1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * NETLINK Generic Netlink Family
4 *
5 * Authors: Jamal Hadi Salim
6 * Thomas Graf <tgraf@suug.ch>
7 * Johannes Berg <johannes@sipsolutions.net>
8 */
9
10 #include <linux/module.h>
11 #include <linux/kernel.h>
12 #include <linux/slab.h>
13 #include <linux/errno.h>
14 #include <linux/types.h>
15 #include <linux/socket.h>
16 #include <linux/string_helpers.h>
17 #include <linux/skbuff.h>
18 #include <linux/mutex.h>
19 #include <linux/bitmap.h>
20 #include <linux/rwsem.h>
21 #include <linux/idr.h>
22 #include <net/sock.h>
23 #include <net/genetlink.h>
24
25 static DEFINE_MUTEX(genl_mutex); /* serialization of message processing */
26 static DECLARE_RWSEM(cb_lock);
27
28 atomic_t genl_sk_destructing_cnt = ATOMIC_INIT(0);
29 DECLARE_WAIT_QUEUE_HEAD(genl_sk_destructing_waitq);
30
genl_lock(void)31 void genl_lock(void)
32 {
33 mutex_lock(&genl_mutex);
34 }
35 EXPORT_SYMBOL(genl_lock);
36
genl_unlock(void)37 void genl_unlock(void)
38 {
39 mutex_unlock(&genl_mutex);
40 }
41 EXPORT_SYMBOL(genl_unlock);
42
genl_lock_all(void)43 static void genl_lock_all(void)
44 {
45 down_write(&cb_lock);
46 genl_lock();
47 }
48
genl_unlock_all(void)49 static void genl_unlock_all(void)
50 {
51 genl_unlock();
52 up_write(&cb_lock);
53 }
54
genl_op_lock(const struct genl_family * family)55 static void genl_op_lock(const struct genl_family *family)
56 {
57 if (!family->parallel_ops)
58 genl_lock();
59 }
60
genl_op_unlock(const struct genl_family * family)61 static void genl_op_unlock(const struct genl_family *family)
62 {
63 if (!family->parallel_ops)
64 genl_unlock();
65 }
66
67 static DEFINE_IDR(genl_fam_idr);
68
69 /*
70 * Bitmap of multicast groups that are currently in use.
71 *
72 * To avoid an allocation at boot of just one unsigned long,
73 * declare it global instead.
74 * Bit 0 is marked as already used since group 0 is invalid.
75 * Bit 1 is marked as already used since the drop-monitor code
76 * abuses the API and thinks it can statically use group 1.
77 * That group will typically conflict with other groups that
78 * any proper users use.
79 * Bit 16 is marked as used since it's used for generic netlink
80 * and the code no longer marks pre-reserved IDs as used.
81 * Bit 17 is marked as already used since the VFS quota code
82 * also abused this API and relied on family == group ID, we
83 * cater to that by giving it a static family and group ID.
84 * Bit 18 is marked as already used since the PMCRAID driver
85 * did the same thing as the VFS quota code (maybe copied?)
86 */
87 static unsigned long mc_group_start = 0x3 | BIT(GENL_ID_CTRL) |
88 BIT(GENL_ID_VFS_DQUOT) |
89 BIT(GENL_ID_PMCRAID);
90 static unsigned long *mc_groups = &mc_group_start;
91 static unsigned long mc_groups_longs = 1;
92
93 /* We need the last attribute with non-zero ID therefore a 2-entry array */
94 static struct nla_policy genl_policy_reject_all[] = {
95 { .type = NLA_REJECT },
96 { .type = NLA_REJECT },
97 };
98
99 static int genl_ctrl_event(int event, const struct genl_family *family,
100 const struct genl_multicast_group *grp,
101 int grp_id);
102
103 static void
genl_op_fill_in_reject_policy(const struct genl_family * family,struct genl_ops * op)104 genl_op_fill_in_reject_policy(const struct genl_family *family,
105 struct genl_ops *op)
106 {
107 BUILD_BUG_ON(ARRAY_SIZE(genl_policy_reject_all) - 1 != 1);
108
109 if (op->policy || op->cmd < family->resv_start_op)
110 return;
111
112 op->policy = genl_policy_reject_all;
113 op->maxattr = 1;
114 }
115
116 static void
genl_op_fill_in_reject_policy_split(const struct genl_family * family,struct genl_split_ops * op)117 genl_op_fill_in_reject_policy_split(const struct genl_family *family,
118 struct genl_split_ops *op)
119 {
120 if (op->policy)
121 return;
122
123 op->policy = genl_policy_reject_all;
124 op->maxattr = 1;
125 }
126
genl_family_find_byid(unsigned int id)127 static const struct genl_family *genl_family_find_byid(unsigned int id)
128 {
129 return idr_find(&genl_fam_idr, id);
130 }
131
genl_family_find_byname(char * name)132 static const struct genl_family *genl_family_find_byname(char *name)
133 {
134 const struct genl_family *family;
135 unsigned int id;
136
137 idr_for_each_entry(&genl_fam_idr, family, id)
138 if (strcmp(family->name, name) == 0)
139 return family;
140
141 return NULL;
142 }
143
144 struct genl_op_iter {
145 const struct genl_family *family;
146 struct genl_split_ops doit;
147 struct genl_split_ops dumpit;
148 int cmd_idx;
149 int entry_idx;
150 u32 cmd;
151 u8 flags;
152 };
153
genl_op_from_full(const struct genl_family * family,unsigned int i,struct genl_ops * op)154 static void genl_op_from_full(const struct genl_family *family,
155 unsigned int i, struct genl_ops *op)
156 {
157 *op = family->ops[i];
158
159 if (!op->maxattr)
160 op->maxattr = family->maxattr;
161 if (!op->policy)
162 op->policy = family->policy;
163
164 genl_op_fill_in_reject_policy(family, op);
165 }
166
genl_get_cmd_full(u32 cmd,const struct genl_family * family,struct genl_ops * op)167 static int genl_get_cmd_full(u32 cmd, const struct genl_family *family,
168 struct genl_ops *op)
169 {
170 int i;
171
172 for (i = 0; i < family->n_ops; i++)
173 if (family->ops[i].cmd == cmd) {
174 genl_op_from_full(family, i, op);
175 return 0;
176 }
177
178 return -ENOENT;
179 }
180
genl_op_from_small(const struct genl_family * family,unsigned int i,struct genl_ops * op)181 static void genl_op_from_small(const struct genl_family *family,
182 unsigned int i, struct genl_ops *op)
183 {
184 memset(op, 0, sizeof(*op));
185 op->doit = family->small_ops[i].doit;
186 op->dumpit = family->small_ops[i].dumpit;
187 op->cmd = family->small_ops[i].cmd;
188 op->internal_flags = family->small_ops[i].internal_flags;
189 op->flags = family->small_ops[i].flags;
190 op->validate = family->small_ops[i].validate;
191
192 op->maxattr = family->maxattr;
193 op->policy = family->policy;
194
195 genl_op_fill_in_reject_policy(family, op);
196 }
197
genl_get_cmd_small(u32 cmd,const struct genl_family * family,struct genl_ops * op)198 static int genl_get_cmd_small(u32 cmd, const struct genl_family *family,
199 struct genl_ops *op)
200 {
201 int i;
202
203 for (i = 0; i < family->n_small_ops; i++)
204 if (family->small_ops[i].cmd == cmd) {
205 genl_op_from_small(family, i, op);
206 return 0;
207 }
208
209 return -ENOENT;
210 }
211
genl_op_from_split(struct genl_op_iter * iter)212 static void genl_op_from_split(struct genl_op_iter *iter)
213 {
214 const struct genl_family *family = iter->family;
215 int i, cnt = 0;
216
217 i = iter->entry_idx - family->n_ops - family->n_small_ops;
218
219 if (family->split_ops[i + cnt].flags & GENL_CMD_CAP_DO) {
220 iter->doit = family->split_ops[i + cnt];
221 genl_op_fill_in_reject_policy_split(family, &iter->doit);
222 cnt++;
223 } else {
224 memset(&iter->doit, 0, sizeof(iter->doit));
225 }
226
227 if (i + cnt < family->n_split_ops &&
228 family->split_ops[i + cnt].flags & GENL_CMD_CAP_DUMP) {
229 iter->dumpit = family->split_ops[i + cnt];
230 genl_op_fill_in_reject_policy_split(family, &iter->dumpit);
231 cnt++;
232 } else {
233 memset(&iter->dumpit, 0, sizeof(iter->dumpit));
234 }
235
236 WARN_ON(!cnt);
237 iter->entry_idx += cnt;
238 }
239
240 static int
genl_get_cmd_split(u32 cmd,u8 flag,const struct genl_family * family,struct genl_split_ops * op)241 genl_get_cmd_split(u32 cmd, u8 flag, const struct genl_family *family,
242 struct genl_split_ops *op)
243 {
244 int i;
245
246 for (i = 0; i < family->n_split_ops; i++)
247 if (family->split_ops[i].cmd == cmd &&
248 family->split_ops[i].flags & flag) {
