1 /* 2 * net/sched/act_api.c Packet action API. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 7 * 2 of the License, or (at your option) any later version. 8 * 9 * Author: Jamal Hadi Salim 10 * 11 * 12 */ 13 14 #include <linux/types.h> 15 #include <linux/kernel.h> 16 #include <linux/string.h> 17 #include <linux/errno.h> 18 #include <linux/slab.h> 19 #include <linux/skbuff.h> 20 #include <linux/init.h> 21 #include <linux/kmod.h> 22 #include <linux/err.h> 23 #include <linux/module.h> 24 #include <net/net_namespace.h> 25 #include <net/sock.h> 26 #include <net/sch_generic.h> 27 #include <net/pkt_cls.h> 28 #include <net/act_api.h> 29 #include <net/netlink.h> 30 31 static int tcf_action_goto_chain_init(struct tc_action *a, struct tcf_proto *tp) 32 { 33 u32 chain_index = a->tcfa_action & TC_ACT_EXT_VAL_MASK; 34 35 if (!tp) 36 return -EINVAL; 37 a->goto_chain = tcf_chain_get(tp->chain->block, chain_index, true); 38 if (!a->goto_chain) 39 return -ENOMEM; 40 return 0; 41 } 42 43 static void tcf_action_goto_chain_fini(struct tc_action *a) 44 { 45 tcf_chain_put(a->goto_chain); 46 } 47 48 static void tcf_action_goto_chain_exec(const struct tc_action *a, 49 struct tcf_result *res) 50 { 51 const struct tcf_chain *chain = a->goto_chain; 52 53 res->goto_tp = rcu_dereference_bh(chain->filter_chain); 54 } 55 56 static void free_tcf(struct rcu_head *head) 57 { 58 struct tc_action *p = container_of(head, struct tc_action, tcfa_rcu); 59 60 free_percpu(p->cpu_bstats); 61 free_percpu(p->cpu_qstats); 62 63 if (p->act_cookie) { 64 kfree(p->act_cookie->data); 65 kfree(p->act_cookie); 66 } 67 if (p->goto_chain) 68 tcf_action_goto_chain_fini(p); 69 70 kfree(p); 71 } 72 73 static void tcf_idr_remove(struct tcf_idrinfo *idrinfo, struct tc_action *p) 74 { 75 spin_lock_bh(&idrinfo->lock); 76 idr_remove_ext(&idrinfo->action_idr, p->tcfa_index); 77 spin_unlock_bh(&idrinfo->lock); 78 gen_kill_estimator(&p->tcfa_rate_est); 79 /* 80 * gen_estimator est_timer() might access p->tcfa_lock 81 * or bstats, wait a RCU grace period before freeing p 82 */ 83 call_rcu(&p->tcfa_rcu, free_tcf); 84 } 85 86 int __tcf_idr_release(struct tc_action *p, bool bind, bool strict) 87 { 88 int ret = 0; 89 90 if (p) { 91 if (bind) 92 p->tcfa_bindcnt--; 93 else if (strict && p->tcfa_bindcnt > 0) 94 return -EPERM; 95 96 p->tcfa_refcnt--; 97 if (p->tcfa_bindcnt <= 0 && p->tcfa_refcnt <= 0) { 98 if (p->ops->cleanup) 99 p->ops->cleanup(p, bind); 100 tcf_idr_remove(p->idrinfo, p); 101 ret = ACT_P_DELETED; 102 } 103 } 104 105 return ret; 106 } 107 EXPORT_SYMBOL(__tcf_idr_release); 108 109 static int tcf_dump_walker(struct tcf_idrinfo *idrinfo, struct sk_buff *skb, 110 struct netlink_callback *cb) 111 { 112 int err = 0, index = -1, s_i = 0, n_i = 0; 113 u32 act_flags = cb->args[2]; 114 unsigned long jiffy_since = cb->args[3]; 115 struct nlattr *nest; 116 struct idr *idr = &idrinfo->action_idr; 117 struct tc_action *p; 118 unsigned long id = 1; 119 120 spin_lock_bh(&idrinfo->lock); 121 122 s_i = cb->args[0]; 123 124 idr_for_each_entry_ext(idr, p, id) { 125 index++; 126 if (index < s_i) 127 continue; 128 129 if (jiffy_since && 130 time_after(jiffy_since, 131 (unsigned long)p->tcfa_tm.lastuse)) 132 continue; 133 134 nest = nla_nest_start(skb, n_i); 135 if (!nest) 136 goto nla_put_failure; 137 err = tcf_action_dump_1(skb, p, 0, 0); 138 if (err < 0) { 139 index--; 140 nlmsg_trim(skb, nest); 141 goto done; 142 } 143 nla_nest_end(skb, nest); 144 n_i++; 145 if (!