2005-04-16 16:20:36 -06:00
|
|
|
/*
|
|
|
|
|
* NETLINK Kernel-user communication protocol.
|
|
|
|
|
*
|
2008-10-13 20:01:08 -06:00
|
|
|
* Authors: Alan Cox <alan@lxorguk.ukuu.org.uk>
|
2005-04-16 16:20:36 -06:00
|
|
|
* Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
|
2013-04-17 00:47:05 -06:00
|
|
|
* Patrick McHardy <kaber@trash.net>
|
2005-04-16 16:20:36 -06:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version
|
|
|
|
|
* 2 of the License, or (at your option) any later version.
|
2007-02-09 07:25:07 -07:00
|
|
|
*
|
2005-04-16 16:20:36 -06:00
|
|
|
* Tue Jun 26 14:36:48 MEST 2001 Herbert "herp" Rosmanith
|
|
|
|
|
* added netlink_proto_exit
|
|
|
|
|
* Tue Jan 22 18:32:44 BRST 2002 Arnaldo C. de Melo <acme@conectiva.com.br>
|
|
|
|
|
* use nlk_sk, as sk->protinfo is on a diet 8)
|
2005-08-09 20:40:55 -06:00
|
|
|
* Fri Jul 22 19:51:12 MEST 2005 Harald Welte <laforge@gnumonks.org>
|
|
|
|
|
* - inc module use count of module that owns
|
|
|
|
|
* the kernel socket in case userspace opens
|
|
|
|
|
* socket of same protocol
|
|
|
|
|
* - remove all module support, since netlink is
|
|
|
|
|
* mandatory if CONFIG_NET=y these days
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <linux/module.h>
|
|
|
|
|
|
2006-01-11 13:17:47 -07:00
|
|
|
#include <linux/capability.h>
|
2005-04-16 16:20:36 -06:00
|
|
|
#include <linux/kernel.h>
|
|
|
|
|
#include <linux/init.h>
|
|
|
|
|
#include <linux/signal.h>
|
|
|
|
|
#include <linux/sched.h>
|
|
|
|
|
#include <linux/errno.h>
|
|
|
|
|
#include <linux/string.h>
|
|
|
|
|
#include <linux/stat.h>
|
|
|
|
|
#include <linux/socket.h>
|
|
|
|
|
#include <linux/un.h>
|
|
|
|
|
#include <linux/fcntl.h>
|
|
|
|
|
#include <linux/termios.h>
|
|
|
|
|
#include <linux/sockios.h>
|
|
|
|
|
#include <linux/net.h>
|
|
|
|
|
#include <linux/fs.h>
|
|
|
|
|
#include <linux/slab.h>
|
2016-12-24 12:46:01 -07:00
|
|
|
#include <linux/uaccess.h>
|
2005-04-16 16:20:36 -06:00
|
|
|
#include <linux/skbuff.h>
|
|
|
|
|
#include <linux/netdevice.h>
|
|
|
|
|
#include <linux/rtnetlink.h>
|
|
|
|
|
#include <linux/proc_fs.h>
|
|
|
|
|
#include <linux/seq_file.h>
|
|
|
|
|
#include <linux/notifier.h>
|
|
|
|
|
#include <linux/security.h>
|
|
|
|
|
#include <linux/jhash.h>
|
|
|
|
|
#include <linux/jiffies.h>
|
|
|
|
|
#include <linux/random.h>
|
|
|
|
|
#include <linux/bitops.h>
|
|
|
|
|
#include <linux/mm.h>
|
|
|
|
|
#include <linux/types.h>
|
2005-04-30 00:07:04 -06:00
|
|
|
#include <linux/audit.h>
|
2007-04-20 15:14:21 -06:00
|
|
|
#include <linux/mutex.h>
|
2013-04-17 00:47:01 -06:00
|
|
|
#include <linux/vmalloc.h>
|
2013-06-21 11:38:07 -06:00
|
|
|
#include <linux/if_arp.h>
|
2014-08-02 03:47:45 -06:00
|
|
|
#include <linux/rhashtable.h>
|
2013-04-17 00:47:02 -06:00
|
|
|
#include <asm/cacheflush.h>
|
2014-08-02 03:47:45 -06:00
|
|
|
#include <linux/hash.h>
|
2015-01-16 03:37:14 -07:00
|
|
|
#include <linux/genetlink.h>
|
2017-06-01 02:00:07 -06:00
|
|
|
#include <linux/net_namespace.h>
|
2018-07-31 15:13:16 -06:00
|
|
|
#include <linux/nospec.h>
|
2005-04-30 00:07:04 -06:00
|
|
|
|
2007-09-12 04:01:34 -06:00
|
|
|
#include <net/net_namespace.h>
|
2005-04-16 16:20:36 -06:00
|
|
|
#include <net/sock.h>
|
|
|
|
|
#include <net/scm.h>
|
2005-11-09 18:25:53 -07:00
|
|
|
#include <net/netlink.h>
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2013-03-21 10:33:47 -06:00
|
|
|
#include "af_netlink.h"
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2010-10-23 22:27:10 -06:00
|
|
|
struct listeners {
|
|
|
|
|
struct rcu_head rcu;
|
|
|
|
|
unsigned long masks[0];
|
2009-07-10 03:51:32 -06:00
|
|
|
};
|
|
|
|
|
|
2013-04-17 00:46:56 -06:00
|
|
|
/* state bits */
|
2015-05-07 03:02:52 -06:00
|
|
|
#define NETLINK_S_CONGESTED 0x0
|
2013-04-17 00:46:56 -06:00
|
|
|
|
2011-12-23 15:33:03 -07:00
|
|
|
static inline int netlink_is_kernel(struct sock *sk)
|
2007-10-10 22:14:32 -06:00
|
|
|
{
|
2015-05-07 03:02:52 -06:00
|
|
|
return nlk_sk(sk)->flags & NETLINK_F_KERNEL_SOCKET;
|
2007-10-10 22:14:32 -06:00
|
|
|
}
|
|
|
|
|
|
2015-05-12 18:24:50 -06:00
|
|
|
struct netlink_table *nl_table __read_mostly;
|
2013-03-21 10:33:47 -06:00
|
|
|
EXPORT_SYMBOL_GPL(nl_table);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
static DECLARE_WAIT_QUEUE_HEAD(nl_table_wait);
|
|
|
|
|
|
2017-03-14 04:25:57 -06:00
|
|
|
static struct lock_class_key nlk_cb_mutex_keys[MAX_LINKS];
|
|
|
|
|
|
|
|
|
|
static const char *const nlk_cb_mutex_key_strings[MAX_LINKS + 1] = {
|
|
|
|
|
"nlk_cb_mutex-ROUTE",
|
|
|
|
|
"nlk_cb_mutex-1",
|
|
|
|
|
"nlk_cb_mutex-USERSOCK",
|
|
|
|
|
"nlk_cb_mutex-FIREWALL",
|
|
|
|
|
"nlk_cb_mutex-SOCK_DIAG",
|
|
|
|
|
"nlk_cb_mutex-NFLOG",
|
|
|
|
|
"nlk_cb_mutex-XFRM",
|
|
|
|
|
"nlk_cb_mutex-SELINUX",
|
|
|
|
|
"nlk_cb_mutex-ISCSI",
|
|
|
|
|
"nlk_cb_mutex-AUDIT",
|
|
|
|
|
"nlk_cb_mutex-FIB_LOOKUP",
|
|
|
|
|
"nlk_cb_mutex-CONNECTOR",
|
|
|
|
|
"nlk_cb_mutex-NETFILTER",
|
|
|
|
|
"nlk_cb_mutex-IP6_FW",
|
|
|
|
|
"nlk_cb_mutex-DNRTMSG",
|
|
|
|
|
"nlk_cb_mutex-KOBJECT_UEVENT",
|
|
|
|
|
"nlk_cb_mutex-GENERIC",
|
|
|
|
|
"nlk_cb_mutex-17",
|
|
|
|
|
"nlk_cb_mutex-SCSITRANSPORT",
|
|
|
|
|
"nlk_cb_mutex-ECRYPTFS",
|
|
|
|
|
"nlk_cb_mutex-RDMA",
|
|
|
|
|
"nlk_cb_mutex-CRYPTO",
|
|
|
|
|
"nlk_cb_mutex-SMC",
|
|
|
|
|
"nlk_cb_mutex-23",
|
|
|
|
|
"nlk_cb_mutex-24",
|
|
|
|
|
"nlk_cb_mutex-25",
|
|
|
|
|
"nlk_cb_mutex-26",
|
|
|
|
|
"nlk_cb_mutex-27",
|
|
|
|
|
"nlk_cb_mutex-28",
|
|
|
|
|
"nlk_cb_mutex-29",
|
|
|
|
|
"nlk_cb_mutex-30",
|
|
|
|
|
"nlk_cb_mutex-31",
|
|
|
|
|
"nlk_cb_mutex-MAX_LINKS"
|
|
|
|
|
};
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
static int netlink_dump(struct sock *sk);
|
2013-04-17 00:47:02 -06:00
|
|
|
static void netlink_skb_destructor(struct sk_buff *skb);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2014-10-21 14:05:38 -06:00
|
|
|
/* nl_table locking explained:
|
2015-01-02 15:00:22 -07:00
|
|
|
* Lookup and traversal are protected with an RCU read-side lock. Insertion
|
2015-01-11 23:52:23 -07:00
|
|
|
* and removal are protected with per bucket lock while using RCU list
|
2015-01-02 15:00:22 -07:00
|
|
|
* modification primitives and may run in parallel to RCU protected lookups.
|
|
|
|
|
* Destruction of the Netlink socket may only occur *after* nl_table_lock has
|
|
|
|
|
* been acquired * either during or after the socket has been removed from
|
|
|
|
|
* the list and after an RCU grace period.
|
2014-10-21 14:05:38 -06:00
|
|
|
*/
|
2013-03-21 10:33:47 -06:00
|
|
|
DEFINE_RWLOCK(nl_table_lock);
|
|
|
|
|
EXPORT_SYMBOL_GPL(nl_table_lock);
|
2005-04-16 16:20:36 -06:00
|
|
|
static atomic_t nl_table_users = ATOMIC_INIT(0);
|
|
|
|
|
|
2012-10-17 21:21:55 -06:00
|
|
|
#define nl_deref_protected(X) rcu_dereference_protected(X, lockdep_is_held(&nl_table_lock));
|
|
|
|
|
|
2016-12-09 22:10:59 -07:00
|
|
|
static BLOCKING_NOTIFIER_HEAD(netlink_chain);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2013-06-21 11:38:07 -06:00
|
|
|
static DEFINE_SPINLOCK(netlink_tap_lock);
|
|
|
|
|
static struct list_head netlink_tap_all __read_mostly;
|
|
|
|
|
|
2015-03-20 04:57:01 -06:00
|
|
|
static const struct rhashtable_params netlink_rhashtable_params;
|
|
|
|
|
|
2011-12-22 01:52:02 -07:00
|
|
|
static inline u32 netlink_group_mask(u32 group)
|
2005-08-14 20:27:50 -06:00
|
|
|
{
|
|
|
|
|
return group ? 1 << (group - 1) : 0;
|
|
|
|
|
}
|
|
|
|
|
|
netlink, mmap: transform mmap skb into full skb on taps
Ken-ichirou reported that running netlink in mmap mode for receive in
combination with nlmon will throw a NULL pointer dereference in
__kfree_skb() on nlmon_xmit(), in my case I can also trigger an "unable
to handle kernel paging request". The problem is the skb_clone() in
__netlink_deliver_tap_skb() for skbs that are mmaped.
I.e. the cloned skb doesn't have a destructor, whereas the mmap netlink
skb has it pointed to netlink_skb_destructor(), set in the handler
netlink_ring_setup_skb(). There, skb->head is being set to NULL, so
that in such cases, __kfree_skb() doesn't perform a skb_release_data()
via skb_release_all(), where skb->head is possibly being freed through
kfree(head) into slab allocator, although netlink mmap skb->head points
to the mmap buffer. Similarly, the same has to be done also for large
netlink skbs where the data area is vmalloced. Therefore, as discussed,
make a copy for these rather rare cases for now. This fixes the issue
on my and Ken-ichirou's test-cases.
Reference: http://thread.gmane.org/gmane.linux.network/371129
Fixes: bcbde0d449ed ("net: netlink: virtual tap device management")
Reported-by: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-10 12:05:46 -06:00
|
|
|
static struct sk_buff *netlink_to_full_skb(const struct sk_buff *skb,
|
|
|
|
|
gfp_t gfp_mask)
|
|
|
|
|
{
|
|
|
|
|
unsigned int len = skb_end_offset(skb);
|
|
|
|
|
struct sk_buff *new;
|
|
|
|
|
|
|
|
|
|
new = alloc_skb(len, gfp_mask);
|
|
|
|
|
if (new == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
NETLINK_CB(new).portid = NETLINK_CB(skb).portid;
|
|
|
|
|
NETLINK_CB(new).dst_group = NETLINK_CB(skb).dst_group;
|
|
|
|
|
NETLINK_CB(new).creds = NETLINK_CB(skb).creds;
|
|
|
|
|
|
networking: introduce and use skb_put_data()
A common pattern with skb_put() is to just want to memcpy()
some data into the new space, introduce skb_put_data() for
this.
An spatch similar to the one for skb_put_zero() converts many
of the places using it:
@@
identifier p, p2;
expression len, skb, data;
type t, t2;
@@
(
-p = skb_put(skb, len);
+p = skb_put_data(skb, data, len);
|
-p = (t)skb_put(skb, len);
+p = skb_put_data(skb, data, len);
)
(
p2 = (t2)p;
-memcpy(p2, data, len);
|
-memcpy(p, data, len);
)
@@
type t, t2;
identifier p, p2;
expression skb, data;
@@
t *p;
...
(
-p = skb_put(skb, sizeof(t));
+p = skb_put_data(skb, data, sizeof(t));
|
-p = (t *)skb_put(skb, sizeof(t));
+p = skb_put_data(skb, data, sizeof(t));
)
(
p2 = (t2)p;
-memcpy(p2, data, sizeof(*p));
|
-memcpy(p, data, sizeof(*p));
)
@@
expression skb, len, data;
@@
-memcpy(skb_put(skb, len), data, len);
+skb_put_data(skb, data, len);
(again, manually post-processed to retain some comments)
Reviewed-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-16 06:29:20 -06:00
|
|
|
skb_put_data(new, skb->data, len);
|
netlink, mmap: transform mmap skb into full skb on taps
Ken-ichirou reported that running netlink in mmap mode for receive in
combination with nlmon will throw a NULL pointer dereference in
__kfree_skb() on nlmon_xmit(), in my case I can also trigger an "unable
to handle kernel paging request". The problem is the skb_clone() in
__netlink_deliver_tap_skb() for skbs that are mmaped.
I.e. the cloned skb doesn't have a destructor, whereas the mmap netlink
skb has it pointed to netlink_skb_destructor(), set in the handler
netlink_ring_setup_skb(). There, skb->head is being set to NULL, so
that in such cases, __kfree_skb() doesn't perform a skb_release_data()
via skb_release_all(), where skb->head is possibly being freed through
kfree(head) into slab allocator, although netlink mmap skb->head points
to the mmap buffer. Similarly, the same has to be done also for large
netlink skbs where the data area is vmalloced. Therefore, as discussed,
make a copy for these rather rare cases for now. This fixes the issue
on my and Ken-ichirou's test-cases.