249 *op = family->split_ops[i];
250 return 0;
251 }
252
253 return -ENOENT;
254 }
255
256 static int
genl_cmd_full_to_split(struct genl_split_ops * op,const struct genl_family * family,const struct genl_ops * full,u8 flags)257 genl_cmd_full_to_split(struct genl_split_ops *op,
258 const struct genl_family *family,
259 const struct genl_ops *full, u8 flags)
260 {
261 if ((flags & GENL_CMD_CAP_DO && !full->doit) ||
262 (flags & GENL_CMD_CAP_DUMP && !full->dumpit)) {
263 memset(op, 0, sizeof(*op));
264 return -ENOENT;
265 }
266
267 if (flags & GENL_CMD_CAP_DUMP) {
268 op->start = full->start;
269 op->dumpit = full->dumpit;
270 op->done = full->done;
271 } else {
272 op->pre_doit = family->pre_doit;
273 op->doit = full->doit;
274 op->post_doit = family->post_doit;
275 }
276
277 if (flags & GENL_CMD_CAP_DUMP &&
278 full->validate & GENL_DONT_VALIDATE_DUMP) {
279 op->policy = NULL;
280 op->maxattr = 0;
281 } else {
282 op->policy = full->policy;
283 op->maxattr = full->maxattr;
284 }
285
286 op->cmd = full->cmd;
287 op->internal_flags = full->internal_flags;
288 op->flags = full->flags;
289 op->validate = full->validate;
290
291 /* Make sure flags include the GENL_CMD_CAP_DO / GENL_CMD_CAP_DUMP */
292 op->flags |= flags;
293
294 return 0;
295 }
296
297 /* Must make sure that op is initialized to 0 on failure */
298 static int
genl_get_cmd(u32 cmd,u8 flags,const struct genl_family * family,struct genl_split_ops * op)299 genl_get_cmd(u32 cmd, u8 flags, const struct genl_family *family,
300 struct genl_split_ops *op)
301 {
302 struct genl_ops full;
303 int err;
304
305 err = genl_get_cmd_full(cmd, family, &full);
306 if (err == -ENOENT)
307 err = genl_get_cmd_small(cmd, family, &full);
308 /* Found one of legacy forms */
309 if (err == 0)
310 return genl_cmd_full_to_split(op, family, &full, flags);
311
312 err = genl_get_cmd_split(cmd, flags, family, op);
313 if (err)
314 memset(op, 0, sizeof(*op));
315 return err;
316 }
317
318 /* For policy dumping only, get ops of both do and dump.
319 * Fail if both are missing, genl_get_cmd() will zero-init in case of failure.
320 */
321 static int
genl_get_cmd_both(u32 cmd,const struct genl_family * family,struct genl_split_ops * doit,struct genl_split_ops * dumpit)322 genl_get_cmd_both(u32 cmd, const struct genl_family *family,
323 struct genl_split_ops *doit, struct genl_split_ops *dumpit)
324 {
325 int err1, err2;
326
327 err1 = genl_get_cmd(cmd, GENL_CMD_CAP_DO, family, doit);
328 err2 = genl_get_cmd(cmd, GENL_CMD_CAP_DUMP, family, dumpit);
329
330 return err1 && err2 ? -ENOENT : 0;
331 }
332
333 static bool
genl_op_iter_init(const struct genl_family * family,struct genl_op_iter * iter)334 genl_op_iter_init(const struct genl_family *family, struct genl_op_iter *iter)
335 {
336 iter->family = family;
337 iter->cmd_idx = 0;
338 iter->entry_idx = 0;
339
340 iter->flags = 0;
341
342 return iter->family->n_ops +
343 iter->family->n_small_ops +
344 iter->family->n_split_ops;
345 }
346
genl_op_iter_next(struct genl_op_iter * iter)347 static bool genl_op_iter_next(struct genl_op_iter *iter)
348 {
349 const struct genl_family *family = iter->family;
350 bool legacy_op = true;
351 struct genl_ops op;
352
353 if (iter->entry_idx < family->n_ops) {
354 genl_op_from_full(family, iter->entry_idx, &op);
355 } else if (iter->entry_idx < family->n_ops + family->n_small_ops) {
356 genl_op_from_small(family, iter->entry_idx - family->n_ops,
357 &op);
358 } else if (iter->entry_idx <
359 family->n_ops + family->n_small_ops + family->n_split_ops) {
360 legacy_op = false;
361 /* updates entry_idx */
362 genl_op_from_split(iter);
363 } else {
364 return false;
365 }
366
367 iter->cmd_idx++;
368
369 if (legacy_op) {
370 iter->entry_idx++;
371
372 genl_cmd_full_to_split(&iter->doit, family,
373 &op, GENL_CMD_CAP_DO);
374 genl_cmd_full_to_split(&iter->dumpit, family,
375 &op, GENL_CMD_CAP_DUMP);
376 }
377
378 iter->cmd = iter->doit.cmd | iter->dumpit.cmd;
379 iter->flags = iter->doit.flags | iter->dumpit.flags;
380
381 return true;
382 }
383
384 static void
genl_op_iter_copy(struct genl_op_iter * dst,struct genl_op_iter * src)385 genl_op_iter_copy(struct genl_op_iter *dst, struct genl_op_iter *src)
386 {
387 *dst = *src;
388 }
389
genl_op_iter_idx(struct genl_op_iter * iter)390 static unsigned int genl_op_iter_idx(struct genl_op_iter *iter)
391 {
392 return iter->cmd_idx;
393 }
394
genl_allocate_reserve_groups(int n_groups,int * first_id)395 static int genl_allocate_reserve_groups(int n_groups, int *first_id)
396 {
397 unsigned long *new_groups;
398 int start = 0;
399 int i;
400 int id;
401 bool fits;
402
403 do {
404 if (start == 0)
405 id = find_first_zero_bit(mc_groups,
406 mc_groups_longs *
407 BITS_PER_LONG);
408 else
409 id = find_next_zero_bit(mc_groups,
410 mc_groups_longs * BITS_PER_LONG,
411 start);
412
413 fits = true;
414 for (i = id;
415 i < min_t(int, id + n_groups,
416 mc_groups_longs * BITS_PER_LONG);
417 i++) {
418 if (test_bit(i, mc_groups)) {
419 start = i;
420 fits = false;
421 break;
422 }
423 }
424
425 if (id + n_groups > mc_groups_longs * BITS_PER_LONG) {
426 unsigned long new_longs = mc_groups_longs +
427 BITS_TO_LONGS(n_groups);
428 size_t nlen = new_longs * sizeof(unsigned long);
429
430 if (mc_groups == &mc_group_start) {
431 new_groups = kzalloc(nlen, GFP_KERNEL);
432 if (!new_groups)
433 return -ENOMEM;
434 mc_groups = new_groups;
435 *mc_groups = mc_group_start;
436 } else {
437 new_groups = krealloc(mc_groups, nlen,
438 GFP_KERNEL);
439 if (!new_groups)
440 return -ENOMEM;
441 mc_groups = new_groups;
442 for (i = 0; i < BITS_TO_LONGS(n_groups); i++)
443 mc_groups[mc_groups_longs + i] = 0;
444 }
445 mc_groups_longs = new_longs;
446 }
447 } while (!fits);
448
449 for (i = id; i < id + n_groups; i++)
450 set_bit(i, mc_groups);
451 *first_id = id;
452 return 0;
453 }
454
455 static struct genl_family genl_ctrl;
456
genl_validate_assign_mc_groups(struct genl_family * family)457 static int genl_validate_assign_mc_groups(struct genl_family *family)
458 {
459 int first_id;
460 int n_groups = family->n_mcgrps;
461 int err = 0, i;
462 bool groups_allocated = false;
463
464 if (!n_groups)
465 return 0;
466
467 for (i = 0; i < n_groups; i++) {
468 const struct genl_multicast_group *grp = &family->mcgrps[i];
469
470 if (WARN_ON(grp->name[0] == '\0'))
471 return -EINVAL;
472 if (WARN_ON(!string_is_terminated(grp->name, GENL_NAMSIZ)))
473 return -EINVAL;
474 }
475
476 /* special-case our own group and hacks */
477 if (family == &genl_ctrl) {
478 first_id = GENL_ID_CTRL;
479 BUG_ON(n_groups != 1);
480 } else if (strcmp(family->name, "NET_DM") == 0) {
481 first_id = 1;
482 BUG_ON(n_groups != 1);
483 } else if (family->id == GENL_ID_VFS_DQUOT) {
484 first_id = GENL_ID_VFS_DQUOT;
485 BUG_ON(n_groups != 1);
486 } else if (family->id == GENL_ID_PMCRAID) {
487 first_id = GENL_ID_PMCRAID;
488 BUG_ON(n_groups != 1);
489 } else {
490 groups_allocated = true;
491 err = genl_allocate_reserve_groups(n_groups, &first_id);
492 if (err)
493 return err;
494 }
495
496 family->mcgrp_offset = first_id;
497
498 /* if still initializing, can't and don't need to realloc bitmaps */
499 if (!init_net.genl_sock)
500 return 0;
501
502 if (family->netnsok) {
503 struct net *net;
504
505 netlink_table_grab();
506 rcu_read_lock();
507 for_each_net_rcu(net) {
508 err = __netlink_change_ngroups(net->genl_sock,
509 mc_groups_longs * BITS_PER_LONG);
510 if (err) {
511 /*
512 * No need to roll back, can only fail if
513 * memory allocation fails and then the
514 * number of _possible_ groups has been
515 * increased on some sockets which is ok.
