1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * NETLINK      Generic Netlink Family
4  *
5  * 		Authors:	Jamal Hadi Salim
6  * 				Thomas Graf <tgraf@suug.ch>
7  *				Johannes Berg <johannes@sipsolutions.net>
8  */
9 
10 #include <linux/module.h>
11 #include <linux/kernel.h>
12 #include <linux/slab.h>
13 #include <linux/errno.h>
14 #include <linux/types.h>
15 #include <linux/socket.h>
16 #include <linux/string_helpers.h>
17 #include <linux/skbuff.h>
18 #include <linux/mutex.h>
19 #include <linux/bitmap.h>
20 #include <linux/rwsem.h>
21 #include <linux/idr.h>
22 #include <net/sock.h>
23 #include <net/genetlink.h>
24 
25 static DEFINE_MUTEX(genl_mutex); /* serialization of message processing */
26 static DECLARE_RWSEM(cb_lock);
27 
28 atomic_t genl_sk_destructing_cnt = ATOMIC_INIT(0);
29 DECLARE_WAIT_QUEUE_HEAD(genl_sk_destructing_waitq);
30 
genl_lock(void)31 void genl_lock(void)
32 {
33 	mutex_lock(&genl_mutex);
34 }
35 EXPORT_SYMBOL(genl_lock);
36 
genl_unlock(void)37 void genl_unlock(void)
38 {
39 	mutex_unlock(&genl_mutex);
40 }
41 EXPORT_SYMBOL(genl_unlock);
42 
genl_lock_all(void)43 static void genl_lock_all(void)
44 {
45 	down_write(&cb_lock);
46 	genl_lock();
47 }
48 
genl_unlock_all(void)49 static void genl_unlock_all(void)
50 {
51 	genl_unlock();
52 	up_write(&cb_lock);
53 }
54 
genl_op_lock(const struct genl_family * family)55 static void genl_op_lock(const struct genl_family *family)
56 {
57 	if (!family->parallel_ops)
58 		genl_lock();
59 }
60 
genl_op_unlock(const struct genl_family * family)61 static void genl_op_unlock(const struct genl_family *family)
62 {
63 	if (!family->parallel_ops)
64 		genl_unlock();
65 }
66 
67 static DEFINE_IDR(genl_fam_idr);
68 
69 /*
70  * Bitmap of multicast groups that are currently in use.
71  *
72  * To avoid an allocation at boot of just one unsigned long,
73  * declare it global instead.
74  * Bit 0 is marked as already used since group 0 is invalid.
75  * Bit 1 is marked as already used since the drop-monitor code
76  * abuses the API and thinks it can statically use group 1.
77  * That group will typically conflict with other groups that
78  * any proper users use.
79  * Bit 16 is marked as used since it's used for generic netlink
80  * and the code no longer marks pre-reserved IDs as used.
81  * Bit 17 is marked as already used since the VFS quota code
82  * also abused this API and relied on family == group ID, we
83  * cater to that by giving it a static family and group ID.
84  * Bit 18 is marked as already used since the PMCRAID driver
85  * did the same thing as the VFS quota code (maybe copied?)
86  */
87 static unsigned long mc_group_start = 0x3 | BIT(GENL_ID_CTRL) |
88 				      BIT(GENL_ID_VFS_DQUOT) |
89 				      BIT(GENL_ID_PMCRAID);
90 static unsigned long *mc_groups = &mc_group_start;
91 static unsigned long mc_groups_longs = 1;
92 
93 /* We need the last attribute with non-zero ID therefore a 2-entry array */
94 static struct nla_policy genl_policy_reject_all[] = {
95 	{ .type = NLA_REJECT },
96 	{ .type = NLA_REJECT },
97 };
98 
99 static int genl_ctrl_event(int event, const struct genl_family *family,
100 			   const struct genl_multicast_group *grp,
101 			   int grp_id);
102 
103 static void
genl_op_fill_in_reject_policy(const struct genl_family * family,struct genl_ops * op)104 genl_op_fill_in_reject_policy(const struct genl_family *family,
105 			      struct genl_ops *op)
106 {
107 	BUILD_BUG_ON(ARRAY_SIZE(genl_policy_reject_all) - 1 != 1);
108 
109 	if (op->policy || op->cmd < family->resv_start_op)
110 		return;
111 
112 	op->policy = genl_policy_reject_all;
113 	op->maxattr = 1;
114 }
115 
116 static void
genl_op_fill_in_reject_policy_split(const struct genl_family * family,struct genl_split_ops * op)117 genl_op_fill_in_reject_policy_split(const struct genl_family *family,
118 				    struct genl_split_ops *op)
119 {
120 	if (op->policy)
121 		return;
122 
123 	op->policy = genl_policy_reject_all;
124 	op->maxattr = 1;
125 }
126 
genl_family_find_byid(unsigned int id)127 static const struct genl_family *genl_family_find_byid(unsigned int id)
128 {
129 	return idr_find(&genl_fam_idr, id);
130 }
131 
genl_family_find_byname(char * name)132 static const struct genl_family *genl_family_find_byname(char *name)
133 {
134 	const struct genl_family *family;
135 	unsigned int id;
136 
137 	idr_for_each_entry(&genl_fam_idr, family, id)
138 		if (strcmp(family->name, name) == 0)
139 			return family;
140 
141 	return NULL;
142 }
143 
144 struct genl_op_iter {
145 	const struct genl_family *family;
146 	struct genl_split_ops doit;
147 	struct genl_split_ops dumpit;
148 	int cmd_idx;
149 	int entry_idx;
150 	u32 cmd;
151 	u8 flags;
152 };
153 
genl_op_from_full(const struct genl_family * family,unsigned int i,struct genl_ops * op)154 static void genl_op_from_full(const struct genl_family *family,
155 			      unsigned int i, struct genl_ops *op)
156 {
157 	*op = family->ops[i];
158 
159 	if (!op->maxattr)
160 		op->maxattr = family->maxattr;
161 	if (!op->policy)
162 		op->policy = family->policy;
163 
164 	genl_op_fill_in_reject_policy(family, op);
165 }
166 
genl_get_cmd_full(u32 cmd,const struct genl_family * family,struct genl_ops * op)167 static int genl_get_cmd_full(u32 cmd, const struct genl_family *family,
168 			     struct genl_ops *op)
169 {
170 	int i;
171 
172 	for (i = 0; i < family->n_ops; i++)
173 		if (family->ops[i].cmd == cmd) {
174 			genl_op_from_full(family, i, op);
175 			return 0;
176 		}
177 
178 	return -ENOENT;
179 }
180 
genl_op_from_small(const struct genl_family * family,unsigned int i,struct genl_ops * op)181 static void genl_op_from_small(const struct genl_family *family,
182 			       unsigned int i, struct genl_ops *op)
183 {
184 	memset(op, 0, sizeof(*op));
185 	op->doit	= family->small_ops[i].doit;
186 	op->dumpit	= family->small_ops[i].dumpit;
187 	op->cmd		= family->small_ops[i].cmd;
188 	op->internal_flags = family->small_ops[i].internal_flags;
189 	op->flags	= family->small_ops[i].flags;
190 	op->validate	= family->small_ops[i].validate;
191 
192 	op->maxattr = family->maxattr;
193 	op->policy = family->policy;
194 
195 	genl_op_fill_in_reject_policy(family, op);
196 }
197 
genl_get_cmd_small(u32 cmd,const struct genl_family * family,struct genl_ops * op)198 static int genl_get_cmd_small(u32 cmd, const struct genl_family *family,
199 			      struct genl_ops *op)
200 {
201 	int i;
202 
203 	for (i = 0; i < family->n_small_ops; i++)
204 		if (family->small_ops[i].cmd == cmd) {
205 			genl_op_from_small(family, i, op);
206 			return 0;
207 		}
208 
209 	return -ENOENT;
210 }
211 
genl_op_from_split(struct genl_op_iter * iter)212 static void genl_op_from_split(struct genl_op_iter *iter)
213 {
214 	const struct genl_family *family = iter->family;
215 	int i, cnt = 0;
216 
217 	i = iter->entry_idx - family->n_ops - family->n_small_ops;
218 
219 	if (family->split_ops[i + cnt].flags & GENL_CMD_CAP_DO) {
220 		iter->doit = family->split_ops[i + cnt];
221 		genl_op_fill_in_reject_policy_split(family, &iter->doit);
222 		cnt++;
223 	} else {
224 		memset(&iter->doit, 0, sizeof(iter->doit));
225 	}
226 
227 	if (i + cnt < family->n_split_ops &&
228 	    family->split_ops[i + cnt].flags & GENL_CMD_CAP_DUMP) {
229 		iter->dumpit = family->split_ops[i + cnt];
230 		genl_op_fill_in_reject_policy_split(family, &iter->dumpit);
231 		cnt++;
232 	} else {
233 		memset(&iter->dumpit, 0, sizeof(iter->dumpit));
234 	}
235 
236 	WARN_ON(!cnt);
237 	iter->entry_idx += cnt;
238 }
239 
240 static int
genl_get_cmd_split(u32 cmd,u8 flag,const struct genl_family * family,struct genl_split_ops * op)241 genl_get_cmd_split(u32 cmd, u8 flag, const struct genl_family *family,
242 		   struct genl_split_ops *op)
243 {
244 	int i;
245 
246 	for (i = 0; i < family->n_split_ops; i++)
247 		if (family->split_ops[i].cmd == cmd &&
248 		    family->split_ops[i].flags & flag) {
249 			*op = family->split_ops[i];
250 			return 0;
251 		}
252 
253 	return -ENOENT;
254 }
255 