(act_flags & TCA_FLAG_LARGE_DUMP_ON) && 146 n_i >= TCA_ACT_MAX_PRIO) 147 goto done; 148 } 149 done: 150 if (index >= 0) 151 cb->args[0] = index + 1; 152 153 spin_unlock_bh(&idrinfo->lock); 154 if (n_i) { 155 if (act_flags & TCA_FLAG_LARGE_DUMP_ON) 156 cb->args[1] = n_i; 157 } 158 return n_i; 159 160 nla_put_failure: 161 nla_nest_cancel(skb, nest); 162 goto done; 163 } 164 165 static int tcf_del_walker(struct tcf_idrinfo *idrinfo, struct sk_buff *skb, 166 const struct tc_action_ops *ops) 167 { 168 struct nlattr *nest; 169 int n_i = 0; 170 int ret = -EINVAL; 171 struct idr *idr = &idrinfo->action_idr; 172 struct tc_action *p; 173 unsigned long id = 1; 174 175 nest = nla_nest_start(skb, 0); 176 if (nest == NULL) 177 goto nla_put_failure; 178 if (nla_put_string(skb, TCA_KIND, ops->kind)) 179 goto nla_put_failure; 180 181 idr_for_each_entry_ext(idr, p, id) { 182 ret = __tcf_idr_release(p, false, true); 183 if (ret == ACT_P_DELETED) { 184 module_put(p->ops->owner); 185 n_i++; 186 } else if (ret < 0) { 187 goto nla_put_failure; 188 } 189 } 190 if (nla_put_u32(skb, TCA_FCNT, n_i)) 191 goto nla_put_failure; 192 nla_nest_end(skb, nest); 193 194 return n_i; 195 nla_put_failure: 196 nla_nest_cancel(skb, nest); 197 return ret; 198 } 199 200 int tcf_generic_walker(struct tc_action_net *tn, struct sk_buff *skb, 201 struct netlink_callback *cb, int type, 202 const struct tc_action_ops *ops) 203 { 204 struct tcf_idrinfo *idrinfo = tn->idrinfo; 205 206 if (type == RTM_DELACTION) { 207 return tcf_del_walker(idrinfo, skb, ops); 208 } else if (type == RTM_GETACTION) { 209 return tcf_dump_walker(idrinfo, skb, cb); 210 } else { 211 WARN(1, "tcf_generic_walker: unknown action %d\n", type); 212 return -EINVAL; 213 } 214 } 215 EXPORT_SYMBOL(tcf_generic_walker); 216 217 static struct tc_action *tcf_idr_lookup(u32 index, struct tcf_idrinfo *idrinfo) 218 { 219 struct tc_action *p = NULL; 220 221 spin_lock_bh(&idrinfo->lock); 222 p = idr_find_ext(&idrinfo->action_idr, index); 223 spin_unlock_bh(&idrinfo->lock); 224 225 return p; 226 } 227 228 int tcf_idr_search(struct tc_action_net *tn, struct tc_action **a, u32 index) 229 { 230 struct tcf_idrinfo *idrinfo = tn->idrinfo; 231 struct tc_action *p = tcf_idr_lookup(index, idrinfo); 232 233 if (p) { 234 *a = p; 235 return 1; 236 } 237 return 0; 238 } 239 EXPORT_SYMBOL(tcf_idr_search); 240 241 bool tcf_idr_check(struct tc_action_net *tn, u32 index, struct tc_action **a, 242 int bind) 243 { 244 struct tcf_idrinfo *idrinfo = tn->idrinfo; 245 struct tc_action *p = tcf_idr_lookup(index, idrinfo); 246 247 if (index && p) { 248 if (bind) 249 p->tcfa_bindcnt++; 250 p->tcfa_refcnt++; 251 *a = p; 252 return true; 253 } 254 return false; 255 } 256 EXPORT_SYMBOL(tcf_idr_check); 257 258 void tcf_idr_cleanup(struct tc_action *a, struct nlattr *est) 259 { 260 if (est) 261 gen_kill_estimator(&a->tcfa_rate_est); 262 call_rcu(&a->tcfa_rcu, free_tcf); 263 } 264 EXPORT_SYMBOL(tcf_idr_cleanup); 265 266 int tcf_idr_create(struct tc_action_net *tn, u32 index, struct nlattr *est, 267 struct tc_action **a, const struct tc_action_ops *ops, 268 int bind, bool cpustats) 269 { 270 struct tc_action *p = kzalloc(ops->size, GFP_KERNEL); 271 struct tcf_idrinfo *idrinfo = tn->idrinfo; 272 struct idr *idr = &idrinfo->action_idr; 273 int err = -ENOMEM; 274 unsigned long idr_index; 275 276 if (unlikely(!p)) 277 return -ENOMEM; 278 p->tcfa_refcnt = 1; 279 if (bind) 280 p->tcfa_bindcnt = 1; 281 282 if (cpustats) { 283 p->cpu_bstats = netdev_alloc_pcpu_stats(struct gnet_stats_basic_cpu); 284 if (!p->cpu_bstats) { 285 err1: 286 kfree(p); 287 return err; 288 } 289 p->cpu_qstats = alloc_percpu(struct gnet_stats_queue); 290 if (!p->cpu_qstats) { 291 err2: 292 free_percpu(p->cpu_bstats); 293 goto err1; 294 } 295 } 296 spin_lock_init(&p->tcfa_lock); 297 /* user doesn't specify an index */ 298 if (!index) { 299 idr_preload(GFP_KERNEL); 300 spin_lock_bh(&idrinfo->lock); 301 err = idr_alloc_ext(idr, NULL, &idr_index, 1, 0, 302 GFP_ATOMIC); 303 spin_unlock_bh(&idrinfo->lock); 304 idr_preload_end(); 305 if (err) { 306 err3: 307 free_percpu(p->cpu_qstats); 308 goto err2; 309 } 310 p->tcfa_index = idr_index; 311 } else { 312 idr_preload(GFP_KERNEL); 313 spin_lock_bh(&idrinfo->lock); 314 err = idr_alloc_ext(idr, NULL, NULL, index, index + 1, 315 GFP_ATOMIC); 316 spin_unlock_bh(&idrinfo->lock); 317 idr_preload_end(); 318 if (err) 319 goto err3; 320 