Reference: http://thread.gmane.org/gmane.linux.network/371129
Fixes: bcbde0d449ed ("net: netlink: virtual tap device management")
Reported-by: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-10 12:05:46 -06:00
|
|
|
return new;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-21 11:38:07 -06:00
|
|
|
int netlink_add_tap(struct netlink_tap *nt)
|
|
|
|
|
{
|
|
|
|
|
if (unlikely(nt->dev->type != ARPHRD_NETLINK))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
spin_lock(&netlink_tap_lock);
|
|
|
|
|
list_add_rcu(&nt->list, &netlink_tap_all);
|
|
|
|
|
spin_unlock(&netlink_tap_lock);
|
|
|
|
|
|
2014-11-18 13:03:13 -07:00
|
|
|
__module_get(nt->module);
|
2013-06-21 11:38:07 -06:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(netlink_add_tap);
|
|
|
|
|
|
2013-12-30 11:49:22 -07:00
|
|
|
static int __netlink_remove_tap(struct netlink_tap *nt)
|
2013-06-21 11:38:07 -06:00
|
|
|
{
|
|
|
|
|
bool found = false;
|
|
|
|
|
struct netlink_tap *tmp;
|
|
|
|
|
|
|
|
|
|
spin_lock(&netlink_tap_lock);
|
|
|
|
|
|
|
|
|
|
list_for_each_entry(tmp, &netlink_tap_all, list) {
|
|
|
|
|
if (nt == tmp) {
|
|
|
|
|
list_del_rcu(&nt->list);
|
|
|
|
|
found = true;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pr_warn("__netlink_remove_tap: %p not found\n", nt);
|
|
|
|
|
out:
|
|
|
|
|
spin_unlock(&netlink_tap_lock);
|
|
|
|
|
|
2015-07-02 10:38:12 -06:00
|
|
|
if (found)
|
2013-06-21 11:38:07 -06:00
|
|
|
module_put(nt->module);
|
|
|
|
|
|
|
|
|
|
return found ? 0 : -ENODEV;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int netlink_remove_tap(struct netlink_tap *nt)
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
ret = __netlink_remove_tap(nt);
|
|
|
|
|
synchronize_net();
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(netlink_remove_tap);
|
|
|
|
|
|
2013-09-05 09:48:47 -06:00
|
|
|
static bool netlink_filter_tap(const struct sk_buff *skb)
|
|
|
|
|
{
|
|
|
|
|
struct sock *sk = skb->sk;
|
|
|
|
|
|
|
|
|
|
/* We take the more conservative approach and
|
|
|
|
|
* whitelist socket protocols that may pass.
|
|
|
|
|
*/
|
|
|
|
|
switch (sk->sk_protocol) {
|
|
|
|
|
case NETLINK_ROUTE:
|
|
|
|
|
case NETLINK_USERSOCK:
|
|
|
|
|
case NETLINK_SOCK_DIAG:
|
|
|
|
|
case NETLINK_NFLOG:
|
|
|
|
|
case NETLINK_XFRM:
|
|
|
|
|
case NETLINK_FIB_LOOKUP:
|
|
|
|
|
case NETLINK_NETFILTER:
|
|
|
|
|
case NETLINK_GENERIC:
|
2014-07-15 23:29:47 -06:00
|
|
|
return true;
|
2013-09-05 09:48:47 -06:00
|
|
|
}
|
|
|
|
|
|
2014-07-15 23:29:47 -06:00
|
|
|
return false;
|
2013-09-05 09:48:47 -06:00
|
|
|
}
|
|
|
|
|
|
2013-06-21 11:38:07 -06:00
|
|
|
static int __netlink_deliver_tap_skb(struct sk_buff *skb,
|
|
|
|
|
struct net_device *dev)
|
|
|
|
|
{
|
|
|
|
|
struct sk_buff *nskb;
|
2013-09-05 09:48:47 -06:00
|
|
|
struct sock *sk = skb->sk;
|
2013-06-21 11:38:07 -06:00
|
|
|
int ret = -ENOMEM;
|
|
|
|
|
|
2017-12-06 13:12:27 -07:00
|
|
|
if (!net_eq(dev_net(dev), sock_net(sk)))
|
|
|
|
|
return 0;
|
|
|
|
|
|
2013-06-21 11:38:07 -06:00
|
|
|
dev_hold(dev);
|
netlink, mmap: transform mmap skb into full skb on taps
Ken-ichirou reported that running netlink in mmap mode for receive in
combination with nlmon will throw a NULL pointer dereference in
__kfree_skb() on nlmon_xmit(), in my case I can also trigger an "unable
to handle kernel paging request". The problem is the skb_clone() in
__netlink_deliver_tap_skb() for skbs that are mmaped.
I.e. the cloned skb doesn't have a destructor, whereas the mmap netlink
skb has it pointed to netlink_skb_destructor(), set in the handler
netlink_ring_setup_skb(). There, skb->head is being set to NULL, so
that in such cases, __kfree_skb() doesn't perform a skb_release_data()
via skb_release_all(), where skb->head is possibly being freed through
kfree(head) into slab allocator, although netlink mmap skb->head points
to the mmap buffer. Similarly, the same has to be done also for large
netlink skbs where the data area is vmalloced. Therefore, as discussed,
make a copy for these rather rare cases for now. This fixes the issue
on my and Ken-ichirou's test-cases.
Reference: http://thread.gmane.org/gmane.linux.network/371129
Fixes: bcbde0d449ed ("net: netlink: virtual tap device management")
Reported-by: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-10 12:05:46 -06:00
|
|
|
|
netlink: remove mmapped netlink support
mmapped netlink has a number of unresolved issues:
- TX zerocopy support had to be disabled more than a year ago via
commit 4682a0358639b29cf ("netlink: Always copy on mmap TX.")
because the content of the mmapped area can change after netlink
attribute validation but before message processing.
- RX support was implemented mainly to speed up nfqueue dumping packet
payload to userspace. However, since commit ae08ce0021087a5d812d2
("netfilter: nfnetlink_queue: zero copy support") we avoid one copy
with the socket-based interface too (via the skb_zerocopy helper).
The other problem is that skbs attached to mmaped netlink socket
behave different from normal skbs:
- they don't have a shinfo area, so all functions that use skb_shinfo()
(e.g. skb_clone) cannot be used.
- reserving headroom prevents userspace from seeing the content as
it expects message to start at skb->head.
See for instance
commit aa3a022094fa ("netlink: not trim skb for mmaped socket when dump").
- skbs handed e.g. to netlink_ack must have non-NULL skb->sk, else we
crash because it needs the sk to check if a tx ring is attached.
Also not obvious, leads to non-intuitive bug fixes such as 7c7bdf359
("netfilter: nfnetlink: use original skbuff when acking batches").
mmaped netlink also didn't play nicely with the skb_zerocopy helper
used by nfqueue and openvswitch. Daniel Borkmann fixed this via
commit 6bb0fef489f6 ("netlink, mmap: fix edge-case leakages in nf queue
zero-copy")' but at the cost of also needing to provide remaining
length to the allocation function.
nfqueue also has problems when used with mmaped rx netlink:
- mmaped netlink doesn't allow use of nfqueue batch verdict messages.
Problem is that in the mmap case, the allocation time also determines
the ordering in which the frame will be seen by userspace (A
allocating before B means that A is located in earlier ring slot,
but this also means that B might get a lower sequence number then A
since seqno is decided later. To fix this we would need to extend the
spinlocked region to also cover the allocation and message setup which
isn't desirable.
- nfqueue can now be configured to queue large (GSO) skbs to userspace.
Queing GSO packets is faster than having to force a software segmentation
in the kernel, so this is a desirable option. However, with a mmap based
ring one has to use 64kb per ring slot element, else mmap has to fall back
to the socket path (NL_MMAP_STATUS_COPY) for all large packets.
To use the mmap interface, userspace not only has to probe for mmap netlink
support, it also has to implement a recv/socket receive path in order to
handle messages that exceed the size of an rx ring element.
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-18 07:03:24 -07:00
|
|
|
if (is_vmalloc_addr(skb->head))
|
netlink, mmap: transform mmap skb into full skb on taps
Ken-ichirou reported that running netlink in mmap mode for receive in
combination with nlmon will throw a NULL pointer dereference in
__kfree_skb() on nlmon_xmit(), in my case I can also trigger an "unable
to handle kernel paging request". The problem is the skb_clone() in
__netlink_deliver_tap_skb() for skbs that are mmaped.
I.e. the cloned skb doesn't have a destructor, whereas the mmap netlink
skb has it pointed to netlink_skb_destructor(), set in the handler
netlink_ring_setup_skb(). There, skb->head is being set to NULL, so
that in such cases, __kfree_skb() doesn't perform a skb_release_data()
via skb_release_all(), where skb->head is possibly being freed through
kfree(head) into slab allocator, although netlink mmap skb->head points
to the mmap buffer. Similarly, the same has to be done also for large
netlink skbs where the data area is vmalloced. Therefore, as discussed,
make a copy for these rather rare cases for now. This fixes the issue
on my and Ken-ichirou's test-cases.
Reference: http://thread.gmane.org/gmane.linux.network/371129
Fixes: bcbde0d449ed ("net: netlink: virtual tap device management")
Reported-by: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-10 12:05:46 -06:00
|
|
|
nskb = netlink_to_full_skb(skb, GFP_ATOMIC);
|
|
|
|
|
else
|
|
|
|
|
nskb = skb_clone(skb, GFP_ATOMIC);
|
2013-06-21 11:38:07 -06:00
|
|
|
if (nskb) {
|
|
|
|
|
nskb->dev = dev;
|
2013-09-05 09:48:47 -06:00
|
|
|
nskb->protocol = htons((u16) sk->sk_protocol);
|
netlink: specify netlink packet direction for nlmon
In order to facilitate development for netlink protocol dissector,
fill the unused field skb->pkt_type of the cloned skb with a hint
of the address space of the new owner (receiver) socket in the
notion of "to kernel" resp. "to user".
At the time we invoke __netlink_deliver_tap_skb(), we already have
set the new skb owner via netlink_skb_set_owner_r(), so we can use
that for netlink_is_kernel() probing.
In normal PF_PACKET network traffic, this field denotes if the
packet is destined for us (PACKET_HOST), if it's broadcast
(PACKET_BROADCAST), etc.
As we only have 3 bit reserved, we can use the value (= 6) of
PACKET_FASTROUTE as it's _not used_ anywhere in the whole kernel
and not supported anywhere, and packets of such type were never
exposed to user space, so there are no overlapping users of such
kind. Thus, as wished, that seems the only way to make both
PACKET_* values non-overlapping and therefore device agnostic.
By using those two flags for netlink skbs on nlmon devices, they
can be made available and picked up via sll_pkttype (previously
unused in netlink context) in struct sockaddr_ll. We now have
these two directions:
- PACKET_USER (= 6) -> to user space
- PACKET_KERNEL (= 7) -> to kernel space
Partial `ip a` example strace for sa_family=AF_NETLINK with
detected nl msg direction:
syscall: direction:
sendto(3, ...) = 40 /* to kernel */
recvmsg(3, ...) = 3404 /* to user */
recvmsg(3, ...) = 1120 /* to user */
recvmsg(3, ...) = 20 /* to user */
sendto(3, ...) = 40 /* to kernel */
recvmsg(3, ...) = 168 /* to user */
recvmsg(3, ...) = 144 /* to user */
recvmsg(3, ...) = 20 /* to user */
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-23 06:35:56 -07:00
|
|
|
nskb->pkt_type = netlink_is_kernel(sk) ?
|
|
|
|
|
PACKET_KERNEL : PACKET_USER;
|
2014-08-07 14:22:47 -06:00
|
|
|
skb_reset_network_header(nskb);
|
2013-06-21 11:38:07 -06:00
|
|
|
ret = dev_queue_xmit(nskb);
|
|
|
|
|
if (unlikely(ret > 0))
|
|
|
|
|
ret = net_xmit_errno(ret);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dev_put(dev);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void __netlink_deliver_tap(struct sk_buff *skb)
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
struct netlink_tap *tmp;
|
|
|
|
|
|
2013-09-05 09:48:47 -06:00
|
|
|
if (!netlink_filter_tap(skb))
|
|
|
|
|
return;
|
|
|
|
|
|
2013-06-21 11:38:07 -06:00
|
|
|
list_for_each_entry_rcu(tmp, &netlink_tap_all, list) {
|
|
|
|
|
ret = __netlink_deliver_tap_skb(skb, tmp->dev);
|
|
|
|
|
if (unlikely(ret))
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void netlink_deliver_tap(struct sk_buff *skb)
|
|
|
|
|
{
|
|
|
|
|
rcu_read_lock();
|
|
|
|
|
|
|
|
|
|
if (unlikely(!list_empty(&netlink_tap_all)))
|
|
|
|
|
__netlink_deliver_tap(skb);
|
|
|
|
|
|
|
|
|
|
rcu_read_unlock();
|
|
|
|
|
}
|
|
|
|
|
|
2013-12-23 06:35:55 -07:00
|
|
|
static void netlink_deliver_tap_kernel(struct sock *dst, struct sock *src,
|
|
|
|
|
struct sk_buff *skb)
|
|
|
|
|
{
|
|
|
|
|
if (!(netlink_is_kernel(dst) && netlink_is_kernel(src)))
|
|
|
|
|
netlink_deliver_tap(skb);
|
|
|
|
|
}
|
|
|
|
|
|
2013-04-17 00:47:05 -06:00
|
|
|
static void netlink_overrun(struct sock *sk)
|
|
|
|
|
{
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
|
|
|
|
|
2015-05-07 03:02:52 -06:00
|
|
|
if (!(nlk->flags & NETLINK_F_RECV_NO_ENOBUFS)) {
|
|
|
|
|
if (!test_and_set_bit(NETLINK_S_CONGESTED,
|
|
|
|
|
&nlk_sk(sk)->state)) {
|
2013-04-17 00:47:05 -06:00
|
|
|
sk->sk_err = ENOBUFS;
|
|
|
|
|
sk->sk_error_report(sk);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
atomic_inc(&sk->sk_drops);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void netlink_rcv_wake(struct sock *sk)
|
|
|
|
|
{
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
|
|
|
|
|
|
|
|
|
if (skb_queue_empty(&sk->sk_receive_queue))
|
2015-05-07 03:02:52 -06:00
|
|
|
clear_bit(NETLINK_S_CONGESTED, &nlk->state);
|
|
|
|
|
if (!test_bit(NETLINK_S_CONGESTED, &nlk->state))
|
2013-04-17 00:47:05 -06:00
|
|
|
wake_up_interruptible(&nlk->wait);
|
|
|
|
|
}
|
|
|
|
|
|
2013-04-17 00:47:00 -06:00
|
|
|
static void netlink_skb_destructor(struct sk_buff *skb)
|
|
|
|
|
{
|
2013-06-03 03:46:28 -06:00
|
|
|
if (is_vmalloc_addr(skb->head)) {
|
2013-06-27 19:04:23 -06:00
|
|
|
if (!skb->cloned ||
|
|
|
|
|
!atomic_dec_return(&(skb_shinfo(skb)->dataref)))
|
|
|
|
|
vfree(skb->head);
|
|
|
|
|
|
2013-06-03 03:46:28 -06:00
|
|
|
skb->head = NULL;
|
|
|
|
|
}
|
2013-04-17 00:47:02 -06:00
|
|
|
if (skb->sk != NULL)
|
|
|
|
|
sock_rfree(skb);
|
2013-04-17 00:47:00 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void netlink_skb_set_owner_r(struct sk_buff *skb, struct sock *sk)
|
|
|
|
|
{
|
|
|
|
|
WARN_ON(skb->sk != NULL);
|
|
|
|
|
skb->sk = sk;
|
|
|
|
|
skb->destructor = netlink_skb_destructor;
|
|
|
|
|
atomic_add(skb->truesize, &sk->sk_rmem_alloc);
|
|
|
|
|
sk_mem_charge(sk, skb->truesize);
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-05 00:28:21 -07:00
|
|
|
static void netlink_sock_destruct(struct sock *sk)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2007-05-03 04:17:14 -06:00
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
|
|
|
|
|
2013-08-15 16:31:06 -06:00
|
|
|
if (nlk->cb_running) {
|
2016-12-05 00:28:21 -07:00
|
|
|
if (nlk->cb.done)
|
|
|
|
|
nlk->cb.done(&nlk->cb);
|
2013-08-15 16:31:06 -06:00
|
|
|
module_put(nlk->cb.module);
|
|
|
|
|
kfree_skb(nlk->cb.skb);
|
2007-05-03 04:17:14 -06:00
|
|
|
}
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
skb_queue_purge(&sk->sk_receive_queue);
|
|
|
|
|
|
|
|
|
|
if (!sock_flag(sk, SOCK_DEAD)) {
|
2007-12-04 01:19:38 -07:00
|
|
|
printk(KERN_ERR "Freeing alive netlink socket %p\n", sk);
|
2005-04-16 16:20:36 -06:00
|
|
|
return;
|
|
|
|
|
}
|
2008-07-25 22:43:18 -06:00
|
|
|
|
|
|
|
|
WARN_ON(atomic_read(&sk->sk_rmem_alloc));
|
2017-06-30 04:08:00 -06:00
|
|
|
WARN_ON(refcount_read(&sk->sk_wmem_alloc));
|
2008-07-25 22:43:18 -06:00
|
|
|
WARN_ON(nlk_sk(sk)->groups);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2016-11-28 04:22:12 -07:00
|
|
|
static void netlink_sock_destruct_work(struct work_struct *work)
|
|
|
|
|
{
|
|
|
|
|
struct netlink_sock *nlk = container_of(work, struct netlink_sock,
|
|
|
|
|
work);
|
|
|
|
|
|
2016-12-05 00:28:21 -07:00
|
|
|
sk_free(&nlk->sk);
|
2016-11-28 04:22:12 -07:00
|
|
|
}
|
|
|
|
|
|
2007-12-04 01:19:38 -07:00
|
|
|
/* This lock without WQ_FLAG_EXCLUSIVE is good on UP and it is _very_ bad on
|
|
|
|
|
* SMP. Look, when several writers sleep and reader wakes them up, all but one
|
2005-04-16 16:20:36 -06:00
|
|
|
* immediately hit write lock and grab all the cpus. Exclusive sleep solves
|
|
|
|
|
* this, _but_ remember, it adds useless work on UP machines.