516 */
517 break;
518 }
519 }
520 rcu_read_unlock();
521 netlink_table_ungrab();
522 } else {
523 err = netlink_change_ngroups(init_net.genl_sock,
524 mc_groups_longs * BITS_PER_LONG);
525 }
526
527 if (groups_allocated && err) {
528 for (i = 0; i < family->n_mcgrps; i++)
529 clear_bit(family->mcgrp_offset + i, mc_groups);
530 }
531
532 return err;
533 }
534
genl_unregister_mc_groups(const struct genl_family * family)535 static void genl_unregister_mc_groups(const struct genl_family *family)
536 {
537 struct net *net;
538 int i;
539
540 netlink_table_grab();
541 rcu_read_lock();
542 for_each_net_rcu(net) {
543 for (i = 0; i < family->n_mcgrps; i++)
544 __netlink_clear_multicast_users(
545 net->genl_sock, family->mcgrp_offset + i);
546 }
547 rcu_read_unlock();
548 netlink_table_ungrab();
549
550 for (i = 0; i < family->n_mcgrps; i++) {
551 int grp_id = family->mcgrp_offset + i;
552
553 if (grp_id != 1)
554 clear_bit(grp_id, mc_groups);
555 genl_ctrl_event(CTRL_CMD_DELMCAST_GRP, family,
556 &family->mcgrps[i], grp_id);
557 }
558 }
559
genl_split_op_check(const struct genl_split_ops * op)560 static bool genl_split_op_check(const struct genl_split_ops *op)
561 {
562 if (WARN_ON(hweight8(op->flags & (GENL_CMD_CAP_DO |
563 GENL_CMD_CAP_DUMP)) != 1))
564 return true;
565 return false;
566 }
567
genl_validate_ops(const struct genl_family * family)568 static int genl_validate_ops(const struct genl_family *family)
569 {
570 struct genl_op_iter i, j;
571 unsigned int s;
572
573 if (WARN_ON(family->n_ops && !family->ops) ||
574 WARN_ON(family->n_small_ops && !family->small_ops) ||
575 WARN_ON(family->n_split_ops && !family->split_ops))
576 return -EINVAL;
577
578 for (genl_op_iter_init(family, &i); genl_op_iter_next(&i); ) {
579 if (!(i.flags & (GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP)))
580 return -EINVAL;
581
582 if (WARN_ON(i.cmd >= family->resv_start_op &&
583 (i.doit.validate || i.dumpit.validate)))
584 return -EINVAL;
585
586 genl_op_iter_copy(&j, &i);
587 while (genl_op_iter_next(&j)) {
588 if (i.cmd == j.cmd)
589 return -EINVAL;
590 }
591 }
592
593 if (family->n_split_ops) {
594 if (genl_split_op_check(&family->split_ops[0]))
595 return -EINVAL;
596 }
597
598 for (s = 1; s < family->n_split_ops; s++) {
599 const struct genl_split_ops *a, *b;
600
601 a = &family->split_ops[s - 1];
602 b = &family->split_ops[s];
603
604 if (genl_split_op_check(b))
605 return -EINVAL;
606
607 /* Check sort order */
608 if (a->cmd < b->cmd) {
609 continue;
610 } else if (a->cmd > b->cmd) {
611 WARN_ON(1);
612 return -EINVAL;
613 }
614
615 if (a->internal_flags != b->internal_flags ||
616 ((a->flags ^ b->flags) & ~(GENL_CMD_CAP_DO |
617 GENL_CMD_CAP_DUMP))) {
618 WARN_ON(1);
619 return -EINVAL;
620 }
621
622 if ((a->flags & GENL_CMD_CAP_DO) &&
623 (b->flags & GENL_CMD_CAP_DUMP))
624 continue;
625
626 WARN_ON(1);
627 return -EINVAL;
628 }
629
630 return 0;
631 }
632
633 /**
634 * genl_register_family - register a generic netlink family
635 * @family: generic netlink family
636 *
637 * Registers the specified family after validating it first. Only one
638 * family may be registered with the same family name or identifier.
639 *
640 * The family's ops, multicast groups and module pointer must already
641 * be assigned.
642 *
643 * Return 0 on success or a negative error code.
644 */
genl_register_family(struct genl_family * family)645 int genl_register_family(struct genl_family *family)
646 {
647 int err, i;
648 int start = GENL_START_ALLOC, end = GENL_MAX_ID;
649
650 err = genl_validate_ops(family);
651 if (err)
652 return err;
653
654 genl_lock_all();
655
656 if (genl_family_find_byname(family->name)) {
657 err = -EEXIST;
658 goto errout_locked;
659 }
660
661 /*
662 * Sadly, a few cases need to be special-cased
663 * due to them having previously abused the API
664 * and having used their family ID also as their
665 * multicast group ID, so we use reserved IDs
666 * for both to be sure we can do that mapping.
667 */
668 if (family == &genl_ctrl) {
669 /* and this needs to be special for initial family lookups */
670 start = end = GENL_ID_CTRL;
671 } else if (strcmp(family->name, "pmcraid") == 0) {
672 start = end = GENL_ID_PMCRAID;
673 } else if (strcmp(family->name, "VFS_DQUOT") == 0) {
674 start = end = GENL_ID_VFS_DQUOT;
675 }
676
677 family->id = idr_alloc_cyclic(&genl_fam_idr, family,
678 start, end + 1, GFP_KERNEL);
679 if (family->id < 0) {
680 err = family->id;
681 goto errout_locked;
682 }
683
684 err = genl_validate_assign_mc_groups(family);
685 if (err)
686 goto errout_remove;
687
688 genl_unlock_all();
689
690 /* send all events */
691 genl_ctrl_event(CTRL_CMD_NEWFAMILY, family, NULL, 0);
692 for (i = 0; i < family->n_mcgrps; i++)
693 genl_ctrl_event(CTRL_CMD_NEWMCAST_GRP, family,
694 &family->mcgrps[i], family->mcgrp_offset + i);
695
696 return 0;
697
698 errout_remove:
699 idr_remove(&genl_fam_idr, family->id);
700 errout_locked:
701 genl_unlock_all();
702 return err;
703 }
704 EXPORT_SYMBOL(genl_register_family);
705
706 /**
707 * genl_unregister_family - unregister generic netlink family
708 * @family: generic netlink family
709 *
710 * Unregisters the specified family.
711 *
712 * Returns 0 on success or a negative error code.
