1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2022 Alexander V. Chernikov <melifaro@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/types.h> 29 #include <sys/ck.h> 30 #include <sys/epoch.h> 31 #include <sys/eventhandler.h> 32 #include <sys/kernel.h> 33 #include <sys/jail.h> 34 #include <sys/lock.h> 35 #include <sys/malloc.h> 36 #include <sys/priv.h> 37 #include <sys/socket.h> 38 #include <sys/sx.h> 39 40 #include <netlink/netlink.h> 41 #include <netlink/netlink_ctl.h> 42 #include <netlink/netlink_generic.h> 43 #include <netlink/netlink_var.h> 44 45 #define DEBUG_MOD_NAME nl_generic 46 #define DEBUG_MAX_LEVEL LOG_DEBUG3 47 #include <netlink/netlink_debug.h> 48 _DECLARE_DEBUG(LOG_INFO); 49 50 static int dump_family(struct nlmsghdr *hdr, struct genlmsghdr *ghdr, 51 const struct genl_family *gf, struct nl_writer *nw); 52 53 /* 54 * Handler called by netlink subsystem when matching netlink message is received 55 */ 56 static int 57 genl_handle_message(struct nlmsghdr *hdr, struct nl_pstate *npt) 58 { 59 struct nlpcb *nlp = npt->nlp; 60 struct genl_family *gf = NULL; 61 int error = 0; 62 63 int family_id = (int)hdr->nlmsg_type - GENL_MIN_ID; 64 65 if (__predict_false(family_id < 0 || (gf = genl_get_family(family_id)) == NULL)) { 66 NLP_LOG(LOG_DEBUG, nlp, "invalid message type: %d", hdr->nlmsg_type); 67 return (ENOTSUP); 68 } 69 70 if (__predict_false(hdr->nlmsg_len < sizeof(struct nlmsghdr) + 71 GENL_HDRLEN)) { 72 NLP_LOG(LOG_DEBUG, nlp, "invalid message size: %d", hdr->nlmsg_len); 73 return (EINVAL); 74 } 75 76 struct genlmsghdr *ghdr = (struct genlmsghdr *)(hdr + 1); 77 78 if (ghdr->cmd >= gf->family_cmd_size || gf->family_cmds[ghdr->cmd].cmd_cb == NULL) { 79 NLP_LOG(LOG_DEBUG, nlp, "family %s: invalid cmd %d", 80 gf->family_name, ghdr->cmd); 81 return (ENOTSUP); 82 } 83 84 struct genl_cmd *cmd = &gf->family_cmds[ghdr->cmd]; 85 86 if (cmd->cmd_priv != 0 && !nlp_has_priv(nlp, cmd->cmd_priv)) { 87 NLP_LOG(LOG_DEBUG, nlp, "family %s: cmd %d priv_check() failed", 88 gf->family_name, ghdr->cmd); 89 return (EPERM); 90 } 91 92 NLP_LOG(LOG_DEBUG2, nlp, "received family %s cmd %s(%d) len %d", 93 gf->family_name, cmd->cmd_name, ghdr->cmd, hdr->nlmsg_len); 94 95 error = cmd->cmd_cb(hdr, npt); 96 97 return (error); 98 } 99 100 static uint32_t 101 get_cmd_flags(const struct genl_cmd *cmd) 102 { 103 uint32_t flags = cmd->cmd_flags; 104 if (cmd->cmd_priv != 0) 105 flags |= GENL_ADMIN_PERM; 106 return (flags); 107 } 108 109 static int 110 dump_family(struct nlmsghdr *hdr, struct genlmsghdr *ghdr, 111 const struct genl_family *gf, struct nl_writer *nw) 112 { 113 if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr))) 114 goto enomem; 115 116 struct genlmsghdr *ghdr_new = nlmsg_reserve_object(nw, struct genlmsghdr); 117 ghdr_new->cmd = ghdr->cmd; 118 ghdr_new->version = gf->family_version; 119 ghdr_new->reserved = 0; 120 121 nlattr_add_string(nw, CTRL_ATTR_FAMILY_NAME, gf->family_name); 122 nlattr_add_u16(nw, CTRL_ATTR_FAMILY_ID, genl_get_family_id(gf)); 