|
|
|
|
|
*/
|
|
|
|
|
|
2009-09-11 21:03:15 -06:00
|
|
|
void netlink_table_grab(void)
|
2008-01-01 22:58:02 -07:00
|
|
|
__acquires(nl_table_lock)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2009-09-11 21:03:15 -06:00
|
|
|
might_sleep();
|
|
|
|
|
|
2006-07-03 01:24:07 -06:00
|
|
|
write_lock_irq(&nl_table_lock);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
if (atomic_read(&nl_table_users)) {
|
|
|
|
|
DECLARE_WAITQUEUE(wait, current);
|
|
|
|
|
|
|
|
|
|
add_wait_queue_exclusive(&nl_table_wait, &wait);
|
2007-12-04 01:19:38 -07:00
|
|
|
for (;;) {
|
2005-04-16 16:20:36 -06:00
|
|
|
set_current_state(TASK_UNINTERRUPTIBLE);
|
|
|
|
|
if (atomic_read(&nl_table_users) == 0)
|
|
|
|
|
break;
|
2006-07-03 01:24:07 -06:00
|
|
|
write_unlock_irq(&nl_table_lock);
|
2005-04-16 16:20:36 -06:00
|
|
|
schedule();
|
2006-07-03 01:24:07 -06:00
|
|
|
write_lock_irq(&nl_table_lock);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
__set_current_state(TASK_RUNNING);
|
|
|
|
|
remove_wait_queue(&nl_table_wait, &wait);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2009-09-11 21:03:15 -06:00
|
|
|
void netlink_table_ungrab(void)
|
2008-01-01 22:58:02 -07:00
|
|
|
__releases(nl_table_lock)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2006-07-03 01:24:07 -06:00
|
|
|
write_unlock_irq(&nl_table_lock);
|
2005-04-16 16:20:36 -06:00
|
|
|
wake_up(&nl_table_wait);
|
|
|
|
|
}
|
|
|
|
|
|
2007-12-04 01:19:38 -07:00
|
|
|
static inline void
|
2005-04-16 16:20:36 -06:00
|
|
|
netlink_lock_table(void)
|
|
|
|
|
{
|
|
|
|
|
/* read_lock() synchronizes us to netlink_table_grab */
|
|
|
|
|
|
|
|
|
|
read_lock(&nl_table_lock);
|
|
|
|
|
atomic_inc(&nl_table_users);
|
|
|
|
|
read_unlock(&nl_table_lock);
|
|
|
|
|
}
|
|
|
|
|
|
2007-12-04 01:19:38 -07:00
|
|
|
static inline void
|
2005-04-16 16:20:36 -06:00
|
|
|
netlink_unlock_table(void)
|
|
|
|
|
{
|
|
|
|
|
if (atomic_dec_and_test(&nl_table_users))
|
|
|
|
|
wake_up(&nl_table_wait);
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-02 03:47:45 -06:00
|
|
|
struct netlink_compare_arg
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2015-03-20 04:57:01 -06:00
|
|
|
possible_net_t pnet;
|
2014-08-02 03:47:45 -06:00
|
|
|
u32 portid;
|
|
|
|
|
};
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-03-20 21:14:03 -06:00
|
|
|
/* Doing sizeof directly may yield 4 extra bytes on 64-bit. */
|
|
|
|
|
#define netlink_compare_arg_len \
|
|
|
|
|
(offsetof(struct netlink_compare_arg, portid) + sizeof(u32))
|
2015-03-20 04:57:01 -06:00
|
|
|
|
|
|
|
|
static inline int netlink_compare(struct rhashtable_compare_arg *arg,
|
|
|
|
|
const void *ptr)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2015-03-20 04:57:01 -06:00
|
|
|
const struct netlink_compare_arg *x = arg->key;
|
|
|
|
|
const struct netlink_sock *nlk = ptr;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
netlink: Replace rhash_portid with bound
On Mon, Sep 21, 2015 at 02:20:22PM -0400, Tejun Heo wrote:
>
> store_release and load_acquire are different from the usual memory
> barriers and can't be paired this way. You have to pair store_release
> and load_acquire. Besides, it isn't a particularly good idea to
OK I've decided to drop the acquire/release helpers as they don't
help us at all and simply pessimises the code by using full memory
barriers (on some architectures) where only a write or read barrier
is needed.
> depend on memory barriers embedded in other data structures like the
> above. Here, especially, rhashtable_insert() would have write barrier
> *before* the entry is hashed not necessarily *after*, which means that
> in the above case, a socket which appears to have set bound to a
> reader might not visible when the reader tries to look up the socket
> on the hashtable.
But you are right we do need an explicit write barrier here to
ensure that the hashing is visible.
> There's no reason to be overly smart here. This isn't a crazy hot
> path, write barriers tend to be very cheap, store_release more so.
> Please just do smp_store_release() and note what it's paired with.
It's not about being overly smart. It's about actually understanding
what's going on with the code. I've seen too many instances of
people simply sprinkling synchronisation primitives around without
any knowledge of what is happening underneath, which is just a recipe
for creating hard-to-debug races.
> > @@ -1539,7 +1546,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> > }
> > }
> >
> > - if (!nlk->portid) {
> > + if (!nlk->bound) {
>
> I don't think you can skip load_acquire here just because this is the
> second deref of the variable. That doesn't change anything. Race
> condition could still happen between the first and second tests and
> skipping the second would lead to the same kind of bug.
The reason this one is OK is because we do not use nlk->portid or
try to get nlk from the hash table before we return to user-space.
However, there is a real bug here that none of these acquire/release
helpers discovered. The two bound tests here used to be a single
one. Now that they are separate it is entirely possible for another
thread to come in the middle and bind the socket. So we need to
repeat the portid check in order to maintain consistency.
> > @@ -1587,7 +1594,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
> > !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
> > return -EPERM;
> >
> > - if (!nlk->portid)
> > + if (!nlk->bound)
>
> Don't we need load_acquire here too? Is this path holding a lock
> which makes that unnecessary?
Ditto.
---8<---
The commit 1f770c0a09da855a2b51af6d19de97fb955eca85 ("netlink:
Fix autobind race condition that leads to zero port ID") created
some new races that can occur due to inconcsistencies between the
two port IDs.
Tejun is right that a barrier is unavoidable. Therefore I am
reverting to the original patch that used a boolean to indicate
that a user netlink socket has been bound.
Barriers have been added where necessary to ensure that a valid
portid and the hashed socket is visible.
I have also changed netlink_insert to only return EBUSY if the
socket is bound to a portid different to the requested one. This
combined with only reading nlk->bound once in netlink_bind fixes
a race where two threads that bind the socket at the same time
with different port IDs may both succeed.
Fixes: 1f770c0a09da ("netlink: Fix autobind race condition that leads to zero port ID")
Reported-by: Tejun Heo <tj@kernel.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nacked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-21 21:38:56 -06:00
|
|
|
return nlk->portid != x->portid ||
|
2015-03-20 04:57:01 -06:00
|
|
|
!net_eq(sock_net(&nlk->sk), read_pnet(&x->pnet));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void netlink_compare_arg_init(struct netlink_compare_arg *arg,
|
|
|
|
|
struct net *net, u32 portid)
|
|
|
|
|
{
|
|
|
|
|
memset(arg, 0, sizeof(*arg));
|
|
|
|
|
write_pnet(&arg->pnet, net);
|
|
|
|
|
arg->portid = portid;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2014-08-02 03:47:45 -06:00
|
|
|
static struct sock *__netlink_lookup(struct netlink_table *table, u32 portid,
|
|
|
|
|
struct net *net)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2015-03-20 04:57:01 -06:00
|
|
|
struct netlink_compare_arg arg;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-03-20 04:57:01 -06:00
|
|
|
netlink_compare_arg_init(&arg, net, portid);
|
|
|
|
|
return rhashtable_lookup_fast(&table->hash, &arg,
|
|
|
|
|
netlink_rhashtable_params);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2015-03-20 04:57:01 -06:00
|
|
|
static int __netlink_insert(struct netlink_table *table, struct sock *sk)
|
2015-01-11 23:52:23 -07:00
|
|
|
{
|
2015-03-20 04:57:01 -06:00
|
|
|
struct netlink_compare_arg arg;
|
2015-01-11 23:52:23 -07:00
|
|
|
|
netlink: Replace rhash_portid with bound
On Mon, Sep 21, 2015 at 02:20:22PM -0400, Tejun Heo wrote:
>
> store_release and load_acquire are different from the usual memory
> barriers and can't be paired this way. You have to pair store_release
> and load_acquire. Besides, it isn't a particularly good idea to
OK I've decided to drop the acquire/release helpers as they don't
help us at all and simply pessimises the code by using full memory
barriers (on some architectures) where only a write or read barrier
is needed.
> depend on memory barriers embedded in other data structures like the
> above. Here, especially, rhashtable_insert() would have write barrier
> *before* the entry is hashed not necessarily *after*, which means that
> in the above case, a socket which appears to have set bound to a
> reader might not visible when the reader tries to look up the socket
> on the hashtable.
But you are right we do need an explicit write barrier here to
ensure that the hashing is visible.
> There's no reason to be overly smart here. This isn't a crazy hot
> path, write barriers tend to be very cheap, store_release more so.
> Please just do smp_store_release() and note what it's paired with.
It's not about being overly smart. It's about actually understanding
what's going on with the code. I've seen too many instances of
people simply sprinkling synchronisation primitives around without
any knowledge of what is happening underneath, which is just a recipe
for creating hard-to-debug races.
> > @@ -1539,7 +1546,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> > }
> > }
> >
> > - if (!nlk->portid) {
> > + if (!nlk->bound) {
>
> I don't think you can skip load_acquire here just because this is the
> second deref of the variable. That doesn't change anything. Race
> condition could still happen between the first and second tests and
> skipping the second would lead to the same kind of bug.
The reason this one is OK is because we do not use nlk->portid or
try to get nlk from the hash table before we return to user-space.
However, there is a real bug here that none of these acquire/release
helpers discovered. The two bound tests here used to be a single
one. Now that they are separate it is entirely possible for another
thread to come in the middle and bind the socket. So we need to
repeat the portid check in order to maintain consistency.
> > @@ -1587,7 +1594,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
> > !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
> > return -EPERM;
> >
> > - if (!nlk->portid)
> > + if (!nlk->bound)
>
> Don't we need load_acquire here too? Is this path holding a lock
> which makes that unnecessary?
Ditto.
---8<---
The commit 1f770c0a09da855a2b51af6d19de97fb955eca85 ("netlink:
Fix autobind race condition that leads to zero port ID") created
some new races that can occur due to inconcsistencies between the
two port IDs.
Tejun is right that a barrier is unavoidable. Therefore I am
reverting to the original patch that used a boolean to indicate
that a user netlink socket has been bound.
Barriers have been added where necessary to ensure that a valid
portid and the hashed socket is visible.
I have also changed netlink_insert to only return EBUSY if the
socket is bound to a portid different to the requested one. This
combined with only reading nlk->bound once in netlink_bind fixes
a race where two threads that bind the socket at the same time
with different port IDs may both succeed.
Fixes: 1f770c0a09da ("netlink: Fix autobind race condition that leads to zero port ID")
Reported-by: Tejun Heo <tj@kernel.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nacked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-21 21:38:56 -06:00
|
|
|
netlink_compare_arg_init(&arg, sock_net(sk), nlk_sk(sk)->portid);
|
2015-03-20 04:57:01 -06:00
|
|
|
return rhashtable_lookup_insert_key(&table->hash, &arg,
|
|
|
|
|
&nlk_sk(sk)->node,
|
|
|
|
|
netlink_rhashtable_params);
|
2015-01-11 23:52:23 -07:00
|
|
|
}
|
|
|
|
|
|
2014-08-02 03:47:45 -06:00
|
|
|
static struct sock *netlink_lookup(struct net *net, int protocol, u32 portid)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2014-08-02 03:47:45 -06:00
|
|
|
struct netlink_table *table = &nl_table[protocol];
|
|
|
|
|
struct sock *sk;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2014-08-02 03:47:45 -06:00
|
|
|
rcu_read_lock();
|
|
|
|
|
sk = __netlink_lookup(table, portid, net);
|
|
|
|
|
if (sk)
|
|
|
|
|
sock_hold(sk);
|
|
|
|
|
rcu_read_unlock();
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2014-08-02 03:47:45 -06:00
|
|
|
return sk;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2005-12-22 13:49:22 -07:00
|
|
|
static const struct proto_ops netlink_ops;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2006-03-20 19:52:01 -07:00
|
|
|
static void
|
|
|
|
|
netlink_update_listeners(struct sock *sk)
|
|
|
|
|
{
|
|
|
|
|
struct netlink_table *tbl = &nl_table[sk->sk_protocol];
|
|
|
|
|
unsigned long mask;
|
|
|
|
|
unsigned int i;
|
2012-10-17 21:21:55 -06:00
|
|
|
struct listeners *listeners;
|
|
|
|
|
|
|
|
|
|
listeners = nl_deref_protected(tbl->listeners);
|
|
|
|
|
if (!listeners)
|
|
|
|
|
return;
|
2006-03-20 19:52:01 -07:00
|
|
|
|
2007-07-18 16:46:06 -06:00
|
|
|
for (i = 0; i < NLGRPLONGS(tbl->groups); i++) {
|
2006-03-20 19:52:01 -07:00
|
|
|
mask = 0;
|
hlist: drop the node parameter from iterators
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.
Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.
The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
type T;
expression a,c,d,e;
identifier b;
statement S;
@@
-T b;
<+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
...+>
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-27 18:06:00 -07:00
|
|
|
sk_for_each_bound(sk, &tbl->mc_list) {
|
2007-07-18 16:46:06 -06:00
|
|
|
if (i < NLGRPLONGS(nlk_sk(sk)->ngroups))
|
|
|
|
|
mask |= nlk_sk(sk)->groups[i];
|
|
|
|
|
}
|
2012-10-17 21:21:55 -06:00
|
|
|
listeners->masks[i] = mask;
|
2006-03-20 19:52:01 -07:00
|
|
|
}
|
|
|
|
|
/* this function is only called with the netlink table "grabbed", which
|
|
|
|
|
* makes sure updates are visible before bind or setsockopt return. */
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-25 20:02:56 -07:00
|
|
|
static int netlink_insert(struct sock *sk, u32 portid)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2013-06-06 00:49:11 -06:00
|
|
|
struct netlink_table *table = &nl_table[sk->sk_protocol];
|
2015-01-15 23:23:48 -07:00
|
|
|
int err;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-01-11 23:52:23 -07:00
|
|
|
lock_sock(sk);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
netlink: Replace rhash_portid with bound
On Mon, Sep 21, 2015 at 02:20:22PM -0400, Tejun Heo wrote:
>
> store_release and load_acquire are different from the usual memory
> barriers and can't be paired this way. You have to pair store_release
> and load_acquire. Besides, it isn't a particularly good idea to
OK I've decided to drop the acquire/release helpers as they don't
help us at all and simply pessimises the code by using full memory
barriers (on some architectures) where only a write or read barrier
is needed.
> depend on memory barriers embedded in other data structures like the
> above. Here, especially, rhashtable_insert() would have write barrier
> *before* the entry is hashed not necessarily *after*, which means that
> in the above case, a socket which appears to have set bound to a
> reader might not visible when the reader tries to look up the socket
> on the hashtable.
But you are right we do need an explicit write barrier here to
ensure that the hashing is visible.
> There's no reason to be overly smart here. This isn't a crazy hot
> path, write barriers tend to be very cheap, store_release more so.
> Please just do smp_store_release() and note what it's paired with.
It's not about being overly smart. It's about actually understanding
what's going on with the code. I've seen too many instances of
people simply sprinkling synchronisation primitives around without
any knowledge of what is happening underneath, which is just a recipe
for creating hard-to-debug races.
> > @@ -1539,7 +1546,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> > }
> > }
> >
> > - if (!nlk->portid) {
> > + if (!nlk->bound) {
>
> I don't think you can skip load_acquire here just because this is the
> second deref of the variable. That doesn't change anything. Race
> condition could still happen between the first and second tests and
> skipping the second would lead to the same kind of bug.
The reason this one is OK is because we do not use nlk->portid or
try to get nlk from the hash table before we return to user-space.
However, there is a real bug here that none of these acquire/release
helpers discovered. The two bound tests here used to be a single
one. Now that they are separate it is entirely possible for another
thread to come in the middle and bind the socket. So we need to
repeat the portid check in order to maintain consistency.
> > @@ -1587,7 +1594,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
> > !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
> > return -EPERM;
> >
> > - if (!nlk->portid)
> > + if (!nlk->bound)
>
> Don't we need load_acquire here too? Is this path holding a lock
> which makes that unnecessary?
Ditto.
---8<---
The commit 1f770c0a09da855a2b51af6d19de97fb955eca85 ("netlink:
Fix autobind race condition that leads to zero port ID") created
some new races that can occur due to inconcsistencies between the
two port IDs.
Tejun is right that a barrier is unavoidable. Therefore I am
reverting to the original patch that used a boolean to indicate
that a user netlink socket has been bound.
Barriers have been added where necessary to ensure that a valid
portid and the hashed socket is visible.
I have also changed netlink_insert to only return EBUSY if the
socket is bound to a portid different to the requested one. This
combined with only reading nlk->bound once in netlink_bind fixes
a race where two threads that bind the socket at the same time
with different port IDs may both succeed.
Fixes: 1f770c0a09da ("netlink: Fix autobind race condition that leads to zero port ID")
Reported-by: Tejun Heo <tj@kernel.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nacked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-21 21:38:56 -06:00
|
|
|
err = nlk_sk(sk)->portid == portid ? 0 : -EBUSY;
|
|
|
|
|
if (nlk_sk(sk)->bound)
|
2005-04-16 16:20:36 -06:00
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
|
err = -ENOMEM;
|
2015-01-02 15:00:20 -07:00
|
|
|
if (BITS_PER_LONG > 32 &&
|
|
|
|
|
unlikely(atomic_read(&table->hash.nelems) >= UINT_MAX))
|
2005-04-16 16:20:36 -06:00
|
|
|
goto err;
|
|
|
|
|
|
netlink: Replace rhash_portid with bound
On Mon, Sep 21, 2015 at 02:20:22PM -0400, Tejun Heo wrote:
>
> store_release and load_acquire are different from the usual memory
> barriers and can't be paired this way. You have to pair store_release
> and load_acquire. Besides, it isn't a particularly good idea to
OK I've decided to drop the acquire/release helpers as they don't
help us at all and simply pessimises the code by using full memory
barriers (on some architectures) where only a write or read barrier
is needed.