713 */
genl_unregister_family(const struct genl_family * family)714 int genl_unregister_family(const struct genl_family *family)
715 {
716 genl_lock_all();
717
718 if (!genl_family_find_byid(family->id)) {
719 genl_unlock_all();
720 return -ENOENT;
721 }
722
723 genl_unregister_mc_groups(family);
724
725 idr_remove(&genl_fam_idr, family->id);
726
727 up_write(&cb_lock);
728 wait_event(genl_sk_destructing_waitq,
729 atomic_read(&genl_sk_destructing_cnt) == 0);
730 genl_unlock();
731
732 genl_ctrl_event(CTRL_CMD_DELFAMILY, family, NULL, 0);
733
734 return 0;
735 }
736 EXPORT_SYMBOL(genl_unregister_family);
737
738 /**
739 * genlmsg_put - Add generic netlink header to netlink message
740 * @skb: socket buffer holding the message
741 * @portid: netlink portid the message is addressed to
742 * @seq: sequence number (usually the one of the sender)
743 * @family: generic netlink family
744 * @flags: netlink message flags
745 * @cmd: generic netlink command
746 *
747 * Returns pointer to user specific header
748 */
genlmsg_put(struct sk_buff * skb,u32 portid,u32 seq,const struct genl_family * family,int flags,u8 cmd)749 void *genlmsg_put(struct sk_buff *skb, u32 portid, u32 seq,
750 const struct genl_family *family, int flags, u8 cmd)
751 {
752 struct nlmsghdr *nlh;
753 struct genlmsghdr *hdr;
754
755 nlh = nlmsg_put(skb, portid, seq, family->id, GENL_HDRLEN +
756 family->hdrsize, flags);
757 if (nlh == NULL)
758 return NULL;
759
760 hdr = nlmsg_data(nlh);
761 hdr->cmd = cmd;
762 hdr->version = family->version;
763 hdr->reserved = 0;
764
765 return (char *) hdr + GENL_HDRLEN;
766 }
767 EXPORT_SYMBOL(genlmsg_put);
768
genl_dumpit_info_alloc(void)769 static struct genl_dumpit_info *genl_dumpit_info_alloc(void)
770 {
771 return kmalloc(sizeof(struct genl_dumpit_info), GFP_KERNEL);
772 }
773
genl_dumpit_info_free(const struct genl_dumpit_info * info)774 static void genl_dumpit_info_free(const struct genl_dumpit_info *info)
775 {
776 kfree(info);
777 }
778
779 static struct nlattr **
genl_family_rcv_msg_attrs_parse(const struct genl_family * family,struct nlmsghdr * nlh,struct netlink_ext_ack * extack,const struct genl_split_ops * ops,int hdrlen,enum genl_validate_flags no_strict_flag)780 genl_family_rcv_msg_attrs_parse(const struct genl_family *family,
781 struct nlmsghdr *nlh,
782 struct netlink_ext_ack *extack,
783 const struct genl_split_ops *ops,
784 int hdrlen,
785 enum genl_validate_flags no_strict_flag)
786 {
787 enum netlink_validation validate = ops->validate & no_strict_flag ?
788 NL_VALIDATE_LIBERAL :
789 NL_VALIDATE_STRICT;
790 struct nlattr **attrbuf;
791 int err;
792
793 if (!ops->maxattr)
794 return NULL;
795
796 attrbuf = kmalloc_array(ops->maxattr + 1,
797 sizeof(struct nlattr *), GFP_KERNEL);
798 if (!attrbuf)
799 return ERR_PTR(-ENOMEM);
800
801 err = __nlmsg_parse(nlh, hdrlen, attrbuf, ops->maxattr, ops->policy,
802 validate, extack);
803 if (err) {
804 kfree(attrbuf);
805 return ERR_PTR(err);
806 }
807 return attrbuf;
808 }
809
genl_family_rcv_msg_attrs_free(struct nlattr ** attrbuf)810 static void genl_family_rcv_msg_attrs_free(struct nlattr **attrbuf)
811 {
812 kfree(attrbuf);
813 }
814
815 struct genl_start_context {
816 const struct genl_family *family;
817 struct nlmsghdr *nlh;
818 struct netlink_ext_ack *extack;
819 const struct genl_split_ops *ops;
820 int hdrlen;
821 };
822
genl_start(struct netlink_callback * cb)823 static int genl_start(struct netlink_callback *cb)
824 {
825 struct genl_start_context *ctx = cb->data;
826 const struct genl_split_ops *ops;
827 struct genl_dumpit_info *info;
828 struct nlattr **attrs = NULL;
829 int rc = 0;
830
831 ops = ctx->ops;
832 if (!(ops->validate & GENL_DONT_VALIDATE_DUMP) &&
833 ctx->nlh->nlmsg_len < nlmsg_msg_size(ctx->hdrlen))
834 return -EINVAL;
835
836 attrs = genl_family_rcv_msg_attrs_parse(ctx->family, ctx->nlh, ctx->extack,
837 ops, ctx->hdrlen,
838 GENL_DONT_VALIDATE_DUMP_STRICT);
839 if (IS_ERR(attrs))
840 return PTR_ERR(attrs);
841
842 info = genl_dumpit_info_alloc();
843 if (!info) {
844 genl_family_rcv_msg_attrs_free(attrs);
845 return -ENOMEM;
846 }
847 info->op = *ops;
848 info->info.family = ctx->family;
849 info->info.snd_seq = cb->nlh->nlmsg_seq;
850 info->info.snd_portid = NETLINK_CB(cb->skb).portid;
851 info->info.nlhdr = cb->nlh;
852 info->info.genlhdr = nlmsg_data(cb->nlh);
853 info->info.attrs = attrs;
854 genl_info_net_set(&info->info, sock_net(cb->skb->sk));
855 info->info.extack = cb->extack;
856 memset(&info->info.user_ptr, 0, sizeof(info->info.user_ptr));
857
858 cb->data = info;
859 if (ops->start) {
860 genl_op_lock(ctx->family);
861 rc = ops->start(cb);
862 genl_op_unlock(ctx->family);
863 }
864
865 if (rc) {
866 genl_family_rcv_msg_attrs_free(info->info.attrs);
867 genl_dumpit_info_free(info);
868 cb->data = NULL;
869 }
870 return rc;
871 }
872
genl_dumpit(struct sk_buff * skb,struct netlink_callback * cb)873 static int genl_dumpit(struct sk_buff *skb, struct netlink_callback *cb)
874 {
875 struct genl_dumpit_info *dump_info = cb->data;
876 const struct genl_split_ops *ops = &dump_info->op;
877 struct genl_info *info = &dump_info->info;
878 int rc;
879
880 info->extack = cb->extack;
881
882 genl_op_lock(info->family);
883 rc = ops->dumpit(skb, cb);
884 genl_op_unlock(info->family);
885 return rc;
886 }
887
genl_done(struct netlink_callback * cb)888 static int genl_done(struct netlink_callback *cb)
889 {
890 struct genl_dumpit_info *dump_info = cb->data;
891 const struct genl_split_ops *ops = &dump_info->op;
892 struct genl_info *info = &dump_info->info;
893 int rc = 0;
894
895 info->extack = cb->extack;
896
897 if (ops->done) {
898 genl_op_lock(info->family);
899 rc = ops->done(cb);
900 genl_op_unlock(info->family);
901 }
902 genl_family_rcv_msg_attrs_free(info->attrs);
903 genl_dumpit_info_free(dump_info);
904 return rc;
905 }
906
genl_family_rcv_msg_dumpit(const struct genl_family * family,struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack,const struct genl_split_ops * ops,int hdrlen,struct net * net)907 static int genl_family_rcv_msg_dumpit(const struct genl_family *family,
908 struct sk_buff *skb,
909 struct nlmsghdr *nlh,
910 struct netlink_ext_ack *extack,
911 const struct genl_split_ops *ops,
912 int hdrlen, struct net *net)
913 {
914 struct genl_start_context ctx;
915 struct netlink_dump_control c = {
916 .module = family->module,
917 .data = &ctx,
918 .start = genl_start,
919 .dump = genl_dumpit,
920 .done = genl_done,
921 .extack = extack,
922 };
923 int err;
924
925 ctx.family = family;
926 ctx.nlh = nlh;
927 ctx.extack = extack;
928 ctx.ops = ops;
929 ctx.hdrlen = hdrlen;
930
931 genl_op_unlock(family);
932 err = __netlink_dump_start(net->genl_sock, skb, nlh, &c);
933 genl_op_lock(family);
934
935 return err;
936 }
937
genl_family_rcv_msg_doit(const struct genl_family * family,struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack,const struct genl_split_ops * ops,int hdrlen,struct net * net)938 static int genl_family_rcv_msg_doit(const struct genl_family *family,
939 struct sk_buff *skb,
940 struct nlmsghdr *nlh,
941 struct netlink_ext_ack *extack,
942 const struct genl_split_ops *ops,
943 int hdrlen, struct net *net)
944 {
945 struct nlattr **attrbuf;
946 struct genl_info info;
947 int err;
948
949 attrbuf = genl_family_rcv_msg_attrs_parse(family, nlh, extack,
950 ops, hdrlen,
951 GENL_DONT_VALIDATE_STRICT);
952 if (IS_ERR(attrbuf))
953 return PTR_ERR(attrbuf);
954
955 info.snd_seq = nlh->nlmsg_seq;
956 info.snd_portid = NETLINK_CB(skb).portid;
957 info.family = family;
958 info.nlhdr = nlh;
959 info.genlhdr = nlmsg_data(nlh);
960 info.attrs = attrbuf;
961 info.extack = extack;
962 genl_info_net_set(&info, net);
963 memset(&info.user_ptr, 0, sizeof(info.user_ptr));
964
965 if (ops->pre_doit) {
966 err = ops->pre_doit(ops, skb, &info);
967 if (err)
968 goto out;
969 }
970
971 err = ops->doit(skb, &info);
972
973 if (ops->post_doit)
974 ops->post_doit(ops, skb, &info);
975
976 out:
977 genl_family_rcv_msg_attrs_free(attrbuf);
978
979 return err;
980 }
981
genl_header_check(const struct genl_family * family,struct nlmsghdr * nlh,struct genlmsghdr * hdr,struct netlink_ext_ack * extack)982 static int genl_header_check(const struct genl_family *family,
983 struct nlmsghdr *nlh, struct genlmsghdr *hdr,
984 struct netlink_ext_ack *extack)
985 {
986 u16 flags;
987
988 /* Only for commands added after we started validating */
989 if (hdr->cmd < family->resv_start_op)
990 return 0;
991
992 if (hdr->reserved) {
993 NL_SET_ERR_MSG(extack, "genlmsghdr.reserved field is not 0");
994 return -EINVAL;
995 }
996
997 /* Old netlink flags have pretty loose semantics, allow only the flags
998 * consumed by the core where we can enforce the meaning.