123 nlattr_add_u32(nw, CTRL_ATTR_VERSION, gf->family_version); 124 nlattr_add_u32(nw, CTRL_ATTR_HDRSIZE, gf->family_hdrsize); 125 nlattr_add_u32(nw, CTRL_ATTR_MAXATTR, gf->family_attr_max); 126 127 if (gf->family_cmd_size > 0) { 128 int off = nlattr_add_nested(nw, CTRL_ATTR_OPS); 129 if (off == 0) 130 goto enomem; 131 for (int i = 0, cnt=0; i < gf->family_cmd_size; i++) { 132 struct genl_cmd *cmd = &gf->family_cmds[i]; 133 if (cmd->cmd_cb == NULL) 134 continue; 135 int cmd_off = nlattr_add_nested(nw, ++cnt); 136 if (cmd_off == 0) 137 goto enomem; 138 139 nlattr_add_u32(nw, CTRL_ATTR_OP_ID, cmd->cmd_num); 140 nlattr_add_u32(nw, CTRL_ATTR_OP_FLAGS, get_cmd_flags(cmd)); 141 nlattr_set_len(nw, cmd_off); 142 } 143 nlattr_set_len(nw, off); 144 } 145 if (gf->family_num_groups > 0) { 146 int off = nlattr_add_nested(nw, CTRL_ATTR_MCAST_GROUPS); 147 if (off == 0) 148 goto enomem; 149 for (int i = 0, cnt = 0; i < MAX_GROUPS; i++) { 150 struct genl_group *gg = genl_get_group(i); 151 if (gg == NULL || gg->group_family != gf) 152 continue; 153 154 int cmd_off = nlattr_add_nested(nw, ++cnt); 155 if (cmd_off == 0) 156 goto enomem; 157 nlattr_add_u32(nw, CTRL_ATTR_MCAST_GRP_ID, i + MIN_GROUP_NUM); 158 nlattr_add_string(nw, CTRL_ATTR_MCAST_GRP_NAME, gg->group_name); 159 nlattr_set_len(nw, cmd_off); 160 } 161 nlattr_set_len(nw, off); 162 } 163 if (nlmsg_end(nw)) 164 return (0); 165 enomem: 166 NL_LOG(LOG_DEBUG, "unable to dump family %s state (ENOMEM)", gf->family_name); 167 nlmsg_abort(nw); 168 return (ENOMEM); 169 } 170 171 172 /* Declare ourself as a user */ 173 static void nlctrl_notify(void *arg, const struct genl_family *gf, int action); 174 static eventhandler_tag family_event_tag; 175 176 struct nl_parsed_family { 177 uint32_t family_id; 178 char *family_name; 179 uint8_t version; 180 }; 181 182 #define _IN(_field) offsetof(struct genlmsghdr, _field) 183 #define _OUT(_field) offsetof(struct nl_parsed_family, _field) 184 static const struct nlfield_parser nlf_p_generic[] = { 185 { .off_in = _IN(version), .off_out = _OUT(version), .cb = nlf_get_u8 }, 186 }; 187 188 static struct nlattr_parser nla_p_generic[] = { 189 { .type = CTRL_ATTR_FAMILY_ID , .off = _OUT(family_id), .cb = nlattr_get_uint16 }, 190 { .type = CTRL_ATTR_FAMILY_NAME , .off = _OUT(family_name), .cb = nlattr_get_string }, 191 }; 192 #undef _IN 193 #undef _OUT 194 NL_DECLARE_PARSER(genl_parser, struct genlmsghdr, nlf_p_generic, nla_p_generic); 195 196 static bool 197 match_family(const struct genl_family *gf, const struct nl_parsed_family *attrs) 198 { 199 if (gf->family_name == NULL) 200 return (false); 201 if (attrs->family_id != 0 && attrs->family_id != genl_get_family_id(gf)) 202 return (false); 203 if (attrs->family_name != NULL && strcmp(attrs->family_name, gf->family_name)) 204 return (false); 205 return (true); 206 } 207 208 static int 209 nlctrl_handle_getfamily(struct nlmsghdr *hdr, struct nl_pstate *npt) 210 { 211 int error = 0; 212 213 struct