, p, 0, 0); 251 if (err < 0) { 252 index--; 253 nlmsg_trim(skb, nest); 254 goto done; 255 } 256 nla_nest_end(skb, nest); 257 n_i++; 258 if (!(act_flags & TCA_FLAG_LARGE_DUMP_ON) && 259 n_i >= TCA_ACT_MAX_PRIO) 260 goto done; 261 } 262 done: 263 if (index >= 0) 264 cb->args[0] = index + 1; 265 266 mutex_unlock(&idrinfo->lock); 267 if (n_i) { 268 if (act_flags & TCA_FLAG_LARGE_DUMP_ON) 269 cb->args[1] = n_i; 270 } 271 return n_i; 272 273 nla_put_failure: 274 nla_nest_cancel(skb, nest); 275 goto done; 276 } 277 278 static int tcf_idr_release_unsafe(struct tc_action *p) 279 { 280 if (atomic_read(&p->tcfa_bindcnt) > 0) 281 return -EPERM; 282 283 if (refcount_dec_and_test(&p->tcfa_refcnt)) { 284 idr_remove(&p->idrinfo->action_idr, p->tcfa_index); 285 tcf_action_cleanup(p); 286 return ACT_P_DELETED; 287 } 288 289 return 0; 290 } 291 292 static int tcf_del_walker(struct tcf_idrinfo *idrinfo, struct sk_buff *skb, 293 const struct tc_action_ops *ops) 294 { 295 struct nlattr *nest; 296 int n_i = 0; 297 int ret = -EINVAL; 298 struct idr *idr = &idrinfo->action_idr; 299 struct tc_action *p; 300 unsigned long id = 1; 301 302 nest = nla_nest_start_noflag(skb, 0); 303 if (nest == NULL) 304 goto nla_put_failure; 305 if (nla_put_string(skb, TCA_KIND, ops->kind)) 306 goto nla_put_failure; 307 308 mutex_lock(&idrinfo->lock); 309 idr_for_each_entry_ul(idr, p, id) { 310 ret = tcf_idr_release_unsafe(p); 311 if (ret == ACT_P_DELETED) { 312 module_put(ops->owner); 313 n_i++; 314 } else if (ret < 0) { 315 mutex_unlock(&idrinfo->lock); 316 goto nla_put_failure; 317 } 318 } 319 mutex_unlock(&idrinfo->lock); 320 321 if (nla_put_u32(skb, TCA_FCNT, n_i)) 322 goto nla_put_failure; 323 nla_nest_end(skb, nest); 324 325 return n_i; 326 nla_put_failure: 327 nla_nest_cancel(skb, nest); 328 return ret; 329 } 330 331 int tcf_generic_walker(struct tc_action_net *tn, struct sk_buff *skb, 332 struct netlink_callback *cb, int type, 333 const struct tc_action_ops *ops, 334 struct netlink_ext_ack *extack) 335 { 336 struct tcf_idrinfo *idrinfo = tn->idrinfo; 337 338 if (type == RTM_DELACTION) { 339 return tcf_del_walker(idrinfo, skb, ops); 340 } else if (type == RTM_GETACTION) { 341 return tcf_dump_walker(idrinfo, skb, cb); 342 } else { 343 WARN(1, "tcf_generic_walker: unknown command %d\n", type); 344 NL_SET_ERR_MSG(extack, "tcf_generic_walker: unknown command"); 345 return -EINVAL; 346 } 347 } 348 EXPORT_SYMBOL(tcf_generic_walker); 349 350 int tcf_idr_search(struct tc_action_net *tn, struct tc_action **a, u32 index) 351 { 352 struct tcf_idrinfo *idrinfo = tn->idrinfo; 353 struct tc_action *p; 354 355 mutex_lock(&idrinfo->lock); 356 p = idr_find(&idrinfo->action_idr, index); 357 if (IS_ERR(p)) 358 p = NULL; 359 else if (p) 360 refcount_inc(&p->tcfa_refcnt); 361 mutex_unlock(&idrinfo->lock); 362 363 if (p) { 364 *a = p; 365 return true; 366 } 367 return false; 368 } 369 EXPORT_SYMBOL(tcf_idr_search); 370 371 static int tcf_idr_delete_index(struct tcf_idrinfo *idrinfo, u32 index) 372 { 373 struct tc_action *p; 374 int ret = 0; 375 376 mutex_lock(&idrinfo->lock); 377 p = idr_find(&idrinfo->action_idr, index); 378 if (!p) { 379 mutex_unlock(&idrinfo->lock); 380 return -ENOENT; 381 } 382 383 if (!atomic_read(&p->tcfa_bindcnt)) { 384 if (refcount_dec_and_test(&p->tcfa_refcnt)) { 385 struct module *owner = p->ops->owner; 386 387 WARN_ON(p != idr_remove(&idrinfo->action_idr, 388 p->tcfa_index)); 389 mutex_unlock(&idrinfo->lock); 390 391 tcf_action_cleanup(p); 392 module_put(owner); 393 return 0; 394 } 395 ret = 0; 396 } else { 397 ret = -EPERM; 398 } 399 400 mutex_unlock(&idrinfo->lock); 401 return ret; 402 } 403 404 int tcf_idr_create(struct tc_action_net *tn, u32 index, struct nlattr *est, 405 struct tc_action **a, const struct tc_action_ops *ops, 406 int bind, bool cpustats) 407 { 408 struct tc_action *p = kzalloc(ops->size, GFP_KERNEL); 409 struct tcf_idrinfo *idrinfo = tn->idrinfo; 410 int err = -ENOMEM; 411 412 if (unlikely(!p)) 413 return -ENOMEM; 414 refcount_set(&p->tcfa_refcnt, 1); 415 if (bind) 416 atomic_set(&p->tcfa_bindcnt, 1); 417 418 if (cpustats) { 419 p->cpu_bstats = netdev_alloc_pcpu_stats(struct gnet_stats_basic_cpu); 420 if (!p->cpu_bstats) 421 goto err1; 422 p->cpu_bstats_hw = netdev_alloc_pcpu_stats(struct gnet_stats_basic_cpu); 423 if (!p->cpu_bstats_hw) 