999 */
1000 flags = nlh->nlmsg_flags;
1001 if ((flags & NLM_F_DUMP) == NLM_F_DUMP) /* DUMP is 2 bits */
1002 flags &= ~NLM_F_DUMP;
1003 if (flags & ~(NLM_F_REQUEST | NLM_F_ACK | NLM_F_ECHO)) {
1004 NL_SET_ERR_MSG(extack,
1005 "ambiguous or reserved bits set in nlmsg_flags");
1006 return -EINVAL;
1007 }
1008
1009 return 0;
1010 }
1011
genl_family_rcv_msg(const struct genl_family * family,struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1012 static int genl_family_rcv_msg(const struct genl_family *family,
1013 struct sk_buff *skb,
1014 struct nlmsghdr *nlh,
1015 struct netlink_ext_ack *extack)
1016 {
1017 struct net *net = sock_net(skb->sk);
1018 struct genlmsghdr *hdr = nlmsg_data(nlh);
1019 struct genl_split_ops op;
1020 int hdrlen;
1021 u8 flags;
1022
1023 /* this family doesn't exist in this netns */
1024 if (!family->netnsok && !net_eq(net, &init_net))
1025 return -ENOENT;
1026
1027 hdrlen = GENL_HDRLEN + family->hdrsize;
1028 if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen))
1029 return -EINVAL;
1030
1031 if (genl_header_check(family, nlh, hdr, extack))
1032 return -EINVAL;
1033
1034 flags = (nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP ?
1035 GENL_CMD_CAP_DUMP : GENL_CMD_CAP_DO;
1036 if (genl_get_cmd(hdr->cmd, flags, family, &op))
1037 return -EOPNOTSUPP;
1038
1039 if ((op.flags & GENL_ADMIN_PERM) &&
1040 !netlink_capable(skb, CAP_NET_ADMIN))
1041 return -EPERM;
1042
1043 if ((op.flags & GENL_UNS_ADMIN_PERM) &&
1044 !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
1045 return -EPERM;
1046
1047 if (flags & GENL_CMD_CAP_DUMP)
1048 return genl_family_rcv_msg_dumpit(family, skb, nlh, extack,
1049 &op, hdrlen, net);
1050 else
1051 return genl_family_rcv_msg_doit(family, skb, nlh, extack,
1052 &op, hdrlen, net);
1053 }
1054
genl_rcv_msg(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1055 static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
1056 struct netlink_ext_ack *extack)
1057 {
1058 const struct genl_family *family;
1059 int err;
1060
1061 family = genl_family_find_byid(nlh->nlmsg_type);
1062 if (family == NULL)
1063 return -ENOENT;
1064
1065 genl_op_lock(family);
1066 err = genl_family_rcv_msg(family, skb, nlh, extack);
1067 genl_op_unlock(family);
1068
1069 return err;
1070 }
1071
genl_rcv(struct sk_buff * skb)1072 static void genl_rcv(struct sk_buff *skb)
1073 {
1074 down_read(&cb_lock);
1075 netlink_rcv_skb(skb, &genl_rcv_msg);
1076 up_read(&cb_lock);
1077 }
1078
1079 /**************************************************************************
1080 * Controller
1081 **************************************************************************/
1082
1083 static struct genl_family genl_ctrl;
1084
ctrl_fill_info(const struct genl_family * family,u32 portid,u32 seq,u32 flags,struct sk_buff * skb,u8 cmd)1085 static int ctrl_fill_info(const struct genl_family *family, u32 portid, u32 seq,
1086 u32 flags, struct sk_buff *skb, u8 cmd)
1087 {
1088 struct genl_op_iter i;
1089 void *hdr;
1090
1091 hdr = genlmsg_put(skb, portid, seq, &genl_ctrl, flags, cmd);
1092 if (hdr == NULL)
1093 return -1;
1094
1095 if (nla_put_string(skb, CTRL_ATTR_FAMILY_NAME, family->name) ||
1096 nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, family->id) ||
1097 nla_put_u32(skb, CTRL_ATTR_VERSION, family->version) ||
1098 nla_put_u32(skb, CTRL_ATTR_HDRSIZE, family->hdrsize) ||
1099 nla_put_u32(skb, CTRL_ATTR_MAXATTR, family->maxattr))
1100 goto nla_put_failure;
1101
1102 if (genl_op_iter_init(family, &i)) {
1103 struct nlattr *nla_ops;
1104
1105 nla_ops = nla_nest_start_noflag(skb, CTRL_ATTR_OPS);
1106 if (nla_ops == NULL)
1107 goto nla_put_failure;
1108
1109 while (genl_op_iter_next(&i)) {
1110 struct nlattr *nest;
1111 u32 op_flags;
1112
1113 op_flags = i.flags;
1114 if (i.doit.policy || i.dumpit.policy)
1115 op_flags |= GENL_CMD_CAP_HASPOL;
1116
1117 nest = nla_nest_start_noflag(skb, genl_op_iter_idx(&i));
1118 if (nest == NULL)
1119 goto nla_put_failure;
1120
1121 if (nla_put_u32(skb, CTRL_ATTR_OP_ID, i.cmd) ||
1122 nla_put_u32(skb, CTRL_ATTR_OP_FLAGS, op_flags))
1123 goto nla_put_failure;
1124
1125 nla_nest_end(skb, nest);
1126 }
1127
1128 nla_nest_end(skb, nla_ops);
1129 }
1130
1131 if (family->n_mcgrps) {
1132 struct nlattr *nla_grps;
1133 int i;
1134
1135 nla_grps = nla_nest_start_noflag(skb, CTRL_ATTR_MCAST_GROUPS);
1136 if (nla_grps == NULL)
1137 goto nla_put_failure;
1138
1139 for (i = 0; i < family->n_mcgrps; i++) {
1140 struct nlattr *nest;
1141 const struct genl_multicast_group *grp;
1142
1143 grp = &family->mcgrps[i];
1144
1145 nest = nla_nest_start_noflag(skb, i + 1);
1146 if (nest == NULL)
1147 goto nla_put_failure;
1148
1149 if (nla_put_u32(skb, CTRL_ATTR_MCAST_GRP_ID,
1150 family->mcgrp_offset + i) ||
1151 nla_put_string(skb, CTRL_ATTR_MCAST_GRP_NAME,
1152 grp->name))
1153 goto nla_put_failure;
1154
1155 nla_nest_end(skb, nest);
1156 }
1157 nla_nest_end(skb, nla_grps);
1158 }
1159
1160 genlmsg_end(skb, hdr);
1161 return 0;
1162
1163 nla_put_failure:
1164 genlmsg_cancel(skb, hdr);
1165 return -EMSGSIZE;
1166 }
1167
ctrl_fill_mcgrp_info(const struct genl_family * family,const struct genl_multicast_group * grp,int grp_id,u32 portid,u32 seq,u32 flags,struct sk_buff * skb,u8 cmd)1168 static int ctrl_fill_mcgrp_info(const struct genl_family *family,
1169 const struct genl_multicast_group *grp,
1170 int grp_id, u32 portid, u32 seq, u32 flags,
1171 struct sk_buff *skb, u8 cmd)
1172 {
1173 void *hdr;
1174 struct nlattr *nla_grps;
1175 struct nlattr *nest;
1176
1177 hdr = genlmsg_put(skb, portid, seq, &genl_ctrl, flags, cmd);
1178 if (hdr == NULL)
1179 return -1;
1180
1181 if (nla_put_string(skb, CTRL_ATTR_FAMILY_NAME, family->name) ||
1182 nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, family->id))