> depend on memory barriers embedded in other data structures like the
> above. Here, especially, rhashtable_insert() would have write barrier
> *before* the entry is hashed not necessarily *after*, which means that
> in the above case, a socket which appears to have set bound to a
> reader might not visible when the reader tries to look up the socket
> on the hashtable.
But you are right we do need an explicit write barrier here to
ensure that the hashing is visible.
> There's no reason to be overly smart here. This isn't a crazy hot
> path, write barriers tend to be very cheap, store_release more so.
> Please just do smp_store_release() and note what it's paired with.
It's not about being overly smart. It's about actually understanding
what's going on with the code. I've seen too many instances of
people simply sprinkling synchronisation primitives around without
any knowledge of what is happening underneath, which is just a recipe
for creating hard-to-debug races.
> > @@ -1539,7 +1546,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> > }
> > }
> >
> > - if (!nlk->portid) {
> > + if (!nlk->bound) {
>
> I don't think you can skip load_acquire here just because this is the
> second deref of the variable. That doesn't change anything. Race
> condition could still happen between the first and second tests and
> skipping the second would lead to the same kind of bug.
The reason this one is OK is because we do not use nlk->portid or
try to get nlk from the hash table before we return to user-space.
However, there is a real bug here that none of these acquire/release
helpers discovered. The two bound tests here used to be a single
one. Now that they are separate it is entirely possible for another
thread to come in the middle and bind the socket. So we need to
repeat the portid check in order to maintain consistency.
> > @@ -1587,7 +1594,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
> > !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
> > return -EPERM;
> >
> > - if (!nlk->portid)
> > + if (!nlk->bound)
>
> Don't we need load_acquire here too? Is this path holding a lock
> which makes that unnecessary?
Ditto.
---8<---
The commit 1f770c0a09da855a2b51af6d19de97fb955eca85 ("netlink:
Fix autobind race condition that leads to zero port ID") created
some new races that can occur due to inconcsistencies between the
two port IDs.
Tejun is right that a barrier is unavoidable. Therefore I am
reverting to the original patch that used a boolean to indicate
that a user netlink socket has been bound.
Barriers have been added where necessary to ensure that a valid
portid and the hashed socket is visible.
I have also changed netlink_insert to only return EBUSY if the
socket is bound to a portid different to the requested one. This
combined with only reading nlk->bound once in netlink_bind fixes
a race where two threads that bind the socket at the same time
with different port IDs may both succeed.
Fixes: 1f770c0a09da ("netlink: Fix autobind race condition that leads to zero port ID")
Reported-by: Tejun Heo <tj@kernel.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nacked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-21 21:38:56 -06:00
|
|
|
nlk_sk(sk)->portid = portid;
|
2014-08-02 03:47:45 -06:00
|
|
|
sock_hold(sk);
|
2015-01-15 23:23:48 -07:00
|
|
|
|
2015-03-20 04:57:01 -06:00
|
|
|
err = __netlink_insert(table, sk);
|
|
|
|
|
if (err) {
|
2015-08-06 16:26:41 -06:00
|
|
|
/* In case the hashtable backend returns with -EBUSY
|
|
|
|
|
* from here, it must not escape to the caller.
|
|
|
|
|
*/
|
|
|
|
|
if (unlikely(err == -EBUSY))
|
|
|
|
|
err = -EOVERFLOW;
|
2015-03-20 04:57:01 -06:00
|
|
|
if (err == -EEXIST)
|
|
|
|
|
err = -EADDRINUSE;
|
2015-01-11 23:52:23 -07:00
|
|
|
sock_put(sk);
|
2015-09-18 05:16:50 -06:00
|
|
|
goto err;
|
2015-01-15 23:23:48 -07:00
|
|
|
}
|
|
|
|
|
|
netlink: Replace rhash_portid with bound
On Mon, Sep 21, 2015 at 02:20:22PM -0400, Tejun Heo wrote:
>
> store_release and load_acquire are different from the usual memory
> barriers and can't be paired this way. You have to pair store_release
> and load_acquire. Besides, it isn't a particularly good idea to
OK I've decided to drop the acquire/release helpers as they don't
help us at all and simply pessimises the code by using full memory
barriers (on some architectures) where only a write or read barrier
is needed.
> depend on memory barriers embedded in other data structures like the
> above. Here, especially, rhashtable_insert() would have write barrier
> *before* the entry is hashed not necessarily *after*, which means that
> in the above case, a socket which appears to have set bound to a
> reader might not visible when the reader tries to look up the socket
> on the hashtable.
But you are right we do need an explicit write barrier here to
ensure that the hashing is visible.
> There's no reason to be overly smart here. This isn't a crazy hot
> path, write barriers tend to be very cheap, store_release more so.
> Please just do smp_store_release() and note what it's paired with.
It's not about being overly smart. It's about actually understanding
what's going on with the code. I've seen too many instances of
people simply sprinkling synchronisation primitives around without
any knowledge of what is happening underneath, which is just a recipe
for creating hard-to-debug races.
> > @@ -1539,7 +1546,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> > }
> > }
> >
> > - if (!nlk->portid) {
> > + if (!nlk->bound) {
>
> I don't think you can skip load_acquire here just because this is the
> second deref of the variable. That doesn't change anything. Race
> condition could still happen between the first and second tests and
> skipping the second would lead to the same kind of bug.
The reason this one is OK is because we do not use nlk->portid or
try to get nlk from the hash table before we return to user-space.
However, there is a real bug here that none of these acquire/release
helpers discovered. The two bound tests here used to be a single
one. Now that they are separate it is entirely possible for another
thread to come in the middle and bind the socket. So we need to
repeat the portid check in order to maintain consistency.
> > @@ -1587,7 +1594,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
> > !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
> > return -EPERM;
> >
> > - if (!nlk->portid)
> > + if (!nlk->bound)
>
> Don't we need load_acquire here too? Is this path holding a lock
> which makes that unnecessary?
Ditto.
---8<---
The commit 1f770c0a09da855a2b51af6d19de97fb955eca85 ("netlink:
Fix autobind race condition that leads to zero port ID") created
some new races that can occur due to inconcsistencies between the
two port IDs.
Tejun is right that a barrier is unavoidable. Therefore I am
reverting to the original patch that used a boolean to indicate
that a user netlink socket has been bound.
Barriers have been added where necessary to ensure that a valid
portid and the hashed socket is visible.
I have also changed netlink_insert to only return EBUSY if the
socket is bound to a portid different to the requested one. This
combined with only reading nlk->bound once in netlink_bind fixes
a race where two threads that bind the socket at the same time
with different port IDs may both succeed.
Fixes: 1f770c0a09da ("netlink: Fix autobind race condition that leads to zero port ID")
Reported-by: Tejun Heo <tj@kernel.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nacked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-21 21:38:56 -06:00
|
|
|
/* We need to ensure that the socket is hashed and visible. */
|
|
|
|
|
smp_wmb();
|
|
|
|
|
nlk_sk(sk)->bound = portid;
|
2015-09-18 05:16:50 -06:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
err:
|
2015-01-11 23:52:23 -07:00
|
|
|
release_sock(sk);
|
2005-04-16 16:20:36 -06:00
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void netlink_remove(struct sock *sk)
|
|
|
|
|
{
|
2014-08-02 03:47:45 -06:00
|
|
|
struct netlink_table *table;
|
|
|
|
|
|
|
|
|
|
table = &nl_table[sk->sk_protocol];
|
2015-03-20 04:57:01 -06:00
|
|
|
if (!rhashtable_remove_fast(&table->hash, &nlk_sk(sk)->node,
|
|
|
|
|
netlink_rhashtable_params)) {
|
2017-06-30 04:08:01 -06:00
|
|
|
WARN_ON(refcount_read(&sk->sk_refcnt) == 1);
|
2014-08-02 03:47:45 -06:00
|
|
|
__sock_put(sk);
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
netlink_table_grab();
|
2014-12-22 10:56:37 -07:00
|
|
|
if (nlk_sk(sk)->subscriptions) {
|
2005-04-16 16:20:36 -06:00
|
|
|
__sk_del_bind_node(sk);
|
2014-12-22 10:56:37 -07:00
|
|
|
netlink_update_listeners(sk);
|
|
|
|
|
}
|
2015-01-16 03:37:14 -07:00
|
|
|
if (sk->sk_protocol == NETLINK_GENERIC)
|
|
|
|
|
atomic_inc(&genl_sk_destructing_cnt);
|
2005-04-16 16:20:36 -06:00
|
|
|
netlink_table_ungrab();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct proto netlink_proto = {
|
|
|
|
|
.name = "NETLINK",
|
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
|
.obj_size = sizeof(struct netlink_sock),
|
|
|
|
|
};
|
|
|
|
|
|
2007-10-09 00:24:22 -06:00
|
|
|
static int __netlink_create(struct net *net, struct socket *sock,
|
2015-05-08 20:09:13 -06:00
|
|
|
struct mutex *cb_mutex, int protocol,
|
|
|
|
|
int kern)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
struct sock *sk;
|
|
|
|
|
struct netlink_sock *nlk;
|
2005-08-14 20:31:36 -06:00
|
|
|
|
|
|
|
|
sock->ops = &netlink_ops;
|
|
|
|
|
|
2015-05-08 20:09:13 -06:00
|
|
|
sk = sk_alloc(net, PF_NETLINK, GFP_KERNEL, &netlink_proto, kern);
|
2005-08-14 20:31:36 -06:00
|
|
|
if (!sk)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
sock_init_data(sock, sk);
|
|
|
|
|
|
|
|
|
|
nlk = nlk_sk(sk);
|
2012-04-22 15:30:21 -06:00
|
|
|
if (cb_mutex) {
|
2007-04-25 15:01:17 -06:00
|
|
|
nlk->cb_mutex = cb_mutex;
|
2012-04-22 15:30:21 -06:00
|
|
|
} else {
|
2007-04-25 15:01:17 -06:00
|
|
|
nlk->cb_mutex = &nlk->cb_def_mutex;
|
|
|
|
|
mutex_init(nlk->cb_mutex);
|
2017-03-14 04:25:57 -06:00
|
|
|
lockdep_set_class_and_name(nlk->cb_mutex,
|
|
|
|
|
nlk_cb_mutex_keys + protocol,
|
|
|
|
|
nlk_cb_mutex_key_strings[protocol]);
|
2007-04-25 15:01:17 -06:00
|
|
|
}
|
2005-08-14 20:31:36 -06:00
|
|
|
init_waitqueue_head(&nlk->wait);
|
|
|
|
|
|
|
|
|
|
sk->sk_destruct = netlink_sock_destruct;
|
|
|
|
|
sk->sk_protocol = protocol;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2009-11-05 23:18:14 -07:00
|
|
|
static int netlink_create(struct net *net, struct socket *sock, int protocol,
|
|
|
|
|
int kern)
|
2005-08-14 20:31:36 -06:00
|
|
|
{
|
|
|
|
|
struct module *module = NULL;
|
2007-04-20 15:14:21 -06:00
|
|
|
struct mutex *cb_mutex;
|
2005-08-15 13:29:13 -06:00
|
|
|
struct netlink_sock *nlk;
|
2014-12-23 13:00:06 -07:00
|
|
|
int (*bind)(struct net *net, int group);
|
|
|
|
|
void (*unbind)(struct net *net, int group);
|
2005-08-14 20:31:36 -06:00
|
|
|
int err = 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
sock->state = SS_UNCONNECTED;
|
|
|
|
|
|
|
|
|
|
if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM)
|
|
|
|
|
return -ESOCKTNOSUPPORT;
|
|
|
|
|
|
2007-12-04 01:19:38 -07:00
|
|
|
if (protocol < 0 || protocol >= MAX_LINKS)
|
2005-04-16 16:20:36 -06:00
|
|
|
return -EPROTONOSUPPORT;
|
2018-07-31 15:13:16 -06:00
|
|
|
protocol = array_index_nospec(protocol, MAX_LINKS);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2005-08-14 20:27:13 -06:00
|
|
|
netlink_lock_table();
|
2008-10-16 16:24:51 -06:00
|
|
|
#ifdef CONFIG_MODULES
|
2005-08-14 20:31:36 -06:00
|
|
|
if (!nl_table[protocol].registered) {
|
2005-08-14 20:27:13 -06:00
|
|
|
netlink_unlock_table();
|
2005-08-09 20:40:55 -06:00
|
|
|
request_module("net-pf-%d-proto-%d", PF_NETLINK, protocol);
|
2005-08-14 20:27:13 -06:00
|
|
|
netlink_lock_table();
|
2005-08-09 20:40:55 -06:00
|
|
|
}
|
2005-08-14 20:31:36 -06:00
|
|
|
#endif
|
|
|
|
|
if (nl_table[protocol].registered &&
|
|
|
|
|
try_module_get(nl_table[protocol].module))
|
|
|
|
|
module = nl_table[protocol].module;
|
2010-01-30 03:05:05 -07:00
|
|
|
else
|
|
|
|
|
err = -EPROTONOSUPPORT;
|
2007-04-20 15:14:21 -06:00
|
|
|
cb_mutex = nl_table[protocol].cb_mutex;
|
2012-06-29 00:15:22 -06:00
|
|
|
bind = nl_table[protocol].bind;
|
2014-04-22 19:31:54 -06:00
|
|
|
unbind = nl_table[protocol].unbind;
|
2005-08-14 20:27:13 -06:00
|
|
|
netlink_unlock_table();
|
2005-08-09 20:40:55 -06:00
|
|
|
|
2010-01-30 03:05:05 -07:00
|
|
|
if (err < 0)
|
|
|
|
|
goto out;
|
|
|
|
|
|
2015-05-08 20:09:13 -06:00
|
|
|
err = __netlink_create(net, sock, cb_mutex, protocol, kern);
|
2007-12-04 01:19:38 -07:00
|
|
|
if (err < 0)
|
2005-08-15 13:29:13 -06:00
|
|
|
goto out_module;
|
|
|
|
|
|
2008-11-23 18:34:03 -07:00
|
|
|
local_bh_disable();
|
2008-11-23 16:48:22 -07:00
|
|
|
sock_prot_inuse_add(net, &netlink_proto, 1);
|
2008-11-23 18:34:03 -07:00
|
|
|
local_bh_enable();
|
|
|
|
|
|
2005-08-15 13:29:13 -06:00
|
|
|
nlk = nlk_sk(sock->sk);
|
|
|
|
|
nlk->module = module;
|
2012-06-29 00:15:22 -06:00
|
|
|
nlk->netlink_bind = bind;
|
2014-04-22 19:31:54 -06:00
|
|
|
nlk->netlink_unbind = unbind;
|
2005-08-14 20:31:36 -06:00
|
|
|
out:
|
|
|
|
|
return err;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2005-08-14 20:31:36 -06:00
|
|
|
out_module:
|
|
|
|
|
module_put(module);
|
|
|
|
|
goto out;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2015-01-02 15:00:22 -07:00
|
|
|
static void deferred_put_nlk_sk(struct rcu_head *head)
|
|
|
|
|
{
|
|
|
|
|
struct netlink_sock *nlk = container_of(head, struct netlink_sock, rcu);
|
2016-12-05 00:28:21 -07:00
|
|
|
struct sock *sk = &nlk->sk;
|
|
|
|
|
|
2017-09-05 21:47:12 -06:00
|
|
|
kfree(nlk->groups);
|
|
|
|
|
nlk->groups = NULL;
|
|
|
|
|
|
2017-06-30 04:08:01 -06:00
|
|
|
if (!refcount_dec_and_test(&sk->sk_refcnt))
|
2016-12-05 00:28:21 -07:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (nlk->cb_running && nlk->cb.done) {
|
|
|
|
|
INIT_WORK(&nlk->work, netlink_sock_destruct_work);
|
|
|
|
|
schedule_work(&nlk->work);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2015-01-02 15:00:22 -07:00
|
|
|
|
2016-12-05 00:28:21 -07:00
|
|
|
sk_free(sk);
|
2015-01-02 15:00:22 -07:00
|
|
|
}
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
static int netlink_release(struct socket *sock)
|
|
|
|
|
{
|
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
|
struct netlink_sock *nlk;
|
|
|
|
|
|
|
|
|
|
if (!sk)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
netlink_remove(sk);
|
2007-04-18 18:05:58 -06:00
|
|
|
sock_orphan(sk);
|
2005-04-16 16:20:36 -06:00
|
|
|
nlk = nlk_sk(sk);
|
|
|
|
|
|
2007-05-03 04:17:14 -06:00
|
|
|
/*
|
|
|
|
|
* OK. Socket is unlinked, any packets that arrive now
|
|
|
|
|
* will be purged.
|
|
|
|
|
*/
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-01-16 03:37:14 -07:00
|
|
|
/* must not acquire netlink_table_lock in any way again before unbind
|
|
|
|
|
* and notifying genetlink is done as otherwise it might deadlock
|
|
|
|
|
*/
|
|
|
|
|
if (nlk->netlink_unbind) {
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < nlk->ngroups; i++)
|
|
|
|
|
if (test_bit(i, nlk->groups))
|
|
|
|
|
nlk->netlink_unbind(sock_net(sk), i + 1);
|
|
|
|
|
}
|
|
|
|
|
if (sk->sk_protocol == NETLINK_GENERIC &&
|
|
|
|
|
atomic_dec_return(&genl_sk_destructing_cnt) == 0)
|
|
|
|
|
wake_up(&genl_sk_destructing_waitq);
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
sock->sk = NULL;
|
|
|
|
|
wake_up_interruptible_all(&nlk->wait);
|
|
|
|
|
|
|
|
|
|
skb_queue_purge(&sk->sk_write_queue);
|
|
|
|
|
|
2016-04-07 01:31:38 -06:00
|
|
|
if (nlk->portid && nlk->bound) {
|
2005-04-16 16:20:36 -06:00
|
|
|
struct netlink_notify n = {
|
2008-03-25 11:26:21 -06:00
|
|
|
.net = sock_net(sk),
|
2005-04-16 16:20:36 -06:00
|
|
|
.protocol = sk->sk_protocol,
|
2012-09-07 14:12:54 -06:00
|
|
|
.portid = nlk->portid,
|
2005-04-16 16:20:36 -06:00
|
|
|
};
|
2016-12-09 22:10:59 -07:00
|
|
|
blocking_notifier_call_chain(&netlink_chain,
|
[PATCH] Notifier chain update: API changes
The kernel's implementation of notifier chains is unsafe. There is no
protection against entries being added to or removed from a chain while the
chain is in use. The issues were discussed in this thread:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113018709002036&w=2
We noticed that notifier chains in the kernel fall into two basic usage
classes:
"Blocking" chains are always called from a process context
and the callout routines are allowed to sleep;
"Atomic" chains can be called from an atomic context and
the callout routines are not allowed to sleep.