p->tcfa_index = index; 321 } 322 323 p->tcfa_tm.install = jiffies; 324 p->tcfa_tm.lastuse = jiffies; 325 p->tcfa_tm.firstuse = 0; 326 if (est) { 327 err = gen_new_estimator(&p->tcfa_bstats, p->cpu_bstats, 328 &p->tcfa_rate_est, 329 &p->tcfa_lock, NULL, est); 330 if (err) { 331 goto err3; 332 } 333 } 334 335 p->idrinfo = idrinfo; 336 p->ops = ops; 337 INIT_LIST_HEAD(&p->list); 338 *a = p; 339 return 0; 340 } 341 EXPORT_SYMBOL(tcf_idr_create); 342 343 void tcf_idr_insert(struct tc_action_net *tn, struct tc_action *a) 344 { 345 struct tcf_idrinfo *idrinfo = tn->idrinfo; 346 347 spin_lock_bh(&idrinfo->lock); 348 idr_replace_ext(&idrinfo->action_idr, a, a->tcfa_index); 349 spin_unlock_bh(&idrinfo->lock); 350 } 351 EXPORT_SYMBOL(tcf_idr_insert); 352 353 void tcf_idrinfo_destroy(const struct tc_action_ops *ops, 354 struct tcf_idrinfo *idrinfo) 355 { 356 struct idr *idr = &idrinfo->action_idr; 357 struct tc_action *p; 358 int ret; 359 unsigned long id = 1; 360 361 idr_for_each_entry_ext(idr, p, id) { 362 ret = __tcf_idr_release(p, false, true); 363 if (ret == ACT_P_DELETED) 364 module_put(ops->owner); 365 else if (ret < 0) 366 return; 367 } 368 idr_destroy(&idrinfo->action_idr); 369 } 370 EXPORT_SYMBOL(tcf_idrinfo_destroy); 371 372 static LIST_HEAD(act_base); 373 static DEFINE_RWLOCK(act_mod_lock); 374 375 int tcf_register_action(struct tc_action_ops *act, 376 struct pernet_operations *ops) 377 { 378 struct tc_action_ops *a; 379 int ret; 380 381 if (!act->act || !act->dump || !act->init || !act->walk || !act->lookup) 382 return -EINVAL; 383 384 /* We have to register pernet ops before making the action ops visible, 385 * otherwise tcf_action_init_1() could get a partially initialized 386 * netns. 387 */ 388 ret = register_pernet_subsys(ops); 389 if (ret) 390 return ret; 391 392 write_lock(&act_mod_lock); 393 list_for_each_entry(a, &act_base, head) { 394 if (act->type == a->type || (strcmp(act->kind, a->kind) == 0)) { 395 write_unlock(&act_mod_lock); 396 unregister_pernet_subsys(ops); 397 return -EEXIST; 398 } 399 } 400 list_add_tail(&act->head, &act_base); 401 write_unlock(&act_mod_lock); 402 403 return 0; 404 } 405 EXPORT_SYMBOL(tcf_register_action); 406 407 int tcf_unregister_action(struct tc_action_ops *act, 408 struct pernet_operations *ops) 409 { 410 struct tc_action_ops *a; 411 int err = -ENOENT; 412 413 write_lock(&act_mod_lock); 414 list_for_each_entry(a, &act_base, head) { 415 if (a == act) { 416 list_del(&act->head); 417 err = 0; 418 break; 419 } 420 } 421 write_unlock(&act_mod_lock); 422 if (!err) 423 unregister_pernet_subsys(ops); 424 return err; 425 } 426 EXPORT_SYMBOL(tcf_unregister_action); 427 428 /* lookup by name */ 429 static struct tc_action_ops *tc_lookup_action_n(char *kind) 430 { 431 struct tc_action_ops *a, *res = NULL; 432 433 if (kind) { 434 read_lock(&act_mod_lock); 435 list_for_each_entry(a, &act_base, head) { 436 if (strcmp(kind, a->kind) == 0) { 437 if (try_module_get(a->owner)) 438 res = a; 439 break; 440 } 441 } 442 read_unlock(&act_mod_lock); 443 } 444 return res; 445 } 446 447 /* lookup by nlattr */ 448 static struct tc_action_ops *tc_lookup_action(struct nlattr *kind) 449 { 450 struct tc_action_ops *a, *res = NULL; 451 452 if (kind) { 453 read_lock(&act_mod_lock); 454 list_for_each_entry(a, &act_base, head) { 455 if (nla_strcmp(kind, a->kind) == 0) { 456 if (try_module_get(a->owner)) 457 res = a; 458 break; 459 } 460 } 461 read_unlock(&act_mod_lock); 462 } 463 return res; 464 } 465 466 /*TCA_ACT_MAX_PRIO is 32, there count upto 32 */ 467 #define TCA_ACT_MAX_PRIO_MASK 0x1FF 468 int tcf_action_exec(struct sk_buff *skb, struct tc_action **actions, 469 int nr_actions, struct tcf_result *res) 470 { 471 u32 jmp_prgcnt = 0; 472 u32 jmp_ttl = TCA_ACT_MAX_PRIO; /*matches actions per filter */ 473 int i; 474 int ret = TC_ACT_OK; 475 476 if (skb_skip_tc_classify(skb)) 477 return TC_ACT_OK; 478 479 restart_act_graph: 480 for (i = 0; i < nr_actions; i++) { 481 const struct tc_action *a = actions[i]; 482 483 if (jmp_prgcnt > 0) { 484 jmp_prgcnt -= 1; 485 continue; 486 } 487 repeat: 488 ret = a->ops->act(skb, a, res); 489 if (ret == TC_ACT_REPEAT) 490 goto repeat; /* we need a ttl - JHS */ 491 492 if (TC_ACT_EXT_CMP(ret, TC_ACT_JUMP)) { 493 jmp_prgcnt = ret & TCA_ACT_MAX_PRIO_MASK; 494 if (!jmp_prgcnt || (jmp_prgcnt > nr_actions)) { 495 /* faulty opcode, stop pipeline */ 496 return TC_ACT_OK; 497 } else { 498 jmp_ttl -= 1; 499 if (jmp_ttl > 0) 500 goto restart_act_graph; 501 else /* faulty graph, stop pipeline */ 502 return TC_ACT_OK; 503 } 504 } else if (TC_ACT_EXT_CMP(ret, TC_ACT_GOTO_CHAIN)) { 505 tcf_action_goto_chain_exec(a, res); 506 } 507 508 if (ret != TC_ACT_PIPE) 509 break; 510 } 511 512 return ret; 513 } 514 EXPORT_SYMBOL(tcf_action_exec); 515 516 int tcf_action_destroy(struct list_head *actions, int bind) 517 { 518 struct tc_action *a, *tmp; 519 int ret = 0; 520 521 list_for_each_entry_safe(a, tmp, actions, list) { 522 ret = __tcf_idr_release(a, bind, true); 523 if (ret == ACT_P_DELETED) 524 module_put(a->ops->owner); 525 else if (ret < 0) 526 return ret; 527 } 528 return ret; 529 } 530 531 int 532 tcf_action_dump_old(struct sk_buff *skb, struct tc_action *a, int bind, int ref) 533 { 534 return a->ops->dump(skb, a, bind, ref); 535 } 536 537 int 538 tcf_action_dump_1(struct sk_buff *skb, struct tc_action *a, int bind, int ref) 539 { 540 int err = -EINVAL; 541 unsigned char *b = skb_tail_pointer(skb); 542 struct nlattr *nest; 543 544 if (nla_put_string(skb, TCA_KIND, a->ops->kind)) 545 goto nla_put_failure; 546 if (tcf_action_copy_stats(skb, a, 0)) 547 goto nla_put_failure; 548 if (a->act_cookie) { 549 if (nla_put(skb, TCA_ACT_COOKIE, a->act_cookie->len, 550 a->act_cookie->data)) 551 goto nla_put_failure; 552 } 553 554 nest = nla_nest_start(skb, TCA_OPTIONS); 555 if (nest == NULL) 556 goto nla_put_failure; 557 err = tcf_action_dump_old(skb, a, bind, ref); 558 if (err > 0) { 559 nla_nest_end(skb, nest); 560 return err; 561 } 562 563 nla_put_failure: 564 nlmsg_trim(skb, b); 565 return -1; 566 } 567 EXPORT_SYMBOL(tcf_action_dump_1); 568 569 int tcf_action_dump(struct sk_buff *skb, struct list_head *actions, 570 int bind, int ref) 571 { 572 struct tc_action *a; 573 int err = -EINVAL; 574 struct nlattr *nest; 575 576 list_for_each_entry(a, actions, list) { 577 nest = nla_nest_start(skb, a->order); 578 if (nest == NULL) 579 goto nla_put_failure; 580 err = tcf_action_dump_1(skb, a, bind, ref); 581 if (err < 0) 582 goto errout; 583 nla_nest_end(skb, nest); 584 } 585 586 return 0; 587 588 nla_put_failure: 589 err = -EINVAL; 590 errout: 591 nla_nest_cancel(skb, nest); 592 return err; 593 } 594 595 static struct tc_cookie *nla_memdup_cookie(struct nlattr **tb) 596 { 597 struct tc_cookie *c = kzalloc(sizeof(*c), GFP_KERNEL); 598 if (!c) 599 return NULL; 600 601 c->data = nla_memdup(tb[TCA_ACT_COOKIE], GFP_KERNEL); 602 if (!c->data) { 603 kfree(c); 604 return NULL; 605 } 606 c->len = nla_len(tb[TCA_ACT_COOKIE]); 607 608 return c; 609 } 610 611 struct tc_action *tcf_action_init_1(struct net *net, struct tcf_proto *tp, 612 struct nlattr *nla, struct nlattr *est, 613 char *name, int ovr, int bind) 614 { 615 struct tc_action *a; 616 struct tc_action_ops *a_o; 617 struct tc_cookie *cookie = NULL; 618 char act_name[IFNAMSIZ]; 619 struct nlattr *tb[TCA_ACT_MAX + 1]; 620 struct nlattr *kind; 621 int err; 622 623 if (name == NULL) { 624 err = nla_parse_nested(tb, TCA_ACT_MAX, nla, NULL, NULL); 625 if (err < 0) 626 goto err_out; 627 err = -EINVAL; 628 kind = tb[TCA_ACT_KIND]; 629 if (kind == NULL) 630 goto err_out; 631 if (nla_strlcpy(act_name, kind, IFNAMSIZ) >= IFNAMSIZ) 632 goto err_out; 633 if (tb[TCA_ACT_COOKIE]) { 634 int cklen = nla_len(tb[TCA_ACT_COOKIE]); 635 636 if (cklen > TC_COOKIE_MAX_SIZE) 637 goto err_out; 638 639 cookie = nla_memdup_cookie(tb); 640 if (!cookie) { 641 err = -ENOMEM; 642 goto err_out; 643 } 644 } 645 } else { 646 err = -EINVAL; 647 if (strlcpy(act_name, name, IFNAMSIZ) >= IFNAMSIZ) 648 goto err_out; 649 } 650 651 a_o = tc_lookup_action_n(act_name); 652 if (a_o == NULL) { 653 #ifdef CONFIG_MODULES 654 rtnl_unlock(); 655 request_module("act_%s", act_name); 656 rtnl_lock(); 657 658 a_o = tc_lookup_action_n(act_name); 659 660 /* We dropped the RTNL semaphore in order to 661 * perform the module load. So, even if we 662 * succeeded in loading the module we have to 663 * tell the caller to replay the request. We 664 * indicate this using -EAGAIN. 