256 static int
genl_cmd_full_to_split(struct genl_split_ops * op,const struct genl_family * family,const struct genl_ops * full,u8 flags)257 genl_cmd_full_to_split(struct genl_split_ops *op,
258 		       const struct genl_family *family,
259 		       const struct genl_ops *full, u8 flags)
260 {
261 	if ((flags & GENL_CMD_CAP_DO && !full->doit) ||
262 	    (flags & GENL_CMD_CAP_DUMP && !full->dumpit)) {
263 		memset(op, 0, sizeof(*op));
264 		return -ENOENT;
265 	}
266 
267 	if (flags & GENL_CMD_CAP_DUMP) {
268 		op->start	= full->start;
269 		op->dumpit	= full->dumpit;
270 		op->done	= full->done;
271 	} else {
272 		op->pre_doit	= family->pre_doit;
273 		op->doit	= full->doit;
274 		op->post_doit	= family->post_doit;
275 	}
276 
277 	if (flags & GENL_CMD_CAP_DUMP &&
278 	    full->validate & GENL_DONT_VALIDATE_DUMP) {
279 		op->policy	= NULL;
280 		op->maxattr	= 0;
281 	} else {
282 		op->policy	= full->policy;
283 		op->maxattr	= full->maxattr;
284 	}
285 
286 	op->cmd			= full->cmd;
287 	op->internal_flags	= full->internal_flags;
288 	op->flags		= full->flags;
289 	op->validate		= full->validate;
290 
291 	/* Make sure flags include the GENL_CMD_CAP_DO / GENL_CMD_CAP_DUMP */
292 	op->flags		|= flags;
293 
294 	return 0;
295 }
296 
297 /* Must make sure that op is initialized to 0 on failure */
298 static int
genl_get_cmd(u32 cmd,u8 flags,const struct genl_family * family,struct genl_split_ops * op)299 genl_get_cmd(u32 cmd, u8 flags, const struct genl_family *family,
300 	     struct genl_split_ops *op)
301 {
302 	struct genl_ops full;
303 	int err;
304 
305 	err = genl_get_cmd_full(cmd, family, &full);
306 	if (err == -ENOENT)
307 		err = genl_get_cmd_small(cmd, family, &full);
308 	/* Found one of legacy forms */
309 	if (err == 0)
310 		return genl_cmd_full_to_split(op, family, &full, flags);
311 
312 	err = genl_get_cmd_split(cmd, flags, family, op);
313 	if (err)
314 		memset(op, 0, sizeof(*op));
315 	return err;
316 }
317 
318 /* For policy dumping only, get ops of both do and dump.
319  * Fail if both are missing, genl_get_cmd() will zero-init in case of failure.
320  */
321 static int
genl_get_cmd_both(u32 cmd,const struct genl_family * family,struct genl_split_ops * doit,struct genl_split_ops * dumpit)322 genl_get_cmd_both(u32 cmd, const struct genl_family *family,
323 		  struct genl_split_ops *doit, struct genl_split_ops *dumpit)
324 {
325 	int err1, err2;
326 
327 	err1 = genl_get_cmd(cmd, GENL_CMD_CAP_DO, family, doit);
328 	err2 = genl_get_cmd(cmd, GENL_CMD_CAP_DUMP, family, dumpit);
329 
330 	return err1 && err2 ? -ENOENT : 0;
331 }
332 
333 static bool
genl_op_iter_init(const struct genl_family * family,struct genl_op_iter * iter)334 genl_op_iter_init(const struct genl_family *family, struct genl_op_iter *iter)
335 {
336 	iter->family = family;
337 	iter->cmd_idx = 0;
338 	iter->entry_idx = 0;
339 
340 	iter->flags = 0;
341 
342 	return iter->family->n_ops +
343 		iter->family->n_small_ops +
344 		iter->family->n_split_ops;
345 }
346 
genl_op_iter_next(struct genl_op_iter * iter)347 static bool genl_op_iter_next(struct genl_op_iter *iter)
348 {
349 	const struct genl_family *family = iter->family;
350 	bool legacy_op = true;
351 	struct genl_ops op;
352 
353 	if (iter->entry_idx < family->n_ops) {
354 		genl_op_from_full(family, iter->entry_idx, &op);
355 	} else if (iter->entry_idx < family->n_ops + family->n_small_ops) {
356 		genl_op_from_small(family, iter->entry_idx - family->n_ops,
357 				   &op);
358 	} else if (iter->entry_idx <
359 		   family->n_ops + family->n_small_ops + family->n_split_ops) {
360 		legacy_op = false;
361 		/* updates entry_idx */
362 		genl_op_from_split(iter);
363 	} else {
364 		return false;
365 	}
366 
367 	iter->cmd_idx++;
368 
369 	if (legacy_op) {
370 		iter->entry_idx++;
371 
372 		genl_cmd_full_to_split(&iter->doit, family,
373 				       &op, GENL_CMD_CAP_DO);
374 		genl_cmd_full_to_split(&iter->dumpit, family,
375 				       &op, GENL_CMD_CAP_DUMP);
376 	}
377 
378 	iter->cmd = iter->doit.cmd | iter->dumpit.cmd;
379 	iter->flags = iter->doit.flags | iter->dumpit.flags;
380 
381 	return true;
382 }
383 
384 static void
genl_op_iter_copy(struct genl_op_iter * dst,struct genl_op_iter * src)385 genl_op_iter_copy(struct genl_op_iter *dst, struct genl_op_iter *src)
386 {
387 	*dst = *src;
388 }
389 
genl_op_iter_idx(struct genl_op_iter * iter)390 static unsigned int genl_op_iter_idx(struct genl_op_iter *iter)
391 {
392 	return iter->cmd_idx;
393 }
394 
genl_allocate_reserve_groups(int n_groups,int * first_id)395 static int genl_allocate_reserve_groups(int n_groups, int *first_id)
396 {
397 	unsigned long *new_groups;
398 	int start = 0;
399 	int i;
400 	int id;
401 	bool fits;
402 
403 	do {
404 		if (start == 0)
405 			id = find_first_zero_bit(mc_groups,
406 						 mc_groups_longs *
407 						 BITS_PER_LONG);
408 		else
409 			id = find_next_zero_bit(mc_groups,
410 						mc_groups_longs * BITS_PER_LONG,
411 						start);
412 
413 		fits = true;
414 		for (i = id;
415 		     i < min_t(int, id + n_groups,
416 			       mc_groups_longs * BITS_PER_LONG);
417 		     i++) {
418 			if (test_bit(i, mc_groups)) {
419 				start = i;
420 				fits = false;
421 				break;
422 			}
423 		}
424 
425 		if (id + n_groups > mc_groups_longs * BITS_PER_LONG) {
426 			unsigned long new_longs = mc_groups_longs +
427 						  BITS_TO_LONGS(n_groups);
428 			size_t nlen = new_longs * sizeof(unsigned long);
429 
430 			if (mc_groups == &mc_group_start) {
431 				new_groups = kzalloc(nlen, GFP_KERNEL);
432 				if (!new_groups)
433 					return -ENOMEM;
434 				mc_groups = new_groups;
435 				*mc_groups = mc_group_start;
436 			} else {
437 				new_groups = krealloc(mc_groups, nlen,
438 						      GFP_KERNEL);
439 				if (!new_groups)
440 					return -ENOMEM;
441 				mc_groups = new_groups;
442 				for (i = 0; i < BITS_TO_LONGS(n_groups); i++)
443 					mc_groups[mc_groups_longs + i] = 0;
444 			}
445 			mc_groups_longs = new_longs;
446 		}
447 	} while (!fits);
448 
449 	for (i = id; i < id + n_groups; i++)
450 		set_bit(i, mc_groups);
451 	*first_id = id;
452 	return 0;
453 }
454 
455 static struct genl_family genl_ctrl;
456 
genl_validate_assign_mc_groups(struct genl_family * family)457 static int genl_validate_assign_mc_groups(struct genl_family *family)
458 {
459 	int first_id;
460 	int n_groups = family->n_mcgrps;
461 	int err = 0, i;
462 	bool groups_allocated = false;
463 
464 	if (!n_groups)
465 		return 0;
466 
467 	for (i = 0; i < n_groups; i++) {
468 		const struct genl_multicast_group *grp = &family->mcgrps[i];
469 
470 		if (WARN_ON(grp->name[0] == '\0'))
471 			return -EINVAL;
472 		if (WARN_ON(!string_is_terminated(grp->name, GENL_NAMSIZ)))
473 			return -EINVAL;
474 	}
475 
476 	/* special-case our own group and hacks */
477 	if (family == &genl_ctrl) {
478 		first_id = GENL_ID_CTRL;
479 		BUG_ON(n_groups != 1);
480 	} else if (strcmp(family->name, "NET_DM") == 0) {
481 		first_id = 1;
482 		BUG_ON(n_groups != 1);
483 	} else if (family->id == GENL_ID_VFS_DQUOT) {
484 		first_id = GENL_ID_VFS_DQUOT;
485 		BUG_ON(n_groups != 1);
486 	} else if (family->id == GENL_ID_PMCRAID) {
487 		first_id = GENL_ID_PMCRAID;
488 		BUG_ON(n_groups != 1);
489 	} else {
490 		groups_allocated = true;
491 		err = genl_allocate_reserve_groups(n_groups, &first_id);
492 		if (err)
493 			return err;
494 	}
495 
496 	family->mcgrp_offset = first_id;
497 
498 	/* if still initializing, can't and don't need to realloc bitmaps */
499 	if (!init_net.genl_sock)
500 		return 0;
501 
502 	if (family->netnsok) {
503 		struct net *net;
504 
505 		netlink_table_grab();
506 		rcu_read_lock();
507 		for_each_net_rcu(net) {
508 			err = __netlink_change_ngroups(net->genl_sock,
509 					mc_groups_longs * BITS_PER_LONG);
510 			if (err) {
511 				/*
512 				 * No need to roll back, can only fail if
513 				 * memory allocation fails and then the
514 				 * number of _possible_ groups has been
515 				 * increased on some sockets which is ok.