424 goto err2; 425 p->cpu_qstats = alloc_percpu(struct gnet_stats_queue); 426 if (!p->cpu_qstats) 427 goto err3; 428 } 429 spin_lock_init(&p->tcfa_lock); 430 p->tcfa_index = index; 431 p->tcfa_tm.install = jiffies; 432 p->tcfa_tm.lastuse = jiffies; 433 p->tcfa_tm.firstuse = 0; 434 if (est) { 435 err = gen_new_estimator(&p->tcfa_bstats, p->cpu_bstats, 436 &p->tcfa_rate_est, 437 &p->tcfa_lock, NULL, est); 438 if (err) 439 goto err4; 440 } 441 442 p->idrinfo = idrinfo; 443 p->ops = ops; 444 *a = p; 445 return 0; 446 err4: 447 free_percpu(p->cpu_qstats); 448 err3: 449 free_percpu(p->cpu_bstats_hw); 450 err2: 451 free_percpu(p->cpu_bstats); 452 err1: 453 kfree(p); 454 return err; 455 } 456 EXPORT_SYMBOL(tcf_idr_create); 457 458 void tcf_idr_insert(struct tc_action_net *tn, struct tc_action *a) 459 { 460 struct tcf_idrinfo *idrinfo = tn->idrinfo; 461 462 mutex_lock(&idrinfo->lock); 463 /* Replace ERR_PTR(-EBUSY) allocated by tcf_idr_check_alloc */ 464 WARN_ON(!IS_ERR(idr_replace(&idrinfo->action_idr, a, a->tcfa_index))); 465 mutex_unlock(&idrinfo->lock); 466 } 467 EXPORT_SYMBOL(tcf_idr_insert); 468 469 /* Cleanup idr index that was allocated but not initialized. */ 470 471 void tcf_idr_cleanup(struct tc_action_net *tn, u32 index) 472 { 473 struct tcf_idrinfo *idrinfo = tn->idrinfo; 474 475 mutex_lock(&idrinfo->lock); 476 /* Remove ERR_PTR(-EBUSY) allocated by tcf_idr_check_alloc */ 477 WARN_ON(!IS_ERR(idr_remove(&idrinfo->action_idr, index))); 478 mutex_unlock(&idrinfo->lock); 479 } 480 EXPORT_SYMBOL(tcf_idr_cleanup); 481 482 /* Check if action with specified index exists. If actions is found, increments 483 * its reference and bind counters, and return 1. Otherwise insert temporary 484 * error pointer (to prevent concurrent users from inserting actions with same 485 * index) and return 0. 486 */ 487 488 int tcf_idr_check_alloc(struct tc_action_net *tn, u32 *index, 489 struct tc_action **a, int bind) 490 { 491 struct tcf_idrinfo *idrinfo = tn->idrinfo; 492 struct tc_action *p; 493 int ret; 494 495 again: 496 mutex_lock(&idrinfo->lock); 497 if (*index) { 498 p = idr_find(&idrinfo->action_idr, *index); 499 if (IS_ERR(p)) { 500 /* This means that another process allocated 501 * index but did not assign the pointer yet. 502 */ 503 mutex_unlock(&idrinfo->lock); 504 goto again; 505 } 506 507 if (p) { 508 refcount_inc(&p->tcfa_refcnt); 509 if (bind) 510 atomic_inc(&p->tcfa_bindcnt); 511 *a = p; 512 ret = 1; 513 } else { 514 *a = NULL; 515 ret = idr_alloc_u32(&idrinfo->action_idr, NULL, index, 516 *index, GFP_KERNEL); 517 if (!ret) 518 idr_replace(&idrinfo->action_idr, 519 ERR_PTR(-EBUSY), *index); 520 } 521 } else { 522 *index = 1; 523 *a = NULL; 524 ret = idr_alloc_u32(&idrinfo->action_idr, NULL, index, 525 UINT_MAX, GFP_KERNEL); 526 if (!ret) 527 idr_replace(&idrinfo->action_idr, ERR_PTR(-EBUSY), 528 *index); 529 } 530 mutex_unlock(&idrinfo->lock); 531 return ret; 532 } 533 EXPORT_SYMBOL(tcf_idr_check_alloc); 534 535 void tcf_idrinfo_destroy(const struct tc_action_ops *ops, 536 struct tcf_idrinfo *idrinfo) 537 { 538 struct idr *idr = &idrinfo->action_idr; 539 struct tc_action *p; 540 int ret; 541 unsigned long id = 1; 542 543 idr_for_each_entry_ul(idr, p, id) { 544 ret = __tcf_idr_release(p, false, true); 545 if (ret == ACT_P_DELETED) 546 module_put(ops->owner); 547 else if (ret < 0) 548 return; 549 } 550 idr_destroy(&idrinfo->action_idr); 551 } 552 EXPORT_SYMBOL(tcf_idrinfo_destroy); 553 554 static LIST_HEAD(act_base); 555 static DEFINE_RWLOCK(act_mod_lock); 556 557 int tcf_register_action(struct tc_action_ops *act, 558 struct pernet_operations *ops) 559 { 560 struct tc_action_ops *a; 561 int ret; 562 563 if (!act->act || !act->dump || !act->init || !act->walk || !act->lookup) 564 return -EINVAL; 565 566 /* We have to register pernet ops before making the action ops visible, 567 * otherwise tcf_action_init_1() could get a partially initialized 568 * netns. 