1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * NETLINK Generic Netlink Family 4 * 5 * Authors: Jamal Hadi Salim 6 * Thomas Graf <tgraf@suug.ch> 7 * Johannes Berg <johannes@sipsolutions.net> 8 */ 9 10 #include <linux/module.h> 11 #include <linux/kernel.h> 12 #include <linux/slab.h> 13 #include <linux/errno.h> 14 #include <linux/types.h> 15 #include <linux/socket.h> 16 #include <linux/string_helpers.h> 17 #include <linux/skbuff.h> 18 #include <linux/mutex.h> 19 #include <linux/bitmap.h> 20 #include <linux/rwsem.h> 21 #include <linux/idr.h> 22 #include <net/sock.h> 23 #include <net/genetlink.h> 24 25 static DEFINE_MUTEX(genl_mutex); /* serialization of message processing */ 26 static DECLARE_RWSEM(cb_lock); 27 28 atomic_t genl_sk_destructing_cnt = ATOMIC_INIT(0); 29 DECLARE_WAIT_QUEUE_HEAD(genl_sk_destructing_waitq); 30 31 void genl_lock(void) 32 { 33 mutex_lock(&genl_mutex); 34 } 35 EXPORT_SYMBOL(genl_lock); 36 37 void genl_unlock(void) 38 { 39 mutex_unlock(&genl_mutex); 40 } 41 EXPORT_SYMBOL(genl_unlock); 42 43 static void genl_lock_all(void) 44 { 45 down_write(&cb_lock); 46 genl_lock(); 47 } 48 49 static void genl_unlock_all(void) 50 { 51 genl_unlock(); 52 up_write(&cb_lock); 53 } 54 55 static void genl_op_lock(const struct genl_family *family) 56 { 57 if (!family->parallel_ops) 58 genl_lock(); 59 } 60 61 static void genl_op_unlock(const struct genl_family *family) 62 { 63 if (!family->parallel_ops) 64 genl_unlock(); 65 } 66 67 static DEFINE_IDR(genl_fam_idr); 68 69 /* 70 * Bitmap of multicast groups that are currently in use. 71 * 72 * To avoid an allocation at boot of just one unsigned long, 73 * declare it global instead. 74 * Bit 0 is marked as already used since group 0 is invalid. 75 * Bit 1 is marked as already used since the drop-monitor code 76 * abuses the API and thinks it can statically use group 1. 77 * That group will typically conflict with other groups that 78 * any proper users use. 79 * Bit 16 is marked as used since it's used for generic netlink 80 * and the code no longer marks pre-reserved IDs as used. 81 * Bit 17 is marked as already used since the VFS quota code 82 * also abused this API and relied on family == group ID, we 83 * cater to that by giving it a static family and group ID. 84 * Bit 18 is marked as already used since the PMCRAID driver 85 * did the same thing as the VFS quota code (maybe copied?) 86 */ 87 static unsigned long mc_group_start = 0x3 | BIT(GENL_ID_CTRL) | 88 BIT(GENL_ID_VFS_DQUOT) | 89 BIT(GENL_ID_PMCRAID); 90 static unsigned long *mc_groups = &mc_group_start; 91 static unsigned long mc_groups_longs = 1; 92 93 /* We need the last attribute with non-zero ID therefore a 2-entry array */ 94 static struct nla_policy genl_policy_reject_all[] = { 95 { .type = NLA_REJECT }, 96 { .type = NLA_REJECT }, 97 }; 98 99 static int genl_ctrl_event(int event, const struct genl_family *family, 100 const struct genl_multicast_group *grp, 101 int grp_id); 102 103 static void 104 genl_op_fill_in_reject_policy(const struct genl_family *family, 105 struct genl_ops *op) 106 { 107 BUILD_BUG_ON(ARRAY_SIZE(genl_policy_reject_all) - 1 != 1); 108 109 if (op->policy || op->cmd < family->resv_start_op) 110 return; 111 112 op->policy = genl_policy_reject_all; 113 op->maxattr = 1; 114 } 115 116 static void 117 genl_op_fill_in_reject_policy_split(const struct genl_family *family, 118 struct genl_split_ops *op) 119 { 120 if (op->policy) 121 return; 122 123 op->policy = genl_policy_reject_all; 124 op->maxattr = 1; 125 } 126 127 static const struct genl_family *genl_family_find_byid(unsigned int id) 128 { 129 return idr_find(&genl_fam_idr, id); 130 } 131 132 static const struct genl_family *genl_family_find_byname(char *name) 133 { 134 const struct genl_family *family; 135 unsigned int id; 136 137 idr_for_each_entry(&genl_fam_idr, family, id) 138 if (strcmp(family->name, name) == 0) 139 return family; 140 141 return NULL; 142 } 143 144 struct genl_op_iter { 145 const struct genl_family *family; 146 struct genl_split_ops doit; 147 struct genl_split_ops dumpit; 148 int cmd_idx; 149 int entry_idx; 150 u32 cmd; 151 u8 flags; 152 }; 153 154 static void genl_op_from_full(const struct genl_family *family, 155 unsigned int i, struct genl_ops *op) 156 { 157 *op = family->ops[i]; 158 159 if (!op->maxattr) 160 op->maxattr = family->maxattr; 161 if (!op->policy) 162 op->policy = family->policy; 163 164 genl_op_fill_in_reject_policy(family, op); 165 } 166 167 static int genl_get_cmd_full(u32 cmd, const struct genl_family *family, 168 struct genl_ops *op) 169 { 170 int i; 171 172 for (i = 0; i < family->n_ops; i++) 173 if (family->ops[i].cmd == cmd) { 174 genl_op_from_full(family, i, op); 175 return 0; 176 } 177 178 return -ENOENT; 179 } 180 181 static void genl_op_from_small(const struct genl_family *family, 182 unsigned int i, struct genl_ops *op) 183 { 184 memset(op, 0, sizeof(*op)); 185 op->doit = family->small_ops[i].doit; 186 op->dumpit = family->small_ops[i].dumpit; 187 op->cmd = family->small_ops[i].cmd; 188 op->internal_flags = family->small_ops[i].internal_flags; 189 op->flags = family->small_ops[i].flags; 190 op->validate = family->small_ops[i].validate; 191 192 op->maxattr = family->maxattr; 193 op->policy = family->policy; 194 195 genl_op_fill_in_reject_policy(family, op); 196 } 197 198 static int genl_get_cmd_small(u32 cmd, const struct genl_family *family, 199 struct genl_ops *op) 200 { 201 int i; 202 203 for (i = 0; i < family->n_small_ops; i++) 204 if (family->small_ops[i].cmd == cmd) { 205 genl_op_from_small(family, i, op); 206 return 0; 207 } 208 209 return -ENOENT; 210 } 211 212 static void genl_op_from_split(struct genl_op_iter *iter) 213 { 214 const struct genl_family *family = iter->family; 215 int i, cnt = 0; 216 217 i = iter->entry_idx - family->n_ops - family->n_small_ops; 218 219 if (family->split_ops[i + cnt].flags & GENL_CMD_CAP_DO) { 220 iter->doit = family->split_ops[i + cnt]; 221 genl_op_fill_in_reject_policy_split(family, &iter->doit); 222 cnt++; 223 } else { 224 memset(&iter->doit, 0, sizeof(iter->doit)); 225 } 226 227 if (i + cnt < family->n_split_ops && 228 family->split_ops[i + cnt].flags & GENL_CMD_CAP_DUMP && 229 (!cnt || family->split_ops[i + cnt].cmd == iter->doit.cmd)) { 230 iter->dumpit = family->split_ops[i + cnt]; 231 genl_op_fill_in_reject_policy_split(family, &iter->dumpit); 232 cnt++; 233 } else { 234 memset(&iter->dumpit, 0, sizeof(iter->dumpit)); 235 } 236 237 WARN_ON(!cnt); 238 iter->entry_idx += cnt; 239 } 240 241 static int 242 genl_get_cmd_split(u32 cmd, u8 flag, const struct genl_family *family, 243 struct genl_split_ops *op) 244 { 245 int i; 246 247 for (i = 0; i < family->n_split_ops; i++) 248 if (family->split_ops[i].cmd == cmd && 249 family->split_ops[i].flags & flag) { 250 *op = family->split_ops[i]; 251 return 0; 252 } 253 254 return -ENOENT; 255 } 256 257 static int 258 genl_cmd_full_to_split(struct genl_split_ops *op, 259 const struct genl_family *family, 260 const struct genl_ops *full, u8 flags) 261 { 262 if ((flags & GENL_CMD_CAP_DO && !full->doit) || 263 (flags & GENL_CMD_CAP_DUMP && !full->dumpit)) { 264 memset(op, 0, sizeof(*op)); 265 return -ENOENT; 266 } 267 268 if (flags & GENL_CMD_CAP_DUMP) { 269 op->start = full->start; 270 op->dumpit = full->dumpit; 271 op->done = full->done; 272 } else { 273 op->pre_doit = family->pre_doit; 274 op->doit = full->doit; 275 op->post_doit = family->post_doit; 276 } 277 278 if (flags & GENL_CMD_CAP_DUMP && 279 full->validate & GENL_DONT_VALIDATE_DUMP) { 280 op->policy = NULL; 281 op->maxattr = 0; 282 } else { 283 op->policy = full->policy; 284 op->maxattr = full->maxattr; 285 } 286 287 op->cmd = full->cmd; 288 op->internal_flags = full->internal_flags; 289 op->flags = full->flags; 290 op->validate = full->validate; 291 292 /* Make sure flags include the GENL_CMD_CAP_DO / GENL_CMD_CAP_DUMP */ 293 op->flags |= flags; 294 295 return 0; 296 } 297 298 /* Must make sure that op is initialized to 0 on failure */ 299 static int 300 genl_get_cmd(u32 cmd, u8 flags, const struct genl_family *family, 301 struct genl_split_ops *op) 302 { 303 struct genl_ops full; 304 int err; 305 306 err = genl_get_cmd_full(cmd, family, &full); 307 if (err == -ENOENT) 308 err = genl_get_cmd_small(cmd, family, &full); 309 /* Found one of legacy forms */ 310 if (err == 0) 311 return genl_cmd_full_to_split(op, family, &full, flags); 312 313 err = genl_get_cmd_split(cmd, flags, family, op); 314 if (err) 315 memset(op, 0, sizeof(*op)); 316 return err; 317 } 318 319 /* For policy dumping only, get ops of both do and dump. 320 * Fail if both are missing, genl_get_cmd() will zero-init in case of failure. 321 */ 322 static int 323 genl_get_cmd_both(u32 cmd, const struct genl_family *family, 324 struct genl_split_ops *doit, struct genl_split_ops *dumpit) 325 { 326 int err1, err2; 327 328 err1 = genl_get_cmd(cmd, GENL_CMD_CAP_DO, family, doit); 329 err2 = genl_get_cmd(cmd, GENL_CMD_CAP_DUMP, family, dumpit); 330 331 return err1 && err2 ? -ENOENT : 0; 332 } 333 334 static bool 335 genl_op_iter_init(const struct genl_family *family, struct genl_op_iter *iter) 336 { 337 iter->family = family; 338 iter->cmd_idx = 0; 339 iter->entry_idx = 0; 340 341 iter->flags = 0; 342 343 return iter->family->n_ops + 344 iter->family->n_small_ops + 345 iter->family->n_split_ops; 346 } 347 348 static bool genl_op_iter_next(struct genl_op_iter *iter) 349 { 350 const struct genl_family *family = iter->family; 351 bool legacy_op = true; 352 struct genl_ops op; 353 354 if (iter->entry_idx < family->n_ops) { 355 genl_op_from_full(family, iter->entry_idx, &op); 356 } else if (iter->entry_idx < family->n_ops + family->n_small_ops) { 357 genl_op_from_small(family, iter->entry_idx - family->n_ops, 358 &op); 359 } else if (iter->entry_idx < 360 family->n_ops + family->n_small_ops + family->n_split_ops) { 361 legacy_op = false; 362 /* updates entry_idx */ 363 genl_op_from_split(iter); 364 } else { 365 return false; 366 } 367 368 iter->cmd_idx++; 369 370 if (legacy_op) { 371 iter->entry_idx++; 372 373 genl_cmd_full_to_split(&iter->doit, family, 374 &op, GENL_CMD_CAP_DO); 375 genl_cmd_full_to_split(&iter->dumpit, family, 376 &op, GENL_CMD_CAP_DUMP); 377 } 378 379 iter->cmd = iter->doit.cmd | iter->dumpit.cmd; 380 iter->flags = iter->doit.flags | iter->dumpit.flags; 381 382 return true; 383 } 384 385 static void 386 genl_op_iter_copy(struct genl_op_iter *dst, struct genl_op_iter *src) 387 { 388 *dst = *src; 389 } 390 391 static unsigned int genl_op_iter_idx(struct genl_op_iter *iter) 392 { 393 return iter->cmd_idx; 394 } 395 396 static int genl_allocate_reserve_groups(int n_groups, int *first_id) 397 { 398 unsigned long *new_groups; 399 int start = 0; 400 int i; 401 int id; 402 bool fits; 403 404 do { 405 if (start == 0) 406 id = find_first_zero_bit(mc_groups, 407 mc_groups_longs * 408 BITS_PER_LONG); 409 else 410 id = find_next_zero_bit(mc_groups, 411 mc_groups_longs * BITS_PER_LONG, 412 start); 413 414 fits = true; 415 for (i = id; 416 i < min_t(int, id + n_groups, 417 mc_groups_longs * BITS_PER_LONG); 418 i++) { 419 if (test_bit(i, mc_groups)) { 420 start = i; 421 fits = false; 422 break; 423 } 424 } 425 426 if (id + n_groups > mc_groups_longs * BITS_PER_LONG) { 427 unsigned long new_longs = mc_groups_longs + 428 BITS_TO_LONGS(n_groups); 429 size_t nlen = new_longs * sizeof(unsigned long); 430 431 if (mc_groups == &mc_group_start) { 432 new_groups = kzalloc(nlen, GFP_KERNEL); 433 if (!new_groups) 434 return -ENOMEM; 435 mc_groups = new_groups; 436 *mc_groups = mc_group_start; 437 } else { 438 new_groups = krealloc(mc_groups, nlen, 439 GFP_KERNEL); 440 if (!new_groups) 441 return -ENOMEM; 442 mc_groups = new_groups; 443 for (i = 0; i < BITS_TO_LONGS(n_groups); i++) 444 mc_groups[mc_groups_longs + i] = 0; 445 } 446 mc_groups_longs = new_longs; 447 } 448 } while (!fits); 