1 /* 2 * INET An implementation of the TCP/IP protocol suite for the LINUX 3 * operating system. INET is implemented using the BSD Socket 4 * interface as the means of communication with the user level. 5 * 6 * PACKET - implements raw packet sockets. 7 * 8 * Authors: Ross Biro 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 10 * Alan Cox, <gw4pts@gw4pts.ampr.org> 11 * 12 * Fixes: 13 * Alan Cox : verify_area() now used correctly 14 * Alan Cox : new skbuff lists, look ma no backlogs! 15 * Alan Cox : tidied skbuff lists. 16 * Alan Cox : Now uses generic datagram routines I 17 * added. Also fixed the peek/read crash 18 * from all old Linux datagram code. 19 * Alan Cox : Uses the improved datagram code. 20 * Alan Cox : Added NULL's for socket options. 21 * Alan Cox : Re-commented the code. 22 * Alan Cox : Use new kernel side addressing 23 * Rob Janssen : Correct MTU usage. 24 * Dave Platt : Counter leaks caused by incorrect 25 * interrupt locking and some slightly 26 * dubious gcc output. Can you read 27 * compiler: it said _VOLATILE_ 28 * Richard Kooijman : Timestamp fixes. 29 * Alan Cox : New buffers. Use sk->mac.raw. 30 * Alan Cox : sendmsg/recvmsg support. 31 * Alan Cox : Protocol setting support 32 * Alexey Kuznetsov : Untied from IPv4 stack. 33 * Cyrus Durgin : Fixed kerneld for kmod. 34 * Michal Ostrowski : Module initialization cleanup. 35 * Ulises Alonso : Frame number limit removal and 36 * packet_set_ring memory leak. 37 * Eric Biederman : Allow for > 8 byte hardware addresses. 38 * The convention is that longer addresses 39 * will simply extend the hardware address 40 * byte arrays at the end of sockaddr_ll 41 * and packet_mreq. 42 * Johann Baudy : Added TX RING. 43 * 44 * This program is free software; you can redistribute it and/or 45 * modify it under the terms of the GNU General Public License 46 * as published by the Free Software Foundation; either version 47 * 2 of the License, or (at your option) any later version. 48 * 49 */ 50 51 #include <linux/types.h> 52 #include <linux/mm.h> 53 #include <linux/capability.h> 54 #include <linux/fcntl.h> 55 #include <linux/socket.h> 56 #include <linux/in.h> 57 #include <linux/inet.h> 58 #include <linux/netdevice.h> 59 #include <linux/if_packet.h> 60 #include <linux/wireless.h> 61 #include <linux/kernel.h> 62 #include <linux/kmod.h> 63 #include <linux/slab.h> 64 #include <net/net_namespace.h> 65 #include <net/ip.h> 66 #include <net/protocol.h> 67 #include <linux/skbuff.h> 68 #include <net/sock.h> 69 #include <linux/errno.h> 70 #include <linux/timer.h> 71 #include <asm/system.h> 72 #include <asm/uaccess.h> 73 #include <asm/ioctls.h> 74 #include <asm/page.h> 75 #include <asm/cacheflush.h> 76 #include <asm/io.h> 77 #include <linux/proc_fs.h> 78 #include <linux/seq_file.h> 79 #include <linux/poll.h> 80 #include <linux/module.h> 81 #include <linux/init.h> 82 #include <linux/mutex.h> 83 #include <linux/if_vlan.h> 84 #include <linux/virtio_net.h> 85 #include <linux/errqueue.h> 86 87 #ifdef CONFIG_INET 88 #include <net/inet_common.h> 89 #endif 90 91 /* 92 Assumptions: 93 - if device has no dev->hard_header routine, it adds and removes ll header 94 inside itself. In this case ll header is invisible outside of device, 95 but higher levels still should reserve dev->hard_header_len. 96 Some devices are enough clever to reallocate skb, when header 97 will not fit to reserved space (tunnel), another ones are silly 98 (PPP). 99 - packet socket receives packets with pulled ll header, 100 so that SOCK_RAW should push it back. 101 102 On receive: 103 ----------- 104 105 Incoming, dev->hard_header!=NULL 106 mac_header -> ll header 107 data -> data 108 109 Outgoing, dev->hard_header!=NULL 110 mac_header -> ll header 111 data -> ll header 112 113 Incoming, dev->hard_header==NULL 114 mac_header -> UNKNOWN position. It is very likely, that it points to ll 115 header. PPP makes it, that is wrong, because introduce 116 assymetry between rx and tx paths. 117 data -> data 118 119 Outgoing, dev->hard_header==NULL 120 mac_header -> data. ll header is still not built! 121 data -> data 122 123 Resume 124 If dev->hard_header==NULL we are unlikely to restore sensible ll header. 125 126 127 On transmit: 128 ------------ 129 130 dev->hard_header != NULL 131 mac_header -> ll header 132 data -> ll header 133 134 dev->hard_header == NULL (ll header is added by device, we cannot control it) 135 mac_header -> data 136 data -> data 137 138 We should set nh.raw on output to correct posistion, 139 packet classifier depends on it. 140 */ 141 142 /* Private packet socket structures. */ 143 144 struct packet_mclist { 145 struct packet_mclist *next; 146 int ifindex; 147 int count; 148 unsigned short type; 149 unsigned short alen; 150 unsigned char addr[MAX_ADDR_LEN]; 151 }; 152 /* identical to struct packet_mreq except it has 153 * a longer address field. 154 */ 155 struct packet_mreq_max { 156 int mr_ifindex; 157 unsigned short mr_type; 158 unsigned short mr_alen; 159 unsigned char mr_address[MAX_ADDR_LEN]; 160 }; 161 162 static int packet_set_ring(struct sock *sk, struct tpacket_req *req, 163 int closing, int tx_ring); 164 165 struct packet_ring_buffer { 166 char **pg_vec; 167 unsigned int head; 168 unsigned int frames_per_block; 169 unsigned int frame_size; 170 unsigned int frame_max; 171 172 unsigned int pg_vec_order; 173 unsigned int pg_vec_pages; 174 unsigned int pg_vec_len; 175 176 atomic_t pending; 177 }; 178 179 struct packet_sock; 180 static int tpacket_snd(struct packet_sock *po, struct msghdr *msg); 181 182 static void packet_flush_mclist(struct sock *sk); 183 184 struct packet_sock { 185 /* struct sock has to be the first member of packet_sock */ 186 struct sock sk; 187 struct tpacket_stats stats; 188 struct packet_ring_buffer rx_ring; 189 struct packet_ring_buffer tx_ring; 190 int copy_thresh; 191 spinlock_t bind_lock; 192 struct mutex pg_vec_lock; 193 unsigned int running:1, /* prot_hook is attached*/ 194 auxdata:1, 195 origdev:1, 196 has_vnet_hdr:1; 197 int ifindex; /* bound device */ 198 __be16 num; 199 struct packet_mclist *mclist; 200 atomic_t mapped; 201 enum tpacket_versions tp_version; 202 unsigned int tp_hdrlen; 203 unsigned int tp_reserve; 204 unsigned int tp_loss:1; 205 struct packet_type prot_hook ____cacheline_aligned_in_smp; 206 }; 207 208 struct packet_skb_cb { 209 unsigned int origlen; 210 union { 211 struct sockaddr_pkt pkt; 212 struct sockaddr_ll ll; 213 } sa; 214 }; 215 216 #define PACKET_SKB_CB(__skb) ((struct packet_skb_cb *)((__skb)->cb)) 217 218 static void __packet_set_status(struct packet_sock *po, void *frame, int status) 219 { 220 union { 221 struct tpacket_hdr *h1; 222 struct tpacket2_hdr *h2; 223 void *raw; 224 } h; 225 226 h.raw = frame; 227 switch (po->tp_version) { 228 case TPACKET_V1: 229 h.h1->tp_status = status; 230 flush_dcache_page(virt_to_page(&h.h1->tp_status)); 231 break; 232 case TPACKET_V2: 233 h.h2->tp_status = status; 234 flush_dcache_page(virt_to_page(&h.h2->tp_status)); 235 break; 236 default: 237 pr_err("TPACKET version not supported\n"); 238 BUG(); 239 } 240 241 smp_wmb(); 242 } 243 244 static int __packet_get_status(struct packet_sock *po, void *frame) 245 { 246 union { 247 struct tpacket_hdr *h1; 248 struct tpacket2_hdr *h2; 249 void *raw; 250 } h; 251 252 smp_rmb(); 253 254 h.raw = frame; 255 switch (po->tp_version) { 256 case TPACKET_V1: 257 flush_dcache_page(virt_to_page(&h.h1->tp_status)); 258 return h.h1->tp_status; 259 case TPACKET_V2: 260 flush_dcache_page(virt_to_page(&h.h2->tp_status)); 261 return h.h2->tp_status; 262 default: 263 pr_err("TPACKET version not supported\n"); 264 BUG(); 265 return 0; 266 } 267 } 268 269 static void *packet_lookup_frame(struct packet_sock *po, 270 struct packet_ring_buffer *rb, 271 unsigned int position, 272 int status) 273 { 274 unsigned int pg_vec_pos, frame_offset; 275 union { 276 struct tpacket_hdr *h1; 277 struct tpacket2_hdr *h2; 278 void *raw; 279 } h; 280 281 pg_vec_pos = position / rb->frames_per_block; 282 frame_offset = position % rb->frames_per_block; 283 284 h.raw = rb->pg_vec[pg_vec_pos] + (frame_offset * rb->frame_size); 285 286 if (status != __packet_get_status(po, h.raw)) 287 return NULL; 288 289 return h.raw; 290 } 291 292 static inline void *packet_current_frame(struct packet_sock *po, 293 struct packet_ring_buffer *rb, 294 int status) 295 { 296 return packet_lookup_frame(po, rb, rb->head, status); 297 } 298 299 static inline void *packet_previous_frame(struct packet_sock *po, 300 struct packet_ring_buffer *rb, 301 int status) 302 { 303 unsigned int previous = rb->head ? rb->head - 1 : rb->frame_max; 304 return packet_lookup_frame(po, rb, previous, status); 305 } 306 307 static inline void packet_increment_head(struct packet_ring_buffer *buff) 308 { 309 buff->head = buff->head != buff->frame_max ? buff->head+1 : 0; 310 } 311 312 static inline struct packet_sock *pkt_sk(struct sock *sk) 313 { 314 return (struct packet_sock *)sk; 315 } 316 317 static void packet_sock_destruct(struct sock *sk) 318 { 319 skb_queue_purge(&sk->sk_error_queue); 320 321 WARN_ON(atomic_read(&sk->sk_rmem_alloc)); 322 WARN_ON(atomic_read(&sk->sk_wmem_alloc)); 323 324 if (!sock_flag(sk, SOCK_DEAD)) { 325 pr_err("Attempt to release alive packet socket: %p\n", sk); 326 return; 327 } 328 329 sk_refcnt_debug_dec(sk); 330 } 331 332 333 static const struct proto_ops packet_ops; 334 335 static const struct proto_ops packet_ops_spkt; 336 337 static int packet_rcv_spkt(struct sk_buff *skb, struct net_device *dev, 338 struct packet_type *pt, struct net_device *orig_dev) 339 { 340 struct sock *sk; 341 struct sockaddr_pkt *spkt; 342 343 /* 344 * When we registered the protocol we saved the socket in the data 345 * field for just this event. 