569 */ 570 ret = register_pernet_subsys(ops); 571 if (ret) 572 return ret; 573 574 write_lock(&act_mod_lock); 575 list_for_each_entry(a, &act_base, head) { 576 if (act->id == a->id || (strcmp(act->kind, a->kind) == 0)) { 577 write_unlock(&act_mod_lock); 578 unregister_pernet_subsys(ops); 579 return -EEXIST; 580 } 581 } 582 list_add_tail(&act->head, &act_base); 583 write_unlock(&act_mod_lock); 584 585 return 0; 586 } 587 EXPORT_SYMBOL(tcf_register_action); 588 589 int tcf_unregister_action(struct tc_action_ops *act, 590 struct pernet_operations *ops) 591 { 592 struct tc_action_ops *a; 593 int err = -ENOENT; 594 595 write_lock(&act_mod_lock); 596 list_for_each_entry(a, &act_base, head) { 597 if (a == act) { 598 list_del(&act->head); 599 err = 0; 600 break; 601 } 602 } 603 write_unlock(&act_mod_lock); 604 if (!err) 605 unregister_pernet_subsys(ops); 606 return err; 607 } 608 EXPORT_SYMBOL(tcf_unregister_action); 609 610 /* lookup by name */ 611 static struct tc_action_ops *tc_lookup_action_n(char *kind) 612 { 613 struct tc_action_ops *a, *res = NULL; 614 615 if (kind) { 616 read_lock(&act_mod_lock); 617 list_for_each_entry(a, &act_base, head) { 618 if (strcmp(kind, a->kind) == 0) { 619 if (try_module_get(a->owner)) 620 res = a; 621 break; 622 } 623 } 624 read_unlock(&act_mod_lock); 625 } 626 return res; 627 } 628 629 /* lookup by nlattr */ 630 static struct tc_action_ops *tc_lookup_action(struct nlattr *kind) 631 { 632 struct tc_action_ops *a, *res = NULL; 633 634 if (kind) { 635 read_lock(&act_mod_lock); 636 list_for_each_entry(a, &act_base, head) { 637 if (nla_strcmp(kind, a->kind) == 0) { 638 if (try_module_get(a->owner)) 639 res = a; 640 break; 641 } 642 } 643 read_unlock(&act_mod_lock); 644 } 645 return res; 646 } 647 648 /*TCA_ACT_MAX_PRIO is 32, there count upto 32 */ 649 #define TCA_ACT_MAX_PRIO_MASK 0x1FF 650 int tcf_action_exec(struct sk_buff *skb, struct tc_action **actions, 651 int nr_actions, struct tcf_result *res) 652 { 653 u32 jmp_prgcnt = 0; 654 u32 jmp_ttl = TCA_ACT_MAX_PRIO; /*matches actions per filter */ 655 int i; 656 int ret = TC_ACT_OK; 657 658 if (skb_skip_tc_classify(skb)) 659 return TC_ACT_OK; 660 661 restart_act_graph: 662 for (i = 0; i < nr_actions; i++) { 663 const struct tc_action *a = actions[i]; 664 665 if (jmp_prgcnt > 0) { 666 jmp_prgcnt -= 1; 667 continue; 668 } 669 repeat: 670 ret = a->ops->act(skb, a, res); 671 if (ret == TC_ACT_REPEAT) 672 goto repeat; /* we need a ttl - JHS */ 673 674 if (TC_ACT_EXT_CMP(ret, TC_ACT_JUMP)) { 675 jmp_prgcnt = ret & TCA_ACT_MAX_PRIO_MASK; 676 if (!jmp_prgcnt || (jmp_prgcnt > nr_actions)) { 677 /* faulty opcode, stop pipeline */ 678 return TC_ACT_OK; 679 } else { 680 jmp_ttl -= 1; 681 if (jmp_ttl > 0) 682 goto restart_act_graph; 683 else /* faulty graph, stop pipeline */ 684 return TC_ACT_OK; 685 } 686 } else if (TC_ACT_EXT_CMP(ret, TC_ACT_GOTO_CHAIN)) { 687 if (unlikely(!rcu_access_pointer(a->goto_chain))) { 688 net_warn_ratelimited("can't go to NULL chain!\n"); 689 return TC_ACT_SHOT; 690 } 691 tcf_action_goto_chain_exec(a, res); 692 } 693 694 if (ret != TC_ACT_PIPE) 695 break; 696 } 697 698 return ret; 699 } 700 EXPORT_SYMBOL(tcf_action_exec); 701 702 int tcf_action_destroy(struct tc_action *actions[], int bind) 703 { 704 const struct tc_action_ops *ops; 705 struct tc_action *a; 706 int ret = 0, i; 707 708 for (i = 0; i < TCA_ACT_MAX_PRIO && actions[i]; i++) { 709 a = actions[i]; 710 actions[i] = NULL; 711 ops = a->ops; 712 ret = __tcf_idr_release(a, bind, true); 713 if (ret == ACT_P_DELETED) 714 module_put(ops->owner); 715 else if (ret < 0) 716 return ret; 717 } 718 return ret; 719 } 720 721 static int tcf_action_destroy_1(struct tc_action *a, int bind) 722 { 723 struct tc_action *actions[] = { a, NULL }; 724 725 return tcf_action_destroy(actions, bind); 726 } 727 728 static int tcf_action_put(struct tc_action *p) 729 { 730 return __tcf_action_put(p, false); 731 } 732 733 /* Put all actions in this array, skip those NULL's. */ 734 static void tcf_action_put_many(struct tc_action *actions[]) 735 { 736 int i; 737 738 for (i = 0; i < TCA_ACT_MAX_PRIO; i++) { 739 struct tc_action *a = actions[i]; 740 const struct tc_action_ops *ops; 741 742 if (!a) 743 continue; 744 ops = a->ops; 745 if (tcf_action_put(a)) 746 module_put(ops->owner); 747 } 748 } 749 750 int 751 tcf_action_dump_old(struct sk_buff *skb, struct tc_action *a, int bind, int ref) 752 { 753 return a->ops->dump(skb, a, bind, ref); 754 } 755 756 int 757 tcf_action_dump_1(struct sk_buff *skb, struct tc_action *a, int bind, int ref) 758 { 759 int err = -EINVAL; 760 unsigned char *b = skb_tail_pointer(skb); 761 struct nlattr *nest; 762 struct tc_cookie *cookie; 763 