665 */ 666 if (a_o != NULL) { 667 err = -EAGAIN; 668 goto err_mod; 669 } 670 #endif 671 err = -ENOENT; 672 goto err_out; 673 } 674 675 /* backward compatibility for policer */ 676 if (name == NULL) 677 err = a_o->init(net, tb[TCA_ACT_OPTIONS], est, &a, ovr, bind); 678 else 679 err = a_o->init(net, nla, est, &a, ovr, bind); 680 if (err < 0) 681 goto err_mod; 682 683 if (name == NULL && tb[TCA_ACT_COOKIE]) { 684 if (a->act_cookie) { 685 kfree(a->act_cookie->data); 686 kfree(a->act_cookie); 687 } 688 a->act_cookie = cookie; 689 } 690 691 /* module count goes up only when brand new policy is created 692 * if it exists and is only bound to in a_o->init() then 693 * ACT_P_CREATED is not returned (a zero is). 694 */ 695 if (err != ACT_P_CREATED) 696 module_put(a_o->owner); 697 698 if (TC_ACT_EXT_CMP(a->tcfa_action, TC_ACT_GOTO_CHAIN)) { 699 err = tcf_action_goto_chain_init(a, tp); 700 if (err) { 701 LIST_HEAD(actions); 702 703 list_add_tail(&a->list, &actions); 704 tcf_action_destroy(&actions, bind); 705 return ERR_PTR(err); 706 } 707 } 708 709 return a; 710 711 err_mod: 712 module_put(a_o->owner); 713 err_out: 714 if (cookie) { 715 kfree(cookie->data); 716 kfree(cookie); 717 } 718 return ERR_PTR(err); 719 } 720 721 static void cleanup_a(struct list_head *actions, int ovr) 722 { 723 struct tc_action *a; 724 725 if (!ovr) 726 return; 727 728 list_for_each_entry(a, actions, list) 729 a->tcfa_refcnt--; 730 } 731 732 int tcf_action_init(struct net *net, struct tcf_proto *tp, struct nlattr *nla, 733 struct nlattr *est, char *name, int ovr, int bind, 734 struct list_head *actions) 735 { 736 struct nlattr *tb[TCA_ACT_MAX_PRIO + 1]; 737 struct tc_action *act; 738 int err; 739 int i; 740 741 err = nla_parse_nested(tb, TCA_ACT_MAX_PRIO, nla, NULL, NULL); 742 if (err < 0) 743 return err; 744 745 for (i = 1; i <= TCA_ACT_MAX_PRIO && tb[i]; i++) { 746 act = tcf_action_init_1(net, tp, tb[i], est, name, ovr, bind); 747 if (IS_ERR(act)) { 748 err = PTR_ERR(act); 749 goto err; 750 } 751 act->order = i; 752 if (ovr) 753 act->tcfa_refcnt++; 754 list_add_tail(&act->list, actions); 755 } 756 757 /* Remove the temp refcnt which was necessary to protect against 758 * destroying an existing action which was being replaced 759 */ 760 cleanup_a(actions, ovr); 761 return 0; 762 763 err: 764 tcf_action_destroy(actions, bind); 765 return err; 766 } 767 768 int tcf_action_copy_stats(struct sk_buff *skb, struct tc_action *p, 769 int compat_mode) 770 { 771 int err = 0; 772 struct gnet_dump d; 773 774 if (p == NULL) 775 goto errout; 776 777 /* compat_mode being true specifies a call that is supposed 778 * to add additional backward compatibility statistic TLVs. 779 */ 780 if (compat_mode) { 781 if (p->type == TCA_OLD_COMPAT) 782 err = gnet_stats_start_copy_compat(skb, 0, 783 TCA_STATS, 784 TCA_XSTATS, 785 &p->tcfa_lock, &d, 786 TCA_PAD); 787 else 788 return 0; 789 } else 790 err = gnet_stats_start_copy(skb, TCA_ACT_STATS, 791 &p->tcfa_lock, &d, TCA_ACT_PAD); 792 793 if (err < 0) 794 goto errout; 795 796 if (gnet_stats_copy_basic(NULL, &d, p->cpu_bstats, &p->tcfa_bstats) < 0 || 797 gnet_stats_copy_rate_est(&d, &p->tcfa_rate_est) < 0 || 798 gnet_stats_copy_queue(&d, p->cpu_qstats, 799 &p->tcfa_qstats, 800 p->tcfa_qstats.qlen) < 0) 801 goto errout; 802 803 if (gnet_stats_finish_copy(&d) < 0) 804 goto errout; 805 806 