1 // SPDX-License-Identifier: GPL-2.0-only 2 #include <linux/types.h> 3 #include <linux/spinlock.h> 4 #include <linux/sock_diag.h> 5 #include <linux/unix_diag.h> 6 #include <linux/skbuff.h> 7 #include <linux/module.h> 8 #include <linux/uidgid.h> 9 #include <net/netlink.h> 10 #include <net/af_unix.h> 11 #include <net/tcp_states.h> 12 #include <net/sock.h> 13 14 static int sk_diag_dump_name(struct sock *sk, struct sk_buff *nlskb) 15 { 16 /* might or might not have unix_table_lock */ 17 struct unix_address *addr = smp_load_acquire(&unix_sk(sk)->addr); 18 19 if (!addr) 20 return 0; 21 22 return nla_put(nlskb, UNIX_DIAG_NAME, addr->len - sizeof(short), 23 addr->name->sun_path); 24 } 25 26 static int sk_diag_dump_vfs(struct sock *sk, struct sk_buff *nlskb) 27 { 28 struct dentry *dentry = unix_sk(sk)->path.dentry; 29 30 if (dentry) { 31 struct unix_diag_vfs uv = { 32 .udiag_vfs_ino = d_backing_inode(dentry)->i_ino, 33 .udiag_vfs_dev = dentry->d_sb->s_dev, 34 }; 35 36 return nla_put(nlskb, UNIX_DIAG_VFS, sizeof(uv), &uv); 37 } 38 39 return 0; 40 } 41 42 static int sk_diag_dump_peer(struct sock *sk, struct sk_buff *nlskb) 43 { 44 struct sock *peer; 45 int ino; 46 47 peer = unix_peer_get(sk); 48 if (peer) { 49 unix_state_lock(peer); 50 ino = sock_i_ino(peer); 51 unix_state_unlock(peer); 52 sock_put(peer); 53 54 return nla_put_u32(nlskb, UNIX_DIAG_PEER, ino); 55 } 56 57 return 0; 58 } 59 60 static int sk_diag_dump_icons(struct sock *sk, struct sk_buff *nlskb) 61 { 62 struct sk_buff *skb; 63 struct nlattr *attr; 64 u32 *buf; 65 int i; 66 67 if (sk->sk_state == TCP_LISTEN) { 68 spin_lock(&sk->sk_receive_queue.lock); 69 70 attr = nla_reserve(nlskb, UNIX_DIAG_ICONS, 71 sk->sk_receive_queue.qlen * sizeof(u32)); 72 if (!attr) 73 goto errout; 74 75 buf = nla_data(attr); 76 i = 0; 77 skb_queue_walk(&sk->sk_receive_queue, skb) { 78 struct sock *req, *peer; 79 80 req = skb->sk; 81 /* 82 * The state lock is outer for the same sk's 83 * queue lock. With the other's queue locked it's 84 * OK to lock the state. 85 */ 86 unix_state_lock_nested(req); 87 peer = unix_sk(req)->peer; 88 buf[i++] = (peer ? sock_i_ino(peer) : 0); 89 unix_state_unlock(req); 90 } 91 spin_unlock(&sk->sk_receive_queue.lock); 92 } 93 94 return 0; 95 96 errout: 97 spin_unlock(&sk->sk_receive_queue.lock); 98 return -EMSGSIZE; 99 } 100 101 static int sk_diag_show_rqlen(struct sock *sk, struct sk_buff *nlskb) 102 { 103 struct unix_diag_rqlen rql; 104 105 if (sk->sk_state == TCP_LISTEN) { 106 rql.udiag_rqueue = sk->sk_receive_queue.qlen; 107 rql.udiag_wqueue = sk->sk_max_ack_backlog; 108 } else { 109 rql.udiag_rqueue = (u32) unix_inq_len(sk); 110 rql.udiag_wqueue = (u32) unix_outq_len(sk); 111 } 112 113 return nla_put(nlskb, UNIX_DIAG_RQLEN, sizeof(rql), &rql); 114 } 115 116 static int sk_diag_dump_uid(struct