764 if (nla_put_string(skb, TCA_KIND, a->ops->kind)) 765 goto nla_put_failure; 766 if (tcf_action_copy_stats(skb, a, 0)) 767 goto nla_put_failure; 768 769 rcu_read_lock(); 770 cookie = rcu_dereference(a->act_cookie); 771 if (cookie) { 772 if (nla_put(skb, TCA_ACT_COOKIE, cookie->len, cookie->data)) { 773 rcu_read_unlock(); 774 goto nla_put_failure; 775 } 776 } 777 rcu_read_unlock(); 778 779 nest = nla_nest_start_noflag(skb, TCA_OPTIONS); 780 if (nest == NULL) 781 goto nla_put_failure; 782 err = tcf_action_dump_old(skb, a, bind, ref); 783 if (err > 0) { 784 nla_nest_end(skb, nest); 785 return err; 786 } 787 788 nla_put_failure: 789 nlmsg_trim(skb, b); 790 return -1; 791 } 792 EXPORT_SYMBOL(tcf_action_dump_1); 793 794 int tcf_action_dump(struct sk_buff *skb, struct tc_action *actions[], 795 int bind, int ref) 796 { 797 struct tc_action *a; 798 int err = -EINVAL, i; 799 struct nlattr *nest; 800 801 for (i = 0; i < TCA_ACT_MAX_PRIO && actions[i]; i++) { 802 a = actions[i]; 803 nest = nla_nest_start_noflag(skb, a->order); 804 if (nest == NULL) 805 goto nla_put_failure; 806 err = tcf_action_dump_1(skb, a, bind, ref); 807 if (err < 0) 808 goto errout; 809 nla_nest_end(skb, nest); 810 } 811 812 return 0; 813 814 nla_put_failure: 815 err = -EINVAL; 816 errout: 817 nla_nest_cancel(skb, nest); 818 return err; 819 } 820 821 static struct tc_cookie *nla_memdup_cookie(struct nlattr **tb) 822 { 823 struct tc_cookie *c = kzalloc(sizeof(*c), GFP_KERNEL); 824 if (!c) 825 return NULL; 826 827 c->data = nla_memdup(tb[TCA_ACT_COOKIE], GFP_KERNEL); 828 if (!c->data) { 829 kfree(c); 830 return NULL; 831 } 832 c->len = nla_len(tb[TCA_ACT_COOKIE]); 833 834 return c; 835 } 836 837 struct tc_action *tcf_action_init_1(struct net *net, struct tcf_proto *tp, 838 struct nlattr *nla, struct nlattr *est, 839 char *name, int ovr, int bind, 840 bool rtnl_held, 841 struct netlink_ext_ack *extack) 842 { 843 struct tc_action *a; 844 struct tc_action_ops *a_o; 845 struct tc_cookie *cookie = NULL; 846 char act_name[IFNAMSIZ]; 847 struct nlattr *tb[TCA_ACT_MAX + 1]; 848 struct nlattr *kind; 849 int err; 850 851 if (name == NULL) { 852 err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX, nla, NULL, 853 extack); 854 if (err < 0) 855 goto err_out; 856 err = -EINVAL; 857 kind = tb[TCA_ACT_KIND]; 858 if (!kind) { 859 NL_SET_ERR_MSG(extack, "TC action kind must be specified"); 860 goto err_out; 861 } 862 if (nla_strlcpy(act_name, kind, IFNAMSIZ) >= IFNAMSIZ) { 863 NL_SET_ERR_MSG(extack, "TC action name too long"); 864 goto err_out; 865 } 866 if (tb[TCA_ACT_COOKIE]) { 867 int cklen = nla_len(tb[TCA_ACT_COOKIE]); 868 869 if (cklen > TC_COOKIE_MAX_SIZE) { 870 NL_SET_ERR_MSG(extack, "TC cookie size above the maximum"); 871 goto err_out; 872 } 873 874 cookie = nla_memdup_cookie(tb); 875 if (!cookie) { 876 NL_SET_ERR_MSG(extack, "No memory to generate TC cookie"); 877 err = -ENOMEM; 878 goto err_out; 879 } 880 } 881 } else { 882 if (strlcpy(act_name, name, IFNAMSIZ) >= IFNAMSIZ) { 883 NL_SET_ERR_MSG(extack, "TC action name too long"); 884 err = -EINVAL; 885 goto err_out; 886 } 887 } 888 889 a_o = tc_lookup_action_n(act_name); 890 if (a_o == NULL) { 891 #ifdef CONFIG_MODULES 892 if (rtnl_held) 893 rtnl_unlock(); 894 request_module("act_%s", act_name); 895 if (rtnl_held) 896 rtnl_lock(); 897 898 a_o = tc_lookup_action_n(act_name); 899 900 /* We dropped the RTNL semaphore in order to 901 * perform the module load. So, even if we 902 * succeeded in loading the module we have to 903 * tell the caller to replay the request. We 904 * indicate this using -EAGAIN. 905 */ 906 if (a_o != NULL) { 907 err = -EAGAIN; 908 goto err_mod; 909 } 910 #endif 911 NL_SET_ERR_MSG(extack, "Failed to load TC action module"); 912 err = -ENOENT; 913 goto err_out; 914 } 915 916 /* backward compatibility for policer */ 917 if (name == NULL) 918 err = a_o->init(net, tb[TCA_ACT_OPTIONS], est, &a, ovr, bind, 919 rtnl_held, tp, extack); 920 else 921 err = a_o->init(net, nla, est, &a, ovr, bind, rtnl_held, 922 tp, extack); 923 if (err < 0) 924 goto err_mod; 925 926 if (!name && tb[TCA_ACT_COOKIE]) 927 tcf_set_action_cookie(&a->act_cookie, cookie); 928 929 /* module count goes up only when brand new policy is created 930 * if it exists and is only bound to in a_o->init() then 931 * ACT_P_CREATED is not returned (a zero is). 