346 */ 347 348 sk = pt->af_packet_priv; 349 350 /* 351 * Yank back the headers [hope the device set this 352 * right or kerboom...] 353 * 354 * Incoming packets have ll header pulled, 355 * push it back. 356 * 357 * For outgoing ones skb->data == skb_mac_header(skb) 358 * so that this procedure is noop. 359 */ 360 361 if (skb->pkt_type == PACKET_LOOPBACK) 362 goto out; 363 364 if (!net_eq(dev_net(dev), sock_net(sk))) 365 goto out; 366 367 skb = skb_share_check(skb, GFP_ATOMIC); 368 if (skb == NULL) 369 goto oom; 370 371 /* drop any routing info */ 372 skb_dst_drop(skb); 373 374 /* drop conntrack reference */ 375 nf_reset(skb); 376 377 spkt = &PACKET_SKB_CB(skb)->sa.pkt; 378 379 skb_push(skb, skb->data - skb_mac_header(skb)); 380 381 /* 382 * The SOCK_PACKET socket receives _all_ frames. 383 */ 384 385 spkt->spkt_family = dev->type; 386 strlcpy(spkt->spkt_device, dev->name, sizeof(spkt->spkt_device)); 387 spkt->spkt_protocol = skb->protocol; 388 389 /* 390 * Charge the memory to the socket. This is done specifically 391 * to prevent sockets using all the memory up. 392 */ 393 394 if (sock_queue_rcv_skb(sk, skb) == 0) 395 return 0; 396 397 out: 398 kfree_skb(skb); 399 oom: 400 return 0; 401 } 402 403 404 /* 405 * Output a raw packet to a device layer. This bypasses all the other 406 * protocol layers and you must therefore supply it with a complete frame 407 */ 408 409 static int packet_sendmsg_spkt(struct kiocb *iocb, struct socket *sock, 410 struct msghdr *msg, size_t len) 411 { 412 struct sock *sk = sock->sk; 413 struct sockaddr_pkt *saddr = (struct sockaddr_pkt *)msg->msg_name; 414 struct sk_buff *skb = NULL; 415 struct net_device *dev; 416 __be16 proto = 0; 417 int err; 418 419 /* 420 * Get and verify the address. 421 */ 422 423 if (saddr) { 424 if (msg->msg_namelen < sizeof(struct sockaddr)) 425 return -EINVAL; 426 if (msg->msg_namelen == sizeof(struct sockaddr_pkt)) 427 proto = saddr->spkt_protocol; 428 } else 429 return -ENOTCONN; /* SOCK_PACKET must be sent giving an address */ 430 431 /* 432 * Find the device first to size check it 433 */ 434 435 saddr->spkt_device[13] = 0; 436 retry: 437 rcu_read_lock(); 438 dev = dev_get_by_name_rcu(sock_net(sk), saddr->spkt_device); 439 err = -ENODEV; 440 if (dev == NULL) 441 goto out_unlock; 442 443 err = -ENETDOWN; 444 if (!(dev->flags & IFF_UP)) 445 goto out_unlock; 446 447 /* 448 * You may not queue a frame bigger than the mtu. This is the lowest level 449 * raw protocol and you must do your own fragmentation at this level. 450 */ 451 452 err = -EMSGSIZE; 453 if (len > dev->mtu + dev->hard_header_len) 454 goto out_unlock; 455 456 if (!skb) { 457 size_t reserved = LL_RESERVED_SPACE(dev); 458 unsigned int hhlen = dev->header_ops ? dev->hard_header_len : 0; 459 460 rcu_read_unlock(); 461 skb = sock_wmalloc(sk, len + reserved, 0, GFP_KERNEL); 462 if (skb == NULL) 463 return -ENOBUFS; 464 /* FIXME: Save some space for broken drivers that write a hard 465 * header at transmission time by themselves. PPP is the notable 466 * one here. This should really be fixed at the driver level. 467 */ 468 skb_reserve(skb, reserved); 469 skb_reset_network_header(skb); 470 471 /* Try to align data part correctly */ 472 if (hhlen) { 473 skb->data -= hhlen; 474 skb->tail -= hhlen; 475 if (len < hhlen) 476 skb_reset_network_header(skb); 477 } 478 err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len); 479 if (err) 480 goto out_free; 481 goto retry; 482 } 483 484 485 skb->protocol = proto; 486 skb->dev = dev; 487 skb->priority = sk->sk_priority; 488 skb->mark = sk->sk_mark; 489 err = sock_tx_timestamp(msg, sk, skb_tx(skb)); 490 if (err < 0) 491 goto out_unlock; 492 493 dev_queue_xmit(skb); 494 rcu_read_unlock(); 495 return len; 496 497 out_unlock: 498 rcu_read_unlock(); 499 out_free: 500 kfree_skb(skb); 501 return err; 502 } 503 504 static inline unsigned int run_filter(struct sk_buff *skb, struct sock *sk, 505 unsigned int res) 506 { 507 struct sk_filter *filter; 508 509 rcu_read_lock_bh(); 510 filter = rcu_dereference_bh(sk->sk_filter); 511 if (filter != NULL) 512 res = sk_run_filter(skb, filter->insns, filter->len); 513 rcu_read_unlock_bh(); 514 515 return res; 516 } 517 518 /* 519 This function makes lazy skb cloning in hope that most of packets 520 are discarded by BPF. 521 522 Note tricky part: we DO mangle shared skb! skb->data, skb->len 523 and skb->cb are mangled. It works because (and until) packets 524 falling here are owned by current CPU. Output packets are cloned 525 by dev_queue_xmit_nit(), input packets are processed by net_bh 526 sequencially, so that if we return skb to original state on exit, 527 we will not harm anyone. 528 */ 529 530 static int packet_rcv(struct sk_buff *skb, struct net_device *dev, 531 struct packet_type *pt, struct net_device *orig_dev) 532 { 533 struct sock *sk; 534 struct sockaddr_ll *sll; 535 struct packet_sock *po; 536 u8 *skb_head = skb->data; 537 int skb_len = skb->len; 538 unsigned int snaplen, res; 539 540 if (skb->pkt_type == PACKET_LOOPBACK) 541 goto drop; 542 543 sk = pt->af_packet_priv; 544 po = pkt_sk(sk); 545 546 if (!net_eq(dev_net(dev), sock_net(sk))) 547 goto drop; 548 549 skb->dev = dev; 550 551 if (dev->header_ops) { 552 /* The device has an explicit notion of ll header, 553 exported to higher levels. 554 555 Otherwise, the device hides datails of it frame 556 structure, so that corresponding packet head 557 never delivered to user. 558 */ 559 if (sk->sk_type != SOCK_DGRAM) 560 skb_push(skb, skb->data - skb_mac_header(skb)); 561 else if (skb->pkt_type == PACKET_OUTGOING) { 562 /* Special case: outgoing packets have ll header at head */ 563 skb_pull(skb, skb_network_offset(skb)); 564 } 565 } 566 567 snaplen = skb->len; 568 569 res = run_filter(skb, sk, snaplen); 570 if (!res) 571 goto drop_n_restore; 572 if (snaplen > res) 573 snaplen = res; 574 575 if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >= 576 (unsigned)sk->sk_rcvbuf) 577 goto drop_n_acct; 578 579 if (skb_shared(skb)) { 580 struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC); 581 if (nskb == NULL) 582 goto drop_n_acct; 583 584 if (skb_head != skb->data) { 585 skb->data = skb_head; 586 skb->len = skb_len; 587 } 588 kfree_skb(skb); 589 skb = nskb; 590 } 591 592 BUILD_BUG_ON(sizeof(*PACKET_SKB_CB(skb)) + MAX_ADDR_LEN - 8 > 593 sizeof(skb->cb)); 594 595 sll = &PACKET_SKB_CB(skb)->sa.ll; 596 sll->sll_family = AF_PACKET; 597 sll->sll_hatype = dev->type; 598 sll->sll_protocol = skb->protocol; 599 sll->sll_pkttype = skb->pkt_type; 600 if (unlikely(po->origdev)) 601 sll->sll_ifindex = orig_dev->ifindex; 602 else 603 sll->sll_ifindex = dev->ifindex; 604 605 sll->sll_halen = dev_parse_header(skb, sll->sll_addr); 606 607 PACKET_SKB_CB(skb)->origlen = skb->len; 608 609 if (pskb_trim(skb, snaplen)) 610 goto drop_n_acct; 611 612 skb_set_owner_r(skb, sk); 613 skb->dev = NULL; 614 skb_dst_drop(skb); 615 616 /* drop conntrack reference */ 617 nf_reset(skb); 618 619 spin_lock(&sk->sk_receive_queue.lock); 620 po->stats.tp_packets++; 621 skb->dropcount = atomic_read(&sk->sk_drops); 622 __skb_queue_tail(&sk->sk_receive_queue, skb); 623 spin_unlock(&sk->sk_receive_queue.lock); 624 sk->sk_data_ready(sk, skb->len); 625 return 0; 626 627 drop_n_acct: 628 po->stats.tp_drops = atomic_inc_return(&sk->sk_drops); 629 630 drop_n_restore: 631 if (skb_head != skb->data && skb_shared(skb)) { 632 skb->data = skb_head; 633 skb->len = skb_len; 634 } 635 drop: 636 consume_skb(skb); 637 return 0; 638 } 639 640 