sock *sk, struct sk_buff *nlskb) 117 { 118 uid_t uid = from_kuid_munged(sk_user_ns(nlskb->sk), sock_i_uid(sk)); 119 return nla_put(nlskb, UNIX_DIAG_UID, sizeof(uid_t), &uid); 120 } 121 122 static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req, 123 u32 portid, u32 seq, u32 flags, int sk_ino) 124 { 125 struct nlmsghdr *nlh; 126 struct unix_diag_msg *rep; 127 128 nlh = nlmsg_put(skb, portid, seq, SOCK_DIAG_BY_FAMILY, sizeof(*rep), 129 flags); 130 if (!nlh) 131 return -EMSGSIZE; 132 133 rep = nlmsg_data(nlh); 134 rep->udiag_family = AF_UNIX; 135 rep->udiag_type = sk->sk_type; 136 rep->udiag_state = sk->sk_state; 137 rep->pad = 0; 138 rep->udiag_ino = sk_ino; 139 sock_diag_save_cookie(sk, rep->udiag_cookie); 140 141 if ((req->udiag_show & UDIAG_SHOW_NAME) && 142 sk_diag_dump_name(sk, skb)) 143 goto out_nlmsg_trim; 144 145 if ((req->udiag_show & UDIAG_SHOW_VFS) && 146 sk_diag_dump_vfs(sk, skb)) 147 goto out_nlmsg_trim; 148 149 if ((req->udiag_show & UDIAG_SHOW_PEER) && 150 sk_diag_dump_peer(sk, skb)) 151 goto out_nlmsg_trim; 152 153 if ((req->udiag_show & UDIAG_SHOW_ICONS) && 154 sk_diag_dump_icons(sk, skb)) 155 goto out_nlmsg_trim; 156 157 if ((req->udiag_show & UDIAG_SHOW_RQLEN) && 158 sk_diag_show_rqlen(sk, skb)) 159 goto out_nlmsg_trim; 160 161 if ((req->udiag_show & UDIAG_SHOW_MEMINFO) && 162 sock_diag_put_meminfo(sk, skb, UNIX_DIAG_MEMINFO)) 163 goto out_nlmsg_trim; 164 165 if (nla_put_u8(skb, UNIX_DIAG_SHUTDOWN, sk->sk_shutdown)) 166 goto out_nlmsg_trim; 167 168 if ((req->udiag_show & UDIAG_SHOW_UID) && 169 sk_diag_dump_uid(sk, skb)) 170 goto out_nlmsg_trim; 171 172 nlmsg_end(skb, nlh); 173 return 0; 174 175 out_nlmsg_trim: 176 nlmsg_cancel(skb, nlh); 177 return -EMSGSIZE; 178 } 179 180 static int sk_diag_dump(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req, 181 u32 portid, u32 seq, u32 flags) 182 { 183 int sk_ino; 184 185 unix_state_lock(sk); 186 sk_ino = sock_i_ino(sk); 187 unix_state_unlock(sk); 188 189 if (!sk_ino) 190 return 0; 191 192 return sk_diag_fill(sk, skb, req, portid, seq, flags, sk_ino); 193 } 194 195 static int unix_diag_dump(struct sk_buff *skb, struct netlink_callback *cb) 196 { 197 struct unix_diag_req *req; 198 int num, s_num, slot, s_slot; 199 struct net *net = sock_net(skb->sk); 200 201 req = nlmsg_data(cb->nlh); 202 203 s_slot = cb->args[0]; 204 num = s_num = cb->args[1]; 205 206 spin_lock(&unix_table_lock); 207 for (slot = s_slot; 208 slot < ARRAY_SIZE(unix_socket_table); 209 s_num = 0, slot++) { 210 struct sock *sk; 211 212 num = 0; 213 sk_for_each(sk, &unix_socket_table[slot]) { 214 if (!net_eq(sock_net(sk), net)) 215 continue; 216 if (num < s_num) 217 goto next; 218 if (!