932 */ 933 if (err != ACT_P_CREATED) 934 module_put(a_o->owner); 935 936 if (TC_ACT_EXT_CMP(a->tcfa_action, TC_ACT_GOTO_CHAIN) && 937 !rcu_access_pointer(a->goto_chain)) { 938 tcf_action_destroy_1(a, bind); 939 NL_SET_ERR_MSG(extack, "can't use goto chain with NULL chain"); 940 return ERR_PTR(-EINVAL); 941 } 942 943 return a; 944 945 err_mod: 946 module_put(a_o->owner); 947 err_out: 948 if (cookie) { 949 kfree(cookie->data); 950 kfree(cookie); 951 } 952 return ERR_PTR(err); 953 } 954 955 /* Returns numbers of initialized actions or negative error. */ 956 957 int tcf_action_init(struct net *net, struct tcf_proto *tp, struct nlattr *nla, 958 struct nlattr *est, char *name, int ovr, int bind, 959 struct tc_action *actions[], size_t *attr_size, 960 bool rtnl_held, struct netlink_ext_ack *extack) 961 { 962 struct nlattr *tb[TCA_ACT_MAX_PRIO + 1]; 963 struct tc_action *act; 964 size_t sz = 0; 965 int err; 966 int i; 967 968 err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX_PRIO, nla, NULL, 969 extack); 970 if (err < 0) 971 return err; 972 973 for (i = 1; i <= TCA_ACT_MAX_PRIO && tb[i]; i++) { 974 act = tcf_action_init_1(net, tp, tb[i], est, name, ovr, bind, 975 rtnl_held, extack); 976 if (IS_ERR(act)) { 977 err = PTR_ERR(act); 978 goto err; 979 } 980 act->order = i; 981 sz += tcf_action_fill_size(act); 982 /* Start from index 0 */ 983 actions[i - 1] = act; 984 } 985 986 *attr_size = tcf_action_full_attrs_size(sz); 987 return i - 1; 988 989 err: 990 tcf_action_destroy(actions, bind); 991 return err; 992 } 993 994 int tcf_action_copy_stats(struct sk_buff *skb, struct tc_action *p, 995 int compat_mode) 996 { 997 int err = 0; 998 struct gnet_dump d; 999 1000 if (p == NULL) 1001 goto errout; 1002 1003 /* compat_mode being true specifies a call that is supposed 1004 * to add additional backward compatibility statistic TLVs. 1005 */ 1006 if (compat_mode) { 1007 if (p->type == TCA_OLD_COMPAT) 1008 err = gnet_stats_start_copy_compat(skb, 0, 1009 TCA_STATS, 1010 TCA_XSTATS, 1011 &p->tcfa_lock, &d, 1012 TCA_PAD); 1013 else 1014 return 0; 1015 } else 1016 err = gnet_stats_start_copy(skb, TCA_ACT_STATS, 1017 &p->tcfa_lock, &d, TCA_ACT_PAD); 1018 1019 if (err < 0) 1020 goto errout; 1021 1022 if (gnet_stats_copy_basic(NULL, &d, p->cpu_bstats, &p->tcfa_bstats) < 0 || 1023 gnet_stats_copy_basic_hw(NULL, &d, p->cpu_bstats_hw, 1024 &p->tcfa_bstats_hw) < 0 || 1025 gnet_stats_copy_rate_est(&d, &p->tcfa_rate_est) < 0 || 1026 gnet_stats_copy_queue(&d, p->cpu_qstats, 1027 &p->tcfa_qstats, 1028 p->tcfa_qstats.qlen) < 0) 1029 goto errout; 1030 1031 if (gnet_stats_finish_copy(&d) < 0) 1032 goto errout; 1033 1034 return 0; 1035 1036 errout: 1037 return -1; 1038 } 1039 1040 static int tca_get_fill(struct sk_buff *skb, struct tc_action *actions[], 1041 u32 portid, u32 seq, u16 flags, int event, int bind, 1042 int ref) 1043 { 1044 struct tcamsg *t; 1045 struct nlmsghdr *nlh; 1046 unsigned char *b = skb_tail_pointer(skb); 1047 struct nlattr *nest; 1048 1049 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*t), flags); 1050 if (!nlh) 1051 goto out_nlmsg_trim; 1052 t = nlmsg_data(nlh); 1053 t->tca_family = AF_UNSPEC; 1054 t->tca__pad1 = 0; 1055 t->tca__pad2 = 0; 1056 1057 nest = nla_nest_start_noflag(skb, TCA_ACT_TAB); 1058 if (!nest) 1059 goto out_nlmsg_trim; 1060 1061 if (tcf_action_dump(skb, actions, bind, ref) < 0) 1062 goto out_nlmsg_trim; 1063 1064 nla_nest_end(skb, nest); 1065 1066 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 1067 return skb->len; 1068 1069 out_nlmsg_trim: 1070 nlmsg_trim(skb, b); 1071 return -1; 1072 } 1073 1074 static int 1075 tcf_get_notify(struct net *net, u32 portid, struct nlmsghdr *n, 1076 struct tc_action *actions[], int event, 1077 struct netlink_ext_ack *extack) 1078 { 1079 struct sk_buff *skb; 1080 1081 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 1082 if (!skb) 1083 return -ENOBUFS; 1084 if (tca_get_fill(skb, actions, portid, n->nlmsg_seq, 0, event, 1085 0, 1) <= 0) { 1086 NL_SET_ERR_MSG(extack, "Failed to fill netlink attributes while adding TC action"); 1087 kfree_skb(skb); 1088 return -EINVAL; 1089 } 1090 1091 return rtnl_unicast(skb, net, portid); 1092 } 1093 1094 static struct tc_action *tcf_action_get_1(struct net *net, struct nlattr *nla, 1095 struct nlmsghdr *n, u32 