516 				 */
517 				break;
518 			}
519 		}
520 		rcu_read_unlock();
521 		netlink_table_ungrab();
522 	} else {
523 		err = netlink_change_ngroups(init_net.genl_sock,
524 					     mc_groups_longs * BITS_PER_LONG);
525 	}
526 
527 	if (groups_allocated && err) {
528 		for (i = 0; i < family->n_mcgrps; i++)
529 			clear_bit(family->mcgrp_offset + i, mc_groups);
530 	}
531 
532 	return err;
533 }
534 
genl_unregister_mc_groups(const struct genl_family * family)535 static void genl_unregister_mc_groups(const struct genl_family *family)
536 {
537 	struct net *net;
538 	int i;
539 
540 	netlink_table_grab();
541 	rcu_read_lock();
542 	for_each_net_rcu(net) {
543 		for (i = 0; i < family->n_mcgrps; i++)
544 			__netlink_clear_multicast_users(
545 				net->genl_sock, family->mcgrp_offset + i);
546 	}
547 	rcu_read_unlock();
548 	netlink_table_ungrab();
549 
550 	for (i = 0; i < family->n_mcgrps; i++) {
551 		int grp_id = family->mcgrp_offset + i;
552 
553 		if (grp_id != 1)
554 			clear_bit(grp_id, mc_groups);
555 		genl_ctrl_event(CTRL_CMD_DELMCAST_GRP, family,
556 				&family->mcgrps[i], grp_id);
557 	}
558 }
559 
genl_split_op_check(const struct genl_split_ops * op)560 static bool genl_split_op_check(const struct genl_split_ops *op)
561 {
562 	if (WARN_ON(hweight8(op->flags & (GENL_CMD_CAP_DO |
563 					  GENL_CMD_CAP_DUMP)) != 1))
564 		return true;
565 	return false;
566 }
567 
genl_validate_ops(const struct genl_family * family)568 static int genl_validate_ops(const struct genl_family *family)
569 {
570 	struct genl_op_iter i, j;
571 	unsigned int s;
572 
573 	if (WARN_ON(family->n_ops && !family->ops) ||
574 	    WARN_ON(family->n_small_ops && !family->small_ops) ||
575 	    WARN_ON(family->n_split_ops && !family->split_ops))
576 		return -EINVAL;
577 
578 	for (genl_op_iter_init(family, &i); genl_op_iter_next(&i); ) {
579 		if (!(i.flags & (GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP)))
580 			return -EINVAL;
581 
582 		if (WARN_ON(i.cmd >= family->resv_start_op &&
583 			    (i.doit.validate || i.dumpit.validate)))
584 			return -EINVAL;
585 
586 		genl_op_iter_copy(&j, &i);
587 		while (genl_op_iter_next(&j)) {
588 			if (i.cmd == j.cmd)
589 				return -EINVAL;
590 		}
591 	}
592 
593 	if (family->n_split_ops) {
594 		if (genl_split_op_check(&family->split_ops[0]))
595 			return -EINVAL;
596 	}
597 
598 	for (s = 1; s < family->n_split_ops; s++) {
599 		const struct genl_split_ops *a, *b;
600 
601 		a = &family->split_ops[s - 1];
602 		b = &family->split_ops[s];
603 
604 		if (genl_split_op_check(b))
605 			return -EINVAL;
606 
607 		/* Check sort order */
608 		if (a->cmd < b->cmd) {
609 			continue;
610 		} else if (a->cmd > b->cmd) {
611 			WARN_ON(1);
612 			return -EINVAL;
613 		}
614 
615 		if (a->internal_flags != b->internal_flags ||
616 		    ((a->flags ^ b->flags) & ~(GENL_CMD_CAP_DO |
617 					       GENL_CMD_CAP_DUMP))) {
618 			WARN_ON(1);
619 			return -EINVAL;
620 		}
621 
622 		if ((a->flags & GENL_CMD_CAP_DO) &&
623 		    (b->flags & GENL_CMD_CAP_DUMP))
624 			continue;
625 
626 		WARN_ON(1);
627 		return -EINVAL;
628 	}
629 
630 	return 0;
631 }
632 
633 /**
634  * genl_register_family - register a generic netlink family
635  * @family: generic netlink family
636  *
637  * Registers the specified family after validating it first. Only one
638  * family may be registered with the same family name or identifier.
639  *
640  * The family's ops, multicast groups and module pointer must already
641  * be assigned.
642  *
643  * Return 0 on success or a negative error code.
644  */
genl_register_family(struct genl_family * family)645 int genl_register_family(struct genl_family *family)
646 {
647 	int err, i;
648 	int start = GENL_START_ALLOC, end = GENL_MAX_ID;
649 
650 	err = genl_validate_ops(family);
651 	if (err)
652 		return err;
653 
654 	genl_lock_all();
655 
656 	if (genl_family_find_byname(family->name)) {
657 		err = -EEXIST;
658 		goto errout_locked;
659 	}
660 
661 	/*
662 	 * Sadly, a few cases need to be special-cased
663 	 * due to them having previously abused the API
664 	 * and having used their family ID also as their
665 	 * multicast group ID, so we use reserved IDs
666 	 * for both to be sure we can do that mapping.
667 	 */
668 	if (family == &genl_ctrl) {
669 		/* and this needs to be special for initial family lookups */
670 		start = end = GENL_ID_CTRL;
671 	} else if (strcmp(family->name, "pmcraid") == 0) {
672 		start = end = GENL_ID_PMCRAID;
673 	} else if (strcmp(family->name, "VFS_DQUOT") == 0) {
674 		start = end = GENL_ID_VFS_DQUOT;
675 	}
676 
677 	family->id = idr_alloc_cyclic(&genl_fam_idr, family,
678 				      start, end + 1, GFP_KERNEL);
679 	if (family->id < 0) {
680 		err = family->id;
681 		goto errout_locked;
682 	}
683 
684 	err = genl_validate_assign_mc_groups(family);
685 	if (err)
686 		goto errout_remove;
687 
688 	genl_unlock_all();
689 
690 	/* send all events */
691 	genl_ctrl_event(CTRL_CMD_NEWFAMILY, family, NULL, 0);
692 	for (i = 0; i < family->n_mcgrps; i++)
693 		genl_ctrl_event(CTRL_CMD_NEWMCAST_GRP, family,
694 				&family->mcgrps[i], family->mcgrp_offset + i);
695 
696 	return 0;
697 
698 errout_remove:
699 	idr_remove(&genl_fam_idr, family->id);
700 errout_locked:
701 	genl_unlock_all();
702 	return err;
703 }
704 EXPORT_SYMBOL(genl_register_family);
705 
706 /**
707  * genl_unregister_family - unregister generic netlink family
708  * @family: generic netlink family
709  *
710  * Unregisters the specified family.
711  *
712  * Returns 0 on success or a negative error code.