return 0; 807 808 errout: 809 return -1; 810 } 811 812 static int tca_get_fill(struct sk_buff *skb, struct list_head *actions, 813 u32 portid, u32 seq, u16 flags, int event, int bind, 814 int ref) 815 { 816 struct tcamsg *t; 817 struct nlmsghdr *nlh; 818 unsigned char *b = skb_tail_pointer(skb); 819 struct nlattr *nest; 820 821 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*t), flags); 822 if (!nlh) 823 goto out_nlmsg_trim; 824 t = nlmsg_data(nlh); 825 t->tca_family = AF_UNSPEC; 826 t->tca__pad1 = 0; 827 t->tca__pad2 = 0; 828 829 nest = nla_nest_start(skb, TCA_ACT_TAB); 830 if (nest == NULL) 831 goto out_nlmsg_trim; 832 833 if (tcf_action_dump(skb, actions, bind, ref) < 0) 834 goto out_nlmsg_trim; 835 836 nla_nest_end(skb, nest); 837 838 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 839 return skb->len; 840 841 out_nlmsg_trim: 842 nlmsg_trim(skb, b); 843 return -1; 844 } 845 846 static int 847 tcf_get_notify(struct net *net, u32 portid, struct nlmsghdr *n, 848 struct list_head *actions, int event) 849 { 850 struct sk_buff *skb; 851 852 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 853 if (!skb) 854 return -ENOBUFS; 855 if (tca_get_fill(skb, actions, portid, n->nlmsg_seq, 0, event, 856 0, 0) <= 0) { 857 kfree_skb(skb); 858 return -EINVAL; 859 } 860 861 return rtnl_unicast(skb, net, portid); 862 } 863 864 static struct tc_action *tcf_action_get_1(struct net *net, struct nlattr *nla, 865 struct nlmsghdr *n, u32 portid) 866 { 867 struct nlattr *tb[TCA_ACT_MAX + 1]; 868 const struct tc_action_ops *ops; 869 struct tc_action *a; 870 int index; 871 int err; 872 873 err = nla_parse_nested(tb, TCA_ACT_MAX, nla, NULL, NULL); 874 if (err < 0) 875 goto err_out; 876 877 err = -EINVAL; 878 if (tb[TCA_ACT_INDEX] == NULL || 879 nla_len(tb[TCA_ACT_INDEX]) < sizeof(index)) 880 goto err_out; 881 index = nla_get_u32(tb[TCA_ACT_INDEX]); 882 883 err = -EINVAL; 884 ops = tc_lookup_action(tb[TCA_ACT_KIND]); 885 if (!ops) /* could happen in batch of actions */ 886 goto err_out; 887 err = -ENOENT; 888 if (ops->lookup(net, &a, index) == 0) 889 goto err_mod; 890 891 module_put(ops->owner); 892 return a; 893 894 err_mod: 895 module_put(ops->owner); 896 err_out: 897 return ERR_PTR(err); 898 } 899 900 static int tca_action_flush(struct net *net, struct nlattr *nla, 901 struct nlmsghdr *n, u32 portid) 902 { 903 struct sk_buff *skb; 904 unsigned char *b; 905 struct nlmsghdr *nlh; 906 struct tcamsg *t; 907 struct netlink_callback dcb; 908 struct nlattr *nest; 909 struct nlattr *tb[TCA_ACT_MAX + 1]; 910 const struct tc_action_ops *ops; 911 struct nlattr *kind; 912 int err = -ENOMEM; 913 914 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 915 if (!skb) { 916 pr_debug("tca_action_flush: failed skb alloc\n"); 917 return err; 918 } 919 920 b = skb_tail_pointer(skb); 921 922 err = nla_parse_nested(tb, TCA_ACT_MAX, nla, NULL, NULL); 923 if (err < 0) 924 goto err_out; 925 926 err = -EINVAL; 927 kind = tb[TCA_ACT_KIND]; 928 ops = tc_lookup_action(kind); 929 if (!ops) /*some idjot trying to flush unknown action */ 930 goto err_out; 931 932 nlh = nlmsg_put(skb, portid, n->nlmsg_seq, RTM_DELACTION, 933 sizeof(*t), 0); 934 if (!nlh) 935 goto out_module_put; 936 t = nlmsg_data(nlh); 937 t->tca_family = AF_UNSPEC; 938 t->tca__pad1 = 0; 939 t->tca__pad2 = 0; 940 941 nest = nla_nest_start(skb, TCA_ACT_TAB); 942 if (nest == NULL) 943 goto out_module_put; 944 945 err = ops->walk(net, skb, &dcb, RTM_DELACTION, ops); 946 if (err <= 0) 947 goto out_module_put; 948 949 nla_nest_end(skb, nest); 950 951 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 952 nlh->nlmsg_flags |= NLM_F_ROOT; 953 module_put(ops->owner); 954 err = rtnetlink_send(skb, net, portid, RTNLGRP_TC, 955 n->nlmsg_flags & NLM_F_ECHO); 956 if (err > 0) 957 return 0; 958 959 return err; 960 961 out_module_put: 962 module_put(ops->owner); 963 err_out: 964 kfree_skb(skb); 965 return err; 966 } 967 968 static int 969 