We decided to codify this distinction and make it part of the API. Therefore
this set of patches introduces three new, parallel APIs: one for blocking
notifiers, one for atomic notifiers, and one for "raw" notifiers (which is
really just the old API under a new name). New kinds of data structures are
used for the heads of the chains, and new routines are defined for
registration, unregistration, and calling a chain. The three APIs are
explained in include/linux/notifier.h and their implementation is in
kernel/sys.c.
With atomic and blocking chains, the implementation guarantees that the chain
links will not be corrupted and that chain callers will not get messed up by
entries being added or removed. For raw chains the implementation provides no
guarantees at all; users of this API must provide their own protections. (The
idea was that situations may come up where the assumptions of the atomic and
blocking APIs are not appropriate, so it should be possible for users to
handle these things in their own way.)
There are some limitations, which should not be too hard to live with. For
atomic/blocking chains, registration and unregistration must always be done in
a process context since the chain is protected by a mutex/rwsem. Also, a
callout routine for a non-raw chain must not try to register or unregister
entries on its own chain. (This did happen in a couple of places and the code
had to be changed to avoid it.)
Since atomic chains may be called from within an NMI handler, they cannot use
spinlocks for synchronization. Instead we use RCU. The overhead falls almost
entirely in the unregister routine, which is okay since unregistration is much
less frequent that calling a chain.
Here is the list of chains that we adjusted and their classifications. None
of them use the raw API, so for the moment it is only a placeholder.
ATOMIC CHAINS
-------------
arch/i386/kernel/traps.c: i386die_chain
arch/ia64/kernel/traps.c: ia64die_chain
arch/powerpc/kernel/traps.c: powerpc_die_chain
arch/sparc64/kernel/traps.c: sparc64die_chain
arch/x86_64/kernel/traps.c: die_chain
drivers/char/ipmi/ipmi_si_intf.c: xaction_notifier_list
kernel/panic.c: panic_notifier_list
kernel/profile.c: task_free_notifier
net/bluetooth/hci_core.c: hci_notifier
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_chain
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_expect_chain
net/ipv6/addrconf.c: inet6addr_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_expect_chain
net/netlink/af_netlink.c: netlink_chain
BLOCKING CHAINS
---------------
arch/powerpc/platforms/pseries/reconfig.c: pSeries_reconfig_chain
arch/s390/kernel/process.c: idle_chain
arch/x86_64/kernel/process.c idle_notifier
drivers/base/memory.c: memory_chain
drivers/cpufreq/cpufreq.c cpufreq_policy_notifier_list
drivers/cpufreq/cpufreq.c cpufreq_transition_notifier_list
drivers/macintosh/adb.c: adb_client_list
drivers/macintosh/via-pmu.c sleep_notifier_list
drivers/macintosh/via-pmu68k.c sleep_notifier_list
drivers/macintosh/windfarm_core.c wf_client_list
drivers/usb/core/notify.c usb_notifier_list
drivers/video/fbmem.c fb_notifier_list
kernel/cpu.c cpu_chain
kernel/module.c module_notify_list
kernel/profile.c munmap_notifier
kernel/profile.c task_exit_notifier
kernel/sys.c reboot_notifier_list
net/core/dev.c netdev_chain
net/decnet/dn_dev.c: dnaddr_chain
net/ipv4/devinet.c: inetaddr_chain
It's possible that some of these classifications are wrong. If they are,
please let us know or submit a patch to fix them. Note that any chain that
gets called very frequently should be atomic, because the rwsem read-locking
used for blocking chains is very likely to incur cache misses on SMP systems.
(However, if the chain's callout routines may sleep then the chain cannot be
atomic.)
The patch set was written by Alan Stern and Chandra Seetharaman, incorporating
material written by Keith Owens and suggestions from Paul McKenney and Andrew
Morton.
[jes@sgi.com: restructure the notifier chain initialization macros]
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-27 02:16:30 -07:00
|
|
|
NETLINK_URELEASE, &n);
|
2007-02-09 07:25:07 -07:00
|
|
|
}
|
2005-08-09 20:40:55 -06:00
|
|
|
|
2007-01-02 16:24:30 -07:00
|
|
|
module_put(nlk->module);
|
2005-08-09 20:40:55 -06:00
|
|
|
|
2007-10-10 22:14:32 -06:00
|
|
|
if (netlink_is_kernel(sk)) {
|
2014-12-22 10:56:37 -07:00
|
|
|
netlink_table_grab();
|
2008-01-19 00:53:31 -07:00
|
|
|
BUG_ON(nl_table[sk->sk_protocol].registered == 0);
|
|
|
|
|
if (--nl_table[sk->sk_protocol].registered == 0) {
|
2012-10-17 21:21:55 -06:00
|
|
|
struct listeners *old;
|
|
|
|
|
|
|
|
|
|
old = nl_deref_protected(nl_table[sk->sk_protocol].listeners);
|
|
|
|
|
RCU_INIT_POINTER(nl_table[sk->sk_protocol].listeners, NULL);
|
|
|
|
|
kfree_rcu(old, rcu);
|
2008-01-19 00:53:31 -07:00
|
|
|
nl_table[sk->sk_protocol].module = NULL;
|
2012-09-07 20:53:53 -06:00
|
|
|
nl_table[sk->sk_protocol].bind = NULL;
|
2014-04-22 19:31:54 -06:00
|
|
|
nl_table[sk->sk_protocol].unbind = NULL;
|
2012-09-07 20:53:53 -06:00
|
|
|
nl_table[sk->sk_protocol].flags = 0;
|
2008-01-19 00:53:31 -07:00
|
|
|
nl_table[sk->sk_protocol].registered = 0;
|
|
|
|
|
}
|
2014-12-22 10:56:37 -07:00
|
|
|
netlink_table_ungrab();
|
2012-04-22 15:30:21 -06:00
|
|
|
}
|
2005-08-14 20:27:13 -06:00
|
|
|
|
2008-11-24 15:05:22 -07:00
|
|
|
local_bh_disable();
|
2008-11-23 16:48:22 -07:00
|
|
|
sock_prot_inuse_add(sock_net(sk), &netlink_proto, -1);
|
2008-11-24 15:05:22 -07:00
|
|
|
local_bh_enable();
|
2015-01-02 15:00:22 -07:00
|
|
|
call_rcu(&nlk->rcu, deferred_put_nlk_sk);
|
2005-04-16 16:20:36 -06:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int netlink_autobind(struct socket *sock)
|
|
|
|
|
{
|
|
|
|
|
struct sock *sk = sock->sk;
|
2008-03-25 11:26:21 -06:00
|
|
|
struct net *net = sock_net(sk);
|
2013-06-06 00:49:11 -06:00
|
|
|
struct netlink_table *table = &nl_table[sk->sk_protocol];
|
2012-09-07 14:12:54 -06:00
|
|
|
s32 portid = task_tgid_vnr(current);
|
2005-04-16 16:20:36 -06:00
|
|
|
int err;
|
2015-05-16 20:45:34 -06:00
|
|
|
s32 rover = -4096;
|
|
|
|
|
bool ok;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
retry:
|
|
|
|
|
cond_resched();
|
2014-08-02 03:47:45 -06:00
|
|
|
rcu_read_lock();
|
2015-05-16 20:45:34 -06:00
|
|
|
ok = !__netlink_lookup(table, portid, net);
|
|
|
|
|
rcu_read_unlock();
|
|
|
|
|
if (!ok) {
|
2014-08-02 03:47:45 -06:00
|
|
|
/* Bind collision, search negative portid values. */
|
2015-05-16 20:45:34 -06:00
|
|
|
if (rover == -4096)
|
|
|
|
|
/* rover will be in range [S32_MIN, -4097] */
|
|
|
|
|
rover = S32_MIN + prandom_u32_max(-4096 - S32_MIN);
|
|
|
|
|
else if (rover >= -4096)
|
2014-08-02 03:47:45 -06:00
|
|
|
rover = -4097;
|
2015-05-16 20:45:34 -06:00
|
|
|
portid = rover--;
|
2014-08-02 03:47:45 -06:00
|
|
|
goto retry;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2015-01-25 20:02:56 -07:00
|
|
|
err = netlink_insert(sk, portid);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (err == -EADDRINUSE)
|
|
|
|
|
goto retry;
|
[NETLINK]: Fix two socket hashing bugs.
1) netlink_release() should only decrement the hash entry
count if the socket was actually hashed.
This was causing hash->entries to underflow, which
resulting in all kinds of troubles.
On 64-bit systems, this would cause the following
conditional to erroneously trigger:
err = -ENOMEM;
if (BITS_PER_LONG > 32 && unlikely(hash->entries >= UINT_MAX))
goto err;
2) netlink_autobind() needs to propagate the error return from
netlink_insert(). Otherwise, callers will not see the error
as they should and thus try to operate on a socket with a zero pid,
which is very bad.
However, it should not propagate -EBUSY. If two threads race
to autobind the socket, that is fine. This is consistent with the
autobind behavior in other protocols.
So bug #1 above, combined with this one, resulted in hangs
on netlink_sendmsg() calls to the rtnetlink socket. We'd try
to do the user sendmsg() with the socket's pid set to zero,
later we do a socket lookup using that pid (via the value we
stashed away in NETLINK_CB(skb).pid), but that won't give us the
user socket, it will give us the rtnetlink socket. So when we
try to wake up the receive queue, we dive back into rtnetlink_rcv()
which tries to recursively take the rtnetlink semaphore.
Thanks to Jakub Jelink for providing backtraces. Also, thanks to
Herbert Xu for supplying debugging patches to help track this down,
and also finding a mistake in an earlier version of this fix.
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-06-26 16:31:51 -06:00
|
|
|
|
|
|
|
|
/* If 2 threads race to autobind, that is fine. */
|
|
|
|
|
if (err == -EBUSY)
|
|
|
|
|
err = 0;
|
|
|
|
|
|
|
|
|
|
return err;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2014-04-23 15:28:03 -06:00
|
|
|
/**
|
|
|
|
|
* __netlink_ns_capable - General netlink message capability test
|
|
|
|
|
* @nsp: NETLINK_CB of the socket buffer holding a netlink command from userspace.
|
|
|
|
|
* @user_ns: The user namespace of the capability to use
|
|
|
|
|
* @cap: The capability to use
|
|
|
|
|
*
|
|
|
|
|
* Test to see if the opener of the socket we received the message
|
|
|
|
|
* from had when the netlink socket was created and the sender of the
|
|
|
|
|
* message has has the capability @cap in the user namespace @user_ns.
|
|
|
|
|
*/
|
|
|
|
|
bool __netlink_ns_capable(const struct netlink_skb_parms *nsp,
|
|
|
|
|
struct user_namespace *user_ns, int cap)
|
|
|
|
|
{
|
2014-05-30 12:04:00 -06:00
|
|
|
return ((nsp->flags & NETLINK_SKB_DST) ||
|
|
|
|
|
file_ns_capable(nsp->sk->sk_socket->file, user_ns, cap)) &&
|
|
|
|
|
ns_capable(user_ns, cap);
|
2014-04-23 15:28:03 -06:00
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL(__netlink_ns_capable);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* netlink_ns_capable - General netlink message capability test
|
|
|
|
|
* @skb: socket buffer holding a netlink command from userspace
|
|
|
|
|
* @user_ns: The user namespace of the capability to use
|
|
|
|
|
* @cap: The capability to use
|
|
|
|
|
*
|
|
|
|
|
* Test to see if the opener of the socket we received the message
|
|
|
|
|
* from had when the netlink socket was created and the sender of the
|
|
|
|
|
* message has has the capability @cap in the user namespace @user_ns.
|
|
|
|
|
*/
|
|
|
|
|
bool netlink_ns_capable(const struct sk_buff *skb,
|
|
|
|
|
struct user_namespace *user_ns, int cap)
|
|
|
|
|
{
|
|
|
|
|
return __netlink_ns_capable(&NETLINK_CB(skb), user_ns, cap);
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL(netlink_ns_capable);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* netlink_capable - Netlink global message capability test
|
|
|
|
|
* @skb: socket buffer holding a netlink command from userspace
|
|
|
|
|
* @cap: The capability to use
|
|
|
|
|
*
|
|
|
|
|
* Test to see if the opener of the socket we received the message
|
|
|
|
|
* from had when the netlink socket was created and the sender of the
|
|
|
|
|
* message has has the capability @cap in all user namespaces.
|
|
|
|
|
*/
|
|
|
|
|
bool netlink_capable(const struct sk_buff *skb, int cap)
|
|
|
|
|
{
|
|
|
|
|
return netlink_ns_capable(skb, &init_user_ns, cap);
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL(netlink_capable);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* netlink_net_capable - Netlink network namespace message capability test
|
|
|
|
|
* @skb: socket buffer holding a netlink command from userspace
|
|
|
|
|
* @cap: The capability to use
|
|
|
|
|
*
|
|
|
|
|
* Test to see if the opener of the socket we received the message
|
|
|
|
|
* from had when the netlink socket was created and the sender of the
|
|
|
|
|
* message has has the capability @cap over the network namespace of
|
|
|
|
|
* the socket we received the message from.
|
|
|
|
|
*/
|
|
|
|
|
bool netlink_net_capable(const struct sk_buff *skb, int cap)
|
|
|
|
|
{
|
|
|
|
|
return netlink_ns_capable(skb, sock_net(skb->sk)->user_ns, cap);
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL(netlink_net_capable);
|
|
|
|
|
|
2014-04-23 15:25:48 -06:00
|
|
|
static inline int netlink_allowed(const struct socket *sock, unsigned int flag)
|
2007-02-09 07:25:07 -07:00
|
|
|
{
|
2012-09-07 20:53:53 -06:00
|
|
|
return (nl_table[sock->sk->sk_protocol].flags & flag) ||
|
2012-11-15 20:03:07 -07:00
|
|
|
ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN);
|
2007-02-09 07:25:07 -07:00
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2005-08-15 13:29:13 -06:00
|
|
|
static void
|
|
|
|
|
netlink_update_subscriptions(struct sock *sk, unsigned int subscriptions)
|
|
|
|
|
{
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
|
|
|
|
|
|
|
|
|
if (nlk->subscriptions && !subscriptions)
|
|
|
|
|
__sk_del_bind_node(sk);
|
|
|
|
|
else if (!nlk->subscriptions && subscriptions)
|
|
|
|
|
sk_add_bind_node(sk, &nl_table[sk->sk_protocol].mc_list);
|
|
|
|
|
nlk->subscriptions = subscriptions;
|
|
|
|
|
}
|
|
|
|
|
|
2007-07-18 16:46:06 -06:00
|
|
|
static int netlink_realloc_groups(struct sock *sk)
|
2005-09-06 16:43:59 -06:00
|
|
|
{
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
|
|
|
|
unsigned int groups;
|
2007-07-18 16:46:06 -06:00
|
|
|
unsigned long *new_groups;
|
2005-09-06 16:43:59 -06:00
|
|
|
int err = 0;
|
|
|
|
|
|
2007-07-18 16:46:06 -06:00
|
|
|
netlink_table_grab();
|
|
|
|
|
|
2005-09-06 16:43:59 -06:00
|
|
|
groups = nl_table[sk->sk_protocol].groups;
|
2007-07-18 16:46:06 -06:00
|
|
|
if (!nl_table[sk->sk_protocol].registered) {
|
2005-09-06 16:43:59 -06:00
|
|
|
err = -ENOENT;
|
2007-07-18 16:46:06 -06:00
|
|
|
goto out_unlock;
|
|
|
|
|
}
|
2005-09-06 16:43:59 -06:00
|
|
|
|
2007-07-18 16:46:06 -06:00
|
|
|
if (nlk->ngroups >= groups)
|
|
|
|
|
goto out_unlock;
|
2005-09-06 16:43:59 -06:00
|
|
|
|
2007-07-18 16:46:06 -06:00
|
|
|
new_groups = krealloc(nlk->groups, NLGRPSZ(groups), GFP_ATOMIC);
|
|
|
|
|
if (new_groups == NULL) {
|
|
|
|
|
err = -ENOMEM;
|
|
|
|
|
goto out_unlock;
|
|
|
|
|
}
|
2007-12-04 01:19:38 -07:00
|
|
|
memset((char *)new_groups + NLGRPSZ(nlk->ngroups), 0,
|
2007-07-18 16:46:06 -06:00
|
|
|
NLGRPSZ(groups) - NLGRPSZ(nlk->ngroups));
|
|
|
|
|
|
|
|
|
|
nlk->groups = new_groups;
|
2005-09-06 16:43:59 -06:00
|
|
|
nlk->ngroups = groups;
|
2007-07-18 16:46:06 -06:00
|
|
|
out_unlock:
|
|
|
|
|
netlink_table_ungrab();
|
|
|
|
|
return err;
|
2005-09-06 16:43:59 -06:00
|
|
|
}
|
|
|
|
|
|
2014-12-22 10:56:35 -07:00
|
|
|
static void netlink_undo_bind(int group, long unsigned int groups,
|
2014-12-23 13:00:06 -07:00
|
|
|
struct sock *sk)
|
2014-04-22 19:31:54 -06:00
|
|
|
{
|
2014-12-23 13:00:06 -07:00
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
2014-04-22 19:31:54 -06:00
|
|
|
int undo;
|
|
|
|
|
|
|
|
|
|
if (!nlk->netlink_unbind)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
for (undo = 0; undo < group; undo++)
|
2014-11-12 12:24:10 -07:00
|
|
|
if (test_bit(undo, &groups))
|
2015-01-29 02:51:53 -07:00
|
|
|
nlk->netlink_unbind(sock_net(sk), undo + 1);
|
2014-04-22 19:31:54 -06:00
|
|
|
}
|
|
|
|
|
|
2007-12-04 01:19:38 -07:00
|
|
|
static int netlink_bind(struct socket *sock, struct sockaddr *addr,
|
|
|
|
|
int addr_len)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
struct sock *sk = sock->sk;
|
2008-03-25 11:26:21 -06:00
|
|
|
struct net *net = sock_net(sk);
|
2005-04-16 16:20:36 -06:00
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
|
|
|
|
struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr;
|
2017-09-05 21:53:29 -06:00
|
|
|
int err = 0;
|
2014-04-22 19:31:54 -06:00
|
|
|
long unsigned int groups = nladdr->nl_groups;
|
netlink: Replace rhash_portid with bound
On Mon, Sep 21, 2015 at 02:20:22PM -0400, Tejun Heo wrote:
>
> store_release and load_acquire are different from the usual memory
> barriers and can't be paired this way. You have to pair store_release
> and load_acquire. Besides, it isn't a particularly good idea to
OK I've decided to drop the acquire/release helpers as they don't
help us at all and simply pessimises the code by using full memory
barriers (on some architectures) where only a write or read barrier
is needed.