static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, 641 struct packet_type *pt, struct net_device *orig_dev) 642 { 643 struct sock *sk; 644 struct packet_sock *po; 645 struct sockaddr_ll *sll; 646 union { 647 struct tpacket_hdr *h1; 648 struct tpacket2_hdr *h2; 649 void *raw; 650 } h; 651 u8 *skb_head = skb->data; 652 int skb_len = skb->len; 653 unsigned int snaplen, res; 654 unsigned long status = TP_STATUS_LOSING|TP_STATUS_USER; 655 unsigned short macoff, netoff, hdrlen; 656 struct sk_buff *copy_skb = NULL; 657 struct timeval tv; 658 struct timespec ts; 659 660 if (skb->pkt_type == PACKET_LOOPBACK) 661 goto drop; 662 663 sk = pt->af_packet_priv; 664 po = pkt_sk(sk); 665 666 if (!net_eq(dev_net(dev), sock_net(sk))) 667 goto drop; 668 669 if (dev->header_ops) { 670 if (sk->sk_type != SOCK_DGRAM) 671 skb_push(skb, skb->data - skb_mac_header(skb)); 672 else if (skb->pkt_type == PACKET_OUTGOING) { 673 /* Special case: outgoing packets have ll header at head */ 674 skb_pull(skb, skb_network_offset(skb)); 675 } 676 } 677 678 if (skb->ip_summed == CHECKSUM_PARTIAL) 679 status |= TP_STATUS_CSUMNOTREADY; 680 681 snaplen = skb->len; 682 683 res = run_filter(skb, sk, snaplen); 684 if (!res) 685 goto drop_n_restore; 686 if (snaplen > res) 687 snaplen = res; 688 689 if (sk->sk_type == SOCK_DGRAM) { 690 macoff = netoff = TPACKET_ALIGN(po->tp_hdrlen) + 16 + 691 po->tp_reserve; 692 } else { 693 unsigned maclen = skb_network_offset(skb); 694 netoff = TPACKET_ALIGN(po->tp_hdrlen + 695 (maclen < 16 ? 16 : maclen)) + 696 po->tp_reserve; 697 macoff = netoff - maclen; 698 } 699 700 if (macoff + snaplen > po->rx_ring.frame_size) { 701 if (po->copy_thresh && 702 atomic_read(&sk->sk_rmem_alloc) + skb->truesize < 703 (unsigned)sk->sk_rcvbuf) { 704 if (skb_shared(skb)) { 705 copy_skb = skb_clone(skb, GFP_ATOMIC); 706 } else { 707 copy_skb = skb_get(skb); 708 skb_head = skb->data; 709 } 710 if (copy_skb) 711 skb_set_owner_r(copy_skb, sk); 712 } 713 snaplen = po->rx_ring.frame_size - macoff; 714 if ((int)snaplen < 0) 715 snaplen = 0; 716 } 717 718 spin_lock(&sk->sk_receive_queue.lock); 719 h.raw = packet_current_frame(po, &po->rx_ring, TP_STATUS_KERNEL); 720 if (!h.raw) 721 goto ring_is_full; 722 packet_increment_head(&po->rx_ring); 723 po->stats.tp_packets++; 724 if (copy_skb) { 725 status |= TP_STATUS_COPY; 726 __skb_queue_tail(&sk->sk_receive_queue, copy_skb); 727 } 728 if (!po->stats.tp_drops) 729 status &= ~TP_STATUS_LOSING; 730 spin_unlock(&sk->sk_receive_queue.lock); 731 732 skb_copy_bits(skb, 0, h.raw + macoff, snaplen); 733 734 switch (po->tp_version) { 735 case TPACKET_V1: 736 h.h1->tp_len = skb->len; 737 h.h1->tp_snaplen = snaplen; 738 h.h1->tp_mac = macoff; 739 h.h1->tp_net = netoff; 740 if (skb->tstamp.tv64) 741 tv = ktime_to_timeval(skb->tstamp); 742 else 743 do_gettimeofday(&tv); 744 h.h1->tp_sec = tv.tv_sec; 745 h.h1->tp_usec = tv.tv_usec; 746 hdrlen = sizeof(*h.h1); 747 break; 748 case TPACKET_V2: 749 h.h2->tp_len = skb->len; 750 h.h2->tp_snaplen = snaplen; 751 h.h2->tp_mac = macoff; 752 h.h2->tp_net = netoff; 753 if (skb->tstamp.tv64) 754 ts = ktime_to_timespec(skb->tstamp); 755 else 756 getnstimeofday(&ts); 757 h.h2->tp_sec = ts.tv_sec; 758 h.h2->tp_nsec = ts.tv_nsec; 759 h.h2->tp_vlan_tci = vlan_tx_tag_get(skb); 760 hdrlen = sizeof(*h.h2); 761 break; 762 default: 763 BUG(); 764 } 765 766 sll = h.raw + TPACKET_ALIGN(hdrlen); 767 sll->sll_halen = dev_parse_header(skb, sll->sll_addr); 768 sll->sll_family = AF_PACKET; 769 sll->sll_hatype = dev->type; 770 sll->sll_protocol = skb->protocol; 771 sll->sll_pkttype = skb->pkt_type; 772 if (unlikely(po->origdev)) 773 sll->sll_ifindex = orig_dev->ifindex; 774 else 775 sll->sll_ifindex = dev->ifindex; 776 777 __packet_set_status(po, h.raw, status); 778 smp_mb(); 779 { 780 struct page *p_start, *p_end; 781 u8 *h_end = h.raw + macoff + snaplen - 1; 782 783 p_start = virt_to_page(h.raw); 784 p_end = virt_to_page(h_end); 785 while (p_start <= p_end) { 786 flush_dcache_page(p_start); 787 p_start++; 788 } 789 } 790 791 sk->sk_data_ready(sk, 0); 792 793 drop_n_restore: 794 if (skb_head != skb->data && skb_shared(skb)) { 795 skb->data = skb_head; 796 skb->len = skb_len; 797 } 798 drop: 799 kfree_skb(skb); 800 return 0; 801 802 ring_is_full: 803 po->stats.tp_drops++; 804 spin_unlock(&sk->sk_receive_queue.lock); 805 806 sk->sk_data_ready(sk, 0); 807 kfree_skb(copy_skb); 808 goto drop_n_restore; 809 } 810 811 static void tpacket_destruct_skb(struct sk_buff *skb) 812 { 813 struct packet_sock *po = pkt_sk(skb->sk); 814 void *ph; 815 816 BUG_ON(skb == NULL); 817 818 if (likely(po->tx_ring.pg_vec)) { 819 ph = skb_shinfo(skb)->destructor_arg; 820 BUG_ON(__packet_get_status(po, ph) != TP_STATUS_SENDING); 821 BUG_ON(atomic_read(&po->tx_ring.pending) == 0); 822 atomic_dec(&po->tx_ring.pending); 823 __packet_set_status(po, ph, TP_STATUS_AVAILABLE); 824 } 825 826 sock_wfree(skb); 827 } 828 829 static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb, 830 void *frame, struct net_device *dev, int size_max, 831 __be16 proto, unsigned char *addr) 832 { 833 union { 834 struct tpacket_hdr *h1; 835 struct tpacket2_hdr *h2; 836 void *raw; 837 } ph; 838 int to_write, offset, len, tp_len, nr_frags, len_max; 839 struct socket *sock = po->sk.sk_socket; 840 struct page *page; 841 void *data; 842 int err; 843 844 ph.raw = frame; 845 846 skb->protocol = proto; 847 skb->dev = dev; 848 skb->priority = po->sk.sk_priority; 849 skb->mark = po->sk.sk_mark; 850 skb_shinfo(skb)->destructor_arg = ph.raw; 851 852 switch (po->tp_version) { 853 case TPACKET_V2: 854 tp_len = ph.h2->tp_len; 855 break; 856 default: 857 tp_len = ph.h1->tp_len; 858 break; 859 } 860 if (unlikely(tp_len > size_max)) { 861 pr_err("packet size is too long (%d > %d)\n", tp_len, size_max); 862 return -EMSGSIZE; 863 } 864 865 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 866 skb_reset_network_header(skb); 867 868 data = ph.raw + po->tp_hdrlen - sizeof(struct sockaddr_ll); 869 to_write = tp_len; 870 871 if (sock->type == SOCK_DGRAM) { 872 err = dev_hard_header(skb, dev, ntohs(proto), addr, 873 NULL, tp_len); 874 if (unlikely(err < 0)) 875 return -EINVAL; 876 } else if (dev->hard_header_len) { 877 /* net device doesn't like empty head */ 878 if (unlikely(tp_len <= dev->hard_header_len)) { 879 pr_err("packet size is too short (%d < %d)\n", 880 tp_len, dev->hard_header_len); 881 return -EINVAL; 882 } 883 884 skb_push(skb, dev->hard_header_len); 885 err = skb_store_bits(skb, 0, data, 886 dev->hard_header_len); 887 if (unlikely(err)) 888 return err; 889 890 data += dev->hard_header_len; 891 to_write -= dev->hard_header_len; 892 } 893 894 err = -EFAULT; 895 page = virt_to_page(data); 896 offset = offset_in_page(data); 897 len_max = PAGE_SIZE - offset; 898 len = ((to_write > len_max) ? len_max : to_write); 899 900 skb->data_len = to_write; 901 skb->len += to_write; 902 skb->truesize += to_write; 903 atomic_add(to_write, &po->sk.sk_wmem_alloc); 904 905 while (likely(to_write)) { 906 nr_frags = skb_shinfo(skb)->nr_frags; 907 908 if (unlikely(nr_frags >= MAX_SKB_FRAGS)) { 909 pr_err("Packet exceed the number of skb frags(%lu)\n", 910 MAX_SKB_FRAGS); 911 return -EFAULT; 912 } 913 914 flush_dcache_page(page); 915 get_page(page); 916 skb_fill_page_desc(skb, 917 nr_frags, 918 page++, offset, len); 919 to_write -= len; 920 offset = 0; 921 len_max = PAGE_SIZE; 922 len = ((to_write > len_max) ? len_max : to_write); 923 } 924 925 return tp_len; 926 } 927 928 static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) 929 { 930 struct socket *sock; 931 struct sk_buff *skb; 932 struct net_device *dev; 933 __be16 proto; 934 int ifindex, err, reserve = 0; 935 void *ph; 936 struct sockaddr_ll *saddr = (struct sockaddr_ll *)msg->msg_name; 937 int tp_len, size_max; 938 unsigned char *addr; 939 int len_sum = 0; 940 int status = 0; 941 942 sock = po->sk.sk_socket; 943 944 mutex_lock(&po->pg_vec_lock); 945 946 err = -EBUSY; 947 if (saddr == NULL) { 948 ifindex = po->ifindex; 949 proto = po->num; 950 addr = NULL; 951 } else { 952 err = -EINVAL; 953 if (msg->msg_namelen < sizeof(struct sockaddr_ll)) 954 goto out; 955 if (msg->msg_namelen < (saddr->sll_halen 956 + offsetof(struct sockaddr_ll, 957 sll_addr))) 958 goto out; 959 ifindex = saddr->sll_ifindex; 960 proto = saddr->sll_protocol; 961 addr = saddr->sll_addr; 962 } 963 964 dev = dev_get_by_index(sock_net(&po->sk), ifindex); 965 err = -ENXIO; 966 if (unlikely(dev == NULL)) 967 goto out; 968 969 reserve = dev->hard_header_len; 970 971 err = -ENETDOWN; 972 if (unlikely(!