1183 goto nla_put_failure;
1184
1185 nla_grps = nla_nest_start_noflag(skb, CTRL_ATTR_MCAST_GROUPS);
1186 if (nla_grps == NULL)
1187 goto nla_put_failure;
1188
1189 nest = nla_nest_start_noflag(skb, 1);
1190 if (nest == NULL)
1191 goto nla_put_failure;
1192
1193 if (nla_put_u32(skb, CTRL_ATTR_MCAST_GRP_ID, grp_id) ||
1194 nla_put_string(skb, CTRL_ATTR_MCAST_GRP_NAME,
1195 grp->name))
1196 goto nla_put_failure;
1197
1198 nla_nest_end(skb, nest);
1199 nla_nest_end(skb, nla_grps);
1200
1201 genlmsg_end(skb, hdr);
1202 return 0;
1203
1204 nla_put_failure:
1205 genlmsg_cancel(skb, hdr);
1206 return -EMSGSIZE;
1207 }
1208
ctrl_dumpfamily(struct sk_buff * skb,struct netlink_callback * cb)1209 static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb)
1210 {
1211 int n = 0;
1212 struct genl_family *rt;
1213 struct net *net = sock_net(skb->sk);
1214 int fams_to_skip = cb->args[0];
1215 unsigned int id;
1216
1217 idr_for_each_entry(&genl_fam_idr, rt, id) {
1218 if (!rt->netnsok && !net_eq(net, &init_net))
1219 continue;
1220
1221 if (n++ < fams_to_skip)
1222 continue;
1223
1224 if (ctrl_fill_info(rt, NETLINK_CB(cb->skb).portid,
1225 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1226 skb, CTRL_CMD_NEWFAMILY) < 0) {
1227 n--;
1228 break;
1229 }
1230 }
1231
1232 cb->args[0] = n;
1233 return skb->len;
1234 }
1235
ctrl_build_family_msg(const struct genl_family * family,u32 portid,int seq,u8 cmd)1236 static struct sk_buff *ctrl_build_family_msg(const struct genl_family *family,
1237 u32 portid, int seq, u8 cmd)
1238 {
1239 struct sk_buff *skb;
1240 int err;
1241
1242 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1243 if (skb == NULL)
1244 return ERR_PTR(-ENOBUFS);
1245
1246 err = ctrl_fill_info(family, portid, seq, 0, skb, cmd);
1247 if (err < 0) {
1248 nlmsg_free(skb);
1249 return ERR_PTR(err);
1250 }
1251
1252 return skb;
1253 }
1254
1255 static struct sk_buff *
ctrl_build_mcgrp_msg(const struct genl_family * family,const struct genl_multicast_group * grp,int grp_id,u32 portid,int seq,u8 cmd)1256 ctrl_build_mcgrp_msg(const struct genl_family *family,
1257 const struct genl_multicast_group *grp,
1258 int grp_id, u32 portid, int seq, u8 cmd)
1259 {
1260 struct sk_buff *skb;
1261 int err;
1262
1263 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1264 if (skb == NULL)
1265 return ERR_PTR(-ENOBUFS);
1266
1267 err = ctrl_fill_mcgrp_info(family, grp, grp_id, portid,
1268 seq, 0, skb, cmd);
1269 if (err < 0) {
1270 nlmsg_free(skb);
1271 return ERR_PTR(err);
1272 }
1273
1274 return skb;
1275 }
1276
1277 static const struct nla_policy ctrl_policy_family[] = {
1278 [CTRL_ATTR_FAMILY_ID] = { .type = NLA_U16 },
1279 [CTRL_ATTR_FAMILY_NAME] = { .type = NLA_NUL_STRING,
1280 .len = GENL_NAMSIZ - 1 },
1281 };
1282
ctrl_getfamily(struct sk_buff * skb,struct genl_info * info)1283 static int ctrl_getfamily(struct sk_buff *skb, struct genl_info *info)
1284 {
1285 struct sk_buff *msg;
1286 const struct genl_family *res = NULL;
1287 int err = -EINVAL;
1288
1289 if (info->attrs[CTRL_ATTR_FAMILY_ID]) {
1290 u16 id = nla_get_u16(info->attrs[CTRL_ATTR_FAMILY_ID]);
1291 res = genl_family_find_byid(id);
1292 err = -ENOENT;
1293 }
1294
1295 if (info->attrs[CTRL_ATTR_FAMILY_NAME]) {
1296 char *name;
1297
1298 name = nla_data(info->attrs[CTRL_ATTR_FAMILY_NAME]);
1299 res = genl_family_find_byname(name);
1300 #ifdef CONFIG_MODULES
1301 if (res == NULL) {
1302 genl_unlock();
1303 up_read(&cb_lock);
1304 request_module("net-pf-%d-proto-%d-family-%s",
1305 PF_NETLINK, NETLINK_GENERIC, name);
1306 down_read(&cb_lock);
1307 genl_lock();
1308 res = genl_family_find_byname(name);
1309 }
1310 #endif
1311 err = -ENOENT;
1312 }
1313
1314 if (res == NULL)
1315 return err;
1316
1317 if (!res->netnsok && !net_eq(genl_info_net(info), &init_net)) {
1318 /* family doesn't exist here */
1319 return -ENOENT;
1320 }
1321
1322 msg = ctrl_build_family_msg(res, info->snd_portid, info->snd_seq,
1323 CTRL_CMD_NEWFAMILY);
1324 if (IS_ERR(msg))
1325 return PTR_ERR(msg);
1326
1327 return genlmsg_reply(msg, info);
1328 }
1329
genl_ctrl_event(int event,const struct genl_family * family,const struct genl_multicast_group * grp,int grp_id)1330 static int genl_ctrl_event(int event, const struct genl_family *family,
1331 const struct genl_multicast_group *grp,
1332 int grp_id)
1333 {
1334 struct sk_buff *msg;
1335
1336 /* genl is still initialising */
1337 if (!init_net.genl_sock)
1338 return 0;
1339
1340 switch (event) {
1341 case CTRL_CMD_NEWFAMILY:
1342 case CTRL_CMD_DELFAMILY:
1343 WARN_ON(grp);
1344 msg = ctrl_build_family_msg(family, 0, 0, event);
1345 break;
1346 case CTRL_CMD_NEWMCAST_GRP:
1347 case CTRL_CMD_DELMCAST_GRP:
1348 BUG_ON(!grp);
1349 msg = ctrl_build_mcgrp_msg(family, grp, grp_id, 0, 0, event);
1350 break;
1351 default:
1352 return -EINVAL;
1353 }
1354
1355 if (IS_ERR(msg))
1356 return PTR_ERR(msg);
1357
1358 if (!family->netnsok) {
1359 genlmsg_multicast_netns(&genl_ctrl, &init_net, msg, 0,
1360 0, GFP_KERNEL);
1361 } else {
1362 rcu_read_lock();
1363 genlmsg_multicast_allns(&genl_ctrl, msg, 0,
1364 0, GFP_ATOMIC);
1365 rcu_read_unlock();
1366 }
1367
1368 return 0;
1369 }
1370
1371 struct ctrl_dump_policy_ctx {
1372 struct netlink_policy_dump_state *state;
1373 const struct genl_family *rt;
1374 struct genl_op_iter *op_iter;
1375 u32 op;
1376 u16 fam_id;
1377 u8 dump_map:1,
1378 single_op:1;
1379 };
1380
1381 static const struct nla_policy ctrl_policy_policy[] = {
1382 [CTRL_ATTR_FAMILY_ID] = { .type = NLA_U16 },
1383 [CTRL_ATTR_FAMILY_NAME] = { .type = NLA_NUL_STRING,
1384 .len = GENL_NAMSIZ - 1 },
1385 [CTRL_ATTR_OP] = { .type = NLA_U32 },
1386 };
1387
ctrl_dumppolicy_start(struct netlink_callback * cb)1388 static int ctrl_dumppolicy_start(struct netlink_callback *cb)