> depend on memory barriers embedded in other data structures like the
> above. Here, especially, rhashtable_insert() would have write barrier
> *before* the entry is hashed not necessarily *after*, which means that
> in the above case, a socket which appears to have set bound to a
> reader might not visible when the reader tries to look up the socket
> on the hashtable.
But you are right we do need an explicit write barrier here to
ensure that the hashing is visible.
> There's no reason to be overly smart here. This isn't a crazy hot
> path, write barriers tend to be very cheap, store_release more so.
> Please just do smp_store_release() and note what it's paired with.
It's not about being overly smart. It's about actually understanding
what's going on with the code. I've seen too many instances of
people simply sprinkling synchronisation primitives around without
any knowledge of what is happening underneath, which is just a recipe
for creating hard-to-debug races.
> > @@ -1539,7 +1546,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> > }
> > }
> >
> > - if (!nlk->portid) {
> > + if (!nlk->bound) {
>
> I don't think you can skip load_acquire here just because this is the
> second deref of the variable. That doesn't change anything. Race
> condition could still happen between the first and second tests and
> skipping the second would lead to the same kind of bug.
The reason this one is OK is because we do not use nlk->portid or
try to get nlk from the hash table before we return to user-space.
However, there is a real bug here that none of these acquire/release
helpers discovered. The two bound tests here used to be a single
one. Now that they are separate it is entirely possible for another
thread to come in the middle and bind the socket. So we need to
repeat the portid check in order to maintain consistency.
> > @@ -1587,7 +1594,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
> > !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
> > return -EPERM;
> >
> > - if (!nlk->portid)
> > + if (!nlk->bound)
>
> Don't we need load_acquire here too? Is this path holding a lock
> which makes that unnecessary?
Ditto.
---8<---
The commit 1f770c0a09da855a2b51af6d19de97fb955eca85 ("netlink:
Fix autobind race condition that leads to zero port ID") created
some new races that can occur due to inconcsistencies between the
two port IDs.
Tejun is right that a barrier is unavoidable. Therefore I am
reverting to the original patch that used a boolean to indicate
that a user netlink socket has been bound.
Barriers have been added where necessary to ensure that a valid
portid and the hashed socket is visible.
I have also changed netlink_insert to only return EBUSY if the
socket is bound to a portid different to the requested one. This
combined with only reading nlk->bound once in netlink_bind fixes
a race where two threads that bind the socket at the same time
with different port IDs may both succeed.
Fixes: 1f770c0a09da ("netlink: Fix autobind race condition that leads to zero port ID")
Reported-by: Tejun Heo <tj@kernel.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nacked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-21 21:38:56 -06:00
|
|
|
bool bound;
|
2007-02-09 07:25:07 -07:00
|
|
|
|
2012-12-15 08:42:19 -07:00
|
|
|
if (addr_len < sizeof(struct sockaddr_nl))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
if (nladdr->nl_family != AF_NETLINK)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
/* Only superuser is allowed to listen multicasts */
|
2014-04-22 19:31:54 -06:00
|
|
|
if (groups) {
|
2014-04-23 15:25:48 -06:00
|
|
|
if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
|
2005-09-06 16:43:59 -06:00
|
|
|
return -EPERM;
|
2007-07-18 16:46:06 -06:00
|
|
|
err = netlink_realloc_groups(sk);
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
2005-09-06 16:43:59 -06:00
|
|
|
}
|
2018-07-30 11:32:36 -06:00
|
|
|
|
|
|
|
|
if (nlk->ngroups == 0)
|
|
|
|
|
groups = 0;
|
2018-08-04 18:35:53 -06:00
|
|
|
else if (nlk->ngroups < 8*sizeof(groups))
|
|
|
|
|
groups &= (1UL << nlk->ngroups) - 1;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
netlink: Replace rhash_portid with bound
On Mon, Sep 21, 2015 at 02:20:22PM -0400, Tejun Heo wrote:
>
> store_release and load_acquire are different from the usual memory
> barriers and can't be paired this way. You have to pair store_release
> and load_acquire. Besides, it isn't a particularly good idea to
OK I've decided to drop the acquire/release helpers as they don't
help us at all and simply pessimises the code by using full memory
barriers (on some architectures) where only a write or read barrier
is needed.
> depend on memory barriers embedded in other data structures like the
> above. Here, especially, rhashtable_insert() would have write barrier
> *before* the entry is hashed not necessarily *after*, which means that
> in the above case, a socket which appears to have set bound to a
> reader might not visible when the reader tries to look up the socket
> on the hashtable.
But you are right we do need an explicit write barrier here to
ensure that the hashing is visible.
> There's no reason to be overly smart here. This isn't a crazy hot
> path, write barriers tend to be very cheap, store_release more so.
> Please just do smp_store_release() and note what it's paired with.
It's not about being overly smart. It's about actually understanding
what's going on with the code. I've seen too many instances of
people simply sprinkling synchronisation primitives around without
any knowledge of what is happening underneath, which is just a recipe
for creating hard-to-debug races.
> > @@ -1539,7 +1546,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> > }
> > }
> >
> > - if (!nlk->portid) {
> > + if (!nlk->bound) {
>
> I don't think you can skip load_acquire here just because this is the
> second deref of the variable. That doesn't change anything. Race
> condition could still happen between the first and second tests and
> skipping the second would lead to the same kind of bug.
The reason this one is OK is because we do not use nlk->portid or
try to get nlk from the hash table before we return to user-space.
However, there is a real bug here that none of these acquire/release
helpers discovered. The two bound tests here used to be a single
one. Now that they are separate it is entirely possible for another
thread to come in the middle and bind the socket. So we need to
repeat the portid check in order to maintain consistency.
> > @@ -1587,7 +1594,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
> > !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
> > return -EPERM;
> >
> > - if (!nlk->portid)
> > + if (!nlk->bound)
>
> Don't we need load_acquire here too? Is this path holding a lock
> which makes that unnecessary?
Ditto.
---8<---
The commit 1f770c0a09da855a2b51af6d19de97fb955eca85 ("netlink:
Fix autobind race condition that leads to zero port ID") created
some new races that can occur due to inconcsistencies between the
two port IDs.
Tejun is right that a barrier is unavoidable. Therefore I am
reverting to the original patch that used a boolean to indicate
that a user netlink socket has been bound.
Barriers have been added where necessary to ensure that a valid
portid and the hashed socket is visible.
I have also changed netlink_insert to only return EBUSY if the
socket is bound to a portid different to the requested one. This
combined with only reading nlk->bound once in netlink_bind fixes
a race where two threads that bind the socket at the same time
with different port IDs may both succeed.
Fixes: 1f770c0a09da ("netlink: Fix autobind race condition that leads to zero port ID")
Reported-by: Tejun Heo <tj@kernel.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nacked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-21 21:38:56 -06:00
|
|
|
bound = nlk->bound;
|
|
|
|
|
if (bound) {
|
|
|
|
|
/* Ensure nlk->portid is up-to-date. */
|
|
|
|
|
smp_rmb();
|
|
|
|
|
|
2012-09-07 14:12:54 -06:00
|
|
|
if (nladdr->nl_pid != nlk->portid)
|
2005-04-16 16:20:36 -06:00
|
|
|
return -EINVAL;
|
netlink: Replace rhash_portid with bound
On Mon, Sep 21, 2015 at 02:20:22PM -0400, Tejun Heo wrote:
>
> store_release and load_acquire are different from the usual memory
> barriers and can't be paired this way. You have to pair store_release
> and load_acquire. Besides, it isn't a particularly good idea to
OK I've decided to drop the acquire/release helpers as they don't
help us at all and simply pessimises the code by using full memory
barriers (on some architectures) where only a write or read barrier
is needed.
> depend on memory barriers embedded in other data structures like the
> above. Here, especially, rhashtable_insert() would have write barrier
> *before* the entry is hashed not necessarily *after*, which means that
> in the above case, a socket which appears to have set bound to a
> reader might not visible when the reader tries to look up the socket
> on the hashtable.
But you are right we do need an explicit write barrier here to
ensure that the hashing is visible.
> There's no reason to be overly smart here. This isn't a crazy hot
> path, write barriers tend to be very cheap, store_release more so.
> Please just do smp_store_release() and note what it's paired with.
It's not about being overly smart. It's about actually understanding
what's going on with the code. I've seen too many instances of
people simply sprinkling synchronisation primitives around without
any knowledge of what is happening underneath, which is just a recipe
for creating hard-to-debug races.
> > @@ -1539,7 +1546,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> > }
> > }
> >
> > - if (!nlk->portid) {
> > + if (!nlk->bound) {
>
> I don't think you can skip load_acquire here just because this is the
> second deref of the variable. That doesn't change anything. Race
> condition could still happen between the first and second tests and
> skipping the second would lead to the same kind of bug.
The reason this one is OK is because we do not use nlk->portid or
try to get nlk from the hash table before we return to user-space.
However, there is a real bug here that none of these acquire/release
helpers discovered. The two bound tests here used to be a single
one. Now that they are separate it is entirely possible for another
thread to come in the middle and bind the socket. So we need to
repeat the portid check in order to maintain consistency.
> > @@ -1587,7 +1594,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
> > !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
> > return -EPERM;
> >
> > - if (!nlk->portid)
> > + if (!nlk->bound)
>
> Don't we need load_acquire here too? Is this path holding a lock
> which makes that unnecessary?
Ditto.
---8<---
The commit 1f770c0a09da855a2b51af6d19de97fb955eca85 ("netlink:
Fix autobind race condition that leads to zero port ID") created
some new races that can occur due to inconcsistencies between the
two port IDs.
Tejun is right that a barrier is unavoidable. Therefore I am
reverting to the original patch that used a boolean to indicate
that a user netlink socket has been bound.
Barriers have been added where necessary to ensure that a valid
portid and the hashed socket is visible.
I have also changed netlink_insert to only return EBUSY if the
socket is bound to a portid different to the requested one. This
combined with only reading nlk->bound once in netlink_bind fixes
a race where two threads that bind the socket at the same time
with different port IDs may both succeed.
Fixes: 1f770c0a09da ("netlink: Fix autobind race condition that leads to zero port ID")
Reported-by: Tejun Heo <tj@kernel.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nacked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-21 21:38:56 -06:00
|
|
|
}
|
2014-04-22 19:31:54 -06:00
|
|
|
|
2017-09-05 21:53:29 -06:00
|
|
|
netlink_lock_table();
|
2014-04-22 19:31:54 -06:00
|
|
|
if (nlk->netlink_bind && groups) {
|
|
|
|
|
int group;
|
|
|
|
|
|
|
|
|
|
for (group = 0; group < nlk->ngroups; group++) {
|
|
|
|
|
if (!test_bit(group, &groups))
|
|
|
|
|
continue;
|
2015-01-29 02:51:53 -07:00
|
|
|
err = nlk->netlink_bind(net, group + 1);
|
2014-04-22 19:31:54 -06:00
|
|
|
if (!err)
|
|
|
|
|
continue;
|
2014-12-23 13:00:06 -07:00
|
|
|
netlink_undo_bind(group, groups, sk);
|
2017-09-05 21:53:29 -06:00
|
|
|
goto unlock;
|
2014-04-22 19:31:54 -06:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
netlink: Replace rhash_portid with bound
On Mon, Sep 21, 2015 at 02:20:22PM -0400, Tejun Heo wrote:
>
> store_release and load_acquire are different from the usual memory
> barriers and can't be paired this way. You have to pair store_release
> and load_acquire. Besides, it isn't a particularly good idea to
OK I've decided to drop the acquire/release helpers as they don't
help us at all and simply pessimises the code by using full memory
barriers (on some architectures) where only a write or read barrier
is needed.
> depend on memory barriers embedded in other data structures like the
> above. Here, especially, rhashtable_insert() would have write barrier
> *before* the entry is hashed not necessarily *after*, which means that
> in the above case, a socket which appears to have set bound to a
> reader might not visible when the reader tries to look up the socket
> on the hashtable.
But you are right we do need an explicit write barrier here to
ensure that the hashing is visible.
> There's no reason to be overly smart here. This isn't a crazy hot
> path, write barriers tend to be very cheap, store_release more so.
> Please just do smp_store_release() and note what it's paired with.
It's not about being overly smart. It's about actually understanding
what's going on with the code. I've seen too many instances of
people simply sprinkling synchronisation primitives around without
any knowledge of what is happening underneath, which is just a recipe
for creating hard-to-debug races.
> > @@ -1539,7 +1546,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> > }
> > }
> >
> > - if (!nlk->portid) {
> > + if (!nlk->bound) {
>
> I don't think you can skip load_acquire here just because this is the
> second deref of the variable. That doesn't change anything. Race
> condition could still happen between the first and second tests and
> skipping the second would lead to the same kind of bug.
The reason this one is OK is because we do not use nlk->portid or
try to get nlk from the hash table before we return to user-space.
However, there is a real bug here that none of these acquire/release
helpers discovered. The two bound tests here used to be a single
one. Now that they are separate it is entirely possible for another
thread to come in the middle and bind the socket. So we need to
repeat the portid check in order to maintain consistency.
> > @@ -1587,7 +1594,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
> > !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
> > return -EPERM;
> >
> > - if (!nlk->portid)
> > + if (!nlk->bound)
>
> Don't we need load_acquire here too? Is this path holding a lock
> which makes that unnecessary?
Ditto.
---8<---
The commit 1f770c0a09da855a2b51af6d19de97fb955eca85 ("netlink:
Fix autobind race condition that leads to zero port ID") created
some new races that can occur due to inconcsistencies between the
two port IDs.
Tejun is right that a barrier is unavoidable. Therefore I am
reverting to the original patch that used a boolean to indicate
that a user netlink socket has been bound.
Barriers have been added where necessary to ensure that a valid
portid and the hashed socket is visible.
I have also changed netlink_insert to only return EBUSY if the
socket is bound to a portid different to the requested one. This
combined with only reading nlk->bound once in netlink_bind fixes
a race where two threads that bind the socket at the same time
with different port IDs may both succeed.