(dev->flags & IFF_UP))) 973 goto out_put; 974 975 size_max = po->tx_ring.frame_size 976 - (po->tp_hdrlen - sizeof(struct sockaddr_ll)); 977 978 if (size_max > dev->mtu + reserve) 979 size_max = dev->mtu + reserve; 980 981 do { 982 ph = packet_current_frame(po, &po->tx_ring, 983 TP_STATUS_SEND_REQUEST); 984 985 if (unlikely(ph == NULL)) { 986 schedule(); 987 continue; 988 } 989 990 status = TP_STATUS_SEND_REQUEST; 991 skb = sock_alloc_send_skb(&po->sk, 992 LL_ALLOCATED_SPACE(dev) 993 + sizeof(struct sockaddr_ll), 994 0, &err); 995 996 if (unlikely(skb == NULL)) 997 goto out_status; 998 999 tp_len = tpacket_fill_skb(po, skb, ph, dev, size_max, proto, 1000 addr); 1001 1002 if (unlikely(tp_len < 0)) { 1003 if (po->tp_loss) { 1004 __packet_set_status(po, ph, 1005 TP_STATUS_AVAILABLE); 1006 packet_increment_head(&po->tx_ring); 1007 kfree_skb(skb); 1008 continue; 1009 } else { 1010 status = TP_STATUS_WRONG_FORMAT; 1011 err = tp_len; 1012 goto out_status; 1013 } 1014 } 1015 1016 skb->destructor = tpacket_destruct_skb; 1017 __packet_set_status(po, ph, TP_STATUS_SENDING); 1018 atomic_inc(&po->tx_ring.pending); 1019 1020 status = TP_STATUS_SEND_REQUEST; 1021 err = dev_queue_xmit(skb); 1022 if (unlikely(err > 0)) { 1023 err = net_xmit_errno(err); 1024 if (err && __packet_get_status(po, ph) == 1025 TP_STATUS_AVAILABLE) { 1026 /* skb was destructed already */ 1027 skb = NULL; 1028 goto out_status; 1029 } 1030 /* 1031 * skb was dropped but not destructed yet; 1032 * let's treat it like congestion or err < 0 1033 */ 1034 err = 0; 1035 } 1036 packet_increment_head(&po->tx_ring); 1037 len_sum += tp_len; 1038 } while (likely((ph != NULL) || 1039 ((!(msg->msg_flags & MSG_DONTWAIT)) && 1040 (atomic_read(&po->tx_ring.pending)))) 1041 ); 1042 1043 err = len_sum; 1044 goto out_put; 1045 1046 out_status: 1047 __packet_set_status(po, ph, status); 1048 kfree_skb(skb); 1049 out_put: 1050 dev_put(dev); 1051 out: 1052 mutex_unlock(&po->pg_vec_lock); 1053 return err; 1054 } 1055 1056 static inline struct sk_buff *packet_alloc_skb(struct sock *sk, size_t prepad, 1057 size_t reserve, size_t len, 1058 size_t linear, int noblock, 1059 int *err) 1060 { 1061 struct sk_buff *skb; 1062 1063 /* Under a page? Don't bother with paged skb. */ 1064 if (prepad + len < PAGE_SIZE || !linear) 1065 linear = len; 1066 1067 skb = sock_alloc_send_pskb(sk, prepad + linear, len - linear, noblock, 1068 err); 1069 if (!skb) 1070 return NULL; 1071 1072 skb_reserve(skb, reserve); 1073 skb_put(skb, linear); 1074 skb->data_len = len - linear; 1075 skb->len += len - linear; 1076 1077 return skb; 1078 } 1079 1080 static int packet_snd(struct socket *sock, 1081 struct msghdr *msg, size_t len) 1082 { 1083 struct sock *sk = sock->sk; 1084 struct sockaddr_ll *saddr = (struct sockaddr_ll *)msg->msg_name; 1085 struct sk_buff *skb; 1086 struct net_device *dev; 1087 __be16 proto; 1088 unsigned char *addr; 1089 int ifindex, err, reserve = 0; 1090 struct virtio_net_hdr vnet_hdr = { 0 }; 1091 int offset = 0; 1092 int vnet_hdr_len; 1093 struct packet_sock *po = pkt_sk(sk); 1094 unsigned short gso_type = 0; 1095 1096 /* 1097 * Get and verify the address. 1098 */ 1099 1100 if (saddr == NULL) { 1101 ifindex = po->ifindex; 1102 proto = po->num; 1103 addr = NULL; 1104 } else { 1105 err = -EINVAL; 1106 if (msg->msg_namelen < sizeof(struct sockaddr_ll)) 1107 goto out; 1108 if (msg->msg_namelen < (saddr->sll_halen + offsetof(struct sockaddr_ll, sll_addr))) 1109 goto out; 1110 ifindex = saddr->sll_ifindex; 1111 proto = saddr->sll_protocol; 1112 addr = saddr->sll_addr; 1113 } 1114 1115 1116 dev = dev_get_by_index(sock_net(sk), ifindex); 1117 err = -ENXIO; 1118 if (dev == NULL) 1119 goto out_unlock; 1120 if (sock->type == SOCK_RAW) 1121 reserve = dev->hard_header_len; 1122 1123 err = -ENETDOWN; 1124 if (!(dev->flags & IFF_UP)) 1125 goto out_unlock; 1126 1127 if (po->has_vnet_hdr) { 1128 vnet_hdr_len = sizeof(vnet_hdr); 1129 1130 err = -EINVAL; 1131 if (len < vnet_hdr_len) 1132 goto out_unlock; 1133 1134 len -= vnet_hdr_len; 1135 1136 err = memcpy_fromiovec((void *)&vnet_hdr, msg->msg_iov, 1137 vnet_hdr_len); 1138 if (err < 0) 1139 goto out_unlock; 1140 1141 if ((vnet_hdr.flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && 1142 (vnet_hdr.csum_start + vnet_hdr.csum_offset + 2 > 1143 vnet_hdr.hdr_len)) 1144 vnet_hdr.hdr_len = vnet_hdr.csum_start + 1145 vnet_hdr.csum_offset + 2; 1146 1147 err = -EINVAL; 1148 if (vnet_hdr.hdr_len > len) 1149 goto out_unlock; 1150 1151 if (vnet_hdr.gso_type != VIRTIO_NET_HDR_GSO_NONE) { 1152 switch (vnet_hdr.gso_type & ~VIRTIO_NET_HDR_GSO_ECN) { 1153 case VIRTIO_NET_HDR_GSO_TCPV4: 1154 gso_type = SKB_GSO_TCPV4; 1155 break; 1156 case VIRTIO_NET_HDR_GSO_TCPV6: 1157 gso_type = SKB_GSO_TCPV6; 1158 break; 1159 case VIRTIO_NET_HDR_GSO_UDP: 1160 gso_type = SKB_GSO_UDP; 1161 break; 1162 default: 1163 goto out_unlock; 1164 } 1165 1166 if (vnet_hdr.gso_type & VIRTIO_NET_HDR_GSO_ECN) 1167 gso_type |= SKB_GSO_TCP_ECN; 1168 1169 if (vnet_hdr.gso_size == 0) 1170 goto out_unlock; 1171 1172 } 1173 } 1174 1175 err = -EMSGSIZE; 1176 if (!gso_type && (len > dev->mtu+reserve)) 1177 goto out_unlock; 1178 1179 err = -ENOBUFS; 1180 skb = packet_alloc_skb(sk, LL_ALLOCATED_SPACE(dev), 1181 LL_RESERVED_SPACE(dev), len, vnet_hdr.hdr_len, 1182 msg->msg_flags & MSG_DONTWAIT, &err); 1183 if (skb == NULL) 1184 goto out_unlock; 1185 1186 skb_set_network_header(skb, reserve); 1187 1188 err = -EINVAL; 1189 if (sock->type == SOCK_DGRAM && 1190 (offset = dev_hard_header(skb, dev, ntohs(proto), addr, NULL, len)) < 0) 1191 goto out_free; 1192 1193 /* Returns -EFAULT on error */ 1194 err = skb_copy_datagram_from_iovec(skb, offset, msg->msg_iov, 0, len); 1195 if (err) 1196 goto out_free; 1197 err = sock_tx_timestamp(msg, sk, skb_tx(skb)); 1198 if (err < 0) 1199 goto out_free; 1200 1201 skb->protocol = proto; 1202 skb->dev = dev; 1203 skb->priority = sk->sk_priority; 1204 skb->mark = sk->sk_mark; 1205 1206 if (po->has_vnet_hdr) { 1207 if (vnet_hdr.flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) { 1208 if (!skb_partial_csum_set(skb, vnet_hdr.csum_start, 1209 vnet_hdr.csum_offset)) { 1210 err = -EINVAL; 1211 goto out_free; 1212 } 1213 } 1214 1215 skb_shinfo(skb)->gso_size = vnet_hdr.gso_size; 1216 skb_shinfo(skb)->gso_type = gso_type; 1217 1218 /* Header must be checked, and gso_segs computed. */ 1219 skb_shinfo(skb)->gso_type |= SKB_GSO_DODGY; 1220 skb_shinfo(skb)->gso_segs = 0; 1221 1222 len += vnet_hdr_len; 1223 } 1224 1225 /* 1226 * Now send it 1227 */ 1228 1229 err = dev_queue_xmit(skb); 1230 if (err > 0 && (err = net_xmit_errno(err)) != 0) 1231 goto out_unlock; 1232 1233 dev_put(dev); 1234 1235 return len; 1236 1237 out_free: 1238 kfree_skb(skb); 1239 out_unlock: 1240 if (dev) 1241 dev_put(dev); 1242 out: 1243 return err; 1244 } 1245 1246 static int packet_sendmsg(struct kiocb *iocb, struct socket *sock, 1247 struct msghdr *msg, size_t len) 1248 { 1249 struct sock *sk = sock->sk; 1250 struct packet_sock *po = pkt_sk(sk); 1251 if (po->tx_ring.pg_vec) 1252 return tpacket_snd(po, msg); 1253 else 1254 return packet_snd(sock, msg, len); 1255 } 1256 1257 /* 1258 * Close a PACKET socket. This is fairly simple. We immediately go 1259 * to 'closed' state and remove our protocol entry in the device list. 1260 */ 1261 1262 static int packet_release(struct socket *sock) 1263 { 1264 struct sock *sk = sock->sk; 1265 struct packet_sock *po; 1266 struct net *net; 1267 struct tpacket_req req; 1268 1269 if (!sk) 1270 return 0; 1271 1272 net = sock_net(sk); 1273 po = pkt_sk(sk); 1274 1275 spin_lock_bh(&net->packet.sklist_lock); 1276 sk_del_node_init_rcu(sk); 1277 sock_prot_inuse_add(net, sk->sk_prot, -1); 1278 spin_unlock_bh(&net->packet.sklist_lock); 1279 1280 spin_lock(&po->bind_lock); 1281 if (po->running) { 1282 /* 1283 * Remove from protocol table 1284 */ 1285 po->running = 0; 1286 po->num = 0; 1287 __dev_remove_pack(&po->prot_hook); 1288 __sock_put(sk); 1289 } 1290 spin_unlock(&po->bind_lock); 1291 1292 packet_flush_mclist(sk); 1293 1294 memset(&req, 0, sizeof(req)); 1295 1296 if (po->rx_ring.pg_vec) 1297 packet_set_ring(sk, &req, 1, 0); 1298 1299 if (po->tx_ring.pg_vec) 1300 packet_set_ring(sk, &req, 1, 1); 1301 1302 synchronize_net(); 1303 /* 1304 * Now the socket is dead. No more input will appear. 1305 */ 1306 sock_orphan(sk); 1307 sock->sk = NULL; 1308 1309 /* Purge queues */ 1310 1311 skb_queue_purge(&sk->sk_receive_queue); 1312 sk_refcnt_debug_release(sk); 1313 1314 sock_put(sk); 1315 return 0; 1316 } 1317 1318 /* 1319 * Attach a packet hook. 1320 */ 1321 1322 static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 protocol) 1323 { 1324 struct packet_sock *po = pkt_sk(sk); 1325 /* 1326 * Detach an existing hook if present. 