1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2022 Alexander V. Chernikov <melifaro@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/types.h> 29 #include <sys/ck.h> 30 #include <sys/epoch.h> 31 #include <sys/eventhandler.h> 32 #include <sys/kernel.h> 33 #include <sys/jail.h> 34 #include <sys/lock.h> 35 #include <sys/malloc.h> 36 #include <sys/priv.h> 37 #include <sys/socket.h> 38 #include <sys/sx.h> 39 40 #include <netlink/netlink.h> 41 #include <netlink/netlink_ctl.h> 42 #include <netlink/netlink_generic.h> 43 #include <netlink/netlink_var.h> 44 45 #define DEBUG_MOD_NAME nl_generic 46 #define DEBUG_MAX_LEVEL LOG_DEBUG3 47 #include <netlink/netlink_debug.h> 48 _DECLARE_DEBUG(LOG_INFO); 49 50 static int nlctrl_handle_getfamily(struct nlmsghdr *, struct nl_pstate *); 51 52 static struct genl_cmd nlctrl_cmds[] = { 53 [CTRL_CMD_GETFAMILY] = { 54 .cmd_num = CTRL_CMD_GETFAMILY, 55 .cmd_name = "GETFAMILY", 56 .cmd_cb = nlctrl_handle_getfamily, 57 .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | 58 GENL_CMD_CAP_HASPOL, 59 }, 60 }; 61 62 static struct genl_family { 63 const char *family_name; 64 uint16_t family_hdrsize; 65 uint16_t family_version; 66 uint16_t family_attr_max; 67 uint16_t family_cmd_size; 68 uint16_t family_num_groups; 69 struct genl_cmd *family_cmds; 70 } families[MAX_FAMILIES] = { 71 [CTRL_FAMILY_ID] = { 72 .family_name = CTRL_FAMILY_NAME, 73 .family_hdrsize = 0, 74 .family_version = 2, 75 .family_attr_max = CTRL_ATTR_MAX, 76 .family_cmd_size = CTRL_CMD_GETFAMILY + 1, 77 .family_cmds = nlctrl_cmds, 78 .family_num_groups = 1, 79 }, 80 }; 81 82 static struct genl_group { 83 struct genl_family *group_family; 84 const char *group_name; 85 } groups[MAX_GROUPS] = { 86 [CTRL_GROUP_ID] = { 87 .group_family = &families[CTRL_FAMILY_ID], 88 .group_name = CTRL_GROUP_NAME, 89 }, 90 }; 91 92 static inline struct genl_family * 93 genl_family(uint16_t family_id) 94 { 95 struct genl_family *gf; 96 97 gf = &families[family_id - GENL_MIN_ID]; 98 KASSERT(family_id - GENL_MIN_ID < MAX_FAMILIES && 99 gf->family_name != NULL, ("family %u does not exist", family_id)); 100 return (gf); 101 } 102 103 static inline uint16_t 104 genl_family_id(const struct genl_family *gf) 105 { 106 MPASS(gf >= &families[0] && gf < &families[MAX_FAMILIES]); 107 return ((uint16_t)(gf - &families[0]) + GENL_MIN_ID); 108 } 109 110 /* 111 * Handler called by netlink subsystem when matching netlink message is received 112 */ 113 static int 114 genl_handle_message(struct nlmsghdr *hdr, struct nl_pstate *npt) 115 { 116 struct nlpcb *nlp = npt->nlp; 117 struct genl_family *gf; 118 uint16_t family_id; 119 int error = 0; 120 121 if (__predict_false(hdr->nlmsg_len < sizeof(struct nlmsghdr) + 122 GENL_HDRLEN)) { 123 NLP_LOG(LOG_DEBUG, nlp, "invalid message size: %d", 124 hdr->nlmsg_len); 125 return (EINVAL); 126 } 127 128 family_id = hdr->nlmsg_type - GENL_MIN_ID; 129 gf = &families[family_id]; 130 if (__predict_false(family_id >= MAX_FAMILIES || 131 gf->family_name == NULL)) { 132 NLP_LOG(LOG_DEBUG, nlp, "invalid message type: %d", 133 hdr->nlmsg_type); 134 return (ENOTSUP); 135 } 136 137 struct genlmsghdr *ghdr = (struct genlmsghdr *)(hdr + 1); 138 139 if (ghdr->cmd >= gf->family_cmd_size || gf->family_cmds[ghdr->cmd].cmd_cb == NULL) { 140 NLP_LOG(LOG_DEBUG, nlp, "family %s: invalid cmd %d", 141 gf->family_name, ghdr->cmd); 142 return (ENOTSUP); 143 } 144 145 struct genl_cmd *cmd = &gf->family_cmds[ghdr->cmd]; 146 147 if (cmd->cmd_priv != 0 && !nlp_has_priv(nlp, cmd->cmd_priv)) { 148 NLP_LOG(LOG_DEBUG, nlp, "family %s: cmd %d priv_check() failed", 149 gf->family_name, ghdr->cmd); 150 return (EPERM); 151 } 152 153 NLP_LOG(LOG_DEBUG2, nlp, "received family %s cmd %s(%d) len %d", 154 gf->family_name, cmd->cmd_name, ghdr->cmd, hdr->nlmsg_len); 155 156 error = cmd->cmd_cb(hdr, npt); 157 158 return (error); 159 } 160 161 static uint32_t 162 get_cmd_flags(const struct genl_cmd *cmd) 163 { 164 uint32_t flags = cmd->cmd_flags; 165 if (cmd->cmd_priv != 0) 166 flags |= GENL_ADMIN_PERM; 167 return (flags); 168 } 169 170 static int 171 dump_family(struct nlmsghdr *hdr, struct genlmsghdr *ghdr, 172 const struct genl_family *gf, struct nl_writer *nw) 173 { 174 if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr))) 175 goto enomem; 176 177 struct genlmsghdr *ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr); 178 ghdr_new->cmd = ghdr->cmd; 179 ghdr_new->version = gf->family_version; 180 ghdr_new->reserved = 0; 181 182 nlattr_add_string(nw, CTRL_ATTR_FAMILY_NAME, gf->family_name); 183 nlattr_add_u16(nw, CTRL_ATTR_FAMILY_ID, genl_family_id(gf)); 184 nlattr_add_u32(nw, CTRL_ATTR_VERSION, gf->family_version); 185 nlattr_add_u32(nw, CTRL_ATTR_HDRSIZE, gf->family_hdrsize); 186 nlattr_add_u32(nw, CTRL_ATTR_MAXATTR, gf->family_attr_max); 187 188 if (gf->family_cmd_size > 0) { 189 int off = nlattr_add_nested(nw, CTRL_ATTR_OPS); 190 if (off == 0) 191 goto enomem; 192 for (int i = 0, cnt=0; i < gf->family_cmd_size; i++) { 193 struct genl_cmd *cmd = &gf->family_cmds[i]; 194 if (cmd->cmd_cb == NULL) 195 continue; 196 int cmd_off = nlattr_add_nested(nw, ++cnt); 197 if (cmd_off == 0) 198 goto enomem; 199 200 nlattr_add_u32(nw, CTRL_ATTR_OP_ID, cmd->cmd_num); 201 nlattr_add_u32(nw, CTRL_ATTR_OP_FLAGS, get_cmd_flags(cmd)); 202 nlattr_set_len(nw, cmd_off); 203 } 204 nlattr_set_len(nw, off); 205 } 206 if (gf->family_num_groups > 0) { 207 int off = nlattr_add_nested(nw, CTRL_ATTR_MCAST_GROUPS); 208 if (off == 0) 209 goto enomem; 210 for (u_int i = 0, cnt = 0; i < MAX_GROUPS; i++) { 211 struct genl_group *gg = &groups[i]; 212 213 if (gg->group_family != gf) 214 continue; 215 216 int cmd_off = nlattr_add_nested(nw, ++cnt); 217 if (cmd_off == 0) 218 