portid, 1096 struct netlink_ext_ack *extack) 1097 { 1098 struct nlattr *tb[TCA_ACT_MAX + 1]; 1099 const struct tc_action_ops *ops; 1100 struct tc_action *a; 1101 int index; 1102 int err; 1103 1104 err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX, nla, NULL, extack); 1105 if (err < 0) 1106 goto err_out; 1107 1108 err = -EINVAL; 1109 if (tb[TCA_ACT_INDEX] == NULL || 1110 nla_len(tb[TCA_ACT_INDEX]) < sizeof(index)) { 1111 NL_SET_ERR_MSG(extack, "Invalid TC action index value"); 1112 goto err_out; 1113 } 1114 index = nla_get_u32(tb[TCA_ACT_INDEX]); 1115 1116 err = -EINVAL; 1117 ops = tc_lookup_action(tb[TCA_ACT_KIND]); 1118 if (!ops) { /* could happen in batch of actions */ 1119 NL_SET_ERR_MSG(extack, "Specified TC action kind not found"); 1120 goto err_out; 1121 } 1122 err = -ENOENT; 1123 if (ops->lookup(net, &a, index) == 0) { 1124 NL_SET_ERR_MSG(extack, "TC action with specified index not found"); 1125 goto err_mod; 1126 } 1127 1128 module_put(ops->owner); 1129 return a; 1130 1131 err_mod: 1132 module_put(ops->owner); 1133 err_out: 1134 return ERR_PTR(err); 1135 } 1136 1137 static int tca_action_flush(struct net *net, struct nlattr *nla, 1138 struct nlmsghdr *n, u32 portid, 1139 struct netlink_ext_ack *extack) 1140 { 1141 struct sk_buff *skb; 1142 unsigned char *b; 1143 struct nlmsghdr *nlh; 1144 struct tcamsg *t; 1145 struct netlink_callback dcb; 1146 struct nlattr *nest; 1147 struct nlattr *tb[TCA_ACT_MAX + 1]; 1148 const struct tc_action_ops *ops; 1149 struct nlattr *kind; 1150 int err = -ENOMEM; 1151 1152 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 1153 if (!skb) 1154 return err; 1155 1156 b = skb_tail_pointer(skb); 1157 1158 err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX, nla, NULL, extack); 1159 if (err < 0) 1160 goto err_out; 1161 1162 err = -EINVAL; 1163 kind = tb[TCA_ACT_KIND]; 1164 ops = tc_lookup_action(kind); 1165 if (!ops) { /*some idjot trying to flush unknown action */ 1166 NL_SET_ERR_MSG(extack, "Cannot flush unknown TC action"); 1167 goto err_out; 1168 } 1169 1170 nlh = nlmsg_put(skb, portid, n->nlmsg_seq, RTM_DELACTION, 1171 sizeof(*t), 0); 1172 if (!nlh) { 1173 NL_SET_ERR_MSG(extack, "Failed to create TC action flush notification"); 1174 goto out_module_put; 1175 } 1176 t = nlmsg_data(nlh); 1177 t->tca_family = AF_UNSPEC; 1178 t->tca__pad1 = 0; 1179 t->tca__pad2 = 0; 1180 1181 nest = nla_nest_start_noflag(skb, TCA_ACT_TAB); 1182 if (!nest) { 1183 NL_SET_ERR_MSG(extack, "Failed to add new netlink message"); 1184 goto out_module_put; 1185 } 1186 1187 err = ops->walk(net, skb, &dcb, RTM_DELACTION, ops, extack); 1188 if (err <= 0) { 1189 nla_nest_cancel(skb, nest); 1190 goto out_module_put; 1191 } 1192 1193 nla_nest_end(skb, nest); 1194 1195 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 1196 nlh->nlmsg_flags |= NLM_F_ROOT; 1197 module_put(ops->owner); 1198 err = rtnetlink_send(skb, net, portid, RTNLGRP_TC, 1199 n->nlmsg_flags & NLM_F_ECHO); 1200 if (err > 0) 1201 return 0; 1202 if (err < 0) 1203 NL_SET_ERR_MSG(extack, "Failed to send TC action flush notification"); 1204 1205 return err; 1206 1207 out_module_put: 1208 module_put(ops->owner); 1209 err_out: 1210 kfree_skb(skb); 1211 return err; 1212 } 1213 1214 static int tcf_action_delete(struct net *net, struct tc_action *actions[]) 1215 { 1216 int i; 1217 1218 for (i = 0; i < TCA_ACT_MAX_PRIO && actions[i]; i++) { 1219 struct tc_action *a = actions[i]; 1220 const struct tc_action_ops *ops = a->ops; 1221 /* Actions can be deleted concurrently so we must save their 1222 * type and id to search again after reference is released. 1223 */ 1224 struct tcf_idrinfo *idrinfo = a->idrinfo; 1225 u32 act_index = a->tcfa_index; 1226 1227 actions[i] = NULL; 1228 if (tcf_action_put(a)) { 1229 /* last reference, action was deleted concurrently */ 1230 module_put(ops->owner); 1231 } else { 1232 int ret; 1233 1234 /* now do the delete */ 1235 ret = tcf_idr_delete_index(idrinfo, act_index); 1236 if (ret < 0) 1237 return ret; 1238 } 1239 } 1240 return 0; 1241 } 1242 1243 static int 1244 tcf_del_notify(struct net *net, struct nlmsghdr *n, struct tc_action *actions[], 1245 u32 portid, size_t attr_size, struct netlink_ext_ack *extack) 1246 { 1247 int ret; 1248 struct sk_buff *skb; 1249 1250 skb = alloc_skb(attr_size <= NLMSG_GOODSIZE ? NLMSG_GOODSIZE : attr_size, 1251 GFP_KERNEL); 1252 if (!skb) 1253 return -ENOBUFS; 1254 1255 if (tca_get_fill(skb, actions, portid, n->nlmsg_seq, 0, RTM_DELACTION, 1256 0, 2) <= 0) { 1257 NL_SET_ERR_MSG(extack, "Failed to fill netlink TC action attributes"); 1258 kfree_skb(skb); 1259 return -EINVAL; 1260 } 1261 1262 /* now do the delete */ 1263 ret = tcf_action_delete(net, actions); 1264 if (ret < 0) { 1265 NL_SET_ERR_MSG(extack, "Failed to delete TC action"); 1266 kfree_skb(skb); 1267 return ret; 1268 } 1269 1270 ret = rtnetlink_send(skb, net, portid, RTNLGRP_TC, 1271 n->nlmsg_flags & NLM_F_ECHO); 1272 if (ret > 0) 1273 return 0; 1274 return ret; 1275 } 1276 1277 static int 1278 tca_action_gd(struct net *net, struct nlattr *nla, struct nlmsghdr *n, 1279 u32 portid, int event, struct netlink_ext_ack *extack) 1280 { 1281 int i, ret; 1282 struct nlattr *tb[TCA_ACT_MAX_PRIO + 1]; 1283 struct tc_action *act; 1284 size_t attr_size = 0; 1285 struct tc_action *actions[TCA_ACT_MAX_PRIO] = {}; 1286 1287 ret = nla_parse_nested_deprecated(tb, TCA_ACT_MAX_PRIO, nla, NULL, 1288 extack); 1289 if (ret < 0) 1290 return ret; 1291 1292 if (event == RTM_DELACTION && n->nlmsg_flags & NLM_F_ROOT) { 1293 if (tb[1]) 1294 return tca_action_flush(net, tb[1], n, portid, extack); 1295 1296 NL_SET_ERR_MSG(extack, "Invalid netlink attributes while flushing TC action"); 1297 return -EINVAL; 1298 } 1299 1300 for (i = 1; i <= TCA_ACT_MAX_PRIO && tb[i]; i++) { 1301 act = tcf_action_get_1(net, tb[i], n, portid, extack); 1302 if (IS_ERR(act)) { 1303 ret = PTR_ERR(act); 1304 goto err; 1305 } 1306 act->order = i; 1307 attr_size += tcf_action_fill_size(act); 1308 actions[i - 1] = act; 1309 } 1310 1311 attr_size = tcf_action_full_attrs_size(attr_size); 1312 1313 if (event == RTM_GETACTION) 1314 ret = tcf_get_notify(net, portid, n, actions, event, extack); 1315 else { /* delete */ 1316 ret = tcf_del_notify(net, n, actions, portid, attr_size, extack); 1317 if (ret) 1318 goto err; 1319 return 0; 1320 } 1321 err: 1322 tcf_action_put_many(actions); 1323 return ret; 1324 } 1325 1326 static int 1327 tcf_add_notify(struct net *net, struct nlmsghdr *n, struct tc_action *actions[], 1328 u32 portid, size_t attr_size, struct netlink_ext_ack *extack) 1329 { 1330 struct sk_buff *skb; 1331 int err = 0; 1332 1333 skb = alloc_skb(attr_size <= NLMSG_GOODSIZE ? NLMSG_GOODSIZE : attr_size, 1334 GFP_KERNEL); 1335 if (!skb) 1336 return -ENOBUFS; 1337 1338 if (tca_get_fill(skb, actions, portid, n->nlmsg_seq, n->nlmsg_flags, 1339 RTM_NEWACTION, 0, 0) <= 0) { 1340 NL_SET_ERR_MSG(extack, "Failed to fill netlink attributes while adding TC action"); 1341 kfree_skb(skb); 1342 return -EINVAL; 1343 } 1344 1345 err = rtnetlink_send(skb, net, portid, RTNLGRP_TC, 1346 n->nlmsg_flags & NLM_F_ECHO); 1347 if (err > 0) 1348 err = 0; 1349 return err; 1350 } 1351 1352 static int tcf_action_add(struct net *net, struct nlattr *nla, 1353 struct nlmsghdr *n, u32 portid, int ovr, 1354 struct netlink_ext_ack *extack) 1355 { 1356 size_t attr_size = 0; 1357 int ret = 0; 1358 struct tc_action *actions[TCA_ACT_MAX_PRIO] = {}; 1359 1360 ret = tcf_action_init(net, NULL, nla, NULL, NULL, ovr, 0, actions, 1361 &attr_size, true, extack); 1362 if (ret < 0) 1363 return ret; 1364 ret = tcf_add_notify(net, n, actions, portid, attr_size, extack); 1365 if (ovr) 1366 tcf_action_put_many(actions); 1367 1368 return ret; 1369 } 1370 1371 static u32 tcaa_root_flags_allowed = TCA_FLAG_LARGE_DUMP_ON; 1372 static const struct nla_policy tcaa_policy[TCA_ROOT_MAX + 1] = { 1373 [TCA_ROOT_FLAGS] = { .type = NLA_BITFIELD32, 1374 .validation_data = &tcaa_root_flags_allowed }, 1375 [TCA_ROOT_TIME_DELTA] = { .type = NLA_U32 }, 1376 }; 1377 1378 static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n, 1379 struct netlink_ext_ack *extack) 1380 { 1381 struct net *net = sock_net(skb->sk); 1382 struct nlattr *tca[TCA_ROOT_MAX + 1]; 1383 u32 portid = skb ? NETLINK_CB(skb).portid : 0; 1384 int ret = 0, ovr = 0; 1385 1386 if ((n->nlmsg_type != RTM_GETACTION) && 1387 !netlink_capable(skb, CAP_NET_ADMIN)) 1388 return -EPERM; 1389 1390 ret = nlmsg_parse_deprecated(n, sizeof(struct tcamsg), tca, 1391 TCA_ROOT_MAX, NULL, extack); 1392 if (ret < 0) 1393 return ret; 1394 1395 if (tca[TCA_ACT_TAB] == NULL) { 1396 NL_SET_ERR_MSG(extack, "Netlink action