1327 */ 1328 1329 lock_sock(sk); 1330 1331 spin_lock(&po->bind_lock); 1332 if (po->running) { 1333 __sock_put(sk); 1334 po->running = 0; 1335 po->num = 0; 1336 spin_unlock(&po->bind_lock); 1337 dev_remove_pack(&po->prot_hook); 1338 spin_lock(&po->bind_lock); 1339 } 1340 1341 po->num = protocol; 1342 po->prot_hook.type = protocol; 1343 po->prot_hook.dev = dev; 1344 1345 po->ifindex = dev ? dev->ifindex : 0; 1346 1347 if (protocol == 0) 1348 goto out_unlock; 1349 1350 if (!dev || (dev->flags & IFF_UP)) { 1351 dev_add_pack(&po->prot_hook); 1352 sock_hold(sk); 1353 po->running = 1; 1354 } else { 1355 sk->sk_err = ENETDOWN; 1356 if (!sock_flag(sk, SOCK_DEAD)) 1357 sk->sk_error_report(sk); 1358 } 1359 1360 out_unlock: 1361 spin_unlock(&po->bind_lock); 1362 release_sock(sk); 1363 return 0; 1364 } 1365 1366 /* 1367 * Bind a packet socket to a device 1368 */ 1369 1370 static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, 1371 int addr_len) 1372 { 1373 struct sock *sk = sock->sk; 1374 char name[15]; 1375 struct net_device *dev; 1376 int err = -ENODEV; 1377 1378 /* 1379 * Check legality 1380 */ 1381 1382 if (addr_len != sizeof(struct sockaddr)) 1383 return -EINVAL; 1384 strlcpy(name, uaddr->sa_data, sizeof(name)); 1385 1386 dev = dev_get_by_name(sock_net(sk), name); 1387 if (dev) { 1388 err = packet_do_bind(sk, dev, pkt_sk(sk)->num); 1389 dev_put(dev); 1390 } 1391 return err; 1392 } 1393 1394 static int packet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 1395 { 1396 struct sockaddr_ll *sll = (struct sockaddr_ll *)uaddr; 1397 struct sock *sk = sock->sk; 1398 struct net_device *dev = NULL; 1399 int err; 1400 1401 1402 /* 1403 * Check legality 1404 */ 1405 1406 if (addr_len < sizeof(struct sockaddr_ll)) 1407 return -EINVAL; 1408 if (sll->sll_family != AF_PACKET) 1409 return -EINVAL; 1410 1411 if (sll->sll_ifindex) { 1412 err = -ENODEV; 1413 dev = dev_get_by_index(sock_net(sk), sll->sll_ifindex); 1414 if (dev == NULL) 1415 goto out; 1416 } 1417 err = packet_do_bind(sk, dev, sll->sll_protocol ? : pkt_sk(sk)->num); 1418 if (dev) 1419 dev_put(dev); 1420 1421 out: 1422 return err; 1423 } 1424 1425 static struct proto packet_proto = { 1426 .name = "PACKET", 1427 .owner = THIS_MODULE, 1428 .obj_size = sizeof(struct packet_sock), 1429 }; 1430 1431 /* 1432 * Create a packet of type SOCK_PACKET. 1433 */ 1434 1435 static int packet_create(struct net *net, struct socket *sock, int protocol, 1436 int kern) 1437 { 1438 struct sock *sk; 1439 struct packet_sock *po; 1440 __be16 proto = (__force __be16)protocol; /* weird, but documented */ 1441 int err; 1442 1443 if (!capable(CAP_NET_RAW)) 1444 return -EPERM; 1445 if (sock->type != SOCK_DGRAM && sock->type != SOCK_RAW && 1446 sock->type != SOCK_PACKET) 1447 return -ESOCKTNOSUPPORT; 1448 1449 sock->state = SS_UNCONNECTED; 1450 1451 err = -ENOBUFS; 1452 sk = sk_alloc(net, PF_PACKET, GFP_KERNEL, &packet_proto); 1453 if (sk == NULL) 1454 goto out; 1455 1456 sock->ops = &packet_ops; 1457 if (sock->type == SOCK_PACKET) 1458 sock->ops = &packet_ops_spkt; 1459 1460 sock_init_data(sock, sk); 1461 1462 po = pkt_sk(sk); 1463 sk->sk_family = PF_PACKET; 1464 po->num = proto; 1465 1466 sk->sk_destruct = packet_sock_destruct; 1467 sk_refcnt_debug_inc(sk); 1468 1469 /* 1470 * Attach a protocol block 1471 */ 1472 1473 spin_lock_init(&po->bind_lock); 1474 mutex_init(&po->pg_vec_lock); 1475 po->prot_hook.func = packet_rcv; 1476 1477 if (sock->type == SOCK_PACKET) 1478 po->prot_hook.func = packet_rcv_spkt; 1479 1480 po->prot_hook.af_packet_priv = sk; 1481 1482 if (proto) { 1483 po->prot_hook.type = proto; 1484 dev_add_pack(&po->prot_hook); 1485 sock_hold(sk); 1486 po->running = 1; 1487 } 1488 1489 spin_lock_bh(&net->packet.sklist_lock); 1490 sk_add_node_rcu(sk, &net->packet.sklist); 1491 sock_prot_inuse_add(net, &packet_proto, 1); 1492 spin_unlock_bh(&net->packet.sklist_lock); 1493 1494 return 0; 1495 out: 1496 return err; 1497 } 1498 1499 static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) 1500 { 1501 struct sock_exterr_skb *serr; 1502 struct sk_buff *skb, *skb2; 1503 int copied, err; 1504 1505 err = -EAGAIN; 1506 skb = skb_dequeue(&sk->sk_error_queue); 1507 if (skb == NULL) 1508 goto out; 1509 1510 copied = skb->len; 1511 if (copied > len) { 1512 msg->msg_flags |= MSG_TRUNC; 1513 copied = len; 1514 } 1515 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 1516 if (err) 1517 goto out_free_skb; 1518 1519 sock_recv_timestamp(msg, sk, skb); 1520 1521 serr = SKB_EXT_ERR(skb); 1522 put_cmsg(msg, SOL_PACKET, PACKET_TX_TIMESTAMP, 1523 sizeof(serr->ee), &serr->ee); 1524 1525 msg->msg_flags |= MSG_ERRQUEUE; 1526 err = copied; 1527 1528 /* Reset and regenerate socket error */ 1529 spin_lock_bh(&sk->sk_error_queue.lock); 1530 sk->sk_err = 0; 1531 if ((skb2 = skb_peek(&sk->sk_error_queue)) != NULL) { 1532 sk->sk_err = SKB_EXT_ERR(skb2)->ee.ee_errno; 1533 spin_unlock_bh(&sk->sk_error_queue.lock); 1534 sk->sk_error_report(sk); 1535 } else 1536 spin_unlock_bh(&sk->sk_error_queue.lock); 1537 1538 out_free_skb: 1539 kfree_skb(skb); 1540 out: 1541 return err; 1542 } 1543 1544 /* 1545 * Pull a packet from our receive queue and hand it to the user. 1546 * If necessary we block. 1547 */ 1548 1549 static int packet_recvmsg(struct kiocb *iocb, struct socket *sock, 1550 struct msghdr *msg, size_t len, int flags) 1551 { 1552 struct sock *sk = sock->sk; 1553 struct sk_buff *skb; 1554 int copied, err; 1555 struct sockaddr_ll *sll; 1556 int vnet_hdr_len = 0; 1557 1558 err = -EINVAL; 1559 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT|MSG_ERRQUEUE)) 1560 goto out; 1561 1562 #if 0 1563 /* What error should we return now? EUNATTACH? */ 1564 if (pkt_sk(sk)->ifindex < 0) 1565 return -ENODEV; 1566 #endif 1567 1568 if (flags & MSG_ERRQUEUE) { 1569 err = packet_recv_error(sk, msg, len); 1570 goto out; 1571 } 1572 1573 /* 1574 * Call the generic datagram receiver. This handles all sorts 1575 * of horrible races and re-entrancy so we can forget about it 1576 * in the protocol layers. 1577 * 1578 * Now it will return ENETDOWN, if device have just gone down, 1579 * but then it will block. 1580 */ 1581 1582 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); 1583 1584 /* 1585 * An error occurred so return it. Because skb_recv_datagram() 1586 * handles the blocking we don't see and worry about blocking 1587 * retries. 1588 */ 1589 1590 if (skb == NULL) 1591 goto out; 1592 1593 if (pkt_sk(sk)->has_vnet_hdr) { 1594 struct virtio_net_hdr vnet_hdr = { 0 }; 1595 1596 err = -EINVAL; 1597 vnet_hdr_len = sizeof(vnet_hdr); 1598 if ((len -= vnet_hdr_len) < 0) 1599 goto out_free; 1600 1601 if (skb_is_gso(skb)) { 1602 struct skb_shared_info *sinfo = skb_shinfo(skb); 1603 1604 /* This is a hint as to how much should be linear. */ 1605 vnet_hdr.hdr_len = skb_headlen(skb); 1606 vnet_hdr.gso_size = sinfo->gso_size; 1607 if (sinfo->gso_type & SKB_GSO_TCPV4) 1608 vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV4; 1609 else if (sinfo->gso_type & SKB_GSO_TCPV6) 1610 vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV6; 1611 else if (sinfo->gso_type & SKB_GSO_UDP) 1612 vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_UDP; 1613 else if (sinfo->gso_type & SKB_GSO_FCOE) 1614 goto out_free; 1615 else 1616 BUG(); 1617 if (sinfo->gso_type & SKB_GSO_TCP_ECN) 1618 vnet_hdr.gso_type |= VIRTIO_NET_HDR_GSO_ECN; 1619 } else 1620 vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_NONE; 1621 1622 if (skb->ip_summed == CHECKSUM_PARTIAL) { 1623 vnet_hdr.flags = VIRTIO_NET_HDR_F_NEEDS_CSUM; 1624 vnet_hdr.csum_start = skb->csum_start - 1625 skb_headroom(skb); 1626 vnet_hdr.csum_offset = skb->csum_offset; 1627 } /* else everything is zero */ 1628 1629 err = memcpy_toiovec(msg->msg_iov, (void *)&vnet_hdr, 1630 vnet_hdr_len); 1631 if (err < 0) 1632 goto out_free; 1633 } 1634 1635 /* 1636 * If the address length field is there to be filled in, we fill 1637 * it in now. 1638 */ 1639 1640 sll = &PACKET_SKB_CB(skb)->sa.ll; 1641 if (sock->type == SOCK_PACKET) 1642 msg->msg_namelen = sizeof(struct sockaddr_pkt); 1643 else 1644 msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr); 1645 1646 /* 1647 * You lose any data beyond the buffer you gave. If it worries a 1648 * user program they can ask the device for its MTU anyway. 