449 450 for (i = id; i < id + n_groups; i++) 451 set_bit(i, mc_groups); 452 *first_id = id; 453 return 0; 454 } 455 456 static struct genl_family genl_ctrl; 457 458 static int genl_validate_assign_mc_groups(struct genl_family *family) 459 { 460 int first_id; 461 int n_groups = family->n_mcgrps; 462 int err = 0, i; 463 bool groups_allocated = false; 464 465 if (!n_groups) 466 return 0; 467 468 for (i = 0; i < n_groups; i++) { 469 const struct genl_multicast_group *grp = &family->mcgrps[i]; 470 471 if (WARN_ON(grp->name[0] == '\0')) 472 return -EINVAL; 473 if (WARN_ON(!string_is_terminated(grp->name, GENL_NAMSIZ))) 474 return -EINVAL; 475 } 476 477 /* special-case our own group and hacks */ 478 if (family == &genl_ctrl) { 479 first_id = GENL_ID_CTRL; 480 BUG_ON(n_groups != 1); 481 } else if (strcmp(family->name, "NET_DM") == 0) { 482 first_id = 1; 483 BUG_ON(n_groups != 1); 484 } else if (family->id == GENL_ID_VFS_DQUOT) { 485 first_id = GENL_ID_VFS_DQUOT; 486 BUG_ON(n_groups != 1); 487 } else if (family->id == GENL_ID_PMCRAID) { 488 first_id = GENL_ID_PMCRAID; 489 BUG_ON(n_groups != 1); 490 } else { 491 groups_allocated = true; 492 err = genl_allocate_reserve_groups(n_groups, &first_id); 493 if (err) 494 return err; 495 } 496 497 family->mcgrp_offset = first_id; 498 499 /* if still initializing, can't and don't need to realloc bitmaps */ 500 if (!init_net.genl_sock) 501 return 0; 502 503 if (family->netnsok) { 504 struct net *net; 505 506 netlink_table_grab(); 507 rcu_read_lock(); 508 for_each_net_rcu(net) { 509 err = __netlink_change_ngroups(net->genl_sock, 510 mc_groups_longs * BITS_PER_LONG); 511 if (err) { 512 /* 513 * No need to roll back, can only fail if 514 * memory allocation fails and then the 515 * number of _possible_ groups has been 516 * increased on some sockets which is ok. 517 */ 518 break; 519 } 520 } 521 rcu_read_unlock(); 522 netlink_table_ungrab(); 523 } else { 524 err = netlink_change_ngroups(init_net.genl_sock, 525 mc_groups_longs * BITS_PER_LONG); 526 } 527 528 if (groups_allocated && err) { 529 for (i = 0; i < family->n_mcgrps; i++) 530 clear_bit(family->mcgrp_offset + i, mc_groups); 531 } 532 533 return err; 534 } 535 536 static void genl_unregister_mc_groups(const struct genl_family *family) 537 { 538 struct net *net; 539 int i; 540 541 netlink_table_grab(); 542 rcu_read_lock(); 543 for_each_net_rcu(net) { 544 for (i = 0; i < family->n_mcgrps; i++) 545 __netlink_clear_multicast_users( 546 net->genl_sock, family->mcgrp_offset + i); 547 } 548 rcu_read_unlock(); 549 netlink_table_ungrab(); 550 551 for (i = 0; i < family->n_mcgrps; i++) { 552 int grp_id = family->mcgrp_offset + i; 553 554 if (grp_id != 1) 555 clear_bit(grp_id, mc_groups); 556 genl_ctrl_event(CTRL_CMD_DELMCAST_GRP, family, 557 &family->mcgrps[i], grp_id); 558 } 559 } 560 561 static bool genl_split_op_check(const struct genl_split_ops *op) 562 { 563 if (WARN_ON(hweight8(op->flags & (GENL_CMD_CAP_DO | 564 GENL_CMD_CAP_DUMP)) != 1)) 565 return true; 566 return false; 567 } 568 569 static int genl_validate_ops(const struct genl_family *family) 570 { 571 struct genl_op_iter i, j; 572 unsigned int s; 573 574 if (WARN_ON(family->n_ops && !family->ops) || 575 WARN_ON(family->n_small_ops && !family->small_ops) || 576 WARN_ON(family->n_split_ops && !family->split_ops)) 577 return -EINVAL; 578 579 for (genl_op_iter_init(family, &i); genl_op_iter_next(&i); ) { 580 if (!(i.flags & (GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP))) 581 return -EINVAL; 582 583 if (WARN_ON(i.cmd >= family->resv_start_op && 584 (i.doit.validate || i.dumpit.validate))) 585 return -EINVAL; 586 587 genl_op_iter_copy(&j, &i); 588 while (genl_op_iter_next(&j)) { 589 if (i.cmd == j.cmd) 590 return -EINVAL; 591 } 592 } 593 594 if (family->n_split_ops) { 595 if (genl_split_op_check(&family->split_ops[0])) 596 return -EINVAL; 597 } 598 599 for (s = 1; s < family->n_split_ops; s++) { 600 const struct genl_split_ops *a, *b; 601 602 a = &family->split_ops[s - 1]; 603 b = &family->split_ops[s]; 604 605 if (genl_split_op_check(b)) 606 return -EINVAL; 607 608 /* Check sort order */ 609 if (a->cmd < b->cmd) { 610 continue; 611 } else if (a->cmd > b->cmd) { 612 WARN_ON(1); 613 return -EINVAL; 614 } 615 616 if (a->internal_flags != b->internal_flags || 617 ((a->flags ^ b->flags) & ~(GENL_CMD_CAP_DO | 618 GENL_CMD_CAP_DUMP))) { 619 WARN_ON(1); 620 return -EINVAL; 621 } 622 623 if ((a->flags & GENL_CMD_CAP_DO) && 624 (b->flags & GENL_CMD_CAP_DUMP)) 625 continue; 626 627 WARN_ON(1); 628 return -EINVAL; 629 } 630 631 return 0; 632 } 633 634 /** 635 * genl_register_family - register a generic netlink family 636 * @family: generic netlink family 637 * 638 * Registers the specified family after validating it first. Only one 639 * family may be registered with the same family name or identifier. 640 * 641 * The family's ops, multicast groups and module pointer must already 642 * be assigned. 643 * 644 * Return 0 on success or a negative error code. 645 */ 646 int genl_register_family(struct genl_family *family) 647 { 648 int err, i; 649 int start = GENL_START_ALLOC, end = GENL_MAX_ID; 650 651 err = genl_validate_ops(family); 652 if (err) 653 return err; 654 655 genl_lock_all(); 656 657 if (genl_family_find_byname(family->name)) { 658 err = -EEXIST; 659 goto errout_locked; 660 } 661 662 /* 663 * Sadly, a few cases need to be special-cased 664 * due to them having previously abused the API 665 * and having used their family ID also as their 666 * multicast group ID, so we use reserved IDs 667 * for both to be sure we can do that mapping. 