1389 {
1390 const struct genl_dumpit_info *info = genl_dumpit_info(cb);
1391 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1392 struct nlattr **tb = info->info.attrs;
1393 const struct genl_family *rt;
1394 struct genl_op_iter i;
1395 int err;
1396
1397 BUILD_BUG_ON(sizeof(*ctx) > sizeof(cb->ctx));
1398
1399 if (!tb[CTRL_ATTR_FAMILY_ID] && !tb[CTRL_ATTR_FAMILY_NAME])
1400 return -EINVAL;
1401
1402 if (tb[CTRL_ATTR_FAMILY_ID]) {
1403 ctx->fam_id = nla_get_u16(tb[CTRL_ATTR_FAMILY_ID]);
1404 } else {
1405 rt = genl_family_find_byname(
1406 nla_data(tb[CTRL_ATTR_FAMILY_NAME]));
1407 if (!rt)
1408 return -ENOENT;
1409 ctx->fam_id = rt->id;
1410 }
1411
1412 rt = genl_family_find_byid(ctx->fam_id);
1413 if (!rt)
1414 return -ENOENT;
1415
1416 ctx->rt = rt;
1417
1418 if (tb[CTRL_ATTR_OP]) {
1419 struct genl_split_ops doit, dump;
1420
1421 ctx->single_op = true;
1422 ctx->op = nla_get_u32(tb[CTRL_ATTR_OP]);
1423
1424 err = genl_get_cmd_both(ctx->op, rt, &doit, &dump);
1425 if (err) {
1426 NL_SET_BAD_ATTR(cb->extack, tb[CTRL_ATTR_OP]);
1427 return err;
1428 }
1429
1430 if (doit.policy) {
1431 err = netlink_policy_dump_add_policy(&ctx->state,
1432 doit.policy,
1433 doit.maxattr);
1434 if (err)
1435 goto err_free_state;
1436 }
1437 if (dump.policy) {
1438 err = netlink_policy_dump_add_policy(&ctx->state,
1439 dump.policy,
1440 dump.maxattr);
1441 if (err)
1442 goto err_free_state;
1443 }
1444
1445 if (!ctx->state)
1446 return -ENODATA;
1447
1448 ctx->dump_map = 1;
1449 return 0;
1450 }
1451
1452 ctx->op_iter = kmalloc(sizeof(*ctx->op_iter), GFP_KERNEL);
1453 if (!ctx->op_iter)
1454 return -ENOMEM;
1455
1456 genl_op_iter_init(rt, ctx->op_iter);
1457 ctx->dump_map = genl_op_iter_next(ctx->op_iter);
1458
1459 for (genl_op_iter_init(rt, &i); genl_op_iter_next(&i); ) {
1460 if (i.doit.policy) {
1461 err = netlink_policy_dump_add_policy(&ctx->state,
1462 i.doit.policy,
1463 i.doit.maxattr);
1464 if (err)
1465 goto err_free_state;
1466 }
1467 if (i.dumpit.policy) {
1468 err = netlink_policy_dump_add_policy(&ctx->state,
1469 i.dumpit.policy,
1470 i.dumpit.maxattr);
1471 if (err)
1472 goto err_free_state;
1473 }
1474 }
1475
1476 if (!ctx->state) {
1477 err = -ENODATA;
1478 goto err_free_op_iter;
1479 }
1480 return 0;
1481
1482 err_free_state:
1483 netlink_policy_dump_free(ctx->state);
1484 err_free_op_iter:
1485 kfree(ctx->op_iter);
1486 return err;
1487 }
1488
ctrl_dumppolicy_prep(struct sk_buff * skb,struct netlink_callback * cb)1489 static void *ctrl_dumppolicy_prep(struct sk_buff *skb,
1490 struct netlink_callback *cb)
1491 {
1492 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1493 void *hdr;
1494
1495 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid,
1496 cb->nlh->nlmsg_seq, &genl_ctrl,
1497 NLM_F_MULTI, CTRL_CMD_GETPOLICY);
1498 if (!hdr)
1499 return NULL;
1500
1501 if (nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, ctx->fam_id))
1502 return NULL;
1503
1504 return hdr;
1505 }
1506
ctrl_dumppolicy_put_op(struct sk_buff * skb,struct netlink_callback * cb,struct genl_split_ops * doit,struct genl_split_ops * dumpit)1507 static int ctrl_dumppolicy_put_op(struct sk_buff *skb,
1508 struct netlink_callback *cb,
1509 struct genl_split_ops *doit,
1510 struct genl_split_ops *dumpit)
1511 {
1512 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1513 struct nlattr *nest_pol, *nest_op;
1514 void *hdr;
1515 int idx;
1516
1517 /* skip if we have nothing to show */
1518 if (!doit->policy && !dumpit->policy)
1519 return 0;
1520
1521 hdr = ctrl_dumppolicy_prep(skb, cb);
1522 if (!hdr)
1523 return -ENOBUFS;
1524
1525 nest_pol = nla_nest_start(skb, CTRL_ATTR_OP_POLICY);
1526 if (!nest_pol)
1527 goto err;
1528
1529 nest_op = nla_nest_start(skb, doit->cmd);
1530 if (!nest_op)
1531 goto err;
1532
1533 if (doit->policy) {
1534 idx = netlink_policy_dump_get_policy_idx(ctx->state,
1535 doit->policy,
1536 doit->maxattr);
1537
1538 if (nla_put_u32(skb, CTRL_ATTR_POLICY_DO, idx))
1539 goto err;
1540 }
1541 if (dumpit->policy) {
1542 idx = netlink_policy_dump_get_policy_idx(ctx->state,
1543 dumpit->policy,
1544 dumpit->maxattr);
1545
1546 if (nla_put_u32(skb, CTRL_ATTR_POLICY_DUMP, idx))
1547 goto err;
1548 }
1549
1550 nla_nest_end(skb, nest_op);
1551 nla_nest_end(skb, nest_pol);
1552 genlmsg_end(skb, hdr);
1553
1554 return 0;
1555 err:
1556 genlmsg_cancel(skb, hdr);
1557 return -ENOBUFS;
1558 }
1559
ctrl_dumppolicy(struct sk_buff * skb,struct netlink_callback * cb)1560 static int ctrl_dumppolicy(struct sk_buff *skb, struct netlink_callback *cb)
1561 {
1562 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1563 void *hdr;
1564
1565 if (ctx->dump_map) {
1566 if (ctx->single_op) {
1567 struct genl_split_ops doit, dumpit;
1568
1569 if (WARN_ON(genl_get_cmd_both(ctx->op, ctx->rt,
1570 &doit, &dumpit)))
1571 return -ENOENT;
1572
1573 if (ctrl_dumppolicy_put_op(skb, cb, &doit, &dumpit))
1574 return skb->len;
1575
1576 /* done with the per-op policy index list */
1577 ctx->dump_map = 0;
1578 }
1579
1580 while (ctx->dump_map) {
1581 if (ctrl_dumppolicy_put_op(skb, cb,
1582 &ctx->op_iter->doit,
1583 &ctx->op_iter->dumpit))
1584 return skb->len;
1585
1586 ctx->dump_map = genl_op_iter_next(ctx->op_iter);
1587 }
1588 }
1589
1590 while (netlink_policy_dump_loop(ctx->state)) {
1591 struct nlattr *nest;
1592
1593 hdr = ctrl_dumppolicy_prep(skb, cb);
1594 if (!hdr)
1595 goto nla_put_failure;
1596
1597 nest = nla_nest_start(skb, CTRL_ATTR_POLICY);
1598 if (!nest)
1599 goto nla_put_failure;
1600
1601 if (netlink_policy_dump_write(skb, ctx->state))
1602 goto nla_put_failure;
1603
1604 nla_nest_end(skb, nest);
1605
1606 genlmsg_end(skb, hdr);
1607 }
1608
1609 return skb->len;
1610
1611 nla_put_failure:
1612 genlmsg_cancel(skb, hdr);