goto enomem; 219 nlattr_add_u32(nw, CTRL_ATTR_MCAST_GRP_ID, i + MIN_GROUP_NUM); 220 nlattr_add_string(nw, CTRL_ATTR_MCAST_GRP_NAME, gg->group_name); 221 nlattr_set_len(nw, cmd_off); 222 } 223 nlattr_set_len(nw, off); 224 } 225 if (nlmsg_end(nw)) 226 return (0); 227 enomem: 228 NL_LOG(LOG_DEBUG, "unable to dump family %s state (ENOMEM)", gf->family_name); 229 nlmsg_abort(nw); 230 return (ENOMEM); 231 } 232 233 struct nl_parsed_family { 234 char *family_name; 235 uint16_t family_id; 236 uint8_t version; 237 }; 238 239 #define _IN(_field) offsetof(struct genlmsghdr, _field) 240 #define _OUT(_field) offsetof(struct nl_parsed_family, _field) 241 static const struct nlfield_parser nlf_p_generic[] = { 242 { .off_in = _IN(version), .off_out = _OUT(version), .cb = nlf_get_u8 }, 243 }; 244 245 static struct nlattr_parser nla_p_generic[] = { 246 { .type = CTRL_ATTR_FAMILY_ID , .off = _OUT(family_id), .cb = nlattr_get_uint16 }, 247 { .type = CTRL_ATTR_FAMILY_NAME , .off = _OUT(family_name), .cb = nlattr_get_string }, 248 }; 249 #undef _IN 250 #undef _OUT 251 NL_DECLARE_PARSER(genl_parser, struct genlmsghdr, nlf_p_generic, nla_p_generic); 252 253 static int 254 nlctrl_handle_getfamily(struct nlmsghdr *hdr, struct nl_pstate *npt) 255 { 256 int error = 0; 257 258 struct nl_parsed_family attrs = {}; 259 error = nl_parse_nlmsg(hdr, &genl_parser, npt, &attrs); 260 if (error != 0) 261 return (error); 262 263 struct genlmsghdr ghdr = { 264 .cmd = CTRL_CMD_NEWFAMILY, 265 }; 266 267 if (attrs.family_id != 0 || attrs.family_name != NULL) { 268 for (u_int i = 0; i < MAX_FAMILIES; i++) { 269 struct genl_family *gf = &families[i]; 270 271 if (gf->family_name == NULL) 272 continue; 273 if (attrs.family_id != 0 && 274 attrs.family_id != genl_family_id(gf)) 275 continue; 276 if (attrs.family_name != NULL && 277 strcmp(attrs.family_name, gf->family_name) != 0) 278 continue; 279 return (dump_family(hdr, &ghdr, gf, npt->nw)); 280 } 281 return (ENOENT); 282 } 283 284 hdr->nlmsg_flags = hdr->nlmsg_flags | NLM_F_MULTI; 285 for (u_int i = 0; i < MAX_FAMILIES; i++) { 286 struct genl_family *gf = &families[i]; 287 288 if (gf->family_name != NULL) { 289 error = dump_family(hdr, &ghdr, gf, npt->nw); 290 if (error != 0) 291 break; 292 } 293 } 294 295 if (!nlmsg_end_dump(npt->nw, error, hdr)) { 296 NL_LOG(LOG_DEBUG, "Unable to finalize the dump"); 297 return (ENOMEM); 298 } 299 300 return (error); 301 } 302 303 static void 304 nlctrl_notify(void *arg __unused, const char *family_name __unused, 305 uint16_t family_id, u_int cmd) 306 { 307 struct nlmsghdr hdr = {.nlmsg_type = NETLINK_GENERIC }; 308 struct genlmsghdr ghdr = { .cmd = cmd }; 309 struct genl_family *gf; 310 struct nl_writer nw; 311 312 gf = genl_family(family_id); 313 if (!nl_writer_group(&nw, NLMSG_SMALL, NETLINK_GENERIC, CTRL_GROUP_ID, 314 0, false)) { 315 NL_LOG(LOG_DEBUG, "error