Fixes: 1f770c0a09da ("netlink: Fix autobind race condition that leads to zero port ID")
Reported-by: Tejun Heo <tj@kernel.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nacked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-21 21:38:56 -06:00
|
|
|
/* No need for barriers here as we return to user-space without
|
|
|
|
|
* using any of the bound attributes.
|
|
|
|
|
*/
|
|
|
|
|
if (!bound) {
|
2005-04-16 16:20:36 -06:00
|
|
|
err = nladdr->nl_pid ?
|
2015-01-25 20:02:56 -07:00
|
|
|
netlink_insert(sk, nladdr->nl_pid) :
|
2005-04-16 16:20:36 -06:00
|
|
|
netlink_autobind(sock);
|
2014-04-22 19:31:54 -06:00
|
|
|
if (err) {
|
2014-12-23 13:00:06 -07:00
|
|
|
netlink_undo_bind(nlk->ngroups, groups, sk);
|
2017-09-05 21:53:29 -06:00
|
|
|
goto unlock;
|
2014-04-22 19:31:54 -06:00
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2014-04-22 19:31:54 -06:00
|
|
|
if (!groups && (nlk->groups == NULL || !(u32)nlk->groups[0]))
|
2017-09-05 21:53:29 -06:00
|
|
|
goto unlock;
|
|
|
|
|
netlink_unlock_table();
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
netlink_table_grab();
|
2005-08-15 13:29:13 -06:00
|
|
|
netlink_update_subscriptions(sk, nlk->subscriptions +
|
2014-04-22 19:31:54 -06:00
|
|
|
hweight32(groups) -
|
2007-02-09 07:25:07 -07:00
|
|
|
hweight32(nlk->groups[0]));
|
2014-04-22 19:31:54 -06:00
|
|
|
nlk->groups[0] = (nlk->groups[0] & ~0xffffffffUL) | groups;
|
2006-03-20 19:52:01 -07:00
|
|
|
netlink_update_listeners(sk);
|
2005-04-16 16:20:36 -06:00
|
|
|
netlink_table_ungrab();
|
|
|
|
|
|
|
|
|
|
return 0;
|
2017-09-05 21:53:29 -06:00
|
|
|
|
|
|
|
|
unlock:
|
|
|
|
|
netlink_unlock_table();
|
|
|
|
|
return err;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int netlink_connect(struct socket *sock, struct sockaddr *addr,
|
|
|
|
|
int alen, int flags)
|
|
|
|
|
{
|
|
|
|
|
int err = 0;
|
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
2007-12-04 01:19:38 -07:00
|
|
|
struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2010-03-31 16:58:26 -06:00
|
|
|
if (alen < sizeof(addr->sa_family))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
if (addr->sa_family == AF_UNSPEC) {
|
|
|
|
|
sk->sk_state = NETLINK_UNCONNECTED;
|
2012-09-07 14:12:54 -06:00
|
|
|
nlk->dst_portid = 0;
|
2005-08-14 20:27:50 -06:00
|
|
|
nlk->dst_group = 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if (addr->sa_family != AF_NETLINK)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2018-03-23 06:49:02 -06:00
|
|
|
if (alen < sizeof(struct sockaddr_nl))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2014-02-24 13:11:16 -07:00
|
|
|
if ((nladdr->nl_groups || nladdr->nl_pid) &&
|
2014-04-23 15:25:48 -06:00
|
|
|
!netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
|
2005-04-16 16:20:36 -06:00
|
|
|
return -EPERM;
|
|
|
|
|
|
netlink: Replace rhash_portid with bound
On Mon, Sep 21, 2015 at 02:20:22PM -0400, Tejun Heo wrote:
>
> store_release and load_acquire are different from the usual memory
> barriers and can't be paired this way. You have to pair store_release
> and load_acquire. Besides, it isn't a particularly good idea to
OK I've decided to drop the acquire/release helpers as they don't
help us at all and simply pessimises the code by using full memory
barriers (on some architectures) where only a write or read barrier
is needed.
> depend on memory barriers embedded in other data structures like the
> above. Here, especially, rhashtable_insert() would have write barrier
> *before* the entry is hashed not necessarily *after*, which means that
> in the above case, a socket which appears to have set bound to a
> reader might not visible when the reader tries to look up the socket
> on the hashtable.
But you are right we do need an explicit write barrier here to
ensure that the hashing is visible.
> There's no reason to be overly smart here. This isn't a crazy hot
> path, write barriers tend to be very cheap, store_release more so.
> Please just do smp_store_release() and note what it's paired with.
It's not about being overly smart. It's about actually understanding
what's going on with the code. I've seen too many instances of
people simply sprinkling synchronisation primitives around without
any knowledge of what is happening underneath, which is just a recipe
for creating hard-to-debug races.
> > @@ -1539,7 +1546,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> > }
> > }
> >
> > - if (!nlk->portid) {
> > + if (!nlk->bound) {
>
> I don't think you can skip load_acquire here just because this is the
> second deref of the variable. That doesn't change anything. Race
> condition could still happen between the first and second tests and
> skipping the second would lead to the same kind of bug.
The reason this one is OK is because we do not use nlk->portid or
try to get nlk from the hash table before we return to user-space.
However, there is a real bug here that none of these acquire/release
helpers discovered. The two bound tests here used to be a single
one. Now that they are separate it is entirely possible for another
thread to come in the middle and bind the socket. So we need to
repeat the portid check in order to maintain consistency.
> > @@ -1587,7 +1594,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
> > !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
> > return -EPERM;
> >
> > - if (!nlk->portid)
> > + if (!nlk->bound)
>
> Don't we need load_acquire here too? Is this path holding a lock
> which makes that unnecessary?
Ditto.
---8<---
The commit 1f770c0a09da855a2b51af6d19de97fb955eca85 ("netlink:
Fix autobind race condition that leads to zero port ID") created
some new races that can occur due to inconcsistencies between the
two port IDs.
Tejun is right that a barrier is unavoidable. Therefore I am
reverting to the original patch that used a boolean to indicate
that a user netlink socket has been bound.
Barriers have been added where necessary to ensure that a valid
portid and the hashed socket is visible.
I have also changed netlink_insert to only return EBUSY if the
socket is bound to a portid different to the requested one. This
combined with only reading nlk->bound once in netlink_bind fixes
a race where two threads that bind the socket at the same time
with different port IDs may both succeed.
Fixes: 1f770c0a09da ("netlink: Fix autobind race condition that leads to zero port ID")
Reported-by: Tejun Heo <tj@kernel.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nacked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-21 21:38:56 -06:00
|
|
|
/* No need for barriers here as we return to user-space without
|
|
|
|
|
* using any of the bound attributes.
|
|
|
|
|
*/
|
|
|
|
|
if (!nlk->bound)
|
2005-04-16 16:20:36 -06:00
|
|
|
err = netlink_autobind(sock);
|
|
|
|
|
|
|
|
|
|
if (err == 0) {
|
|
|
|
|
sk->sk_state = NETLINK_CONNECTED;
|
2012-09-07 14:12:54 -06:00
|
|
|
nlk->dst_portid = nladdr->nl_pid;
|
2005-08-14 20:27:50 -06:00
|
|
|
nlk->dst_group = ffs(nladdr->nl_groups);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2007-12-04 01:19:38 -07:00
|
|
|
static int netlink_getname(struct socket *sock, struct sockaddr *addr,
|
|
|
|
|
int *addr_len, int peer)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
2009-11-07 22:51:19 -07:00
|
|
|
DECLARE_SOCKADDR(struct sockaddr_nl *, nladdr, addr);
|
2007-02-09 07:25:07 -07:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
nladdr->nl_family = AF_NETLINK;
|
|
|
|
|
nladdr->nl_pad = 0;
|
|
|
|
|
*addr_len = sizeof(*nladdr);
|
|
|
|
|
|
|
|
|
|
if (peer) {
|
2012-09-07 14:12:54 -06:00
|
|
|
nladdr->nl_pid = nlk->dst_portid;
|
2005-08-14 20:27:50 -06:00
|
|
|
nladdr->nl_groups = netlink_group_mask(nlk->dst_group);
|
2005-04-16 16:20:36 -06:00
|
|
|
} else {
|
2012-09-07 14:12:54 -06:00
|
|
|
nladdr->nl_pid = nlk->portid;
|
2017-09-05 21:53:29 -06:00
|
|
|
netlink_lock_table();
|
2005-09-06 16:43:59 -06:00
|
|
|
nladdr->nl_groups = nlk->groups ? nlk->groups[0] : 0;
|
2017-09-05 21:53:29 -06:00
|
|
|
netlink_unlock_table();
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-21 11:15:35 -06:00
|
|
|
static int netlink_ioctl(struct socket *sock, unsigned int cmd,
|
|
|
|
|
unsigned long arg)
|
|
|
|
|
{
|
|
|
|
|
/* try to hand this ioctl down to the NIC drivers.
|
|
|
|
|
*/
|
|
|
|
|
return -ENOIOCTLCMD;
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-07 14:12:54 -06:00
|
|
|
static struct sock *netlink_getsockbyportid(struct sock *ssk, u32 portid)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
struct sock *sock;
|
|
|
|
|
struct netlink_sock *nlk;
|
|
|
|
|
|
2012-09-07 14:12:54 -06:00
|
|
|
sock = netlink_lookup(sock_net(ssk), ssk->sk_protocol, portid);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (!sock)
|
|
|
|
|
return ERR_PTR(-ECONNREFUSED);
|
|
|
|
|
|
|
|
|
|
/* Don't bother queuing skb if kernel socket has no input function */
|
|
|
|
|
nlk = nlk_sk(sock);
|
2007-10-10 22:15:29 -06:00
|
|
|
if (sock->sk_state == NETLINK_CONNECTED &&
|
2012-09-07 14:12:54 -06:00
|
|
|
nlk->dst_portid != nlk_sk(ssk)->portid) {
|
2005-04-16 16:20:36 -06:00
|
|
|
sock_put(sock);
|
|
|
|
|
return ERR_PTR(-ECONNREFUSED);
|
|
|
|
|
}
|
|
|
|
|
return sock;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct sock *netlink_getsockbyfilp(struct file *filp)
|
|
|
|
|
{
|
2013-01-23 15:07:38 -07:00
|
|
|
struct inode *inode = file_inode(filp);
|
2005-04-16 16:20:36 -06:00
|
|
|
struct sock *sock;
|
|
|
|
|
|
|
|
|
|
if (!S_ISSOCK(inode->i_mode))
|
|
|
|
|
return ERR_PTR(-ENOTSOCK);
|
|
|
|
|
|
|
|
|
|
sock = SOCKET_I(inode)->sk;
|
|
|
|
|
if (sock->sk_family != AF_NETLINK)
|
|
|
|
|
return ERR_PTR(-EINVAL);
|
|
|
|
|
|
|
|
|
|
sock_hold(sock);
|
|
|
|
|
return sock;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-27 19:04:23 -06:00
|
|
|
static struct sk_buff *netlink_alloc_large_skb(unsigned int size,
|
|
|
|
|
int broadcast)
|
2013-06-03 03:46:28 -06:00
|
|
|
{
|
|
|
|
|
struct sk_buff *skb;
|
|
|
|
|
void *data;
|
|
|
|
|
|
2013-06-27 19:04:23 -06:00
|
|
|
if (size <= NLMSG_GOODSIZE || broadcast)
|
2013-06-03 03:46:28 -06:00
|
|
|
return alloc_skb(size, GFP_KERNEL);
|
|
|
|
|
|
2013-06-27 19:04:23 -06:00
|
|
|
size = SKB_DATA_ALIGN(size) +
|
|
|
|
|
SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
|
2013-06-03 03:46:28 -06:00
|
|
|
|
|
|
|
|
data = vmalloc(size);
|
|
|
|
|
if (data == NULL)
|
2013-06-27 19:04:23 -06:00
|
|
|
return NULL;
|
2013-06-03 03:46:28 -06:00
|
|
|
|
2015-04-24 17:05:01 -06:00
|
|
|
skb = __build_skb(data, size);
|
2013-06-27 19:04:23 -06:00
|
|
|
if (skb == NULL)
|
|
|
|
|
vfree(data);
|
2015-04-24 17:05:01 -06:00
|
|
|
else
|
2013-06-27 19:04:23 -06:00
|
|
|
skb->destructor = netlink_skb_destructor;
|
2013-06-03 03:46:28 -06:00
|
|
|
|
|
|
|
|
return skb;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
/*
|
|
|
|
|
* Attach a skb to a netlink socket.
|
|
|
|
|
* The caller must hold a reference to the destination socket. On error, the
|
|
|
|
|
* reference is dropped. The skb is not send to the destination, just all
|
|
|
|
|
* all error checks are performed and memory in the queue is reserved.
|
|
|
|
|
* Return values:
|
|
|
|
|
* < 0: error. skb freed, reference to sock dropped.
|
|
|
|
|
* 0: continue
|
|
|
|
|
* 1: repeat lookup - reference dropped while waiting for socket memory.
|
|
|
|
|
*/
|
2008-06-05 12:23:39 -06:00
|
|
|
int netlink_attachskb(struct sock *sk, struct sk_buff *skb,
|
2007-11-07 03:42:09 -07:00
|
|
|
long *timeo, struct sock *ssk)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
struct netlink_sock *nlk;
|
|
|
|
|
|
|
|
|
|
nlk = nlk_sk(sk);
|
|
|
|
|
|
2013-04-17 00:47:03 -06:00
|
|
|
if ((atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf ||
|
netlink: remove mmapped netlink support
mmapped netlink has a number of unresolved issues:
- TX zerocopy support had to be disabled more than a year ago via
commit 4682a0358639b29cf ("netlink: Always copy on mmap TX.")
because the content of the mmapped area can change after netlink
attribute validation but before message processing.
- RX support was implemented mainly to speed up nfqueue dumping packet
payload to userspace. However, since commit ae08ce0021087a5d812d2
("netfilter: nfnetlink_queue: zero copy support") we avoid one copy
with the socket-based interface too (via the skb_zerocopy helper).
The other problem is that skbs attached to mmaped netlink socket
behave different from normal skbs:
- they don't have a shinfo area, so all functions that use skb_shinfo()
(e.g. skb_clone) cannot be used.
- reserving headroom prevents userspace from seeing the content as
it expects message to start at skb->head.
See for instance
commit aa3a022094fa ("netlink: not trim skb for mmaped socket when dump").
- skbs handed e.g. to netlink_ack must have non-NULL skb->sk, else we
crash because it needs the sk to check if a tx ring is attached.
Also not obvious, leads to non-intuitive bug fixes such as 7c7bdf359
("netfilter: nfnetlink: use original skbuff when acking batches").
mmaped netlink also didn't play nicely with the skb_zerocopy helper
used by nfqueue and openvswitch. Daniel Borkmann fixed this via
commit 6bb0fef489f6 ("netlink, mmap: fix edge-case leakages in nf queue
zero-copy")' but at the cost of also needing to provide remaining
length to the allocation function.
nfqueue also has problems when used with mmaped rx netlink:
- mmaped netlink doesn't allow use of nfqueue batch verdict messages.
Problem is that in the mmap case, the allocation time also determines
the ordering in which the frame will be seen by userspace (A
allocating before B means that A is located in earlier ring slot,
but this also means that B might get a lower sequence number then A
since seqno is decided later. To fix this we would need to extend the
spinlocked region to also cover the allocation and message setup which
isn't desirable.
- nfqueue can now be configured to queue large (GSO) skbs to userspace.
Queing GSO packets is faster than having to force a software segmentation
in the kernel, so this is a desirable option. However, with a mmap based
ring one has to use 64kb per ring slot element, else mmap has to fall back
to the socket path (NL_MMAP_STATUS_COPY) for all large packets.
To use the mmap interface, userspace not only has to probe for mmap netlink
support, it also has to implement a recv/socket receive path in order to
handle messages that exceed the size of an rx ring element.
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-18 07:03:24 -07:00
|
|
|
test_bit(NETLINK_S_CONGESTED, &nlk->state))) {
|
2005-04-16 16:20:36 -06:00
|
|
|
DECLARE_WAITQUEUE(wait, current);
|
2007-11-07 03:42:09 -07:00
|
|
|
if (!*timeo) {
|
2007-10-10 22:14:32 -06:00
|
|
|
if (!ssk || netlink_is_kernel(ssk))
|
2005-04-16 16:20:36 -06:00
|
|
|
netlink_overrun(sk);
|
|
|
|
|
sock_put(sk);
|
|
|
|
|
kfree_skb(skb);
|
|
|
|
|
return -EAGAIN;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
__set_current_state(TASK_INTERRUPTIBLE);
|
|
|
|
|
add_wait_queue(&nlk->wait, &wait);
|
|
|
|
|
|
|
|
|
|
if ((atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf ||
|
2015-05-07 03:02:52 -06:00
|
|
|
test_bit(NETLINK_S_CONGESTED, &nlk->state)) &&
|
2005-04-16 16:20:36 -06:00
|
|
|
!sock_flag(sk, SOCK_DEAD))
|
2007-11-07 03:42:09 -07:00
|
|
|
*timeo = schedule_timeout(*timeo);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
__set_current_state(TASK_RUNNING);
|
|
|
|
|
remove_wait_queue(&nlk->wait, &wait);
|
|
|
|
|
sock_put(sk);
|
|
|
|
|
|
|
|
|
|
if (signal_pending(current)) {
|
|
|
|
|
kfree_skb(skb);
|
2007-11-07 03:42:09 -07:00
|
|
|
return sock_intr_errno(*timeo);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2013-04-17 00:47:00 -06:00
|
|
|
netlink_skb_set_owner_r(skb, sk);
|
2005-04-16 16:20:36 -06:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-04-05 16:17:46 -06:00
|
|
|
static int __netlink_sendskb(struct sock *sk, struct sk_buff *skb)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
int len = skb->len;
|
|
|
|
|
|
2013-06-21 11:38:07 -06:00
|
|
|
netlink_deliver_tap(skb);
|
|
|
|
|
|
netlink: remove mmapped netlink support
mmapped netlink has a number of unresolved issues:
- TX zerocopy support had to be disabled more than a year ago via
commit 4682a0358639b29cf ("netlink: Always copy on mmap TX.")
because the content of the mmapped area can change after netlink
attribute validation but before message processing.
- RX support was implemented mainly to speed up nfqueue dumping packet
payload to userspace. However, since commit ae08ce0021087a5d812d2
("netfilter: nfnetlink_queue: zero copy support") we avoid one copy
with the socket-based interface too (via the skb_zerocopy helper).
The other problem is that skbs attached to mmaped netlink socket
behave different from normal skbs:
- they don't have a shinfo area, so all functions that use skb_shinfo()
(e.g. skb_clone) cannot be used.