nl_parsed_family attrs = {}; 214 error = nl_parse_nlmsg(hdr, &genl_parser, npt, &attrs); 215 if (error != 0) 216 return (error); 217 218 struct genlmsghdr ghdr = { 219 .cmd = CTRL_CMD_NEWFAMILY, 220 }; 221 222 if (attrs.family_id != 0 || attrs.family_name != NULL) { 223 /* Resolve request */ 224 for (int i = 0; i < MAX_FAMILIES; i++) { 225 struct genl_family *gf = genl_get_family(i); 226 if (gf != NULL && match_family(gf, &attrs)) { 227 error = dump_family(hdr, &ghdr, gf, npt->nw); 228 return (error); 229 } 230 } 231 return (ENOENT); 232 } 233 234 hdr->nlmsg_flags = hdr->nlmsg_flags | NLM_F_MULTI; 235 for (int i = 0; i < MAX_FAMILIES; i++) { 236 struct genl_family *gf = genl_get_family(i); 237 if (gf != NULL && match_family(gf, &attrs)) { 238 error = dump_family(hdr, &ghdr, gf, npt->nw); 239 if (error != 0) 240 break; 241 } 242 } 243 244 if (!nlmsg_end_dump(npt->nw, error, hdr)) { 245 NL_LOG(LOG_DEBUG, "Unable to finalize the dump"); 246 return (ENOMEM); 247 } 248 249 return (error); 250 } 251 252 static void 253 nlctrl_notify(void *arg __unused, const struct genl_family *gf, int cmd) 254 { 255 struct nlmsghdr hdr = {.nlmsg_type = NETLINK_GENERIC }; 256 struct genlmsghdr ghdr = { .cmd = cmd }; 257 struct nl_writer nw; 258 259 if (!nl_writer_group(&nw, NLMSG_SMALL, NETLINK_GENERIC, CTRL_GROUP_ID, 260 0, false)) { 261 NL_LOG(LOG_DEBUG, "error allocating group writer"); 262 return; 263 } 264 265 dump_family(&hdr, &ghdr, gf, &nw); 266 nlmsg_flush(&nw); 267 } 268 269 static const struct nlhdr_parser *all_parsers[] = { &genl_parser }; 270 271 static void 272 genl_load_all(void *u __unused) 273 { 274 NL_VERIFY_PARSERS(all_parsers); 275 family_event_tag = EVENTHANDLER_REGISTER(genl_family_event, 276 nlctrl_notify, NULL, EVENTHANDLER_PRI_ANY); 277 netlink_register_proto(NETLINK_GENERIC, "NETLINK_GENERIC", 278 genl_handle_message); 279 } 280 SYSINIT(genl_load_all, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, genl_load_all, NULL); 281 282 static void 283 genl_unload(void *u __unused) 284 { 285 netlink_unregister_proto(NETLINK_GENERIC); 286 EVENTHANDLER_DEREGISTER(genl_family_event, family_event_tag); 287 NET_EPOCH_WAIT(); 288 } 289 SYSUNINIT(genl_unload, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, genl_unload, NULL); 290 291 /* 292 * Public KPI for NETLINK_GENERIC families/groups registration logic below. 293 */ 294 295 static struct sx sx_lock; 296 SX_SYSINIT(genl_lock, &sx_lock, "genetlink lock"); 297 #define GENL_LOCK() sx_xlock(&sx_lock) 298 #define GENL_UNLOCK() sx_xunlock(&sx_lock) 299 #define GENL_ASSERT_LOCKED() sx_assert(&sx_lock, SA_LOCKED) 300 #define GENL_ASSERT_XLOCKED() sx_assert(&sx_lock, SA_XLOCKED) 301 302 static struct genl_cmd nlctrl_cmds[] = { 303 [CTRL_CMD_GETFAMILY] = { 304 .cmd_num = CTRL_CMD_GETFAMILY, 305 .cmd_name = "GETFAMILY", 306 .cmd_cb = nlctrl_handle_getfamily, 307 .