attributes missing"); 1397 return -EINVAL; 1398 } 1399 1400 /* n->nlmsg_flags & NLM_F_CREATE */ 1401 switch (n->nlmsg_type) { 1402 case RTM_NEWACTION: 1403 /* we are going to assume all other flags 1404 * imply create only if it doesn't exist 1405 * Note that CREATE | EXCL implies that 1406 * but since we want avoid ambiguity (eg when flags 1407 * is zero) then just set this 1408 */ 1409 if (n->nlmsg_flags & NLM_F_REPLACE) 1410 ovr = 1; 1411 replay: 1412 ret = tcf_action_add(net, tca[TCA_ACT_TAB], n, portid, ovr, 1413 extack); 1414 if (ret == -EAGAIN) 1415 goto replay; 1416 break; 1417 case RTM_DELACTION: 1418 ret = tca_action_gd(net, tca[TCA_ACT_TAB], n, 1419 portid, RTM_DELACTION, extack); 1420 break; 1421 case RTM_GETACTION: 1422 ret = tca_action_gd(net, tca[TCA_ACT_TAB], n, 1423 portid, RTM_GETACTION, extack); 1424 break; 1425 default: 1426 BUG(); 1427 } 1428 1429 return ret; 1430 } 1431 1432 static struct nlattr *find_dump_kind(struct nlattr **nla) 1433 { 1434 struct nlattr *tb1, *tb2[TCA_ACT_MAX + 1]; 1435 struct nlattr *tb[TCA_ACT_MAX_PRIO + 1]; 1436 struct nlattr *kind; 1437 1438 tb1 = nla[TCA_ACT_TAB]; 1439 if (tb1 == NULL) 1440 return NULL; 1441 1442 if (nla_parse_deprecated(tb, TCA_ACT_MAX_PRIO, nla_data(tb1), NLMSG_ALIGN(nla_len(tb1)), NULL, NULL) < 0) 1443 return NULL; 1444 1445 if (tb[1] == NULL) 1446 return NULL; 1447 if (nla_parse_nested_deprecated(tb2, TCA_ACT_MAX, tb[1], NULL, NULL) < 0) 1448 return NULL; 1449 kind = tb2[TCA_ACT_KIND]; 1450 1451 return kind; 1452 } 1453 1454 static int tc_dump_action(struct sk_buff *skb, struct netlink_callback *cb) 1455 { 1456 struct net *net = sock_net(skb->sk); 1457 struct nlmsghdr *nlh; 1458 unsigned char *b = skb_tail_pointer(skb); 1459 struct nlattr *nest; 1460 struct tc_action_ops *a_o; 1461 int ret = 0; 1462 struct tcamsg *t = (struct tcamsg *) nlmsg_data(cb->nlh); 1463 struct nlattr *tb[TCA_ROOT_MAX + 1]; 1464 struct nlattr *count_attr = NULL; 1465 unsigned long jiffy_since = 0; 1466 struct nlattr *kind = NULL; 1467 struct nla_bitfield32 bf; 1468 u32 msecs_since = 0; 1469 u32 act_count = 0; 1470 1471 ret = nlmsg_parse_deprecated(cb->nlh, sizeof(struct tcamsg), tb, 1472 TCA_ROOT_MAX, tcaa_policy, cb->extack); 1473 if (ret < 0) 1474 return ret; 1475 1476 kind = find_dump_kind(tb); 1477 if (kind == NULL) { 1478 pr_info("tc_dump_action: action bad kind\n"); 1479 return 0; 1480 } 1481 1482 a_o = tc_lookup_action(kind); 1483 if (a_o == NULL) 1484 return 0; 1485 1486 cb->args[2] = 0; 1487 if (tb[TCA_ROOT_FLAGS]) { 1488 bf = nla_get_bitfield32(tb[TCA_ROOT_FLAGS]); 1489 cb->args[2] = bf.value; 1490 } 1491 1492 if (tb[TCA_ROOT_TIME_DELTA]) { 1493 msecs_since = nla_get_u32(tb[TCA_ROOT_TIME_DELTA]); 1494 } 1495 1496 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq, 1497 cb->nlh->nlmsg_type, sizeof(*t), 0); 1498 if (!nlh) 1499 goto out_module_put; 1500 1501 if (msecs_since) 1502 jiffy_since = jiffies - msecs_to_jiffies(msecs_since); 1503 1504 t = nlmsg_data(nlh); 1505 t->tca_family = AF_UNSPEC; 1506 t->tca__pad1 = 0; 1507 t->tca__pad2 = 0; 1508 cb->args[3] = jiffy_since; 1509 count_attr = nla_reserve(skb, TCA_ROOT_COUNT, sizeof(u32)); 1510 if (!count_attr) 1511 goto out_module_put; 1512 1513 nest = nla_nest_start_noflag(skb, TCA_ACT_TAB); 1514 if (nest == NULL) 1515 goto out_module_put; 1516 1517 ret = a_o->walk(net, skb, cb, RTM_GETACTION, a_o, NULL); 1518 if (ret < 0) 1519 goto out_module_put; 1520 1521 if (ret > 0) { 1522 nla_nest_end(skb, nest); 1523 ret = skb->len; 1524 act_count = cb->args[1]; 1525 memcpy(nla_data(count_attr), &act_count, sizeof(u32)); 1526 cb->args[1] = 0; 1527 } else 1528 nlmsg_trim(skb, b); 1529 1530 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 1531 if (NETLINK_CB(cb->skb).portid && ret) 1532 nlh->nlmsg_flags |= NLM_F_MULTI; 1533 module_put(a_o->owner); 1534 return skb->len; 1535 1536 out_module_put: 1537 module_put(a_o->owner); 1538 nlmsg_trim(skb, b); 1539 return skb->len; 1540 } 1541 1542 static int __init tc_action_init(void) 1543 { 1544 rtnl_register(PF_UNSPEC, RTM_NEWACTION, tc_ctl_action, NULL, 0); 1545 rtnl_register(PF_UNSPEC, RTM_DELACTION, tc_ctl_action, NULL, 0); 1546 rtnl_register(PF_UNSPEC, RTM_GETACTION, tc_ctl_action, tc_dump_action, 1547 0); 1548 1549 return 0; 1550 } 1551 1552 subsys_initcall(tc_action_init); 1553