1613 return skb->len;
1614 }
1615
ctrl_dumppolicy_done(struct netlink_callback * cb)1616 static int ctrl_dumppolicy_done(struct netlink_callback *cb)
1617 {
1618 struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1619
1620 kfree(ctx->op_iter);
1621 netlink_policy_dump_free(ctx->state);
1622 return 0;
1623 }
1624
1625 static const struct genl_split_ops genl_ctrl_ops[] = {
1626 {
1627 .cmd = CTRL_CMD_GETFAMILY,
1628 .validate = GENL_DONT_VALIDATE_STRICT,
1629 .policy = ctrl_policy_family,
1630 .maxattr = ARRAY_SIZE(ctrl_policy_family) - 1,
1631 .doit = ctrl_getfamily,
1632 .flags = GENL_CMD_CAP_DO,
1633 },
1634 {
1635 .cmd = CTRL_CMD_GETFAMILY,
1636 .validate = GENL_DONT_VALIDATE_DUMP,
1637 .policy = ctrl_policy_family,
1638 .maxattr = ARRAY_SIZE(ctrl_policy_family) - 1,
1639 .dumpit = ctrl_dumpfamily,
1640 .flags = GENL_CMD_CAP_DUMP,
1641 },
1642 {
1643 .cmd = CTRL_CMD_GETPOLICY,
1644 .policy = ctrl_policy_policy,
1645 .maxattr = ARRAY_SIZE(ctrl_policy_policy) - 1,
1646 .start = ctrl_dumppolicy_start,
1647 .dumpit = ctrl_dumppolicy,
1648 .done = ctrl_dumppolicy_done,
1649 .flags = GENL_CMD_CAP_DUMP,
1650 },
1651 };
1652
1653 static const struct genl_multicast_group genl_ctrl_groups[] = {
1654 { .name = "notify", },
1655 };
1656
1657 static struct genl_family genl_ctrl __ro_after_init = {
1658 .module = THIS_MODULE,
1659 .split_ops = genl_ctrl_ops,
1660 .n_split_ops = ARRAY_SIZE(genl_ctrl_ops),
1661 .resv_start_op = CTRL_CMD_GETPOLICY + 1,
1662 .mcgrps = genl_ctrl_groups,
1663 .n_mcgrps = ARRAY_SIZE(genl_ctrl_groups),
1664 .id = GENL_ID_CTRL,
1665 .name = "nlctrl",
1666 .version = 0x2,
1667 .netnsok = true,
1668 };
1669
genl_bind(struct net * net,int group)1670 static int genl_bind(struct net *net, int group)
1671 {
1672 const struct genl_family *family;
1673 unsigned int id;
1674 int ret = 0;
1675
1676 down_read(&cb_lock);
1677
1678 idr_for_each_entry(&genl_fam_idr, family, id) {
1679 const struct genl_multicast_group *grp;
1680 int i;
1681
1682 if (family->n_mcgrps == 0)
1683 continue;
1684
1685 i = group - family->mcgrp_offset;
1686 if (i < 0 || i >= family->n_mcgrps)
1687 continue;
1688
1689 grp = &family->mcgrps[i];
1690 if ((grp->flags & GENL_UNS_ADMIN_PERM) &&
1691 !ns_capable(net->user_ns, CAP_NET_ADMIN))
1692 ret = -EPERM;
1693 if (grp->cap_sys_admin &&
1694 !ns_capable(net->user_ns, CAP_SYS_ADMIN))
1695 ret = -EPERM;
1696
1697 break;
1698 }
1699
1700 up_read(&cb_lock);
1701 return ret;
1702 }
1703
genl_pernet_init(struct net * net)1704 static int __net_init genl_pernet_init(struct net *net)
1705 {
1706 struct netlink_kernel_cfg cfg = {
1707 .input = genl_rcv,
1708 .flags = NL_CFG_F_NONROOT_RECV,
1709 .bind = genl_bind,
1710 };
1711
1712 /* we'll bump the group number right afterwards */
1713 net->genl_sock = netlink_kernel_create(net, NETLINK_GENERIC, &cfg);
1714
1715 if (!net->genl_sock && net_eq(net, &init_net))
1716 panic("GENL: Cannot initialize generic netlink\n");
1717
1718 if (!net->genl_sock)
1719 return -ENOMEM;
1720
1721 return 0;
1722 }
1723
genl_pernet_exit(struct net * net)1724 static void __net_exit genl_pernet_exit(struct net *net)
1725 {
1726 netlink_kernel_release(net->genl_sock);
1727 net->genl_sock = NULL;
1728 }
1729
1730 static struct pernet_operations genl_pernet_ops = {
1731 .init = genl_pernet_init,
1732 .exit = genl_pernet_exit,
1733 };
1734
genl_init(void)1735 static int __init genl_init(void)
1736 {
1737 int err;
1738
1739 err = genl_register_family(&genl_ctrl);
1740 if (err < 0)
1741 goto problem;
1742
1743 err = register_pernet_subsys(&genl_pernet_ops);
1744 if (err)
1745 goto problem;
1746
1747 return 0;
1748
1749 problem:
1750 panic("GENL: Cannot register controller: %d\n", err);
1751 }
1752
1753 core_initcall(genl_init);
1754
genlmsg_mcast(struct sk_buff * skb,u32 portid,unsigned long group,gfp_t flags)1755 static int genlmsg_mcast(struct sk_buff *skb, u32 portid, unsigned long group,
1756 gfp_t flags)
1757 {
1758 struct sk_buff *tmp;
1759 struct net *net, *prev = NULL;
1760 bool delivered = false;
1761 int err;
1762
1763 for_each_net_rcu(net) {
1764 if (prev) {
1765 tmp = skb_clone(skb, flags);
1766 if (!tmp) {
1767 err = -ENOMEM;
1768 goto error;
1769 }
1770 err = nlmsg_multicast(prev->genl_sock, tmp,
1771 portid, group, flags);
1772 if (!err)
1773 delivered = true;
1774 else if (err != -ESRCH)
1775 goto error;
1776 }
1777
1778 prev = net;
1779 }
1780
1781 err = nlmsg_multicast(prev->genl_sock, skb, portid, group, flags);
1782 if (!err)
1783 delivered = true;
1784 else if (err != -ESRCH)
1785 return err;
1786 return delivered ? 0 : -ESRCH;
1787 error:
1788 kfree_skb(skb);
1789 return err;
1790 }
1791
genlmsg_multicast_allns(const struct genl_family * family,struct sk_buff * skb,u32 portid,unsigned int group,gfp_t flags)1792 int genlmsg_multicast_allns(const struct genl_family *family,
1793 struct sk_buff *skb, u32 portid,
1794 unsigned int group, gfp_t flags)
1795 {
1796 if (WARN_ON_ONCE(group >= family->n_mcgrps))
1797 return -EINVAL;
1798
1799 group = family->mcgrp_offset + group;
1800 return genlmsg_mcast(skb, portid, group, flags);
1801 }
1802 EXPORT_SYMBOL(genlmsg_multicast_allns);
1803
genl_notify(const struct genl_family * family,struct sk_buff * skb,struct genl_info * info,u32 group,gfp_t flags)1804 void genl_notify(const struct genl_family *family, struct sk_buff *skb,
1805 struct genl_info *info, u32 group, gfp_t flags)
1806 {
1807 struct net *net = genl_info_net(info);
1808 struct sock *sk = net->genl_sock;
1809
1810 if (WARN_ON_ONCE(group >= family->n_mcgrps))
1811 return;
1812
1813 group = family->mcgrp_offset + group;
1814 nlmsg_notify(sk, skb, info->snd_portid, group,
1815 nlmsg_report(info->nlhdr), flags);
1816 }
1817 EXPORT_SYMBOL(genl_notify);
1818