713  */
genl_unregister_family(const struct genl_family * family)714 int genl_unregister_family(const struct genl_family *family)
715 {
716 	genl_lock_all();
717 
718 	if (!genl_family_find_byid(family->id)) {
719 		genl_unlock_all();
720 		return -ENOENT;
721 	}
722 
723 	genl_unregister_mc_groups(family);
724 
725 	idr_remove(&genl_fam_idr, family->id);
726 
727 	up_write(&cb_lock);
728 	wait_event(genl_sk_destructing_waitq,
729 		   atomic_read(&genl_sk_destructing_cnt) == 0);
730 	genl_unlock();
731 
732 	genl_ctrl_event(CTRL_CMD_DELFAMILY, family, NULL, 0);
733 
734 	return 0;
735 }
736 EXPORT_SYMBOL(genl_unregister_family);
737 
738 /**
739  * genlmsg_put - Add generic netlink header to netlink message
740  * @skb: socket buffer holding the message
741  * @portid: netlink portid the message is addressed to
742  * @seq: sequence number (usually the one of the sender)
743  * @family: generic netlink family
744  * @flags: netlink message flags
745  * @cmd: generic netlink command
746  *
747  * Returns pointer to user specific header
748  */
genlmsg_put(struct sk_buff * skb,u32 portid,u32 seq,const struct genl_family * family,int flags,u8 cmd)749 void *genlmsg_put(struct sk_buff *skb, u32 portid, u32 seq,
750 		  const struct genl_family *family, int flags, u8 cmd)
751 {
752 	struct nlmsghdr *nlh;
753 	struct genlmsghdr *hdr;
754 
755 	nlh = nlmsg_put(skb, portid, seq, family->id, GENL_HDRLEN +
756 			family->hdrsize, flags);
757 	if (nlh == NULL)
758 		return NULL;
759 
760 	hdr = nlmsg_data(nlh);
761 	hdr->cmd = cmd;
762 	hdr->version = family->version;
763 	hdr->reserved = 0;
764 
765 	return (char *) hdr + GENL_HDRLEN;
766 }
767 EXPORT_SYMBOL(genlmsg_put);
768 
genl_dumpit_info_alloc(void)769 static struct genl_dumpit_info *genl_dumpit_info_alloc(void)
770 {
771 	return kmalloc(sizeof(struct genl_dumpit_info), GFP_KERNEL);
772 }
773 
genl_dumpit_info_free(const struct genl_dumpit_info * info)774 static void genl_dumpit_info_free(const struct genl_dumpit_info *info)
775 {
776 	kfree(info);
777 }
778 
779 static struct nlattr **
genl_family_rcv_msg_attrs_parse(const struct genl_family * family,struct nlmsghdr * nlh,struct netlink_ext_ack * extack,const struct genl_split_ops * ops,int hdrlen,enum genl_validate_flags no_strict_flag)780 genl_family_rcv_msg_attrs_parse(const struct genl_family *family,
781 				struct nlmsghdr *nlh,
782 				struct netlink_ext_ack *extack,
783 				const struct genl_split_ops *ops,
784 				int hdrlen,
785 				enum genl_validate_flags no_strict_flag)
786 {
787 	enum netlink_validation validate = ops->validate & no_strict_flag ?
788 					   NL_VALIDATE_LIBERAL :
789 					   NL_VALIDATE_STRICT;
790 	struct nlattr **attrbuf;
791 	int err;
792 
793 	if (!ops->maxattr)
794 		return NULL;
795 
796 	attrbuf = kmalloc_array(ops->maxattr + 1,
797 				sizeof(struct nlattr *), GFP_KERNEL);
798 	if (!attrbuf)
799 		return ERR_PTR(-ENOMEM);
800 
801 	err = __nlmsg_parse(nlh, hdrlen, attrbuf, ops->maxattr, ops->policy,
802 			    validate, extack);
803 	if (err) {
804 		kfree(attrbuf);
805 		return ERR_PTR(err);
806 	}
807 	return attrbuf;
808 }
809 
genl_family_rcv_msg_attrs_free(struct nlattr ** attrbuf)810 static void genl_family_rcv_msg_attrs_free(struct nlattr **attrbuf)
811 {
812 	kfree(attrbuf);
813 }
814 
815 struct genl_start_context {
816 	const struct genl_family *family;
817 	struct nlmsghdr *nlh;
818 	struct netlink_ext_ack *extack;
819 	const struct genl_split_ops *ops;
820 	int hdrlen;
821 };
822 
genl_start(struct netlink_callback * cb)823 static int genl_start(struct netlink_callback *cb)
824 {
825 	struct genl_start_context *ctx = cb->data;
826 	const struct genl_split_ops *ops;
827 	struct genl_dumpit_info *info;
828 	struct nlattr **attrs = NULL;
829 	int rc = 0;
830 
831 	ops = ctx->ops;
832 	if (!(ops->validate & GENL_DONT_VALIDATE_DUMP) &&
833 	    ctx->nlh->nlmsg_len < nlmsg_msg_size(ctx->hdrlen))
834 		return -EINVAL;
835 
836 	attrs = genl_family_rcv_msg_attrs_parse(ctx->family, ctx->nlh, ctx->extack,
837 						ops, ctx->hdrlen,
838 						GENL_DONT_VALIDATE_DUMP_STRICT);
839 	if (IS_ERR(attrs))
840 		return PTR_ERR(attrs);
841 
842 	info = genl_dumpit_info_alloc();
843 	if (!info) {
844 		genl_family_rcv_msg_attrs_free(attrs);
845 		return -ENOMEM;
846 	}
847 	info->op = *ops;
848 	info->info.family	= ctx->family;
849 	info->info.snd_seq	= cb->nlh->nlmsg_seq;
850 	info->info.snd_portid	= NETLINK_CB(cb->skb).portid;
851 	info->info.nlhdr	= cb->nlh;
852 	info->info.genlhdr	= nlmsg_data(cb->nlh);
853 	info->info.attrs	= attrs;
854 	genl_info_net_set(&info->info, sock_net(cb->skb->sk));
855 	info->info.extack	= cb->extack;
856 	memset(&info->info.user_ptr, 0, sizeof(info->info.user_ptr));
857 
858 	cb->data = info;
859 	if (ops->start) {
860 		genl_op_lock(ctx->family);
861 		rc = ops->start(cb);
862 		genl_op_unlock(ctx->family);
863 	}
864 
865 	if (rc) {
866 		genl_family_rcv_msg_attrs_free(info->info.attrs);
867 		genl_dumpit_info_free(info);
868 		cb->data = NULL;
869 	}
870 	return rc;
871 }
872 
genl_dumpit(struct sk_buff * skb,struct netlink_callback * cb)873 static int genl_dumpit(struct sk_buff *skb, struct netlink_callback *cb)
874 {
875 	struct genl_dumpit_info *dump_info = cb->data;
876 	const struct genl_split_ops *ops = &dump_info->op;
877 	struct genl_info *info = &dump_info->info;
878 	int rc;
879 
880 	info->extack = cb->extack;
881 
882 	genl_op_lock(info->family);
883 	rc = ops->dumpit(skb, cb);
884 	genl_op_unlock(info->family);
885 	return rc;
886 }
887 
genl_done(struct netlink_callback * cb)888 static int genl_done(struct netlink_callback *cb)
889 {
890 	struct genl_dumpit_info *dump_info = cb->data;
891 	const struct genl_split_ops *ops = &dump_info->op;
892 	struct genl_info *info = &dump_info->info;
893 	int rc = 0;
894 
895 	info->extack = cb->extack;
896 
897 	if (ops->done) {
898 		genl_op_lock(info->family);
899 		rc = ops->done(cb);
900 		genl_op_unlock(info->family);
901 	}
902 	genl_family_rcv_msg_attrs_free(info->attrs);
903 	genl_dumpit_info_free(dump_info);
904 	return rc;
905 }
906 
genl_family_rcv_msg_dumpit(const struct genl_family * family,struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack,const struct genl_split_ops * ops,int hdrlen,struct net * net)907 static int genl_family_rcv_msg_dumpit(const struct genl_family *family,
908 				      struct sk_buff *skb,
909 				      struct nlmsghdr *nlh,
910 				      struct netlink_ext_ack *extack,
911 				      const struct genl_split_ops *ops,
912 				      int hdrlen, struct net *net)
913 {
914 	struct genl_start_context ctx;
915 	struct netlink_dump_control c = {
916 		.module = family->module,
917 		.data = &ctx,
918 		.start = genl_start,
919 		.dump = genl_dumpit,
920 		.done = genl_done,
921 		.extack = extack,
922 	};
923 	int err;
924 
925 	ctx.family = family;
926 	ctx.nlh = nlh;
927 	ctx.extack = extack;
928 	ctx.ops = ops;
929 	ctx.hdrlen = hdrlen;
930 
931 	genl_op_unlock(family);
932 	err = __netlink_dump_start(net->genl_sock, skb, nlh, &c);
933 	genl_op_lock(family);
934 
935 	return err;
936 }
937 
genl_family_rcv_msg_doit(const struct genl_family * family,struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack,const struct genl_split_ops * ops,int hdrlen,struct net * net)938 static int genl_family_rcv_msg_doit(const struct genl_family *family,
939 				    struct sk_buff *skb,
940 				    struct nlmsghdr *nlh,
941 				    struct netlink_ext_ack *extack,
942 				    const struct genl_split_ops *ops,
943 				    int hdrlen, struct net *net)
944 {
945 	struct nlattr **attrbuf;
946 	struct genl_info info;
947 	int err;
948 
949 	attrbuf = genl_family_rcv_msg_attrs_parse(family, nlh, extack,
950 						  ops, hdrlen,
951 						  GENL_DONT_VALIDATE_STRICT);
952 	if (IS_ERR(attrbuf))
953 		return PTR_ERR(attrbuf);
954 
955 	info.snd_seq = nlh->nlmsg_seq;
956 	info.snd_portid = NETLINK_CB(skb).portid;
957 	info.family = family;
958 	info.nlhdr = nlh;
959 	info.genlhdr = nlmsg_data(nlh);
960 	info.attrs = attrbuf;
961 	info.extack = extack;
962 	genl_info_net_set(&info, net);
963 	memset(&info.user_ptr, 0, sizeof(info.user_ptr));
964 
965 	if (ops->pre_doit) {
966 		err = ops->pre_doit(ops, skb, &info);
967 		if (err)
968 			goto out;
969 	}
970 
971 	err = ops->doit(skb, &info);
972 
973 	if (ops->post_doit)
974 		ops->post_doit(ops, skb, &info);
975 
976 out:
977 	genl_family_rcv_msg_attrs_free(attrbuf);
978 
979 	return err;
980 }
981 
genl_header_check(const struct genl_family * family,struct nlmsghdr * nlh,struct genlmsghdr * hdr,struct netlink_ext_ack * extack)982 static int genl_header_check(const struct genl_family *family,
983 			     struct nlmsghdr *nlh, struct genlmsghdr *hdr,
984 			     struct netlink_ext_ack *extack)
985 {
986 	u16 flags;
987 
988 	/* Only for commands added after we started validating */
989 	if (hdr->cmd < family->resv_start_op)
990 		return 0;
991 
992 	if (hdr->reserved) {
993 		NL_SET_ERR_MSG(extack, "genlmsghdr.reserved field is not 0");
994 		return -EINVAL;
995 	}
996 
997 	/* Old netlink flags have pretty loose semantics, allow only the flags
998 	 * consumed by the core where we can enforce the meaning.