1649 */ 1650 1651 copied = skb->len; 1652 if (copied > len) { 1653 copied = len; 1654 msg->msg_flags |= MSG_TRUNC; 1655 } 1656 1657 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 1658 if (err) 1659 goto out_free; 1660 1661 sock_recv_ts_and_drops(msg, sk, skb); 1662 1663 if (msg->msg_name) 1664 memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, 1665 msg->msg_namelen); 1666 1667 if (pkt_sk(sk)->auxdata) { 1668 struct tpacket_auxdata aux; 1669 1670 aux.tp_status = TP_STATUS_USER; 1671 if (skb->ip_summed == CHECKSUM_PARTIAL) 1672 aux.tp_status |= TP_STATUS_CSUMNOTREADY; 1673 aux.tp_len = PACKET_SKB_CB(skb)->origlen; 1674 aux.tp_snaplen = skb->len; 1675 aux.tp_mac = 0; 1676 aux.tp_net = skb_network_offset(skb); 1677 aux.tp_vlan_tci = vlan_tx_tag_get(skb); 1678 1679 put_cmsg(msg, SOL_PACKET, PACKET_AUXDATA, sizeof(aux), &aux); 1680 } 1681 1682 /* 1683 * Free or return the buffer as appropriate. Again this 1684 * hides all the races and re-entrancy issues from us. 1685 */ 1686 err = vnet_hdr_len + ((flags&MSG_TRUNC) ? skb->len : copied); 1687 1688 out_free: 1689 skb_free_datagram(sk, skb); 1690 out: 1691 return err; 1692 } 1693 1694 static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr, 1695 int *uaddr_len, int peer) 1696 { 1697 struct net_device *dev; 1698 struct sock *sk = sock->sk; 1699 1700 if (peer) 1701 return -EOPNOTSUPP; 1702 1703 uaddr->sa_family = AF_PACKET; 1704 rcu_read_lock(); 1705 dev = dev_get_by_index_rcu(sock_net(sk), pkt_sk(sk)->ifindex); 1706 if (dev) 1707 strlcpy(uaddr->sa_data, dev->name, 15); 1708 else 1709 memset(uaddr->sa_data, 0, 14); 1710 rcu_read_unlock(); 1711 *uaddr_len = sizeof(*uaddr); 1712 1713 return 0; 1714 } 1715 1716 static int packet_getname(struct socket *sock, struct sockaddr *uaddr, 1717 int *uaddr_len, int peer) 1718 { 1719 struct net_device *dev; 1720 struct sock *sk = sock->sk; 1721 struct packet_sock *po = pkt_sk(sk); 1722 DECLARE_SOCKADDR(struct sockaddr_ll *, sll, uaddr); 1723 1724 if (peer) 1725 return -EOPNOTSUPP; 1726 1727 sll->sll_family = AF_PACKET; 1728 sll->sll_ifindex = po->ifindex; 1729 sll->sll_protocol = po->num; 1730 rcu_read_lock(); 1731 dev = dev_get_by_index_rcu(sock_net(sk), po->ifindex); 1732 if (dev) { 1733 sll->sll_hatype = dev->type; 1734 sll->sll_halen = dev->addr_len; 1735 memcpy(sll->sll_addr, dev->dev_addr, dev->addr_len); 1736 } else { 1737 sll->sll_hatype = 0; /* Bad: we have no ARPHRD_UNSPEC */ 1738 sll->sll_halen = 0; 1739 } 1740 rcu_read_unlock(); 1741 *uaddr_len = offsetof(struct sockaddr_ll, sll_addr) + sll->sll_halen; 1742 1743 return 0; 1744 } 1745 1746 static int packet_dev_mc(struct net_device *dev, struct packet_mclist *i, 1747 int what) 1748 { 1749 switch (i->type) { 1750 case PACKET_MR_MULTICAST: 1751 if (i->alen != dev->addr_len) 1752 return -EINVAL; 1753 if (what > 0) 1754 return dev_mc_add(dev, i->addr); 1755 else 1756 return dev_mc_del(dev, i->addr); 1757 break; 1758 case PACKET_MR_PROMISC: 1759 return dev_set_promiscuity(dev, what); 1760 break; 1761 case PACKET_MR_ALLMULTI: 1762 return dev_set_allmulti(dev, what); 1763 break; 1764 case PACKET_MR_UNICAST: 1765 if (i->alen != dev->addr_len) 1766 return -EINVAL; 1767 if (what > 0) 1768 return dev_uc_add(dev, i->addr); 1769 else 1770 return dev_uc_del(dev, i->addr); 1771 break; 1772 default: 1773 break; 1774 } 1775 return 0; 1776 } 1777 1778 static void packet_dev_mclist(struct net_device *dev, struct packet_mclist *i, int what) 1779 { 1780 for ( ; i; i = i->next) { 1781 if (i->ifindex == dev->ifindex) 1782 packet_dev_mc(dev, i, what); 1783 } 1784 } 1785 1786 static int packet_mc_add(struct sock *sk, struct packet_mreq_max *mreq) 1787 { 1788 struct packet_sock *po = pkt_sk(sk); 1789 struct packet_mclist *ml, *i; 1790 struct net_device *dev; 1791 int err; 1792 1793 rtnl_lock(); 1794 1795 err = -ENODEV; 1796 dev = __dev_get_by_index(sock_net(sk), mreq->mr_ifindex); 1797 if (!dev) 1798 goto done; 1799 1800 err = -EINVAL; 1801 if (mreq->mr_alen > dev->addr_len) 1802 goto done; 1803 1804 err = -ENOBUFS; 1805 i = kmalloc(sizeof(*i), GFP_KERNEL); 1806 if (i == NULL) 1807 goto done; 1808 1809 err = 0; 1810 for (ml = po->mclist; ml; ml = ml->next) { 1811 if (ml->ifindex == mreq->mr_ifindex && 1812 ml->type == mreq->mr_type && 1813 ml->alen == mreq->mr_alen && 1814 memcmp(ml->addr, mreq->mr_address, ml->alen) == 0) { 1815 ml->count++; 1816 /* Free the new element ... */ 1817 kfree(i); 1818 goto done; 1819 } 1820 } 1821 1822 i->type = mreq->mr_type; 1823 i->ifindex = mreq->mr_ifindex; 1824 i->alen = mreq->mr_alen; 1825 memcpy(i->addr, mreq->mr_address, i->alen); 1826 i->count = 1; 1827 i->next = po->mclist; 1828 po->mclist = i; 1829 err = packet_dev_mc(dev, i, 1); 1830 if (err) { 1831 po->mclist = i->next; 1832 kfree(i); 1833 } 1834 1835 done: 1836 rtnl_unlock(); 1837 return err; 1838 } 1839 1840 static int packet_mc_drop(struct sock *sk, struct packet_mreq_max *mreq) 1841 { 1842 struct packet_mclist *ml, **mlp; 1843 1844 rtnl_lock(); 1845 1846 for (mlp = &pkt_sk(sk)->mclist; (ml = *mlp) != NULL; mlp = &ml->next) { 1847 if (ml->ifindex == mreq->mr_ifindex && 1848 ml->type == mreq->mr_type && 1849 ml->alen == mreq->mr_alen && 1850 memcmp(ml->addr, mreq->mr_address, ml->alen) == 0) { 1851 if (--ml->count == 0) { 1852 struct net_device *dev; 1853 *mlp = ml->next; 1854 dev = __dev_get_by_index(sock_net(sk), ml->ifindex); 1855 if (dev) 1856 packet_dev_mc(dev, ml, -1); 1857 kfree(ml); 1858 } 1859 rtnl_unlock(); 1860 return 0; 1861 } 1862 } 1863 rtnl_unlock(); 1864 return -EADDRNOTAVAIL; 1865 } 1866 1867 static void packet_flush_mclist(struct sock *sk) 1868 { 1869 struct packet_sock *po = pkt_sk(sk); 1870 struct packet_mclist *ml; 1871 1872 if (!po->mclist) 1873 return; 1874 1875 rtnl_lock(); 1876 while ((ml = po->mclist) != NULL) { 1877 struct net_device *dev; 1878 1879 po->mclist = ml->next; 1880 dev = __dev_get_by_index(sock_net(sk), ml->ifindex); 1881 if (dev != NULL) 1882 packet_dev_mc(dev, ml, -1); 1883 kfree(ml); 1884 } 1885 rtnl_unlock(); 1886 } 1887 1888 static int 1889 packet_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 1890 { 1891 struct sock *sk = sock->sk; 1892 struct packet_sock *po = pkt_sk(sk); 1893 int ret; 1894 1895 if (level != SOL_PACKET) 1896 return -ENOPROTOOPT; 1897 1898 switch (optname) { 1899 case PACKET_ADD_MEMBERSHIP: 1900 case PACKET_DROP_MEMBERSHIP: 1901 { 1902 struct packet_mreq_max mreq; 1903 int len = optlen; 1904 memset(&mreq, 0, sizeof(mreq)); 1905 if (len < sizeof(struct packet_mreq)) 1906 return -EINVAL; 1907 if (len > sizeof(mreq)) 1908 len = sizeof(mreq); 1909 if (copy_from_user(&mreq, optval, len)) 1910 return -EFAULT; 1911 if (len < (mreq.mr_alen + offsetof(struct packet_mreq, mr_address))) 1912 return -EINVAL; 1913 if (optname == PACKET_ADD_MEMBERSHIP) 1914 ret = packet_mc_add(sk, &mreq); 1915 else 1916 ret = packet_mc_drop(sk, &mreq); 1917 return ret; 1918 } 1919 1920 case PACKET_RX_RING: 1921 case PACKET_TX_RING: 1922 { 1923 struct tpacket_req req; 1924 1925 if (optlen < sizeof(req)) 1926 return -EINVAL; 1927 if (pkt_sk(sk)->has_vnet_hdr) 1928 return -EINVAL; 1929 if (copy_from_user(&req, optval, sizeof(req))) 1930 return -EFAULT; 1931 return packet_set_ring(sk, &req, 0, optname == PACKET_TX_RING); 1932 } 1933 case PACKET_COPY_THRESH: 1934 { 1935 int val; 1936 1937 if (optlen != sizeof(val)) 1938 return -EINVAL; 1939 if (copy_from_user(&val, optval, sizeof(val))) 1940 return -EFAULT; 1941 1942 pkt_sk(sk)->copy_thresh = val; 1943 return 0; 1944 } 1945 case PACKET_VERSION: 1946 { 1947 int val; 1948 1949 if (optlen != sizeof(val)) 1950 return -EINVAL; 1951 if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) 1952 return -EBUSY; 1953 if (copy_from_user(&val, optval, sizeof(val))) 1954 return -EFAULT; 1955 switch (val) { 1956 case TPACKET_V1: 1957 case TPACKET_V2: 1958 po->tp_version = val; 1959 return 0; 1960 default: 1961 return -EINVAL; 1962 } 1963 } 1964 case PACKET_RESERVE: 1965 { 1966 unsigned int val; 1967 1968 if (optlen != sizeof(val)) 1969 return -EINVAL; 1970 if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) 1971 return -EBUSY; 1972 if (copy_from_user(&val, optval, sizeof(val))) 1973 return -EFAULT; 1974 po->tp_reserve = val; 1975 return 0; 1976 } 1977 case PACKET_LOSS: 1978 { 1979 unsigned int val; 1980 1981 if (optlen != sizeof(val)) 1982 return -EINVAL; 1983 if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) 1984 return -EBUSY; 1985 if (copy_from_user(&val, optval, sizeof(val))) 1986 return -EFAULT; 1987 po->tp_loss = !!val; 1988 return 0; 1989 } 1990 case PACKET_AUXDATA: 1991 { 1992 int val; 1993 1994 if (optlen < sizeof(val)) 1995 return -EINVAL; 1996 if (copy_from_user(&val, optval, sizeof(val))) 1997 return -EFAULT; 1998 1999 po->auxdata = !!val; 2000 return 0; 2001 } 2002 case PACKET_ORIGDEV: 2003 { 2004 int val; 2005 2006 if (optlen < sizeof(val)) 2007 return -EINVAL; 2008 if (copy_from_user(&val, optval, sizeof(val))) 