tcf_del_notify(struct net *net, struct nlmsghdr *n, struct list_head *actions, 970 u32 portid) 971 { 972 int ret; 973 struct sk_buff *skb; 974 975 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 976 if (!skb) 977 return -ENOBUFS; 978 979 if (tca_get_fill(skb, actions, portid, n->nlmsg_seq, 0, RTM_DELACTION, 980 0, 1) <= 0) { 981 kfree_skb(skb); 982 return -EINVAL; 983 } 984 985 /* now do the delete */ 986 ret = tcf_action_destroy(actions, 0); 987 if (ret < 0) { 988 kfree_skb(skb); 989 return ret; 990 } 991 992 ret = rtnetlink_send(skb, net, portid, RTNLGRP_TC, 993 n->nlmsg_flags & NLM_F_ECHO); 994 if (ret > 0) 995 return 0; 996 return ret; 997 } 998 999 static int 1000 tca_action_gd(struct net *net, struct nlattr *nla, struct nlmsghdr *n, 1001 u32 portid, int event) 1002 { 1003 int i, ret; 1004 struct nlattr *tb[TCA_ACT_MAX_PRIO + 1]; 1005 struct tc_action *act; 1006 LIST_HEAD(actions); 1007 1008 ret = nla_parse_nested(tb, TCA_ACT_MAX_PRIO, nla, NULL, NULL); 1009 if (ret < 0) 1010 return ret; 1011 1012 if (event == RTM_DELACTION && n->nlmsg_flags & NLM_F_ROOT) { 1013 if (tb[1] != NULL) 1014 return tca_action_flush(net, tb[1], n, portid); 1015 else 1016 return -EINVAL; 1017 } 1018 1019 for (i = 1; i <= TCA_ACT_MAX_PRIO && tb[i]; i++) { 1020 act = tcf_action_get_1(net, tb[i], n, portid); 1021 if (IS_ERR(act)) { 1022 ret = PTR_ERR(act); 1023 goto err; 1024 } 1025 act->order = i; 1026 list_add_tail(&act->list, &actions); 1027 } 1028 1029 if (event == RTM_GETACTION) 1030 ret = tcf_get_notify(net, portid, n, &actions, event); 1031 else { /* delete */ 1032 ret = tcf_del_notify(net, n, &actions, portid); 1033 if (ret) 1034 goto err; 1035 return ret; 1036 } 1037 err: 1038 if (event != RTM_GETACTION) 1039 tcf_action_destroy(&actions, 0); 1040 return ret; 1041 } 1042 1043 static int 1044 tcf_add_notify(struct net *net, struct nlmsghdr *n, struct list_head *actions, 1045 u32 portid) 1046 { 1047 struct sk_buff *skb; 1048 int err = 0; 1049 1050 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 1051 if (!skb) 1052 return -ENOBUFS; 1053 1054 if (tca_get_fill(skb, actions, portid, n->nlmsg_seq, n->nlmsg_flags, 1055 RTM_NEWACTION, 0, 0) <= 0) { 1056 kfree_skb(skb); 1057 return -EINVAL; 1058 } 1059 1060 err = rtnetlink_send(skb, net, portid, RTNLGRP_TC, 1061 n->nlmsg_flags & NLM_F_ECHO); 1062 if (err > 0) 1063 err = 0; 1064 return err; 1065 } 1066 1067 static int tcf_action_add(struct net *net, struct nlattr *nla, 1068 struct nlmsghdr *n, u32 portid, int ovr) 1069 { 1070 int ret = 0; 1071 LIST_HEAD(actions); 1072 1073 ret = tcf_action_init(net, NULL, nla, NULL, NULL, ovr, 0, &actions); 1074 if (ret) 1075 return ret; 1076 1077 return tcf_add_notify(net, n, &actions, portid); 1078 } 1079 1080 static u32 tcaa_root_flags_allowed = TCA_FLAG_LARGE_DUMP_ON; 1081 static const struct nla_policy tcaa_policy[TCA_ROOT_MAX + 1] = { 1082 [TCA_ROOT_FLAGS] = { .type = NLA_BITFIELD32, 1083 .validation_data = &tcaa_root_flags_allowed }, 1084 [TCA_ROOT_TIME_DELTA] = { .type = NLA_U32 }, 1085 }; 1086 1087 static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n, 1088 struct netlink_ext_ack *extack) 1089 { 1090 struct net *net = sock_net(skb->sk); 1091 struct nlattr *tca[TCA_ROOT_MAX + 1]; 1092 u32 portid = skb ? NETLINK_CB(skb).portid : 0; 1093 int ret = 0, ovr = 0; 1094 1095 if ((n->nlmsg_type != RTM_GETACTION) && 1096 !netlink_capable(skb, CAP_NET_ADMIN)) 1097 return -EPERM; 1098 1099 ret = nlmsg_parse(n, sizeof(struct tcamsg), tca, TCA_ROOT_MAX, NULL, 1100 extack); 1101 if (ret < 0) 1102 return ret; 1103 1104 if (tca[TCA_ACT_TAB] == NULL) { 1105 pr_notice("tc_ctl_action: received NO action attribs\n"); 1106 return -EINVAL; 1107 } 1108 1109 /* n->nlmsg_flags & NLM_F_CREATE */ 1110 switch (n->nlmsg_type) { 1111 case RTM_NEWACTION: 1112 /* we are going to assume all other flags 1113 * imply create only if it doesn't exist 1114 * Note that CREATE | EXCL implies that 1115 * but