668 */ 669 if (family == &genl_ctrl) { 670 /* and this needs to be special for initial family lookups */ 671 start = end = GENL_ID_CTRL; 672 } else if (strcmp(family->name, "pmcraid") == 0) { 673 start = end = GENL_ID_PMCRAID; 674 } else if (strcmp(family->name, "VFS_DQUOT") == 0) { 675 start = end = GENL_ID_VFS_DQUOT; 676 } 677 678 family->id = idr_alloc_cyclic(&genl_fam_idr, family, 679 start, end + 1, GFP_KERNEL); 680 if (family->id < 0) { 681 err = family->id; 682 goto errout_locked; 683 } 684 685 err = genl_validate_assign_mc_groups(family); 686 if (err) 687 goto errout_remove; 688 689 genl_unlock_all(); 690 691 /* send all events */ 692 genl_ctrl_event(CTRL_CMD_NEWFAMILY, family, NULL, 0); 693 for (i = 0; i < family->n_mcgrps; i++) 694 genl_ctrl_event(CTRL_CMD_NEWMCAST_GRP, family, 695 &family->mcgrps[i], family->mcgrp_offset + i); 696 697 return 0; 698 699 errout_remove: 700 idr_remove(&genl_fam_idr, family->id); 701 errout_locked: 702 genl_unlock_all(); 703 return err; 704 } 705 EXPORT_SYMBOL(genl_register_family); 706 707 /** 708 * genl_unregister_family - unregister generic netlink family 709 * @family: generic netlink family 710 * 711 * Unregisters the specified family. 712 * 713 * Returns 0 on success or a negative error code. 714 */ 715 int genl_unregister_family(const struct genl_family *family) 716 { 717 genl_lock_all(); 718 719 if (!genl_family_find_byid(family->id)) { 720 genl_unlock_all(); 721 return -ENOENT; 722 } 723 724 genl_unregister_mc_groups(family); 725 726 idr_remove(&genl_fam_idr, family->id); 727 728 up_write(&cb_lock); 729 wait_event(genl_sk_destructing_waitq, 730 atomic_read(&genl_sk_destructing_cnt) == 0); 731 genl_unlock(); 732 733 genl_ctrl_event(CTRL_CMD_DELFAMILY, family, NULL, 0); 734 735 return 0; 736 } 737 EXPORT_SYMBOL(genl_unregister_family); 738 739 /** 740 * genlmsg_put - Add generic netlink header to netlink message 741 * @skb: socket buffer holding the message 742 * @portid: netlink portid the message is addressed to 743 * @seq: sequence number (usually the one of the sender) 744 * @family: generic netlink family 745 * @flags: netlink message flags 746 * @cmd: generic netlink command 747 * 748 * Returns pointer to user specific header 749 */ 750 void *genlmsg_put(struct sk_buff *skb, u32 portid, u32 seq, 751 const struct genl_family *family, int flags, u8 cmd) 752 { 753 struct nlmsghdr *nlh; 754 struct genlmsghdr *hdr; 755 756 nlh = nlmsg_put(skb, portid, seq, family->id, GENL_HDRLEN + 757 family->hdrsize, flags); 758 if (nlh == NULL) 759 return NULL; 760 761 hdr = nlmsg_data(nlh); 762 hdr->cmd = cmd; 763 hdr->version = family->version; 764 hdr->reserved = 0; 765 766 return (char *) hdr + GENL_HDRLEN; 767 } 768 EXPORT_SYMBOL(genlmsg_put); 769 770 static struct genl_dumpit_info *genl_dumpit_info_alloc(void) 771 { 772 return kmalloc(sizeof(struct genl_dumpit_info), GFP_KERNEL); 773 } 774 775 static void genl_dumpit_info_free(const struct genl_dumpit_info *info) 776 { 777 kfree(info); 778 } 779 780 static struct nlattr ** 781 genl_family_rcv_msg_attrs_parse(const struct genl_family *family, 782 struct nlmsghdr *nlh, 783 struct netlink_ext_ack *extack, 784 const struct genl_split_ops *ops, 785 int hdrlen, 786 enum genl_validate_flags no_strict_flag) 787 { 788 enum netlink_validation validate = ops->validate & no_strict_flag ? 789 NL_VALIDATE_LIBERAL : 790 NL_VALIDATE_STRICT; 791 struct nlattr **attrbuf; 792 int err; 793 794 if (!ops->maxattr) 795 return NULL; 796 797 attrbuf = kmalloc_array(ops->maxattr + 1, 798 sizeof(struct nlattr *), GFP_KERNEL); 799 if (!attrbuf) 800 return ERR_PTR(-ENOMEM); 801 802 err = __nlmsg_parse(nlh, hdrlen, attrbuf, ops->maxattr, ops->policy, 803 validate, extack); 804 if (err) { 805 kfree(attrbuf); 806 return ERR_PTR(err); 807 } 808 return attrbuf; 809 } 810 811 static void genl_family_rcv_msg_attrs_free(struct nlattr **attrbuf) 812 { 813 kfree(attrbuf); 814 } 815 816 struct genl_start_context { 817 const struct genl_family *family; 818 struct nlmsghdr *nlh; 819 struct netlink_ext_ack *extack; 820 const struct genl_split_ops *ops; 821 int hdrlen; 822 }; 823 824 static int genl_start(struct netlink_callback *cb) 825 { 826 struct genl_start_context *ctx = cb->data; 827 const struct genl_split_ops *ops; 828 struct genl_dumpit_info *info; 829 struct nlattr **attrs = NULL; 830 int rc = 0; 831 832 ops = ctx->ops; 833 if (!(ops->validate & GENL_DONT_VALIDATE_DUMP) && 834 ctx->nlh->nlmsg_len < nlmsg_msg_size(ctx->hdrlen)) 835 return -EINVAL; 836 837 attrs = genl_family_rcv_msg_attrs_parse(ctx->family, ctx->nlh, ctx->extack, 838 ops, ctx->hdrlen, 839 GENL_DONT_VALIDATE_DUMP_STRICT); 840 if (IS_ERR(attrs)) 841 return PTR_ERR(attrs); 842 843 info = genl_dumpit_info_alloc(); 844 if (!info) { 845 genl_family_rcv_msg_attrs_free(attrs); 846 return -ENOMEM; 847 } 848 info->op = *ops; 849 info->info.family = ctx->family; 850 info->info.snd_seq = cb->nlh->nlmsg_seq; 851 info->info.snd_portid = NETLINK_CB(cb->skb).portid; 852 info->info.nlhdr = cb->nlh; 853 info->info.genlhdr = nlmsg_data(cb->nlh); 854 info->info.attrs = attrs; 855 genl_info_net_set(&info->info, sock_net(cb->skb->sk)); 856 info->info.extack = cb->extack; 857 memset(&info->info.user_ptr, 0, sizeof(info->info.user_ptr)); 858 859 cb->data = info; 860 if (ops->start) { 861 genl_op_lock(ctx->family); 862 rc = ops->start(cb); 863 genl_op_unlock(ctx->family); 864 } 865 866 if (rc) { 867 genl_family_rcv_msg_attrs_free(info->info.attrs); 868 genl_dumpit_info_free(info); 869 cb->data = NULL; 870 } 871 return rc; 872 } 873 874 static int genl_dumpit(struct sk_buff *skb, struct netlink_callback *cb) 875 { 876 struct genl_dumpit_info *dump_info = cb->data; 877 const struct genl_split_ops *ops = &dump_info->op; 878 struct genl_info *info = &dump_info->info; 879 int rc; 880 881 info->extack = cb->extack; 882 883 genl_op_lock(info->family); 884 rc = ops->dumpit(skb, cb); 885 genl_op_unlock(info->family); 886 return rc; 887 } 888 889 static int genl_done(struct netlink_callback *cb) 890 { 891 struct genl_dumpit_info *dump_info = cb->data; 892 const struct genl_split_ops *ops = &dump_info->op; 893 struct genl_info *info = &dump_info->info; 894 int rc = 0; 895 896 info->extack = cb->extack; 897 898 if (ops->done) { 899 genl_op_lock(info->family); 