2009 return -EFAULT; 2010 2011 po->origdev = !!val; 2012 return 0; 2013 } 2014 case PACKET_VNET_HDR: 2015 { 2016 int val; 2017 2018 if (sock->type != SOCK_RAW) 2019 return -EINVAL; 2020 if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) 2021 return -EBUSY; 2022 if (optlen < sizeof(val)) 2023 return -EINVAL; 2024 if (copy_from_user(&val, optval, sizeof(val))) 2025 return -EFAULT; 2026 2027 po->has_vnet_hdr = !!val; 2028 return 0; 2029 } 2030 default: 2031 return -ENOPROTOOPT; 2032 } 2033 } 2034 2035 static int packet_getsockopt(struct socket *sock, int level, int optname, 2036 char __user *optval, int __user *optlen) 2037 { 2038 int len; 2039 int val; 2040 struct sock *sk = sock->sk; 2041 struct packet_sock *po = pkt_sk(sk); 2042 void *data; 2043 struct tpacket_stats st; 2044 2045 if (level != SOL_PACKET) 2046 return -ENOPROTOOPT; 2047 2048 if (get_user(len, optlen)) 2049 return -EFAULT; 2050 2051 if (len < 0) 2052 return -EINVAL; 2053 2054 switch (optname) { 2055 case PACKET_STATISTICS: 2056 if (len > sizeof(struct tpacket_stats)) 2057 len = sizeof(struct tpacket_stats); 2058 spin_lock_bh(&sk->sk_receive_queue.lock); 2059 st = po->stats; 2060 memset(&po->stats, 0, sizeof(st)); 2061 spin_unlock_bh(&sk->sk_receive_queue.lock); 2062 st.tp_packets += st.tp_drops; 2063 2064 data = &st; 2065 break; 2066 case PACKET_AUXDATA: 2067 if (len > sizeof(int)) 2068 len = sizeof(int); 2069 val = po->auxdata; 2070 2071 data = &val; 2072 break; 2073 case PACKET_ORIGDEV: 2074 if (len > sizeof(int)) 2075 len = sizeof(int); 2076 val = po->origdev; 2077 2078 data = &val; 2079 break; 2080 case PACKET_VNET_HDR: 2081 if (len > sizeof(int)) 2082 len = sizeof(int); 2083 val = po->has_vnet_hdr; 2084 2085 data = &val; 2086 break; 2087 case PACKET_VERSION: 2088 if (len > sizeof(int)) 2089 len = sizeof(int); 2090 val = po->tp_version; 2091 data = &val; 2092 break; 2093 case PACKET_HDRLEN: 2094 if (len > sizeof(int)) 2095 len = sizeof(int); 2096 if (copy_from_user(&val, optval, len)) 2097 return -EFAULT; 2098 switch (val) { 2099 case TPACKET_V1: 2100 val = sizeof(struct tpacket_hdr); 2101 break; 2102 case TPACKET_V2: 2103 val = sizeof(struct tpacket2_hdr); 2104 break; 2105 default: 2106 return -EINVAL; 2107 } 2108 data = &val; 2109 break; 2110 case PACKET_RESERVE: 2111 if (len > sizeof(unsigned int)) 2112 len = sizeof(unsigned int); 2113 val = po->tp_reserve; 2114 data = &val; 2115 break; 2116 case PACKET_LOSS: 2117 if (len > sizeof(unsigned int)) 2118 len = sizeof(unsigned int); 2119 val = po->tp_loss; 2120 data = &val; 2121 break; 2122 default: 2123 return -ENOPROTOOPT; 2124 } 2125 2126 if (put_user(len, optlen)) 2127 return -EFAULT; 2128 if (copy_to_user(optval, data, len)) 2129 return -EFAULT; 2130 return 0; 2131 } 2132 2133 2134 static int packet_notifier(struct notifier_block *this, unsigned long msg, void *data) 2135 { 2136 struct sock *sk; 2137 struct hlist_node *node; 2138 struct net_device *dev = data; 2139 struct net *net = dev_net(dev); 2140 2141 rcu_read_lock(); 2142 sk_for_each_rcu(sk, node, &net->packet.sklist) { 2143 struct packet_sock *po = pkt_sk(sk); 2144 2145 switch (msg) { 2146 case NETDEV_UNREGISTER: 2147 if (po->mclist) 2148 packet_dev_mclist(dev, po->mclist, -1); 2149 /* fallthrough */ 2150 2151 case NETDEV_DOWN: 2152 if (dev->ifindex == po->ifindex) { 2153 spin_lock(&po->bind_lock); 2154 if (po->running) { 2155 __dev_remove_pack(&po->prot_hook); 2156 __sock_put(sk); 2157 po->running = 0; 2158 sk->sk_err = ENETDOWN; 2159 if (!sock_flag(sk, SOCK_DEAD)) 2160 sk->sk_error_report(sk); 2161 } 2162 if (msg == NETDEV_UNREGISTER) { 2163 po->ifindex = -1; 2164 po->prot_hook.dev = NULL; 2165 } 2166 spin_unlock(&po->bind_lock); 2167 } 2168 break; 2169 case NETDEV_UP: 2170 if (dev->ifindex == po->ifindex) { 2171 spin_lock(&po->bind_lock); 2172 if (po->num && !po->running) { 2173 dev_add_pack(&po->prot_hook); 2174 sock_hold(sk); 2175 po->running = 1; 2176 } 2177 spin_unlock(&po->bind_lock); 2178 } 2179 break; 2180 } 2181 } 2182 rcu_read_unlock(); 2183 return NOTIFY_DONE; 2184 } 2185 2186 2187 static int packet_ioctl(struct socket *sock, unsigned int cmd, 2188 unsigned long arg) 2189 { 2190 struct sock *sk = sock->sk; 2191 2192 switch (cmd) { 2193 case SIOCOUTQ: 2194 { 2195 int amount = sk_wmem_alloc_get(sk); 2196 2197 return put_user(amount, (int __user *)arg); 2198 } 2199 case SIOCINQ: 2200 { 2201 struct sk_buff *skb; 2202 int amount = 0; 2203 2204 spin_lock_bh(&sk->sk_receive_queue.lock); 2205 skb = skb_peek(&sk->sk_receive_queue); 2206 if (skb) 2207 amount = skb->len; 2208 spin_unlock_bh(&sk->sk_receive_queue.lock); 2209 return put_user(amount, (int __user *)arg); 2210 } 2211 case SIOCGSTAMP: 2212 return sock_get_timestamp(sk, (struct timeval __user *)arg); 2213 case SIOCGSTAMPNS: 2214 return sock_get_timestampns(sk, (struct timespec __user *)arg); 2215 2216 #ifdef CONFIG_INET 2217 case SIOCADDRT: 2218 case SIOCDELRT: 2219 case SIOCDARP: 2220 case SIOCGARP: 2221 case SIOCSARP: 2222 case SIOCGIFADDR: 2223 case SIOCSIFADDR: 2224 case SIOCGIFBRDADDR: 2225 case SIOCSIFBRDADDR: 2226 case SIOCGIFNETMASK: 2227 case SIOCSIFNETMASK: 2228 case SIOCGIFDSTADDR: 2229 case SIOCSIFDSTADDR: 2230 case SIOCSIFFLAGS: 2231 return inet_dgram_ops.ioctl(sock, cmd, arg); 2232 #endif 2233 2234 default: 2235 return -ENOIOCTLCMD; 2236 } 2237 return 0; 2238 } 2239 2240 static unsigned int packet_poll(struct file *file, struct socket *sock, 2241 poll_table *wait) 2242 { 2243 struct sock *sk = sock->sk; 2244 struct packet_sock *po = pkt_sk(sk); 2245 unsigned int mask = datagram_poll(file, sock, wait); 2246 2247 spin_lock_bh(&sk->sk_receive_queue.lock); 2248 if (po->rx_ring.pg_vec) { 2249 if (!packet_previous_frame(po, &po->rx_ring, TP_STATUS_KERNEL)) 2250 mask |= POLLIN | POLLRDNORM; 2251 } 2252 spin_unlock_bh(&sk->sk_receive_queue.lock); 2253 spin_lock_bh(&sk->sk_write_queue.lock); 2254 if (po->tx_ring.pg_vec) { 2255 if (packet_current_frame(po, &po->tx_ring, TP_STATUS_AVAILABLE)) 2256 mask |= POLLOUT | POLLWRNORM; 2257 } 2258 spin_unlock_bh(&sk->sk_write_queue.lock); 2259 return mask; 2260 } 2261 2262 2263 /* Dirty? Well, I still did not learn better way to account 2264 * for user mmaps. 2265 */ 2266 2267 static void packet_mm_open(struct vm_area_struct *vma) 2268 { 2269 struct file *file = vma->vm_file; 2270 struct socket *sock = file->private_data; 2271 struct sock *sk = sock->sk; 2272 2273 if (sk) 2274 atomic_inc(&pkt_sk(sk)->mapped); 2275 } 2276 2277 static void packet_mm_close(struct vm_area_struct *vma) 2278 { 2279 struct file *file = vma->vm_file; 2280 struct socket *sock = file->private_data; 2281 struct sock *sk = sock->sk; 2282 2283 if (sk) 2284 atomic_dec(&pkt_sk(sk)->mapped); 2285 } 2286 2287 static const struct vm_operations_struct packet_mmap_ops = { 2288 .open = packet_mm_open, 2289 .close = packet_mm_close, 2290 }; 2291 2292 static void free_pg_vec(char **pg_vec, unsigned int order, unsigned int len) 2293 { 2294 int i; 2295 2296 for (i = 0; i < len; i++) { 2297 if (likely(pg_vec[i])) 2298 free_pages((unsigned long) pg_vec[i], order); 2299 } 2300 kfree(pg_vec); 2301 } 2302 2303 static inline char *alloc_one_pg_vec_page(unsigned long order) 2304 { 2305 gfp_t gfp_flags = GFP_KERNEL | __GFP_COMP | __GFP_ZERO | __GFP_NOWARN; 2306 2307 return (char *) __get_free_pages(gfp_flags, order); 2308 } 2309 2310 static char **alloc_pg_vec(struct tpacket_req *req, int order) 2311 { 2312 unsigned int block_nr = req->tp_block_nr; 2313 char **pg_vec; 2314 int i; 2315 2316 pg_vec = kzalloc(block_nr * sizeof(char *), GFP_KERNEL); 2317 if (unlikely(!pg_vec)) 2318 goto out; 2319 2320 for (i = 0; i < block_nr; i++) { 2321 pg_vec[i] = alloc_one_pg_vec_page(order); 2322 if (unlikely(!pg_vec[i])) 2323 goto out_free_pgvec; 2324 } 2325 2326 out: 2327 return pg_vec; 2328 2329 out_free_pgvec: 2330 free_pg_vec(pg_vec, order, block_nr); 2331 pg_vec = NULL; 2332 goto out; 2333 } 2334 2335 static int packet_set_ring(struct sock *sk, struct tpacket_req *req, 2336 int closing, int tx_ring) 2337 { 2338 char **pg_vec = NULL; 2339 struct packet_sock *po = pkt_sk(sk); 2340 int was_running, order = 0; 2341 struct packet_ring_buffer *rb; 2342 struct sk_buff_head *rb_queue; 2343 __be16 num; 2344 int err; 2345 2346 rb = tx_ring ? &po->tx_ring : &po->rx_ring; 2347 rb_queue = tx_ring ? &sk->sk_write_queue : &sk->sk_receive_queue; 2348 2349 err = -EBUSY; 2350 if (!closing) { 2351 if (atomic_read(&po->mapped)) 2352 goto out; 2353 if (atomic_read(&rb->pending)) 2354 goto out; 2355 } 2356 2357 if (req->tp_block_nr) { 2358 /* Sanity tests and some calculations */ 2359 err = -EBUSY; 2360 if (unlikely(rb->pg_vec)) 2361 goto out; 2362 2363 switch (po->tp_version) { 2364 case TPACKET_V1: 2365 po->tp_hdrlen = TPACKET_HDRLEN; 2366 break; 2367 case TPACKET_V2: 2368 po->tp_hdrlen = TPACKET2_HDRLEN; 2369 break; 2370 } 2371 2372 err = -EINVAL; 2373 if (unlikely((int)req->tp_block_size <= 0)) 2374 goto out; 2375 if (unlikely(req->tp_block_size & (PAGE_SIZE - 1))) 2376 goto out; 2377 if (unlikely(req->tp_frame_size < po->tp_hdrlen + 2378 po->tp_reserve)) 2379 goto out; 2380 if (unlikely(req->tp_frame_size & (TPACKET_ALIGNMENT - 1))) 2381 goto out; 2382 2383 rb->frames_per_block = req->tp_block_size/req->tp_frame_size; 2384 if (unlikely(rb->frames_per_block <= 0)) 2385 goto out; 2386 if (unlikely((rb->frames_per_block * req->tp_block_nr) != 2387 req->tp_frame_nr)) 2388 goto out; 2389 2390 err = -ENOMEM; 2391 order = get_order(req->tp_block_size); 2392 pg_vec = alloc_pg_vec(req, order); 2393 if (unlikely(!pg_vec)) 2394 goto out; 2395 } 2396 /* Done */ 2397 else { 2398 err = -EINVAL; 2399 if (unlikely(req->tp_frame_nr)) 2400 goto out; 2401 } 2402 2403 lock_sock(sk); 2404 2405 /* Detach socket from network */ 2406 spin_lock(&po->bind_lock); 2407 was_running = po->running; 2408 num = po->num; 2409 if (was_running) { 2410 __dev_remove_pack(&po->prot_hook); 2411 po->num = 0; 2412 po->running = 0; 2413 __sock_put(sk); 2414 } 2415 spin_unlock(&po->bind_lock); 2416 2417 synchronize_net(); 2418 2419 err = -EBUSY; 2420 mutex_lock(&po->pg_vec_lock); 2421 if (closing || atomic_read(&po->mapped) == 0) { 2422 err = 0; 2423 #define XC(a, b) ({ __typeof__ ((a)) __t; __t = (a); (a) = (b); __t; }) 2424 spin_lock_bh(&rb_queue->lock); 2425 pg_vec = XC(rb->pg_vec, pg_vec); 2426 rb->frame_max = (req->tp_frame_nr - 1); 2427 rb->head = 0; 2428 rb->frame_size = req->tp_frame_size; 2429 spin_unlock_bh(&rb_queue->lock); 2430 2431 order = XC(rb->pg_vec_order, order); 2432 req->tp_block_nr = XC(rb->pg_vec_len, req->tp_block_nr); 2433 2434 rb->pg_vec_pages = req->tp_block_size/PAGE_SIZE; 2435 po->prot_hook.func = (po->rx_ring.pg_vec) ? 2436 tpacket_rcv : packet_rcv; 2437 skb_queue_purge(rb_queue); 2438 #undef XC 2439 if (atomic_read(&po->mapped)) 2440 pr_err("packet_mmap: vma is busy: %d\n", 2441 atomic_read(&po->mapped)); 2442 } 2443 mutex_unlock(&po->pg_vec_lock); 2444 2445 spin_lock(&po->bind_lock); 2446 if (was_running && !po->running) { 2447 sock_hold(sk); 2448 po->running = 1; 2449 po->num = num; 2450 dev_add_pack(&po->prot_hook); 2451 } 2452 spin_unlock(&po->bind_lock); 2453 2454 release_sock(sk); 2455 2456 if (pg_vec) 2457 free_pg_vec(pg_vec, order, req->tp_block_nr); 2458 out: 2459 return err; 2460 } 2461 2462 static int packet_mmap(struct file *file, struct socket *sock, 2463 struct vm_area_struct *vma) 2464 { 2465 struct sock *sk = sock->sk; 2466 struct packet_sock *po = pkt_sk(sk); 2467 unsigned long size, expected_size; 2468 struct packet_ring_buffer *rb; 2469 unsigned long start; 2470 int err = -EINVAL; 2471 int i; 2472 2473 if (vma->vm_pgoff) 2474 return -EINVAL; 2475 2476 mutex_lock(&po->pg_vec_lock); 2477 2478 expected_size = 0; 2479 for (rb = &po->rx_ring; rb <= &po->tx_ring; rb++) { 2480 if (rb->pg_vec) { 2481 expected_size += rb->pg_vec_len 2482 * rb->pg_vec_pages 2483 * PAGE_SIZE; 2484 } 2485 } 2486 2487 if (expected_size == 0) 2488 goto out; 2489 2490 size = vma->vm_end - vma->vm_start; 2491 if (size != expected_size) 2492 goto out; 2493 2494 start = vma->vm_start; 2495 for (rb = &po->rx_ring; rb <= &po->tx_ring; rb++) { 2496 if (rb->pg_vec == NULL) 2497 continue; 2498 2499 for (i = 0; i < rb->pg_vec_len; i++) { 2500 struct page *page = virt_to_page(rb->pg_vec[i]); 2501 int pg_num; 2502 2503 for (pg_num = 0; pg_num < rb->pg_vec_pages; 2504 pg_num++, page++) { 2505 err = vm_insert_page(vma, start, page); 2506 if (unlikely(err)) 2507 goto out; 2508 start += PAGE_SIZE; 2509 } 2510 } 2511 } 2512 2513 atomic_inc(&po->mapped); 2514 vma->vm_ops = &packet_mmap_ops; 2515 err = 0; 2516 2517 out: 2518 mutex_unlock(&po->pg_vec_lock); 2519 return err; 2520 } 2521 2522 static const struct proto_ops packet_ops_spkt = { 2523 .family = PF_PACKET, 2524 .owner = THIS_MODULE, 2525 .release = packet_release, 2526 .bind = packet_bind_spkt, 2527 .connect = sock_no_connect, 2528 .socketpair = sock_no_socketpair, 2529 .accept = sock_no_accept, 2530 .getname = packet_getname_spkt, 2531 .poll = datagram_poll, 2532 .ioctl = packet_ioctl, 2533 .listen = sock_no_listen, 2534 .shutdown = sock_no_shutdown, 2535 .setsockopt = sock_no_setsockopt, 2536 .getsockopt = sock_no_getsockopt, 2537 .sendmsg = packet_sendmsg_spkt, 2538 .recvmsg = packet_recvmsg, 2539 .mmap = sock_no_mmap, 2540 .sendpage = sock_no_sendpage, 2541 }; 2542 2543 static const struct proto_ops packet_ops = { 2544 .family = PF_PACKET, 2545 .owner = THIS_MODULE, 2546 .release = packet_release, 2547 .bind = packet_bind, 2548 .connect = sock_no_connect, 2549 .socketpair = sock_no_socketpair, 2550 .accept = sock_no_accept, 2551 .getname = packet_getname, 2552 .poll = packet_poll, 2553 .ioctl = packet_ioctl, 2554 .listen = sock_no_listen, 2555 .shutdown = sock_no_shutdown, 2556 .setsockopt = packet_setsockopt, 2557 .getsockopt = packet_getsockopt, 2558 .sendmsg = packet_sendmsg, 2559 .recvmsg = packet_recvmsg, 2560 .mmap = packet_mmap, 2561 .sendpage = sock_no_sendpage, 2562 }; 2563 2564 static const struct net_proto_family packet_family_ops = { 2565 .family = PF_PACKET, 2566 .create = packet_create, 2567 .owner = THIS_MODULE, 2568 }; 2569 2570 static struct notifier_block packet_netdev_notifier = { 2571 .notifier_call = packet_notifier, 2572 }; 2573 2574 #ifdef CONFIG_PROC_FS 2575 2576 static void *packet_seq_start(struct seq_file *seq, loff_t *pos) 2577 __acquires(RCU) 2578 { 2579 struct net *net = seq_file_net(seq); 2580 2581 rcu_read_lock(); 2582 return seq_hlist_start_head_rcu(&net->packet.sklist, *pos); 2583 } 2584 2585 static void *packet_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2586 { 2587 struct net *net = seq_file_net(seq); 2588 return seq_hlist_next_rcu(v, &net->packet.sklist, pos); 2589 } 2590 2591 static void packet_seq_stop(struct seq_file *seq, void *v) 2592 __releases(RCU) 2593 { 2594 rcu_read_unlock(); 2595 } 2596 2597 static int packet_seq_show(struct seq_file *seq, void *v) 2598 { 2599 if (v == SEQ_START_TOKEN) 2600 seq_puts(seq, "sk RefCnt Type Proto Iface R Rmem User Inode\n"); 2601 else { 2602 struct sock *s = sk_entry(v); 2603 const struct packet_sock *po = pkt_sk(s); 2604 2605 seq_printf(seq, 2606 "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", 2607 s, 2608 atomic_read(&s->sk_refcnt), 2609 s->sk_type, 2610 ntohs(po->num), 2611 po->ifindex, 2612 po->running, 2613 atomic_read(&s->sk_rmem_alloc), 2614 sock_i_uid(s), 2615 sock_i_ino(s)); 2616 } 2617 2618 return 0; 2619 } 2620 2621 static const struct seq_operations packet_seq_ops = { 2622 .start = packet_seq_start, 2623 .next = packet_seq_next, 2624 .stop = packet_seq_stop, 2625 .show = packet_seq_show, 2626 }; 2627 2628 static int packet_seq_open(struct inode *inode, struct file *file) 2629 { 2630 return seq_open_net(inode, file, &packet_seq_ops, 2631 sizeof(struct seq_net_private)); 2632 } 2633 2634 static const struct file_operations packet_seq_fops = { 2635 .owner = THIS_MODULE, 2636 .open = packet_seq_open, 2637 .read = seq_read, 2638 .llseek = seq_lseek, 2639 .release = seq_release_net, 2640 }; 2641 2642 #endif 2643 2644 static int __net_init packet_net_init(struct net *net) 2645 { 2646 spin_lock_init(&net->packet.sklist_lock); 2647 INIT_HLIST_HEAD(&net->packet.sklist); 2648 2649 if (!proc_net_fops_create(net, "packet", 0, &packet_seq_fops)) 2650 return -ENOMEM; 2651 2652 return 0; 2653 } 2654 2655 static void __net_exit packet_net_exit(struct net *net) 2656 { 2657 proc_net_remove(net, "packet"); 2658 } 2659 2660 static struct pernet_operations packet_net_ops = { 2661 .init = packet_net_init, 2662 .exit = packet_net_exit, 2663 }; 2664 2665 2666 static void __exit packet_exit(void) 2667 { 2668 unregister_netdevice_notifier(&packet_netdev_notifier); 2669 unregister_pernet_subsys(&packet_net_ops); 2670 sock_unregister(PF_PACKET); 2671 proto_unregister(&packet_proto); 2672 } 2673 2674 static int __init packet_init(void) 2675 { 2676 int rc = proto_register(&packet_proto, 0); 2677 2678 if (rc != 0) 2679 goto out; 2680 2681 sock_register(&packet_family_ops); 2682 register_pernet_subsys(&packet_net_ops); 2683 register_netdevice_notifier(&packet_netdev_notifier); 2684 out: 2685 return rc; 2686 } 2687 2688 module_init(packet_init); 2689 module_exit(packet_exit); 2690 MODULE_LICENSE("GPL"); 2691 MODULE_ALIAS_NETPROTO(PF_PACKET); 2692