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | 308 GENL_CMD_CAP_HASPOL, 309 }, 310 }; 311 312 static struct genl_family families[MAX_FAMILIES] = { 313 [CTRL_FAMILY_ID] = { 314 .family_name = CTRL_FAMILY_NAME, 315 .family_hdrsize = 0, 316 .family_version = 2, 317 .family_attr_max = CTRL_ATTR_MAX, 318 .family_cmd_size = CTRL_CMD_GETFAMILY + 1, 319 .family_cmds = nlctrl_cmds, 320 .family_num_groups = 1, 321 }, 322 } 323 ; 324 static struct genl_group groups[MAX_GROUPS] = { 325 [CTRL_GROUP_ID] = { 326 .group_family = &families[CTRL_FAMILY_ID], 327 .group_name = CTRL_GROUP_NAME, 328 }, 329 }; 330 331 static struct genl_family * 332 find_family(const char *family_name) 333 { 334 GENL_ASSERT_LOCKED(); 335 for (u_int i = 0; i < MAX_FAMILIES; i++) 336 if (families[i].family_name != NULL && 337 strcmp(families[i].family_name, family_name) == 0) 338 return (&families[i]); 339 340 return (NULL); 341 } 342 343 static struct genl_family * 344 find_empty_family_id(const char *family_name) 345 { 346 GENL_ASSERT_LOCKED(); 347 /* Microoptimization: index 0 is reserved for the control family */ 348 for (u_int i = 1; i < MAX_FAMILIES; i++) 349 if (families[i].family_name == NULL) 350 return (&families[i]); 351 352 return (NULL); 353 } 354 355 uint16_t 356 genl_register_family(const char *family_name, size_t hdrsize, 357 uint16_t family_version, uint16_t max_attr_idx) 358 { 359 struct genl_family *gf; 360 uint16_t family_id; 361 362 GENL_LOCK(); 363 if (find_family(family_name) != NULL) { 364 GENL_UNLOCK(); 365 return (0); 366 } 367 368 gf = find_empty_family_id(family_name); 369 KASSERT(gf, ("%s: maximum of %u generic netlink families allocated", 370 __func__, MAX_FAMILIES)); 371 372 *gf = (struct genl_family) { 373 .family_name = family_name, 374 .family_version = family_version, 375 .family_hdrsize = hdrsize, 376 .family_attr_max = max_attr_idx, 377 }; 378 family_id = genl_get_family_id(gf); 379 GENL_UNLOCK(); 380 381 NL_LOG(LOG_DEBUG2, "Registered family %s id %d", gf->family_name, 382 family_id); 383 EVENTHANDLER_INVOKE(genl_family_event, gf, CTRL_CMD_NEWFAMILY); 384 385 return (family_id); 386 } 387 388 static void 389 free_family(struct genl_family *gf) 390 { 391 if (gf->family_cmds != NULL) 392 free(gf->family_cmds, M_NETLINK); 393 } 394 395 /* 396 * unregister groups of a given family 397 */ 398 static void 399 unregister_groups(const struct genl_family *gf) 400 { 401 402 for (u_int i = 0; i < MAX_GROUPS; i++) { 403 struct genl_group *gg = &groups[i]; 404 if (gg->group_family == gf && gg->group_name != NULL) { 405 gg->group_family = NULL; 406 gg->group_name = NULL; 407 } 408 } 409 } 410 411 /* 412 * Can sleep, I guess 413 */ 414 bool 415 genl_unregister_family(const char *family_name) 416 { 417 bool found = false; 418 419 GENL_LOCK(); 420 struct genl_family *gf = find_family(family_name); 421 422 if (gf != NULL) { 423 EVENTHANDLER_INVOKE(genl_family_event, gf, CTRL_CMD_DELFAMILY); 424 found = true; 425 unregister_groups(gf); 426 /* TODO: zero pointer first */ 427 free_family(gf); 428 bzero(gf, sizeof(*gf)); 429 } 430 GENL_UNLOCK(); 431 432 return (found); 433 } 