999 	 */
1000 	flags = nlh->nlmsg_flags;
1001 	if ((flags & NLM_F_DUMP) == NLM_F_DUMP) /* DUMP is 2 bits */
1002 		flags &= ~NLM_F_DUMP;
1003 	if (flags & ~(NLM_F_REQUEST | NLM_F_ACK | NLM_F_ECHO)) {
1004 		NL_SET_ERR_MSG(extack,
1005 			       "ambiguous or reserved bits set in nlmsg_flags");
1006 		return -EINVAL;
1007 	}
1008 
1009 	return 0;
1010 }
1011 
genl_family_rcv_msg(const struct genl_family * family,struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1012 static int genl_family_rcv_msg(const struct genl_family *family,
1013 			       struct sk_buff *skb,
1014 			       struct nlmsghdr *nlh,
1015 			       struct netlink_ext_ack *extack)
1016 {
1017 	struct net *net = sock_net(skb->sk);
1018 	struct genlmsghdr *hdr = nlmsg_data(nlh);
1019 	struct genl_split_ops op;
1020 	int hdrlen;
1021 	u8 flags;
1022 
1023 	/* this family doesn't exist in this netns */
1024 	if (!family->netnsok && !net_eq(net, &init_net))
1025 		return -ENOENT;
1026 
1027 	hdrlen = GENL_HDRLEN + family->hdrsize;
1028 	if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen))
1029 		return -EINVAL;
1030 
1031 	if (genl_header_check(family, nlh, hdr, extack))
1032 		return -EINVAL;
1033 
1034 	flags = (nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP ?
1035 		GENL_CMD_CAP_DUMP : GENL_CMD_CAP_DO;
1036 	if (genl_get_cmd(hdr->cmd, flags, family, &op))
1037 		return -EOPNOTSUPP;
1038 
1039 	if ((op.flags & GENL_ADMIN_PERM) &&
1040 	    !netlink_capable(skb, CAP_NET_ADMIN))
1041 		return -EPERM;
1042 
1043 	if ((op.flags & GENL_UNS_ADMIN_PERM) &&
1044 	    !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
1045 		return -EPERM;
1046 
1047 	if (flags & GENL_CMD_CAP_DUMP)
1048 		return genl_family_rcv_msg_dumpit(family, skb, nlh, extack,
1049 						  &op, hdrlen, net);
1050 	else
1051 		return genl_family_rcv_msg_doit(family, skb, nlh, extack,
1052 						&op, hdrlen, net);
1053 }
1054 
genl_rcv_msg(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1055 static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
1056 			struct netlink_ext_ack *extack)
1057 {
1058 	const struct genl_family *family;
1059 	int err;
1060 
1061 	family = genl_family_find_byid(nlh->nlmsg_type);
1062 	if (family == NULL)
1063 		return -ENOENT;
1064 
1065 	genl_op_lock(family);
1066 	err = genl_family_rcv_msg(family, skb, nlh, extack);
1067 	genl_op_unlock(family);
1068 
1069 	return err;
1070 }
1071 
genl_rcv(struct sk_buff * skb)1072 static void genl_rcv(struct sk_buff *skb)
1073 {
1074 	down_read(&cb_lock);
1075 	netlink_rcv_skb(skb, &genl_rcv_msg);
1076 	up_read(&cb_lock);
1077 }
1078 
1079 /**************************************************************************
1080  * Controller
1081  **************************************************************************/
1082 
1083 static struct genl_family genl_ctrl;
1084 
ctrl_fill_info(const struct genl_family * family,u32 portid,u32 seq,u32 flags,struct sk_buff * skb,u8 cmd)1085 static int ctrl_fill_info(const struct genl_family *family, u32 portid, u32 seq,
1086 			  u32 flags, struct sk_buff *skb, u8 cmd)
1087 {
1088 	struct genl_op_iter i;
1089 	void *hdr;
1090 
1091 	hdr = genlmsg_put(skb, portid, seq, &genl_ctrl, flags, cmd);
1092 	if (hdr == NULL)
1093 		return -1;
1094 
1095 	if (nla_put_string(skb, CTRL_ATTR_FAMILY_NAME, family->name) ||
1096 	    nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, family->id) ||
1097 	    nla_put_u32(skb, CTRL_ATTR_VERSION, family->version) ||
1098 	    nla_put_u32(skb, CTRL_ATTR_HDRSIZE, family->hdrsize) ||
1099 	    nla_put_u32(skb, CTRL_ATTR_MAXATTR, family->maxattr))
1100 		goto nla_put_failure;
1101 
1102 	if (genl_op_iter_init(family, &i)) {
1103 		struct nlattr *nla_ops;
1104 
1105 		nla_ops = nla_nest_start_noflag(skb, CTRL_ATTR_OPS);
1106 		if (nla_ops == NULL)
1107 			goto nla_put_failure;
1108 
1109 		while (genl_op_iter_next(&i)) {
1110 			struct nlattr *nest;
1111 			u32 op_flags;
1112 
1113 			op_flags = i.flags;
1114 			if (i.doit.policy || i.dumpit.policy)
1115 				op_flags |= GENL_CMD_CAP_HASPOL;
1116 
1117 			nest = nla_nest_start_noflag(skb, genl_op_iter_idx(&i));
1118 			if (nest == NULL)
1119 				goto nla_put_failure;
1120 
1121 			if (nla_put_u32(skb, CTRL_ATTR_OP_ID, i.cmd) ||
1122 			    nla_put_u32(skb, CTRL_ATTR_OP_FLAGS, op_flags))
1123 				goto nla_put_failure;
1124 
1125 			nla_nest_end(skb, nest);
1126 		}
1127 
1128 		nla_nest_end(skb, nla_ops);
1129 	}
1130 
1131 	if (family->n_mcgrps) {
1132 		struct nlattr *nla_grps;
1133 		int i;
1134 
1135 		nla_grps = nla_nest_start_noflag(skb, CTRL_ATTR_MCAST_GROUPS);
1136 		if (nla_grps == NULL)
1137 			goto nla_put_failure;
1138 
1139 		for (i = 0; i < family->n_mcgrps; i++) {
1140 			struct nlattr *nest;
1141 			const struct genl_multicast_group *grp;
1142 
1143 			grp = &family->mcgrps[i];
1144 
1145 			nest = nla_nest_start_noflag(skb, i + 1);
1146 			if (nest == NULL)
1147 				goto nla_put_failure;
1148 
1149 			if (nla_put_u32(skb, CTRL_ATTR_MCAST_GRP_ID,
1150 					family->mcgrp_offset + i) ||
1151 			    nla_put_string(skb, CTRL_ATTR_MCAST_GRP_NAME,
1152 					   grp->name))
1153 				goto nla_put_failure;
1154 
1155 			nla_nest_end(skb, nest);
1156 		}
1157 		nla_nest_end(skb, nla_grps);
1158 	}
1159 
1160 	genlmsg_end(skb, hdr);
1161 	return 0;
1162 
1163 nla_put_failure:
1164 	genlmsg_cancel(skb, hdr);
1165 	return -EMSGSIZE;
1166 }
1167 
ctrl_fill_mcgrp_info(const struct genl_family * family,const struct genl_multicast_group * grp,int grp_id,u32 portid,u32 seq,u32 flags,struct sk_buff * skb,u8 cmd)1168 static int ctrl_fill_mcgrp_info(const struct genl_family *family,
1169 				const struct genl_multicast_group *grp,
1170 				int grp_id, u32 portid, u32 seq, u32 flags,
1171 				struct sk_buff *skb, u8 cmd)
1172 {
1173 	void *hdr;
1174 	struct nlattr *nla_grps;
1175 	struct nlattr *nest;
1176 
1177 	hdr = genlmsg_put(skb, portid, seq, &genl_ctrl, flags, cmd);
1178 	if (hdr == NULL)
1179 		return -1;
1180 
1181 	if (nla_put_string(skb, CTRL_ATTR_FAMILY_NAME, family->name) ||
1182 	    nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, family->id))