since we want avoid ambiguity (eg when flags 1116 * is zero) then just set this 1117 */ 1118 if (n->nlmsg_flags & NLM_F_REPLACE) 1119 ovr = 1; 1120 replay: 1121 ret = tcf_action_add(net, tca[TCA_ACT_TAB], n, portid, ovr); 1122 if (ret == -EAGAIN) 1123 goto replay; 1124 break; 1125 case RTM_DELACTION: 1126 ret = tca_action_gd(net, tca[TCA_ACT_TAB], n, 1127 portid, RTM_DELACTION); 1128 break; 1129 case RTM_GETACTION: 1130 ret = tca_action_gd(net, tca[TCA_ACT_TAB], n, 1131 portid, RTM_GETACTION); 1132 break; 1133 default: 1134 BUG(); 1135 } 1136 1137 return ret; 1138 } 1139 1140 static struct nlattr *find_dump_kind(struct nlattr **nla) 1141 { 1142 struct nlattr *tb1, *tb2[TCA_ACT_MAX + 1]; 1143 struct nlattr *tb[TCA_ACT_MAX_PRIO + 1]; 1144 struct nlattr *kind; 1145 1146 tb1 = nla[TCA_ACT_TAB]; 1147 if (tb1 == NULL) 1148 return NULL; 1149 1150 if (nla_parse(tb, TCA_ACT_MAX_PRIO, nla_data(tb1), 1151 NLMSG_ALIGN(nla_len(tb1)), NULL, NULL) < 0) 1152 return NULL; 1153 1154 if (tb[1] == NULL) 1155 return NULL; 1156 if (nla_parse_nested(tb2, TCA_ACT_MAX, tb[1], NULL, NULL) < 0) 1157 return NULL; 1158 kind = tb2[TCA_ACT_KIND]; 1159 1160 return kind; 1161 } 1162 1163 static int tc_dump_action(struct sk_buff *skb, struct netlink_callback *cb) 1164 { 1165 struct net *net = sock_net(skb->sk); 1166 struct nlmsghdr *nlh; 1167 unsigned char *b = skb_tail_pointer(skb); 1168 struct nlattr *nest; 1169 struct tc_action_ops *a_o; 1170 int ret = 0; 1171 struct tcamsg *t = (struct tcamsg *) nlmsg_data(cb->nlh); 1172 struct nlattr *tb[TCA_ROOT_MAX + 1]; 1173 struct nlattr *count_attr = NULL; 1174 unsigned long jiffy_since = 0; 1175 struct nlattr *kind = NULL; 1176 struct nla_bitfield32 bf; 1177 u32 msecs_since = 0; 1178 u32 act_count = 0; 1179 1180 ret = nlmsg_parse(cb->nlh, sizeof(struct tcamsg), tb, TCA_ROOT_MAX, 1181 tcaa_policy, NULL); 1182 if (ret < 0) 1183 return ret; 1184 1185 kind = find_dump_kind(tb); 1186 if (kind == NULL) { 1187 pr_info("tc_dump_action: action bad kind\n"); 1188 return 0; 1189 } 1190 1191 a_o = tc_lookup_action(kind); 1192 if (a_o == NULL) 1193 return 0; 1194 1195 cb->args[2] = 0; 1196 if (tb[TCA_ROOT_FLAGS]) { 1197 bf = nla_get_bitfield32(tb[TCA_ROOT_FLAGS]); 1198 cb->args[2] = bf.value; 1199 } 1200 1201 if (tb[TCA_ROOT_TIME_DELTA]) { 1202 msecs_since = nla_get_u32(tb[TCA_ROOT_TIME_DELTA]); 1203 } 1204 1205 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq, 1206 cb->nlh->nlmsg_type, sizeof(*t), 0); 1207 if (!nlh) 1208 goto out_module_put; 1209 1210 if (msecs_since) 1211 jiffy_since = jiffies - msecs_to_jiffies(msecs_since); 1212 1213 t = nlmsg_data(nlh); 1214 t->tca_family = AF_UNSPEC; 1215 t->tca__pad1 = 0; 1216 t->tca__pad2 = 0; 1217 cb->args[3] = jiffy_since; 1218 count_attr = nla_reserve(skb, TCA_ROOT_COUNT, sizeof(u32)); 1219 if (!count_attr) 1220 goto out_module_put; 1221 1222 nest = nla_nest_start(skb, TCA_ACT_TAB); 1223 if (nest == NULL) 1224 goto out_module_put; 1225 1226 ret = a_o->walk(net, skb, cb, RTM_GETACTION, a_o); 1227 if (ret < 0) 1228 goto out_module_put; 1229 1230 if (ret > 0) { 1231 nla_nest_end(skb, nest); 1232 ret = skb->len; 1233 act_count = cb->args[1]; 1234 memcpy(nla_data(count_attr), &act_count, sizeof(u32)); 1235 cb->args[1] = 0; 1236 } else 1237 nlmsg_trim(skb, b); 1238 1239 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 1240 if (NETLINK_CB(cb->skb).portid && ret) 1241 nlh->nlmsg_flags |= NLM_F_MULTI; 1242 module_put(a_o->owner); 1243 return skb->len; 1244 1245 out_module_put: 1246 module_put(a_o->owner); 1247 nlmsg_trim(skb, b); 1248 return skb->len; 1249 } 1250 1251 static int __init tc_action_init(void) 1252 { 1253 rtnl_register(PF_UNSPEC, RTM_NEWACTION, tc_ctl_action, NULL, 0); 1254 rtnl_register(PF_UNSPEC, RTM_DELACTION, tc_ctl_action, NULL, 0); 1255 rtnl_register(PF_UNSPEC, RTM_GETACTION, tc_ctl_action, tc_dump_action, 1256 0); 1257 1258 return 0; 1259 } 1260 1261 subsys_initcall(tc_action_init); 1262