434 435 bool 436 genl_register_cmds(const char *family_name, const struct genl_cmd *cmds, 437 int count) 438 { 439 struct genl_family *gf; 440 uint16_t cmd_size; 441 442 GENL_LOCK(); 443 if ((gf = find_family(family_name)) == NULL) { 444 GENL_UNLOCK(); 445 return (false); 446 } 447 448 cmd_size = gf->family_cmd_size; 449 450 for (u_int i = 0; i < count; i++) { 451 MPASS(cmds[i].cmd_cb != NULL); 452 if (cmds[i].cmd_num >= cmd_size) 453 cmd_size = cmds[i].cmd_num + 1; 454 } 455 456 if (cmd_size > gf->family_cmd_size) { 457 void *old_data; 458 459 /* need to realloc */ 460 size_t sz = cmd_size * sizeof(struct genl_cmd); 461 void *data = malloc(sz, M_NETLINK, M_WAITOK | M_ZERO); 462 463 memcpy(data, gf->family_cmds, 464 gf->family_cmd_size * sizeof(struct genl_cmd)); 465 old_data = gf->family_cmds; 466 gf->family_cmds = data; 467 gf->family_cmd_size = cmd_size; 468 free(old_data, M_NETLINK); 469 } 470 471 for (u_int i = 0; i < count; i++) { 472 const struct genl_cmd *cmd = &cmds[i]; 473 474 MPASS(gf->family_cmds[cmd->cmd_num].cmd_cb == NULL); 475 gf->family_cmds[cmd->cmd_num] = cmds[i]; 476 NL_LOG(LOG_DEBUG2, "Adding cmd %s(%d) to family %s", 477 cmd->cmd_name, cmd->cmd_num, gf->family_name); 478 } 479 GENL_UNLOCK(); 480 return (true); 481 } 482 483 static struct genl_group * 484 find_group(const struct genl_family *gf, const char *group_name) 485 { 486 for (u_int i = 0; i < MAX_GROUPS; i++) { 487 struct genl_group *gg = &groups[i]; 488 if (gg->group_family == gf && 489 !strcmp(gg->group_name, group_name)) 490 return (gg); 491 } 492 return (NULL); 493 } 494 495 uint32_t 496 genl_register_group(const char *family_name, const char *group_name) 497 { 498 struct genl_family *gf; 499 uint32_t group_id = 0; 500 501 MPASS(family_name != NULL); 502 MPASS(group_name != NULL); 503 504 GENL_LOCK(); 505 if ((gf = find_family(family_name)) == NULL || 506 find_group(gf, group_name) != NULL) { 507 GENL_UNLOCK(); 508 return (0); 509 } 510 511 /* Microoptimization: index 0 is reserved for the control family */ 512 for (u_int i = 1; i < MAX_GROUPS; i++) { 513 struct genl_group *gg = &groups[i]; 514 if (gg->group_family == NULL) { 515 gf->family_num_groups++; 516 gg->group_family = gf; 517 gg->group_name = group_name; 518 group_id = i + MIN_GROUP_NUM; 519 break; 520 } 521 } 522 GENL_UNLOCK(); 523 524 return (group_id); 525 } 526 527 /* accessors */ 528 struct genl_family * 529 genl_get_family(uint16_t family_id) 530 { 531 return ((family_id < MAX_FAMILIES) ? &families[family_id] : NULL); 532 } 533 534 const char * 535 genl_get_family_name(const struct genl_family *gf) 536 { 537 return (gf->family_name); 538 } 539 540 uint16_t 541 genl_get_family_id(const struct genl_family *gf) 542 { 543 MPASS(gf >= &families[0] && gf < &families[MAX_FAMILIES]); 544 return ((uint16_t)(gf - &families[0]) + GENL_MIN_ID); 545 } 546 547 struct genl_group * 548 genl_get_group(uint32_t group_id) 549 { 550 return ((group_id < MAX_GROUPS) ? &groups[group_id] : NULL); 551 } 552