1183 		goto nla_put_failure;
1184 
1185 	nla_grps = nla_nest_start_noflag(skb, CTRL_ATTR_MCAST_GROUPS);
1186 	if (nla_grps == NULL)
1187 		goto nla_put_failure;
1188 
1189 	nest = nla_nest_start_noflag(skb, 1);
1190 	if (nest == NULL)
1191 		goto nla_put_failure;
1192 
1193 	if (nla_put_u32(skb, CTRL_ATTR_MCAST_GRP_ID, grp_id) ||
1194 	    nla_put_string(skb, CTRL_ATTR_MCAST_GRP_NAME,
1195 			   grp->name))
1196 		goto nla_put_failure;
1197 
1198 	nla_nest_end(skb, nest);
1199 	nla_nest_end(skb, nla_grps);
1200 
1201 	genlmsg_end(skb, hdr);
1202 	return 0;
1203 
1204 nla_put_failure:
1205 	genlmsg_cancel(skb, hdr);
1206 	return -EMSGSIZE;
1207 }
1208 
ctrl_dumpfamily(struct sk_buff * skb,struct netlink_callback * cb)1209 static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb)
1210 {
1211 	int n = 0;
1212 	struct genl_family *rt;
1213 	struct net *net = sock_net(skb->sk);
1214 	int fams_to_skip = cb->args[0];
1215 	unsigned int id;
1216 
1217 	idr_for_each_entry(&genl_fam_idr, rt, id) {
1218 		if (!rt->netnsok && !net_eq(net, &init_net))
1219 			continue;
1220 
1221 		if (n++ < fams_to_skip)
1222 			continue;
1223 
1224 		if (ctrl_fill_info(rt, NETLINK_CB(cb->skb).portid,
1225 				   cb->nlh->nlmsg_seq, NLM_F_MULTI,
1226 				   skb, CTRL_CMD_NEWFAMILY) < 0) {
1227 			n--;
1228 			break;
1229 		}
1230 	}
1231 
1232 	cb->args[0] = n;
1233 	return skb->len;
1234 }
1235 
ctrl_build_family_msg(const struct genl_family * family,u32 portid,int seq,u8 cmd)1236 static struct sk_buff *ctrl_build_family_msg(const struct genl_family *family,
1237 					     u32 portid, int seq, u8 cmd)
1238 {
1239 	struct sk_buff *skb;
1240 	int err;
1241 
1242 	skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1243 	if (skb == NULL)
1244 		return ERR_PTR(-ENOBUFS);
1245 
1246 	err = ctrl_fill_info(family, portid, seq, 0, skb, cmd);
1247 	if (err < 0) {
1248 		nlmsg_free(skb);
1249 		return ERR_PTR(err);
1250 	}
1251 
1252 	return skb;
1253 }
1254 
1255 static struct sk_buff *
ctrl_build_mcgrp_msg(const struct genl_family * family,const struct genl_multicast_group * grp,int grp_id,u32 portid,int seq,u8 cmd)1256 ctrl_build_mcgrp_msg(const struct genl_family *family,
1257 		     const struct genl_multicast_group *grp,
1258 		     int grp_id, u32 portid, int seq, u8 cmd)
1259 {
1260 	struct sk_buff *skb;
1261 	int err;
1262 
1263 	skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1264 	if (skb == NULL)
1265 		return ERR_PTR(-ENOBUFS);
1266 
1267 	err = ctrl_fill_mcgrp_info(family, grp, grp_id, portid,
1268 				   seq, 0, skb, cmd);
1269 	if (err < 0) {
1270 		nlmsg_free(skb);
1271 		return ERR_PTR(err);
1272 	}
1273 
1274 	return skb;
1275 }
1276 
1277 static const struct nla_policy ctrl_policy_family[] = {
1278 	[CTRL_ATTR_FAMILY_ID]	= { .type = NLA_U16 },
1279 	[CTRL_ATTR_FAMILY_NAME]	= { .type = NLA_NUL_STRING,
1280 				    .len = GENL_NAMSIZ - 1 },
1281 };
1282 
ctrl_getfamily(struct sk_buff * skb,struct genl_info * info)1283 static int ctrl_getfamily(struct sk_buff *skb, struct genl_info *info)
1284 {
1285 	struct sk_buff *msg;
1286 	const struct genl_family *res = NULL;
1287 	int err = -EINVAL;
1288 
1289 	if (info->attrs[CTRL_ATTR_FAMILY_ID]) {
1290 		u16 id = nla_get_u16(info->attrs[CTRL_ATTR_FAMILY_ID]);
1291 		res = genl_family_find_byid(id);
1292 		err = -ENOENT;
1293 	}
1294 
1295 	if (info->attrs[CTRL_ATTR_FAMILY_NAME]) {
1296 		char *name;
1297 
1298 		name = nla_data(info->attrs[CTRL_ATTR_FAMILY_NAME]);
1299 		res = genl_family_find_byname(name);
1300 #ifdef CONFIG_MODULES
1301 		if (res == NULL) {
1302 			genl_unlock();
1303 			up_read(&cb_lock);
1304 			request_module("net-pf-%d-proto-%d-family-%s",
1305 				       PF_NETLINK, NETLINK_GENERIC, name);
1306 			down_read(&cb_lock);
1307 			genl_lock();
1308 			res = genl_family_find_byname(name);
1309 		}
1310 #endif
1311 		err = -ENOENT;
1312 	}
1313 
1314 	if (res == NULL)
1315 		return err;
1316 
1317 	if (!res->netnsok && !net_eq(genl_info_net(info), &init_net)) {
1318 		/* family doesn't exist here */
1319 		return -ENOENT;
1320 	}
1321 
1322 	msg = ctrl_build_family_msg(res, info->snd_portid, info->snd_seq,
1323 				    CTRL_CMD_NEWFAMILY);
1324 	if (IS_ERR(msg))
1325 		return PTR_ERR(msg);
1326 
1327 	return genlmsg_reply(msg, info);
1328 }
1329 
genl_ctrl_event(int event,const struct genl_family * family,const struct genl_multicast_group * grp,int grp_id)1330 static int genl_ctrl_event(int event, const struct genl_family *family,
1331 			   const struct genl_multicast_group *grp,
1332 			   int grp_id)
1333 {
1334 	struct sk_buff *msg;
1335 
1336 	/* genl is still initialising */
1337 	if (!init_net.genl_sock)
1338 		return 0;
1339 
1340 	switch (event) {
1341 	case CTRL_CMD_NEWFAMILY:
1342 	case CTRL_CMD_DELFAMILY:
1343 		WARN_ON(grp);
1344 		msg = ctrl_build_family_msg(family, 0, 0, event);
1345 		break;
1346 	case CTRL_CMD_NEWMCAST_GRP:
1347 	case CTRL_CMD_DELMCAST_GRP:
1348 		BUG_ON(!grp);
1349 		msg = ctrl_build_mcgrp_msg(family, grp, grp_id, 0, 0, event);
1350 		break;
1351 	default:
1352 		return -EINVAL;
1353 	}
1354 
1355 	if (IS_ERR(msg))
1356 		return PTR_ERR(msg);
1357 
1358 	if (!family->netnsok) {
1359 		genlmsg_multicast_netns(&genl_ctrl, &init_net, msg, 0,
1360 					0, GFP_KERNEL);
1361 	} else {
1362 		rcu_read_lock();
1363 		genlmsg_multicast_allns(&genl_ctrl, msg, 0,
1364 					0, GFP_ATOMIC);
1365 		rcu_read_unlock();
1366 	}
1367 
1368 	return 0;
1369 }
1370 
1371 struct ctrl_dump_policy_ctx {
1372 	struct netlink_policy_dump_state *state;
1373 	const struct genl_family *rt;
1374 	struct genl_op_iter *op_iter;
1375 	u32 op;
1376 	u16 fam_id;
1377 	u8 dump_map:1,
1378 	   single_op:1;
1379 };
1380 
1381 static const struct nla_policy ctrl_policy_policy[] = {
1382 	[CTRL_ATTR_FAMILY_ID]	= { .type = NLA_U16 },
1383 	[CTRL_ATTR_FAMILY_NAME]	= { .type = NLA_NUL_STRING,
1384 				    .len = GENL_NAMSIZ - 1 },
1385 	[CTRL_ATTR_OP]		= { .type = NLA_U32 },
1386 };
1387 
ctrl_dumppolicy_start(struct netlink_callback * cb)1388 static int ctrl_dumppolicy_start(struct netlink_callback *cb)