(req->udiag_states & (1 << sk->sk_state))) 219 goto next; 220 if (sk_diag_dump(sk, skb, req, 221 NETLINK_CB(cb->skb).portid, 222 cb->nlh->nlmsg_seq, 223 NLM_F_MULTI) < 0) 224 goto done; 225 next: 226 num++; 227 } 228 } 229 done: 230 spin_unlock(&unix_table_lock); 231 cb->args[0] = slot; 232 cb->args[1] = num; 233 234 return skb->len; 235 } 236 237 static struct sock *unix_lookup_by_ino(unsigned int ino) 238 { 239 int i; 240 struct sock *sk; 241 242 spin_lock(&unix_table_lock); 243 for (i = 0; i < ARRAY_SIZE(unix_socket_table); i++) { 244 sk_for_each(sk, &unix_socket_table[i]) 245 if (ino == sock_i_ino(sk)) { 246 sock_hold(sk); 247 spin_unlock(&unix_table_lock); 248 249 return sk; 250 } 251 } 252 253 spin_unlock(&unix_table_lock); 254 return NULL; 255 } 256 257 static int unix_diag_get_exact(struct sk_buff *in_skb, 258 const struct nlmsghdr *nlh, 259 struct unix_diag_req *req) 260 { 261 int err = -EINVAL; 262 struct sock *sk; 263 struct sk_buff *rep; 264 unsigned int extra_len; 265 struct net *net = sock_net(in_skb->sk); 266 267 if (req->udiag_ino == 0) 268 goto out_nosk; 269 270 sk = unix_lookup_by_ino(req->udiag_ino); 271 err = -ENOENT; 272 if (sk == NULL) 273 goto out_nosk; 274 if (!net_eq(sock_net(sk), net)) 275 goto out; 276 277 err = sock_diag_check_cookie(sk, req->udiag_cookie); 278 if (err) 279 goto out; 280 281 extra_len = 256; 282 again: 283 err = -ENOMEM; 284 rep = nlmsg_new(sizeof(struct unix_diag_msg) + extra_len, GFP_KERNEL); 285 if (!rep) 286 goto out; 287 288 err = sk_diag_fill(sk, rep, req, NETLINK_CB(in_skb).portid, 289 nlh->nlmsg_seq, 0, req->udiag_ino); 290 if (err < 0) { 291 nlmsg_free(rep); 292 extra_len += 256; 293 if (extra_len >= PAGE_SIZE) 294 goto out; 295 296 goto again; 297 } 298 err = netlink_unicast(net->diag_nlsk, rep, NETLINK_CB(in_skb).portid, 299 MSG_DONTWAIT); 300 if (err > 0) 301 err = 0; 302 out: 303 if (sk) 304 sock_put(sk); 305 out_nosk: 306 return err; 307 } 308 309 static int unix_diag_handler_dump(struct sk_buff *skb, struct nlmsghdr *h) 310 { 311 int hdrlen = sizeof(struct unix_diag_req); 312 struct net *net = sock_net(skb->sk); 313 314 if (nlmsg_len(h) < hdrlen) 315 return -EINVAL; 316 317 if (h->nlmsg_flags & NLM_F_DUMP) { 318 struct netlink_dump_control c = { 319 .dump = unix_diag_dump, 320 }; 321 return netlink_dump_start(net->diag_nlsk, skb, h, &c); 322 } else 323 return unix_diag_get_exact(skb, h, nlmsg_data(h)); 324 } 325 326 static const struct sock_diag_handler unix_diag_handler = { 327 .family = AF_UNIX, 328 .dump = unix_diag_handler_dump, 329 }; 330 331 static int __init unix_diag_init(void) 332 { 333 return sock_diag_register(&unix_diag_handler); 334 } 335 336 static void __exit unix_diag_exit(void) 337 { 338 sock_diag_unregister(&unix_diag_handler); 339 } 340 341 module_init(unix_diag_init); 342 module_exit(unix_diag_exit); 343 MODULE_LICENSE("GPL"); 344 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 1 /* AF_LOCAL */); 345