allocating group writer"); 316 return; 317 } 318 319 dump_family(&hdr, &ghdr, gf, &nw); 320 nlmsg_flush(&nw); 321 } 322 323 static const struct nlhdr_parser *all_parsers[] = { &genl_parser }; 324 static eventhandler_tag family_event_tag; 325 326 static void 327 genl_load_all(void *u __unused) 328 { 329 NL_VERIFY_PARSERS(all_parsers); 330 family_event_tag = EVENTHANDLER_REGISTER(genl_family_event, 331 nlctrl_notify, NULL, EVENTHANDLER_PRI_ANY); 332 netlink_register_proto(NETLINK_GENERIC, "NETLINK_GENERIC", 333 genl_handle_message); 334 } 335 SYSINIT(genl_load_all, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, genl_load_all, NULL); 336 337 static void 338 genl_unload(void *u __unused) 339 { 340 netlink_unregister_proto(NETLINK_GENERIC); 341 EVENTHANDLER_DEREGISTER(genl_family_event, family_event_tag); 342 NET_EPOCH_WAIT(); 343 } 344 SYSUNINIT(genl_unload, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, genl_unload, NULL); 345 346 /* 347 * Public KPI for NETLINK_GENERIC families/groups registration logic below. 348 */ 349 350 static struct sx sx_lock; 351 SX_SYSINIT(genl_lock, &sx_lock, "genetlink lock"); 352 #define GENL_LOCK() sx_xlock(&sx_lock) 353 #define GENL_UNLOCK() sx_xunlock(&sx_lock) 354 #define GENL_ASSERT_LOCKED() sx_assert(&sx_lock, SA_LOCKED) 355 #define GENL_ASSERT_XLOCKED() sx_assert(&sx_lock, SA_XLOCKED) 356 357 uint16_t 358 genl_register_family(const char *family_name, size_t hdrsize, 359 uint16_t family_version, uint16_t max_attr_idx) 360 { 361 struct genl_family *gf; 362 uint16_t family_id; 363 364 MPASS(family_name != NULL); 365 366 GENL_LOCK(); 367 for (u_int i = 0; i < MAX_FAMILIES; i++) 368 if (families[i].family_name != NULL && 369 strcmp(families[i].family_name, family_name) == 0) 370 return (0); 371 372 /* Microoptimization: index 0 is reserved for the control family. */ 373 gf = NULL; 374 for (u_int i = 1; i < MAX_FAMILIES; i++) 375 if (families[i].family_name == NULL) { 376 gf = &families[i]; 377 break; 378 } 379 KASSERT(gf, ("%s: maximum of %u generic netlink families allocated", 380 __func__, MAX_FAMILIES)); 381 382 *gf = (struct genl_family) { 383 .family_name = family_name, 384 .family_version = family_version, 385 .family_hdrsize = hdrsize, 386 .family_attr_max = max_attr_idx, 387 }; 388 family_id = genl_family_id(gf); 389 GENL_UNLOCK(); 390 391 NL_LOG(LOG_DEBUG2, "Registered family %s id %d", gf->family_name, 392 family_id); 393 EVENTHANDLER_INVOKE(genl_family_event, gf->family_name, family_id, 394 CTRL_CMD_NEWFAMILY); 395 396 return (family_id); 397 } 398 399 void 400 genl_unregister_family(uint16_t family_id) 401 { 402 struct genl_family *gf; 403 404 GENL_LOCK(); 405 gf = genl_family(family_id); 406 407 EVENTHANDLER_INVOKE(genl_family_event, gf->family_name, 408 family_id, CTRL_CMD_DELFAMILY); 409 for (u_int i = 0; i < MAX_GROUPS; i++) { 410 struct