1389 {
1390 	const struct genl_dumpit_info *info = genl_dumpit_info(cb);
1391 	struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1392 	struct nlattr **tb = info->info.attrs;
1393 	const struct genl_family *rt;
1394 	struct genl_op_iter i;
1395 	int err;
1396 
1397 	BUILD_BUG_ON(sizeof(*ctx) > sizeof(cb->ctx));
1398 
1399 	if (!tb[CTRL_ATTR_FAMILY_ID] && !tb[CTRL_ATTR_FAMILY_NAME])
1400 		return -EINVAL;
1401 
1402 	if (tb[CTRL_ATTR_FAMILY_ID]) {
1403 		ctx->fam_id = nla_get_u16(tb[CTRL_ATTR_FAMILY_ID]);
1404 	} else {
1405 		rt = genl_family_find_byname(
1406 			nla_data(tb[CTRL_ATTR_FAMILY_NAME]));
1407 		if (!rt)
1408 			return -ENOENT;
1409 		ctx->fam_id = rt->id;
1410 	}
1411 
1412 	rt = genl_family_find_byid(ctx->fam_id);
1413 	if (!rt)
1414 		return -ENOENT;
1415 
1416 	ctx->rt = rt;
1417 
1418 	if (tb[CTRL_ATTR_OP]) {
1419 		struct genl_split_ops doit, dump;
1420 
1421 		ctx->single_op = true;
1422 		ctx->op = nla_get_u32(tb[CTRL_ATTR_OP]);
1423 
1424 		err = genl_get_cmd_both(ctx->op, rt, &doit, &dump);
1425 		if (err) {
1426 			NL_SET_BAD_ATTR(cb->extack, tb[CTRL_ATTR_OP]);
1427 			return err;
1428 		}
1429 
1430 		if (doit.policy) {
1431 			err = netlink_policy_dump_add_policy(&ctx->state,
1432 							     doit.policy,
1433 							     doit.maxattr);
1434 			if (err)
1435 				goto err_free_state;
1436 		}
1437 		if (dump.policy) {
1438 			err = netlink_policy_dump_add_policy(&ctx->state,
1439 							     dump.policy,
1440 							     dump.maxattr);
1441 			if (err)
1442 				goto err_free_state;
1443 		}
1444 
1445 		if (!ctx->state)
1446 			return -ENODATA;
1447 
1448 		ctx->dump_map = 1;
1449 		return 0;
1450 	}
1451 
1452 	ctx->op_iter = kmalloc(sizeof(*ctx->op_iter), GFP_KERNEL);
1453 	if (!ctx->op_iter)
1454 		return -ENOMEM;
1455 
1456 	genl_op_iter_init(rt, ctx->op_iter);
1457 	ctx->dump_map = genl_op_iter_next(ctx->op_iter);
1458 
1459 	for (genl_op_iter_init(rt, &i); genl_op_iter_next(&i); ) {
1460 		if (i.doit.policy) {
1461 			err = netlink_policy_dump_add_policy(&ctx->state,
1462 							     i.doit.policy,
1463 							     i.doit.maxattr);
1464 			if (err)
1465 				goto err_free_state;
1466 		}
1467 		if (i.dumpit.policy) {
1468 			err = netlink_policy_dump_add_policy(&ctx->state,
1469 							     i.dumpit.policy,
1470 							     i.dumpit.maxattr);
1471 			if (err)
1472 				goto err_free_state;
1473 		}
1474 	}
1475 
1476 	if (!ctx->state) {
1477 		err = -ENODATA;
1478 		goto err_free_op_iter;
1479 	}
1480 	return 0;
1481 
1482 err_free_state:
1483 	netlink_policy_dump_free(ctx->state);
1484 err_free_op_iter:
1485 	kfree(ctx->op_iter);
1486 	return err;
1487 }
1488 
ctrl_dumppolicy_prep(struct sk_buff * skb,struct netlink_callback * cb)1489 static void *ctrl_dumppolicy_prep(struct sk_buff *skb,
1490 				  struct netlink_callback *cb)
1491 {
1492 	struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1493 	void *hdr;
1494 
1495 	hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid,
1496 			  cb->nlh->nlmsg_seq, &genl_ctrl,
1497 			  NLM_F_MULTI, CTRL_CMD_GETPOLICY);
1498 	if (!hdr)
1499 		return NULL;
1500 
1501 	if (nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, ctx->fam_id))
1502 		return NULL;
1503 
1504 	return hdr;
1505 }
1506 
ctrl_dumppolicy_put_op(struct sk_buff * skb,struct netlink_callback * cb,struct genl_split_ops * doit,struct genl_split_ops * dumpit)1507 static int ctrl_dumppolicy_put_op(struct sk_buff *skb,
1508 				  struct netlink_callback *cb,
1509 				  struct genl_split_ops *doit,
1510 				  struct genl_split_ops *dumpit)
1511 {
1512 	struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1513 	struct nlattr *nest_pol, *nest_op;
1514 	void *hdr;
1515 	int idx;
1516 
1517 	/* skip if we have nothing to show */
1518 	if (!doit->policy && !dumpit->policy)
1519 		return 0;
1520 
1521 	hdr = ctrl_dumppolicy_prep(skb, cb);
1522 	if (!hdr)
1523 		return -ENOBUFS;
1524 
1525 	nest_pol = nla_nest_start(skb, CTRL_ATTR_OP_POLICY);
1526 	if (!nest_pol)
1527 		goto err;
1528 
1529 	nest_op = nla_nest_start(skb, doit->cmd);
1530 	if (!nest_op)
1531 		goto err;
1532 
1533 	if (doit->policy) {
1534 		idx = netlink_policy_dump_get_policy_idx(ctx->state,
1535 							 doit->policy,
1536 							 doit->maxattr);
1537 
1538 		if (nla_put_u32(skb, CTRL_ATTR_POLICY_DO, idx))
1539 			goto err;
1540 	}
1541 	if (dumpit->policy) {
1542 		idx = netlink_policy_dump_get_policy_idx(ctx->state,
1543 							 dumpit->policy,
1544 							 dumpit->maxattr);
1545 
1546 		if (nla_put_u32(skb, CTRL_ATTR_POLICY_DUMP, idx))
1547 			goto err;
1548 	}
1549 
1550 	nla_nest_end(skb, nest_op);
1551 	nla_nest_end(skb, nest_pol);
1552 	genlmsg_end(skb, hdr);
1553 
1554 	return 0;
1555 err:
1556 	genlmsg_cancel(skb, hdr);
1557 	return -ENOBUFS;
1558 }
1559 
ctrl_dumppolicy(struct sk_buff * skb,struct netlink_callback * cb)1560 static int ctrl_dumppolicy(struct sk_buff *skb, struct netlink_callback *cb)
1561 {
1562 	struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1563 	void *hdr;
1564 
1565 	if (ctx->dump_map) {
1566 		if (ctx->single_op) {
1567 			struct genl_split_ops doit, dumpit;
1568 
1569 			if (WARN_ON(genl_get_cmd_both(ctx->op, ctx->rt,
1570 						      &doit, &dumpit)))
1571 				return -ENOENT;
1572 
1573 			if (ctrl_dumppolicy_put_op(skb, cb, &doit, &dumpit))
1574 				return skb->len;
1575 
1576 			/* done with the per-op policy index list */
1577 			ctx->dump_map = 0;
1578 		}
1579 
1580 		while (ctx->dump_map) {
1581 			if (ctrl_dumppolicy_put_op(skb, cb,
1582 						   &ctx->op_iter->doit,
1583 						   &ctx->op_iter->dumpit))
1584 				return skb->len;
1585 
1586 			ctx->dump_map = genl_op_iter_next(ctx->op_iter);
1587 		}
1588 	}
1589 
1590 	while (netlink_policy_dump_loop(ctx->state)) {
1591 		struct nlattr *nest;
1592 
1593 		hdr = ctrl_dumppolicy_prep(skb, cb);
1594 		if (!hdr)
1595 			goto nla_put_failure;
1596 
1597 		nest = nla_nest_start(skb, CTRL_ATTR_POLICY);
1598 		if (!nest)
1599 			goto nla_put_failure;
1600 
1601 		if (netlink_policy_dump_write(skb, ctx->state))
1602 			goto nla_put_failure;
1603 