900 rc = ops->done(cb); 901 genl_op_unlock(info->family); 902 } 903 genl_family_rcv_msg_attrs_free(info->attrs); 904 genl_dumpit_info_free(dump_info); 905 return rc; 906 } 907 908 static int genl_family_rcv_msg_dumpit(const struct genl_family *family, 909 struct sk_buff *skb, 910 struct nlmsghdr *nlh, 911 struct netlink_ext_ack *extack, 912 const struct genl_split_ops *ops, 913 int hdrlen, struct net *net) 914 { 915 struct genl_start_context ctx; 916 struct netlink_dump_control c = { 917 .module = family->module, 918 .data = &ctx, 919 .start = genl_start, 920 .dump = genl_dumpit, 921 .done = genl_done, 922 .extack = extack, 923 }; 924 int err; 925 926 ctx.family = family; 927 ctx.nlh = nlh; 928 ctx.extack = extack; 929 ctx.ops = ops; 930 ctx.hdrlen = hdrlen; 931 932 genl_op_unlock(family); 933 err = __netlink_dump_start(net->genl_sock, skb, nlh, &c); 934 genl_op_lock(family); 935 936 return err; 937 } 938 939 static int genl_family_rcv_msg_doit(const struct genl_family *family, 940 struct sk_buff *skb, 941 struct nlmsghdr *nlh, 942 struct netlink_ext_ack *extack, 943 const struct genl_split_ops *ops, 944 int hdrlen, struct net *net) 945 { 946 struct nlattr **attrbuf; 947 struct genl_info info; 948 int err; 949 950 attrbuf = genl_family_rcv_msg_attrs_parse(family, nlh, extack, 951 ops, hdrlen, 952 GENL_DONT_VALIDATE_STRICT); 953 if (IS_ERR(attrbuf)) 954 return PTR_ERR(attrbuf); 955 956 info.snd_seq = nlh->nlmsg_seq; 957 info.snd_portid = NETLINK_CB(skb).portid; 958 info.family = family; 959 info.nlhdr = nlh; 960 info.genlhdr = nlmsg_data(nlh); 961 info.attrs = attrbuf; 962 info.extack = extack; 963 genl_info_net_set(&info, net); 964 memset(&info.user_ptr, 0, sizeof(info.user_ptr)); 965 966 if (ops->pre_doit) { 967 err = ops->pre_doit(ops, skb, &info); 968 if (err) 969 goto out; 970 } 971 972 err = ops->doit(skb, &info); 973 974 if (ops->post_doit) 975 ops->post_doit(ops, skb, &info); 976 977 out: 978 genl_family_rcv_msg_attrs_free(attrbuf); 979 980 return err; 981 } 982 983 static int genl_header_check(const struct genl_family *family, 984 struct nlmsghdr *nlh, struct genlmsghdr *hdr, 985 struct netlink_ext_ack *extack) 986 { 987 u16 flags; 988 989 /* Only for commands added after we started validating */ 990 if (hdr->cmd < family->resv_start_op) 991 return 0; 992 993 if (hdr->reserved) { 994 NL_SET_ERR_MSG(extack, "genlmsghdr.reserved field is not 0"); 995 return -EINVAL; 996 } 997 998 /* Old netlink flags have pretty loose semantics, allow only the flags 999 * consumed by the core where we can enforce the meaning. 1000 */ 1001 flags = nlh->nlmsg_flags; 1002 if ((flags & NLM_F_DUMP) == NLM_F_DUMP) /* DUMP is 2 bits */ 1003 flags &= ~NLM_F_DUMP; 1004 if (flags & ~(NLM_F_REQUEST | NLM_F_ACK | NLM_F_ECHO)) { 1005 NL_SET_ERR_MSG(extack, 1006 "ambiguous or reserved bits set in nlmsg_flags"); 1007 return -EINVAL; 1008 } 1009 1010 return 0; 1011 } 1012 1013 static int genl_family_rcv_msg(const struct genl_family *family, 1014 struct sk_buff *skb, 1015 struct nlmsghdr *nlh, 1016 struct netlink_ext_ack *extack) 1017 { 1018 struct net *net = sock_net(skb->sk); 1019 struct genlmsghdr *hdr = nlmsg_data(nlh); 1020 struct genl_split_ops op; 1021 int hdrlen; 1022 u8 flags; 1023 1024 /* this family doesn't exist in this netns */ 1025 if (!family->netnsok && !net_eq(net, &init_net)) 1026 return -ENOENT; 1027 1028 hdrlen = GENL_HDRLEN + family->hdrsize; 1029 if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) 1030 return -EINVAL; 1031 1032 if (genl_header_check(family, nlh, hdr, extack)) 1033 return -EINVAL; 1034 1035 flags = (nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP ? 1036 GENL_CMD_CAP_DUMP : GENL_CMD_CAP_DO; 1037 if (genl_get_cmd(hdr->cmd, flags, family, &op)) 1038 return -EOPNOTSUPP; 1039 1040 if ((op.flags & GENL_ADMIN_PERM) && 1041 !netlink_capable(skb, CAP_NET_ADMIN)) 1042 return -EPERM; 1043 1044 if ((op.flags & GENL_UNS_ADMIN_PERM) && 1045 !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) 1046 return -EPERM; 1047 1048 if (flags & GENL_CMD_CAP_DUMP) 1049 return genl_family_rcv_msg_dumpit(family, skb, nlh, extack, 1050 &op, hdrlen, net); 1051 else 1052 return genl_family_rcv_msg_doit(family, skb, nlh, extack, 1053 &op, hdrlen, net); 1054 } 1055 1056 static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, 1057 struct netlink_ext_ack *extack) 1058 { 1059 const struct genl_family *family; 1060 int err; 1061 1062 family = genl_family_find_byid(nlh->nlmsg_type); 1063 if (family == NULL) 1064 return -ENOENT; 1065 1066 genl_op_lock(family); 1067 err = genl_family_rcv_msg(family, skb, nlh, extack); 1068 genl_op_unlock(family); 1069 1070 return err; 1071 } 1072 1073 static void genl_rcv(struct sk_buff *skb) 1074 { 1075 down_read(&cb_lock); 1076 netlink_rcv_skb(skb, &genl_rcv_msg); 1077 up_read(&cb_lock); 1078 } 1079 1080 /************************************************************************** 1081 * Controller 1082 **************************************************************************/ 1083 1084 static struct genl_family genl_ctrl; 1085 1086 static int ctrl_fill_info(const struct genl_family *family, u32 portid, u32 seq, 1087 u32 flags, struct sk_buff *skb, u8 cmd) 1088 { 1089 struct genl_op_iter i; 1090 void *hdr; 1091 1092 hdr = genlmsg_put(skb, portid, seq, &genl_ctrl, flags, cmd); 1093 if (hdr == NULL) 1094 return -1; 1095 1096 if (nla_put_string(skb, CTRL_ATTR_FAMILY_NAME, family->name) || 1097 nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, family->id) || 1098 nla_put_u32(skb, CTRL_ATTR_VERSION, family->version) || 1099 nla_put_u32(skb, CTRL_ATTR_HDRSIZE, family->hdrsize) || 1100 nla_put_u32(skb, CTRL_ATTR_MAXATTR, family->maxattr)) 1101 goto nla_put_failure; 1102 1103 if (genl_op_iter_init(family, &i)) { 1104 struct nlattr *nla_ops; 1105 1106 nla_ops = nla_nest_start_noflag(skb, CTRL_ATTR_OPS); 1107 if (nla_ops == NULL) 1108 goto nla_put_failure; 1109 1110 while (genl_op_iter_next(&i)) { 1111 struct nlattr *nest; 1112 u32 op_flags; 1113 1114 op_flags = i.flags; 1115 if (i.doit.policy || i.dumpit.policy) 1116 op_flags |= GENL_CMD_CAP_HASPOL; 1117 1118 nest = nla_nest_start_noflag(skb, genl_op_iter_idx(&i)); 1119 if (nest == NULL) 1120 goto nla_put_failure; 1121 1122 if (nla_put_u32(skb, CTRL_ATTR_OP_ID, i.cmd) || 1123 nla_put_u32(skb, CTRL_ATTR_OP_FLAGS, op_flags)) 1124 goto nla_put_failure; 1125 1126 nla_nest_end(skb, nest); 1127 } 1128 1129 nla_nest_end(skb, nla_ops); 1130 } 1131 1132 if (family->n_mcgrps) { 1133 struct nlattr *nla_grps; 1134 int i; 1135 1136 nla_grps = nla_nest_start_noflag(skb, CTRL_ATTR_MCAST_GROUPS); 1137 if (nla_grps == NULL) 1138 goto nla_put_failure; 1139 1140 for (i = 0; i < family->n_mcgrps; i++) { 1141 struct nlattr *nest; 1142 const struct genl_multicast_group *grp; 1143 1144 grp = &family->mcgrps[i]; 1145 1146 nest = nla_nest_start_noflag(skb, i + 1); 1147 if (nest == NULL) 1148 goto nla_put_failure; 1149 1150 if (nla_put_u32(skb, CTRL_ATTR_MCAST_GRP_ID, 1151 family->mcgrp_offset + i) || 1152 nla_put_string(skb, CTRL_ATTR_MCAST_GRP_NAME, 1153 grp->name)) 1154 goto nla_put_failure; 1155 1156 nla_nest_end(skb, nest); 1157 } 1158 nla_nest_end(skb, nla_grps); 1159 } 1160 1161 genlmsg_end(skb, hdr); 1162 return 0; 1163 1164 nla_put_failure: 1165 genlmsg_cancel(skb, hdr); 1166 return -EMSGSIZE; 1167 } 1168 1169 static int ctrl_fill_mcgrp_info(const struct genl_family *family, 1170 const struct genl_multicast_group *grp, 1171 int grp_id, u32 portid, u32 seq, u32 flags, 1172 struct sk_buff *skb, u8 cmd) 1173 { 1174 void *hdr; 1175 struct nlattr *nla_grps; 1176 struct nlattr *nest; 1177 1178 hdr = genlmsg_put(skb, portid, seq, &genl_ctrl, flags, cmd); 1179 if (hdr == NULL) 1180 return -1; 1181 1182 if (nla_put_string(skb, CTRL_ATTR_FAMILY_NAME, family->name) || 1183 nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, family->id)) 1184 goto nla_put_failure; 1185 1186 nla_grps = nla_nest_start_noflag(skb, CTRL_ATTR_MCAST_GROUPS); 1187 if (nla_grps == NULL) 1188 goto nla_put_failure; 1189 1190 nest = nla_nest_start_noflag(skb, 1); 1191 if (nest == NULL) 1192 goto nla_put_failure; 1193 1194 if (nla_put_u32(skb, CTRL_ATTR_MCAST_GRP_ID, grp_id) || 1195 nla_put_string(skb, CTRL_ATTR_MCAST_GRP_NAME, 1196 grp->name)) 1197 goto nla_put_failure; 1198 1199 nla_nest_end(skb, nest); 1200 nla_nest_end(skb, nla_grps); 1201 1202 genlmsg_end(skb, hdr); 1203 return 0; 1204 1205 nla_put_failure: 1206 genlmsg_cancel(skb, hdr); 1207 return -EMSGSIZE; 1208 } 1209 1210 static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb) 1211 { 1212 int n = 0; 1213 struct genl_family *rt; 1214 struct net *net = sock_net(skb->sk); 1215 int fams_to_skip = cb->args[0]; 1216 unsigned int id; 1217 1218 idr_for_each_entry(&genl_fam_idr, rt, id) { 1219 if (!rt->netnsok && !net_eq(net, &init_net)) 1220 continue; 1221 1222 if (n++ < fams_to_skip) 1223 continue; 1224 1225 if (ctrl_fill_info(rt, NETLINK_CB(cb->skb).portid, 1226 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1227 skb, CTRL_CMD_NEWFAMILY) < 0) { 1228 n--; 1229 break; 1230 } 1231 } 1232 1233 cb->args[0] = n; 1234 return skb->len; 1235 } 1236 1237 static struct sk_buff *ctrl_build_family_msg(const struct genl_family *family, 1238 u32 portid, int seq, u8 cmd) 1239 { 1240 struct sk_buff *skb; 1241 int err; 1242 1243 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1244 if (skb == NULL) 1245 return ERR_PTR(-ENOBUFS); 1246 1247 err = ctrl_fill_info(family, portid, seq, 0, skb, cmd); 1248 if (err < 0) { 1249 nlmsg_free(skb); 1250 return ERR_PTR(err); 1251 } 1252 1253 return skb; 1254 } 1255 1256 static struct sk_buff * 1257 ctrl_build_mcgrp_msg(const struct genl_family *family, 1258 const struct genl_multicast_group *grp, 1259 int grp_id, u32 portid, int seq, u8 cmd) 1260 { 1261 struct sk_buff *skb; 1262 int err; 1263 1264 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1265 if (skb == NULL) 1266 return ERR_PTR(-ENOBUFS); 1267 1268 err = ctrl_fill_mcgrp_info(family, grp, grp_id, portid, 1269 seq, 0, skb, cmd); 1270 if (err < 0) { 1271 nlmsg_free(skb); 1272 return ERR_PTR(err); 1273 } 1274 1275 return skb; 1276 } 1277 1278 static const struct nla_policy ctrl_policy_family[] = { 1279 [CTRL_ATTR_FAMILY_ID] = { .type = NLA_U16 }, 1280 [CTRL_ATTR_FAMILY_NAME] = { .type = NLA_NUL_STRING, 1281 .len = GENL_NAMSIZ - 1 }, 1282 }; 1283 1284 static int ctrl_getfamily(struct sk_buff *skb, struct genl_info *info) 1285 { 1286 struct sk_buff *msg; 1287 const struct genl_family *res = NULL; 1288 int err = -EINVAL; 1289 1290 if (info->attrs[CTRL_ATTR_FAMILY_ID]) { 1291 u16 id = nla_get_u16(info->attrs[CTRL_ATTR_FAMILY_ID]); 1292 res = genl_family_find_byid(id); 1293 err = -ENOENT; 1294 } 1295 1296 if (info->attrs[CTRL_ATTR_FAMILY_NAME]) { 1297 char *name; 1298 1299 name = nla_data(info->attrs[CTRL_ATTR_FAMILY_NAME]); 1300 res = genl_family_find_byname(name); 1301 #ifdef CONFIG_MODULES 1302 if (res == NULL) { 1303 genl_unlock(); 1304 up_read(&cb_lock); 1305 request_module("net-pf-%d-proto-%d-family-%s", 1306 PF_NETLINK, NETLINK_GENERIC, name); 1307 down_read(&cb_lock); 1308 genl_lock(); 1309 res = genl_family_find_byname(name); 1310 } 1311 #endif 1312 err = -ENOENT; 1313 } 1314 1315 if (res == NULL) 1316 return err; 1317 1318 if (!res->netnsok && !net_eq(genl_info_net(info), &init_net)) { 1319 /* family doesn't exist here */ 1320 return -ENOENT; 1321 } 1322 1323 msg = ctrl_build_family_msg(res, info->snd_portid, info->snd_seq, 1324 CTRL_CMD_NEWFAMILY); 1325 if (IS_ERR(msg)) 1326 return PTR_ERR(msg); 1327 1328 return genlmsg_reply(msg, info); 1329 } 1330 1331 static int genl_ctrl_event(int event, const struct genl_family *family, 1332 const struct genl_multicast_group *grp, 1333 int grp_id) 1334 { 1335 struct sk_buff *msg; 1336 1337 /* genl is still initialising */ 1338 if (!init_net.genl_sock) 1339 return 0; 1340 1341 switch (event) { 1342 case CTRL_CMD_NEWFAMILY: 1343 case CTRL_CMD_DELFAMILY: 1344 WARN_ON(grp); 1345 msg = ctrl_build_family_msg(family, 0, 0, event); 1346 break; 1347 case CTRL_CMD_NEWMCAST_GRP: 1348 case CTRL_CMD_DELMCAST_GRP: 1349 BUG_ON(!grp); 1350 msg = ctrl_build_mcgrp_msg(family, grp, grp_id, 0, 0, event); 1351 break; 1352 default: 1353 return -EINVAL; 1354 } 1355 1356 if (IS_ERR(msg)) 1357 return PTR_ERR(msg); 1358 1359 if (!family->netnsok) { 1360 genlmsg_multicast_netns(&genl_ctrl, &init_net, msg, 0, 1361 0, GFP_KERNEL); 1362 } else { 1363 rcu_read_lock(); 1364 genlmsg_multicast_allns(&genl_ctrl, msg, 0, 1365 0, GFP_ATOMIC); 1366 rcu_read_unlock(); 1367 } 1368 1369 return 0; 1370 } 1371 1372 struct ctrl_dump_policy_ctx { 1373 struct netlink_policy_dump_state *state; 1374 const struct genl_family *rt; 1375 struct genl_op_iter *op_iter; 1376 u32 op; 1377 u16 fam_id; 1378 u8 dump_map:1, 1379 single_op:1; 1380 }; 1381 1382 static const struct nla_policy ctrl_policy_policy[] = { 1383 [CTRL_ATTR_FAMILY_ID] = { .type = NLA_U16 }, 1384 [CTRL_ATTR_FAMILY_NAME] = { .type = NLA_NUL_STRING, 1385 .len = GENL_NAMSIZ - 1 }, 1386 [CTRL_ATTR_OP] = { .type = NLA_U32 }, 1387 }; 1388 1389 static int ctrl_dumppolicy_start(struct netlink_callback *cb) 1390 { 1391 const struct genl_dumpit_info *info = genl_dumpit_info(cb); 1392 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1393 struct nlattr **tb = info->info.attrs; 1394 const struct genl_family *rt; 1395 struct genl_op_iter i; 1396 int err; 1397 1398 BUILD_BUG_ON(sizeof(*ctx) > sizeof(cb->ctx)); 1399 1400 if (!tb[CTRL_ATTR_FAMILY_ID] && !tb[CTRL_ATTR_FAMILY_NAME]) 1401 return -EINVAL; 1402 1403 if (tb[CTRL_ATTR_FAMILY_ID]) { 1404 ctx->fam_id = nla_get_u16(tb[CTRL_ATTR_FAMILY_ID]); 1405 } else { 1406 rt = genl_family_find_byname( 1407 nla_data(tb[CTRL_ATTR_FAMILY_NAME])); 1408 if (!rt) 1409 return -ENOENT; 1410 ctx->fam_id = rt->id; 1411 } 1412 1413 rt = genl_family_find_byid(ctx->fam_id); 1414 if (!rt) 1415 return -ENOENT; 1416 1417 ctx->rt = rt; 1418 1419 if (tb[CTRL_ATTR_OP]) { 1420 struct genl_split_ops doit, dump; 1421 1422 ctx->single_op = true; 1423 ctx->op = nla_get_u32(tb[CTRL_ATTR_OP]); 1424 1425 err = genl_get_cmd_both(ctx->op, rt, &doit, &dump); 1426 if (err) { 1427 NL_SET_BAD_ATTR(cb->extack, tb[CTRL_ATTR_OP]); 1428 return err; 1429 } 1430 1431 if (doit.policy) { 1432 err = netlink_policy_dump_add_policy(&ctx->state, 1433 doit.policy, 1434 doit.maxattr); 1435 if (err) 1436 goto err_free_state; 1437 } 1438 if (dump.policy) { 1439 err = netlink_policy_dump_add_policy(&ctx->state, 1440 dump.policy, 1441 dump.maxattr); 1442 if (err) 1443 goto err_free_state; 1444 } 1445 1446 if (!ctx->state) 1447 return -ENODATA; 1448 1449 ctx->dump_map = 1; 1450 return 0; 1451 } 1452 1453 ctx->op_iter = kmalloc(sizeof(*ctx->op_iter), GFP_KERNEL); 1454 if (!ctx->op_iter) 1455 return -ENOMEM; 1456 1457 genl_op_iter_init(rt, ctx->op_iter); 1458 ctx->dump_map = genl_op_iter_next(ctx->op_iter); 1459 1460 for (genl_op_iter_init(rt, &i); genl_op_iter_next(&i); ) { 1461 if (i.doit.policy) { 1462 err = netlink_policy_dump_add_policy(&ctx->state, 1463 i.doit.policy, 1464 i.doit.maxattr); 1465 if (err) 1466 goto err_free_state; 1467 } 1468 if (i.dumpit.policy) { 1469 err = netlink_policy_dump_add_policy(&ctx->state, 1470 i.dumpit.policy, 1471 i.dumpit.maxattr); 1472 if (err) 1473 goto err_free_state; 1474 } 1475 } 1476 1477 if (!ctx->state) { 1478 err = -ENODATA; 1479 goto err_free_op_iter; 1480 } 1481 return 0; 1482 1483 err_free_state: 1484 netlink_policy_dump_free(ctx->state); 1485 err_free_op_iter: 1486 kfree(ctx->op_iter); 1487 return err; 1488 } 1489 1490 static void *ctrl_dumppolicy_prep(struct sk_buff *skb, 1491 struct netlink_callback *cb) 1492 { 1493 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1494 void *hdr; 1495 1496 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, 1497 cb->nlh->nlmsg_seq, &genl_ctrl, 1498 NLM_F_MULTI, CTRL_CMD_GETPOLICY); 1499 if (!hdr) 1500 return NULL; 1501 1502 if (nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, ctx->fam_id)) 1503 return NULL; 1504 1505 return hdr; 1506 } 1507 1508 static int ctrl_dumppolicy_put_op(struct sk_buff *skb, 1509 struct netlink_callback *cb, 1510 struct genl_split_ops *doit, 1511 struct genl_split_ops *dumpit) 1512 { 1513 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1514 struct nlattr *nest_pol, *nest_op; 1515 void *hdr; 1516 int idx; 1517 1518 /* skip if we have nothing to show */ 1519 if (!doit->policy && !dumpit->policy) 1520 return 0; 1521 1522 hdr = ctrl_dumppolicy_prep(skb, cb); 1523 if (!hdr) 1524 return -ENOBUFS; 1525 1526 nest_pol = nla_nest_start(skb, CTRL_ATTR_OP_POLICY); 1527 if (!nest_pol) 1528 goto err; 1529 1530 nest_op = nla_nest_start(skb, doit->cmd); 1531 if (!nest_op) 1532 goto err; 1533 1534 if (doit->policy) { 1535 idx = netlink_policy_dump_get_policy_idx(ctx->state, 1536 doit->policy, 1537 doit->maxattr); 1538 1539 if (nla_put_u32(skb, CTRL_ATTR_POLICY_DO, idx)) 1540 goto err; 1541 } 1542 if (dumpit->policy) { 1543 idx = netlink_policy_dump_get_policy_idx(ctx->state, 1544 dumpit->policy, 1545 dumpit->maxattr); 1546 1547 if (nla_put_u32(skb, CTRL_ATTR_POLICY_DUMP, idx)) 1548 goto err; 1549 } 1550 1551 nla_nest_end(skb, nest_op); 1552 nla_nest_end(skb, nest_pol); 1553 genlmsg_end(skb, hdr); 1554 1555 return 0; 1556 err: 1557 genlmsg_cancel(skb, hdr); 1558 return -ENOBUFS; 1559 } 1560 1561 static int ctrl_dumppolicy(struct sk_buff *skb, struct netlink_callback *cb) 1562 { 1563 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1564 void *hdr; 1565 1566 if (ctx->dump_map) { 1567 if (ctx->single_op) { 1568 struct genl_split_ops doit, dumpit; 1569 1570 if (WARN_ON(genl_get_cmd_both(ctx->op, ctx->rt, 1571 &doit, &dumpit))) 1572 return -ENOENT; 1573 1574 if (ctrl_dumppolicy_put_op(skb, cb, &doit, &dumpit)) 1575 return skb->len; 1576 1577 /* done with the per-op policy index list */ 1578 ctx->dump_map = 0; 1579 } 1580 1581 while (ctx->dump_map) { 1582 if (ctrl_dumppolicy_put_op(skb, cb, 1583 &ctx->op_iter->doit, 1584 &ctx->op_iter->dumpit)) 1585 return skb->len; 1586 1587 ctx->dump_map = genl_op_iter_next(ctx->op_iter); 1588 } 1589 } 1590 1591 while (netlink_policy_dump_loop(ctx->state)) { 1592 struct nlattr *nest; 1593 1594 hdr = ctrl_dumppolicy_prep(skb, cb); 1595 if (!hdr) 1596 goto nla_put_failure; 1597 1598 nest = nla_nest_start(skb, CTRL_ATTR_POLICY); 1599 if (!nest) 1600 goto nla_put_failure; 1601 1602 if (netlink_policy_dump_write(skb, ctx->state)) 1603 goto nla_put_failure; 1604 1605 nla_nest_end(skb, nest); 1606 1607 genlmsg_end(skb, hdr); 1608 } 1609 1610 return skb->len; 1611 1612 nla_put_failure: 1613 genlmsg_cancel(skb, hdr); 1614 return skb->len; 1615 } 1616 1617 static int ctrl_dumppolicy_done(struct netlink_callback *cb) 1618 { 1619 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; 1620 1621 kfree(ctx->op_iter); 1622 netlink_policy_dump_free(ctx->state); 1623 return 0; 1624 } 1625 1626 static const struct genl_split_ops genl_ctrl_ops[] = { 1627 { 1628 .cmd = CTRL_CMD_GETFAMILY, 1629 .validate = GENL_DONT_VALIDATE_STRICT, 1630 .policy = ctrl_policy_family, 1631 .maxattr = ARRAY_SIZE(ctrl_policy_family) - 1, 1632 .doit = ctrl_getfamily, 1633 .flags = GENL_CMD_CAP_DO, 1634 }, 1635 { 1636 .cmd = CTRL_CMD_GETFAMILY, 1637 .validate = GENL_DONT_VALIDATE_DUMP, 1638 .policy = ctrl_policy_family, 1639 .maxattr = ARRAY_SIZE(ctrl_policy_family) - 1, 1640 .dumpit = ctrl_dumpfamily, 1641 .flags = GENL_CMD_CAP_DUMP, 1642 }, 1643 { 1644 .cmd = CTRL_CMD_GETPOLICY, 1645 .policy = ctrl_policy_policy, 1646 .maxattr = ARRAY_SIZE(ctrl_policy_policy) - 1, 1647 .start = ctrl_dumppolicy_start, 1648 .dumpit = ctrl_dumppolicy, 1649 .done = ctrl_dumppolicy_done, 1650 .flags = GENL_CMD_CAP_DUMP, 1651 }, 1652 }; 1653 1654 static const struct genl_multicast_group genl_ctrl_groups[] = { 1655 { .name = "notify", }, 1656 }; 1657 1658 static struct genl_family genl_ctrl __ro_after_init = { 1659 .module = THIS_MODULE, 1660 .split_ops = genl_ctrl_ops, 1661 .n_split_ops = ARRAY_SIZE(genl_ctrl_ops), 1662 .resv_start_op = CTRL_CMD_GETPOLICY + 1, 1663 .mcgrps = genl_ctrl_groups, 1664 .n_mcgrps = ARRAY_SIZE(genl_ctrl_groups), 1665 .id = GENL_ID_CTRL, 1666 .name = "nlctrl", 1667 .version = 0x2, 1668 .netnsok = true, 1669 }; 1670 1671 static int genl_bind(struct net *net, int group) 1672 { 1673 const struct genl_family *family; 1674 unsigned int id; 1675 int ret = 0; 1676 1677 down_read(&cb_lock); 1678 1679 idr_for_each_entry(&genl_fam_idr, family, id) { 1680 const struct genl_multicast_group *grp; 1681 int i; 1682 1683 if (family->n_mcgrps == 0) 1684 continue; 1685 1686 i = group - family->mcgrp_offset; 1687 if (i < 0 || i >= family->n_mcgrps) 1688 continue; 1689 1690 grp = &family->mcgrps[i]; 1691 if ((grp->flags & GENL_UNS_ADMIN_PERM) && 1692 !ns_capable(net->user_ns, CAP_NET_ADMIN)) 1693 ret = -EPERM; 1694 1695 break; 1696 } 1697 1698 up_read(&cb_lock); 1699 return ret; 1700 } 1701 1702 static int __net_init genl_pernet_init(struct net *net) 1703 { 1704 struct netlink_kernel_cfg cfg = { 1705 .input = genl_rcv, 1706 .flags = NL_CFG_F_NONROOT_RECV, 1707 .bind = genl_bind, 1708 }; 1709 1710 /* we'll bump the group number right afterwards */ 1711 net->genl_sock = netlink_kernel_create(net, NETLINK_GENERIC, &cfg); 1712 1713 if (!net->genl_sock && net_eq(net, &init_net)) 1714 panic("GENL: Cannot initialize generic netlink\n"); 1715 1716 if (!net->genl_sock) 1717 return -ENOMEM; 1718 1719 return 0; 1720 } 1721 1722 static void __net_exit genl_pernet_exit(struct net *net) 1723 { 1724 netlink_kernel_release(net->genl_sock); 1725 net->genl_sock = NULL; 1726 } 1727 1728 static struct pernet_operations genl_pernet_ops = { 1729 .init = genl_pernet_init, 1730 .exit = genl_pernet_exit, 1731 }; 1732 1733 static int __init genl_init(void) 1734 { 1735 int err; 1736 1737 err = genl_register_family(&genl_ctrl); 1738 if (err < 0) 1739 goto problem; 1740 1741 err = register_pernet_subsys(&genl_pernet_ops); 1742 if (err) 1743 goto problem; 1744 1745 return 0; 1746 1747 problem: 1748 panic("GENL: Cannot register controller: %d\n", err); 1749 } 1750 1751 core_initcall(genl_init); 1752 1753 static int genlmsg_mcast(struct sk_buff *skb, u32 portid, unsigned long group, 1754 gfp_t flags) 1755 { 1756 struct sk_buff *tmp; 1757 struct net *net, *prev = NULL; 1758 bool delivered = false; 1759 int err; 1760 1761 for_each_net_rcu(net) { 1762 if (prev) { 1763 tmp = skb_clone(skb, flags); 1764 if (!tmp) { 1765 err = -ENOMEM; 1766 goto error; 1767 } 1768 err = nlmsg_multicast(prev->genl_sock, tmp, 1769 portid, group, flags); 1770 if (!err) 1771 delivered = true; 1772 else if (err != -ESRCH) 1773 goto error; 1774 } 1775 1776 prev = net; 1777 } 1778 1779 err = nlmsg_multicast(prev->genl_sock, skb, portid, group, flags); 1780 if (!err) 1781 delivered = true; 1782 else if (err != -ESRCH) 1783 return err; 1784 return delivered ? 0 : -ESRCH; 1785 error: 1786 kfree_skb(skb); 1787 return err; 1788 } 1789 1790 int genlmsg_multicast_allns(const struct genl_family *family, 1791 struct sk_buff *skb, u32 portid, 1792 unsigned int group, gfp_t flags) 1793 { 1794 if (WARN_ON_ONCE(group >= family->n_mcgrps)) 1795 return -EINVAL; 1796 1797 group = family->mcgrp_offset + group; 1798 return genlmsg_mcast(skb, portid, group, flags); 1799 } 1800 EXPORT_SYMBOL(genlmsg_multicast_allns); 1801 1802 void genl_notify(const struct genl_family *family, struct sk_buff *skb, 1803 struct genl_info *info, u32 group, gfp_t flags) 1804 { 1805 struct net *net = genl_info_net(info); 1806 struct sock *sk = net->genl_sock; 1807 1808 if (WARN_ON_ONCE(group >= family->n_mcgrps)) 1809 return; 1810 1811 group = family->mcgrp_offset + group; 1812 nlmsg_notify(sk, skb, info->snd_portid, group, 1813 nlmsg_report(info->nlhdr), flags); 1814 } 1815 EXPORT_SYMBOL(genl_notify); 1816