genl_group *gg = &groups[i]; 411 if (gg->group_family == gf && gg->group_name != NULL) { 412 gg->group_family = NULL; 413 gg->group_name = NULL; 414 } 415 } 416 if (gf->family_cmds != NULL) 417 free(gf->family_cmds, M_NETLINK); 418 bzero(gf, sizeof(*gf)); 419 GENL_UNLOCK(); 420 } 421 422 bool 423 genl_register_cmds(uint16_t family_id, const struct genl_cmd *cmds, 424 u_int count) 425 { 426 struct genl_family *gf; 427 uint16_t cmd_size; 428 429 GENL_LOCK(); 430 gf = genl_family(family_id); 431 432 cmd_size = gf->family_cmd_size; 433 434 for (u_int i = 0; i < count; i++) { 435 MPASS(cmds[i].cmd_cb != NULL); 436 if (cmds[i].cmd_num >= cmd_size) 437 cmd_size = cmds[i].cmd_num + 1; 438 } 439 440 if (cmd_size > gf->family_cmd_size) { 441 void *old_data; 442 443 /* need to realloc */ 444 size_t sz = cmd_size * sizeof(struct genl_cmd); 445 void *data = malloc(sz, M_NETLINK, M_WAITOK | M_ZERO); 446 447 memcpy(data, gf->family_cmds, 448 gf->family_cmd_size * sizeof(struct genl_cmd)); 449 old_data = gf->family_cmds; 450 gf->family_cmds = data; 451 gf->family_cmd_size = cmd_size; 452 free(old_data, M_NETLINK); 453 } 454 455 for (u_int i = 0; i < count; i++) { 456 const struct genl_cmd *cmd = &cmds[i]; 457 458 MPASS(gf->family_cmds[cmd->cmd_num].cmd_cb == NULL); 459 gf->family_cmds[cmd->cmd_num] = cmds[i]; 460 NL_LOG(LOG_DEBUG2, "Adding cmd %s(%d) to family %s", 461 cmd->cmd_name, cmd->cmd_num, gf->family_name); 462 } 463 GENL_UNLOCK(); 464 return (true); 465 } 466 467 uint32_t 468 genl_register_group(uint16_t family_id, const char *group_name) 469 { 470 struct genl_family *gf; 471 uint32_t group_id = 0; 472 473 MPASS(group_name != NULL); 474 475 GENL_LOCK(); 476 gf = genl_family(family_id); 477 478 for (u_int i = 0; i < MAX_GROUPS; i++) 479 if (groups[i].group_family == gf && 480 strcmp(groups[i].group_name, group_name) == 0) { 481 GENL_UNLOCK(); 482 return (0); 483 } 484 485 /* Microoptimization: index 0 is reserved for the control family */ 486 for (u_int i = 1; i < MAX_GROUPS; i++) { 487 struct genl_group *gg = &groups[i]; 488 if (gg->group_family == NULL) { 489 gf->family_num_groups++; 490 gg->group_family = gf; 491 gg->group_name = group_name; 492 group_id = i + MIN_GROUP_NUM; 493 break; 494 } 495 } 496 GENL_UNLOCK(); 497 498 return (group_id); 499 } 500 501 void 502 genl_unregister_group(uint16_t family_id, uint32_t group_id) 503 { 504 struct genl_family *gf; 505 struct genl_group *gg; 506 507 MPASS(group_id > MIN_GROUP_NUM && 508 group_id < MIN_GROUP_NUM + MAX_GROUPS); 509 510 nl_clear_group(group_id); 511 512 group_id -= MIN_GROUP_NUM; 513 514 GENL_LOCK(); 515 gf = genl_family(family_id); 516 gg = &groups[group_id]; 517 518 MPASS(gg->group_family == gf); 519 MPASS(gf->family_num_groups > 0); 520 521 gf->family_num_groups--; 522 gg->group_family = NULL; 523 gg->group_name = NULL; 524 GENL_UNLOCK(); 525 } 526