1604 		nla_nest_end(skb, nest);
1605 
1606 		genlmsg_end(skb, hdr);
1607 	}
1608 
1609 	return skb->len;
1610 
1611 nla_put_failure:
1612 	genlmsg_cancel(skb, hdr);
1613 	return skb->len;
1614 }
1615 
ctrl_dumppolicy_done(struct netlink_callback * cb)1616 static int ctrl_dumppolicy_done(struct netlink_callback *cb)
1617 {
1618 	struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1619 
1620 	kfree(ctx->op_iter);
1621 	netlink_policy_dump_free(ctx->state);
1622 	return 0;
1623 }
1624 
1625 static const struct genl_split_ops genl_ctrl_ops[] = {
1626 	{
1627 		.cmd		= CTRL_CMD_GETFAMILY,
1628 		.validate	= GENL_DONT_VALIDATE_STRICT,
1629 		.policy		= ctrl_policy_family,
1630 		.maxattr	= ARRAY_SIZE(ctrl_policy_family) - 1,
1631 		.doit		= ctrl_getfamily,
1632 		.flags		= GENL_CMD_CAP_DO,
1633 	},
1634 	{
1635 		.cmd		= CTRL_CMD_GETFAMILY,
1636 		.validate	= GENL_DONT_VALIDATE_DUMP,
1637 		.policy		= ctrl_policy_family,
1638 		.maxattr	= ARRAY_SIZE(ctrl_policy_family) - 1,
1639 		.dumpit		= ctrl_dumpfamily,
1640 		.flags		= GENL_CMD_CAP_DUMP,
1641 	},
1642 	{
1643 		.cmd		= CTRL_CMD_GETPOLICY,
1644 		.policy		= ctrl_policy_policy,
1645 		.maxattr	= ARRAY_SIZE(ctrl_policy_policy) - 1,
1646 		.start		= ctrl_dumppolicy_start,
1647 		.dumpit		= ctrl_dumppolicy,
1648 		.done		= ctrl_dumppolicy_done,
1649 		.flags		= GENL_CMD_CAP_DUMP,
1650 	},
1651 };
1652 
1653 static const struct genl_multicast_group genl_ctrl_groups[] = {
1654 	{ .name = "notify", },
1655 };
1656 
1657 static struct genl_family genl_ctrl __ro_after_init = {
1658 	.module = THIS_MODULE,
1659 	.split_ops = genl_ctrl_ops,
1660 	.n_split_ops = ARRAY_SIZE(genl_ctrl_ops),
1661 	.resv_start_op = CTRL_CMD_GETPOLICY + 1,
1662 	.mcgrps = genl_ctrl_groups,
1663 	.n_mcgrps = ARRAY_SIZE(genl_ctrl_groups),
1664 	.id = GENL_ID_CTRL,
1665 	.name = "nlctrl",
1666 	.version = 0x2,
1667 	.netnsok = true,
1668 };
1669 
genl_bind(struct net * net,int group)1670 static int genl_bind(struct net *net, int group)
1671 {
1672 	const struct genl_family *family;
1673 	unsigned int id;
1674 	int ret = 0;
1675 
1676 	down_read(&cb_lock);
1677 
1678 	idr_for_each_entry(&genl_fam_idr, family, id) {
1679 		const struct genl_multicast_group *grp;
1680 		int i;
1681 
1682 		if (family->n_mcgrps == 0)
1683 			continue;
1684 
1685 		i = group - family->mcgrp_offset;
1686 		if (i < 0 || i >= family->n_mcgrps)
1687 			continue;
1688 
1689 		grp = &family->mcgrps[i];
1690 		if ((grp->flags & GENL_UNS_ADMIN_PERM) &&
1691 		    !ns_capable(net->user_ns, CAP_NET_ADMIN))
1692 			ret = -EPERM;
1693 
1694 		break;
1695 	}
1696 
1697 	up_read(&cb_lock);
1698 	return ret;
1699 }
1700 
genl_pernet_init(struct net * net)1701 static int __net_init genl_pernet_init(struct net *net)
1702 {
1703 	struct netlink_kernel_cfg cfg = {
1704 		.input		= genl_rcv,
1705 		.flags		= NL_CFG_F_NONROOT_RECV,
1706 		.bind		= genl_bind,
1707 	};
1708 
1709 	/* we'll bump the group number right afterwards */
1710 	net->genl_sock = netlink_kernel_create(net, NETLINK_GENERIC, &cfg);
1711 
1712 	if (!net->genl_sock && net_eq(net, &init_net))
1713 		panic("GENL: Cannot initialize generic netlink\n");
1714 
1715 	if (!net->genl_sock)
1716 		return -ENOMEM;
1717 
1718 	return 0;
1719 }
1720 
genl_pernet_exit(struct net * net)1721 static void __net_exit genl_pernet_exit(struct net *net)
1722 {
1723 	netlink_kernel_release(net->genl_sock);
1724 	net->genl_sock = NULL;
1725 }
1726 
1727 static struct pernet_operations genl_pernet_ops = {
1728 	.init = genl_pernet_init,
1729 	.exit = genl_pernet_exit,
1730 };
1731 
genl_init(void)1732 static int __init genl_init(void)
1733 {
1734 	int err;
1735 
1736 	err = genl_register_family(&genl_ctrl);
1737 	if (err < 0)
1738 		goto problem;
1739 
1740 	err = register_pernet_subsys(&genl_pernet_ops);
1741 	if (err)
1742 		goto problem;
1743 
1744 	return 0;
1745 
1746 problem:
1747 	panic("GENL: Cannot register controller: %d\n", err);
1748 }
1749 
1750 core_initcall(genl_init);
1751 
genlmsg_mcast(struct sk_buff * skb,u32 portid,unsigned long group,gfp_t flags)1752 static int genlmsg_mcast(struct sk_buff *skb, u32 portid, unsigned long group,
1753 			 gfp_t flags)
1754 {
1755 	struct sk_buff *tmp;
1756 	struct net *net, *prev = NULL;
1757 	bool delivered = false;
1758 	int err;
1759 
1760 	for_each_net_rcu(net) {
1761 		if (prev) {
1762 			tmp = skb_clone(skb, flags);
1763 			if (!tmp) {
1764 				err = -ENOMEM;
1765 				goto error;
1766 			}
1767 			err = nlmsg_multicast(prev->genl_sock, tmp,
1768 					      portid, group, flags);
1769 			if (!err)
1770 				delivered = true;
1771 			else if (err != -ESRCH)
1772 				goto error;
1773 		}
1774 
1775 		prev = net;
1776 	}
1777 
1778 	err = nlmsg_multicast(prev->genl_sock, skb, portid, group, flags);
1779 	if (!err)
1780 		delivered = true;
1781 	else if (err != -ESRCH)
1782 		return err;
1783 	return delivered ? 0 : -ESRCH;
1784  error:
1785 	kfree_skb(skb);
1786 	return err;
1787 }
1788 
genlmsg_multicast_allns(const struct genl_family * family,struct sk_buff * skb,u32 portid,unsigned int group,gfp_t flags)1789 int genlmsg_multicast_allns(const struct genl_family *family,
1790 			    struct sk_buff *skb, u32 portid,
1791 			    unsigned int group, gfp_t flags)
1792 {
1793 	if (WARN_ON_ONCE(group >= family->n_mcgrps))
1794 		return -EINVAL;
1795 
1796 	group = family->mcgrp_offset + group;
1797 	return genlmsg_mcast(skb, portid, group, flags);
1798 }
1799 EXPORT_SYMBOL(genlmsg_multicast_allns);
1800 
genl_notify(const struct genl_family * family,struct sk_buff * skb,struct genl_info * info,u32 group,gfp_t flags)1801 void genl_notify(const struct genl_family *family, struct sk_buff *skb,
1802 		 struct genl_info *info, u32 group, gfp_t flags)
1803 {
1804 	struct net *net = genl_info_net(info);
1805 	struct sock *sk = net->genl_sock;
1806 
1807 	if (WARN_ON_ONCE(group >= family->n_mcgrps))
1808 		return;
1809 
1810 	group = family->mcgrp_offset + group;
1811 	nlmsg_notify(sk, skb, info->snd_portid, group,
1812 		     nlmsg_report(info->nlhdr), flags);
1813 }
1814 EXPORT_SYMBOL(genl_notify);
1815