- reserving headroom prevents userspace from seeing the content as
it expects message to start at skb->head.
See for instance
commit aa3a022094fa ("netlink: not trim skb for mmaped socket when dump").
- skbs handed e.g. to netlink_ack must have non-NULL skb->sk, else we
crash because it needs the sk to check if a tx ring is attached.
Also not obvious, leads to non-intuitive bug fixes such as 7c7bdf359
("netfilter: nfnetlink: use original skbuff when acking batches").
mmaped netlink also didn't play nicely with the skb_zerocopy helper
used by nfqueue and openvswitch. Daniel Borkmann fixed this via
commit 6bb0fef489f6 ("netlink, mmap: fix edge-case leakages in nf queue
zero-copy")' but at the cost of also needing to provide remaining
length to the allocation function.
nfqueue also has problems when used with mmaped rx netlink:
- mmaped netlink doesn't allow use of nfqueue batch verdict messages.
Problem is that in the mmap case, the allocation time also determines
the ordering in which the frame will be seen by userspace (A
allocating before B means that A is located in earlier ring slot,
but this also means that B might get a lower sequence number then A
since seqno is decided later. To fix this we would need to extend the
spinlocked region to also cover the allocation and message setup which
isn't desirable.
- nfqueue can now be configured to queue large (GSO) skbs to userspace.
Queing GSO packets is faster than having to force a software segmentation
in the kernel, so this is a desirable option. However, with a mmap based
ring one has to use 64kb per ring slot element, else mmap has to fall back
to the socket path (NL_MMAP_STATUS_COPY) for all large packets.
To use the mmap interface, userspace not only has to probe for mmap netlink
support, it also has to implement a recv/socket receive path in order to
handle messages that exceed the size of an rx ring element.
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-18 07:03:24 -07:00
|
|
|
skb_queue_tail(&sk->sk_receive_queue, skb);
|
2014-04-11 14:15:36 -06:00
|
|
|
sk->sk_data_ready(sk);
|
2012-04-05 16:17:46 -06:00
|
|
|
return len;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int netlink_sendskb(struct sock *sk, struct sk_buff *skb)
|
|
|
|
|
{
|
|
|
|
|
int len = __netlink_sendskb(sk, skb);
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
sock_put(sk);
|
|
|
|
|
return len;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void netlink_detachskb(struct sock *sk, struct sk_buff *skb)
|
|
|
|
|
{
|
|
|
|
|
kfree_skb(skb);
|
|
|
|
|
sock_put(sk);
|
|
|
|
|
}
|
|
|
|
|
|
2011-12-22 01:52:02 -07:00
|
|
|
static struct sk_buff *netlink_trim(struct sk_buff *skb, gfp_t allocation)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
int delta;
|
|
|
|
|
|
2013-04-17 00:46:59 -06:00
|
|
|
WARN_ON(skb->sk != NULL);
|
2007-04-19 21:43:29 -06:00
|
|
|
delta = skb->end - skb->tail;
|
2013-06-03 03:46:28 -06:00
|
|
|
if (is_vmalloc_addr(skb->head) || delta * 2 < skb->truesize)
|
2005-04-16 16:20:36 -06:00
|
|
|
return skb;
|
|
|
|
|
|
|
|
|
|
if (skb_shared(skb)) {
|
|
|
|
|
struct sk_buff *nskb = skb_clone(skb, allocation);
|
|
|
|
|
if (!nskb)
|
|
|
|
|
return skb;
|
2012-04-18 20:24:28 -06:00
|
|
|
consume_skb(skb);
|
2005-04-16 16:20:36 -06:00
|
|
|
skb = nskb;
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-27 08:11:27 -07:00
|
|
|
pskb_expand_head(skb, 0, -delta,
|
|
|
|
|
(allocation & ~__GFP_DIRECT_RECLAIM) |
|
|
|
|
|
__GFP_NOWARN | __GFP_NORETRY);
|
2005-04-16 16:20:36 -06:00
|
|
|
return skb;
|
|
|
|
|
}
|
|
|
|
|
|
2012-05-24 17:21:27 -06:00
|
|
|
static int netlink_unicast_kernel(struct sock *sk, struct sk_buff *skb,
|
|
|
|
|
struct sock *ssk)
|
2007-10-10 22:15:29 -06:00
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
|
|
|
|
|
|
|
|
|
ret = -ECONNREFUSED;
|
|
|
|
|
if (nlk->netlink_rcv != NULL) {
|
|
|
|
|
ret = skb->len;
|
2013-04-17 00:47:00 -06:00
|
|
|
netlink_skb_set_owner_r(skb, sk);
|
2013-04-17 00:46:57 -06:00
|
|
|
NETLINK_CB(skb).sk = ssk;
|
2013-12-23 06:35:55 -07:00
|
|
|
netlink_deliver_tap_kernel(sk, ssk, skb);
|
2007-10-10 22:15:29 -06:00
|
|
|
nlk->netlink_rcv(skb);
|
2012-04-22 15:30:29 -06:00
|
|
|
consume_skb(skb);
|
|
|
|
|
} else {
|
|
|
|
|
kfree_skb(skb);
|
2007-10-10 22:15:29 -06:00
|
|
|
}
|
|
|
|
|
sock_put(sk);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int netlink_unicast(struct sock *ssk, struct sk_buff *skb,
|
2012-09-07 14:12:54 -06:00
|
|
|
u32 portid, int nonblock)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
struct sock *sk;
|
|
|
|
|
int err;
|
|
|
|
|
long timeo;
|
|
|
|
|
|
|
|
|
|
skb = netlink_trim(skb, gfp_any());
|
|
|
|
|
|
|
|
|
|
timeo = sock_sndtimeo(ssk, nonblock);
|
|
|
|
|
retry:
|
2012-09-07 14:12:54 -06:00
|
|
|
sk = netlink_getsockbyportid(ssk, portid);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (IS_ERR(sk)) {
|
|
|
|
|
kfree_skb(skb);
|
|
|
|
|
return PTR_ERR(sk);
|
|
|
|
|
}
|
2007-10-10 22:15:29 -06:00
|
|
|
if (netlink_is_kernel(sk))
|
2012-05-24 17:21:27 -06:00
|
|
|
return netlink_unicast_kernel(sk, skb, ssk);
|
2007-10-10 22:15:29 -06:00
|
|
|
|
2008-03-21 16:46:12 -06:00
|
|
|
if (sk_filter(sk, skb)) {
|
2008-07-01 20:55:09 -06:00
|
|
|
err = skb->len;
|
2008-03-21 16:46:12 -06:00
|
|
|
kfree_skb(skb);
|
|
|
|
|
sock_put(sk);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2008-06-05 12:23:39 -06:00
|
|
|
err = netlink_attachskb(sk, skb, &timeo, ssk);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (err == 1)
|
|
|
|
|
goto retry;
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
|
|
|
|
|
2007-10-10 22:14:03 -06:00
|
|
|
return netlink_sendskb(sk, skb);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2007-12-04 01:19:38 -07:00
|
|
|
EXPORT_SYMBOL(netlink_unicast);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2006-03-20 19:52:01 -07:00
|
|
|
int netlink_has_listeners(struct sock *sk, unsigned int group)
|
|
|
|
|
{
|
|
|
|
|
int res = 0;
|
2010-10-23 22:27:10 -06:00
|
|
|
struct listeners *listeners;
|
2006-03-20 19:52:01 -07:00
|
|
|
|
2007-10-10 22:14:32 -06:00
|
|
|
BUG_ON(!netlink_is_kernel(sk));
|
2007-07-18 16:46:06 -06:00
|
|
|
|
|
|
|
|
rcu_read_lock();
|
|
|
|
|
listeners = rcu_dereference(nl_table[sk->sk_protocol].listeners);
|
|
|
|
|
|
2012-10-17 21:21:55 -06:00
|
|
|
if (listeners && group - 1 < nl_table[sk->sk_protocol].groups)
|
2010-10-23 22:27:10 -06:00
|
|
|
res = test_bit(group - 1, listeners->masks);
|
2007-07-18 16:46:06 -06:00
|
|
|
|
|
|
|
|
rcu_read_unlock();
|
|
|
|
|
|
2006-03-20 19:52:01 -07:00
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(netlink_has_listeners);
|
|
|
|
|
|
2011-12-22 01:52:02 -07:00
|
|
|
static int netlink_broadcast_deliver(struct sock *sk, struct sk_buff *skb)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
|
|
|
|
|
|
|
|
|
if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf &&
|
2015-05-07 03:02:52 -06:00
|
|
|
!test_bit(NETLINK_S_CONGESTED, &nlk->state)) {
|
2013-04-17 00:47:00 -06:00
|
|
|
netlink_skb_set_owner_r(skb, sk);
|
2012-04-05 16:17:46 -06:00
|
|
|
__netlink_sendskb(sk, skb);
|
2011-12-22 01:52:03 -07:00
|
|
|
return atomic_read(&sk->sk_rmem_alloc) > (sk->sk_rcvbuf >> 1);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct netlink_broadcast_data {
|
|
|
|
|
struct sock *exclude_sk;
|
2007-09-12 05:05:38 -06:00
|
|
|
struct net *net;
|
2012-09-07 14:12:54 -06:00
|
|
|
u32 portid;
|
2005-04-16 16:20:36 -06:00
|
|
|
u32 group;
|
|
|
|
|
int failure;
|
netlink: change return-value logic of netlink_broadcast()
Currently, netlink_broadcast() reports errors to the caller if no
messages at all were delivered:
1) If, at least, one message has been delivered correctly, returns 0.
2) Otherwise, if no messages at all were delivered due to skb_clone()
failure, return -ENOBUFS.
3) Otherwise, if there are no listeners, return -ESRCH.
With this patch, the caller knows if the delivery of any of the
messages to the listeners have failed:
1) If it fails to deliver any message (for whatever reason), return
-ENOBUFS.
2) Otherwise, if all messages were delivered OK, returns 0.
3) Otherwise, if no listeners, return -ESRCH.
In the current ctnetlink code and in Netfilter in general, we can add
reliable logging and connection tracking event delivery by dropping the
packets whose events were not successfully delivered over Netlink. Of
course, this option would be settable via /proc as this approach reduces
performance (in terms of filtered connections per seconds by a stateful
firewall) but providing reliable logging and event delivery (for
conntrackd) in return.
This patch also changes some clients of netlink_broadcast() that
may report ENOBUFS errors via printk. This error handling is not
of any help. Instead, the userspace daemons that are listening to
those netlink messages should resync themselves with the kernel-side
if they hit ENOBUFS.
BTW, netlink_broadcast() clients include those that call
cn_netlink_send(), nlmsg_multicast() and genlmsg_multicast() since they
internally call netlink_broadcast() and return its error value.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-06 00:56:36 -07:00
|
|
|
int delivery_failure;
|
2005-04-16 16:20:36 -06:00
|
|
|
int congested;
|
|
|
|
|
int delivered;
|
2005-10-21 01:20:43 -06:00
|
|
|
gfp_t allocation;
|
2005-04-16 16:20:36 -06:00
|
|
|
struct sk_buff *skb, *skb2;
|
2010-05-04 18:36:46 -06:00
|
|
|
int (*tx_filter)(struct sock *dsk, struct sk_buff *skb, void *data);
|
|
|
|
|
void *tx_data;
|
2005-04-16 16:20:36 -06:00
|
|
|
};
|
|
|
|
|
|
2014-07-01 12:17:35 -06:00
|
|
|
static void do_one_broadcast(struct sock *sk,
|
|
|
|
|
struct netlink_broadcast_data *p)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
|
|
|
|
int val;
|
|
|
|
|
|
|
|
|
|
if (p->exclude_sk == sk)
|
2014-07-01 12:17:35 -06:00
|
|
|
return;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2012-09-07 14:12:54 -06:00
|
|
|
if (nlk->portid == p->portid || p->group - 1 >= nlk->ngroups ||
|
2005-08-15 13:29:13 -06:00
|
|
|
!test_bit(p->group - 1, nlk->groups))
|
2014-07-01 12:17:35 -06:00
|
|
|
return;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-05-07 03:02:53 -06:00
|
|
|
if (!net_eq(sock_net(sk), p->net)) {
|
|
|
|
|
if (!(nlk->flags & NETLINK_F_LISTEN_ALL_NSID))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (!peernet_has_id(sock_net(sk), p->net))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (!file_ns_capable(sk->sk_socket->file, p->net->user_ns,
|
|
|
|
|
CAP_NET_BROADCAST))
|
|
|
|
|
return;
|
|
|
|
|
}
|
2007-09-12 05:05:38 -06:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
if (p->failure) {
|
|
|
|
|
netlink_overrun(sk);
|
2014-07-01 12:17:35 -06:00
|
|
|
return;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sock_hold(sk);
|
|
|
|
|
if (p->skb2 == NULL) {
|
2005-05-19 14:06:35 -06:00
|
|
|
if (skb_shared(p->skb)) {
|
2005-04-16 16:20:36 -06:00
|
|
|
p->skb2 = skb_clone(p->skb, p->allocation);
|
|
|
|
|
} else {
|
2005-05-19 14:06:35 -06:00
|
|
|
p->skb2 = skb_get(p->skb);
|
|
|
|
|
/*
|
|
|
|
|
* skb ownership may have been set when
|
|
|
|
|
* delivered to a previous socket.
|
|
|
|
|
*/
|
|
|
|
|
skb_orphan(p->skb2);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (p->skb2 == NULL) {
|
|
|
|
|
netlink_overrun(sk);
|
|
|
|
|
/* Clone failed. Notify ALL listeners. */
|
|
|
|
|
p->failure = 1;
|
2015-05-07 03:02:52 -06:00
|
|
|
if (nlk->flags & NETLINK_F_BROADCAST_SEND_ERROR)
|
2009-02-17 18:40:43 -07:00
|
|
|
p->delivery_failure = 1;
|
2015-05-07 03:02:53 -06:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if (p->tx_filter && p->tx_filter(sk, p->skb2, p->tx_data)) {
|
2010-05-04 18:36:46 -06:00
|
|
|
kfree_skb(p->skb2);
|
|
|
|
|
p->skb2 = NULL;
|
2015-05-07 03:02:53 -06:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if (sk_filter(sk, p->skb2)) {
|
2008-03-21 16:46:12 -06:00
|
|
|
kfree_skb(p->skb2);
|
|
|
|
|
p->skb2 = NULL;
|
2015-05-07 03:02:53 -06:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
NETLINK_CB(p->skb2).nsid = peernet2id(sock_net(sk), p->net);
|
2017-06-01 02:00:07 -06:00
|
|
|
if (NETLINK_CB(p->skb2).nsid != NETNSA_NSID_NOT_ASSIGNED)
|
|
|
|
|
NETLINK_CB(p->skb2).nsid_is_set = true;
|
2015-05-07 03:02:53 -06:00
|
|
|
val = netlink_broadcast_deliver(sk, p->skb2);
|
|
|
|
|
if (val < 0) {
|
2005-04-16 16:20:36 -06:00
|
|
|
netlink_overrun(sk);
|
2015-05-07 03:02:52 -06:00
|
|
|
if (nlk->flags & NETLINK_F_BROADCAST_SEND_ERROR)
|
2009-02-17 18:40:43 -07:00
|
|
|
p->delivery_failure = 1;
|
2005-04-16 16:20:36 -06:00
|
|
|
} else {
|
|
|
|
|
p->congested |= val;
|
|
|
|
|
p->delivered = 1;
|
|
|
|
|
p->skb2 = NULL;
|
|
|
|
|
}
|
2015-05-07 03:02:53 -06:00
|
|
|
out:
|
2005-04-16 16:20:36 -06:00
|
|
|
sock_put(sk);
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-07 14:12:54 -06:00
|
|
|
int netlink_broadcast_filtered(struct sock *ssk, struct sk_buff *skb, u32 portid,
|
2010-05-04 18:36:46 -06:00
|
|
|
u32 group, gfp_t allocation,
|
|
|
|
|
int (*filter)(struct sock *dsk, struct sk_buff *skb, void *data),
|
|
|
|
|
void *filter_data)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2008-03-25 11:26:21 -06:00
|
|
|
struct net *net = sock_net(ssk);
|
2005-04-16 16:20:36 -06:00
|
|
|
struct netlink_broadcast_data info;
|
|
|
|
|
struct sock *sk;
|
|
|
|
|
|
|
|
|
|
skb = netlink_trim(skb, allocation);
|
|
|
|
|
|
|
|
|
|
info.exclude_sk = ssk;
|
2007-09-12 05:05:38 -06:00
|
|
|
info.net = net;
|
2012-09-07 14:12:54 -06:00
|
|
|
info.portid = portid;
|
2005-04-16 16:20:36 -06:00
|
|
|
info.group = group;
|
|
|
|
|
info.failure = 0;
|
netlink: change return-value logic of netlink_broadcast()
Currently, netlink_broadcast() reports errors to the caller if no
messages at all were delivered:
1) If, at least, one message has been delivered correctly, returns 0.
2) Otherwise, if no messages at all were delivered due to skb_clone()
failure, return -ENOBUFS.
3) Otherwise, if there are no listeners, return -ESRCH.
With this patch, the caller knows if the delivery of any of the
messages to the listeners have failed:
1) If it fails to deliver any message (for whatever reason), return
-ENOBUFS.
2) Otherwise, if all messages were delivered OK, returns 0.
3) Otherwise, if no listeners, return -ESRCH.
In the current ctnetlink code and in Netfilter in general, we can add
reliable logging and connection tracking event delivery by dropping the
packets whose events were not successfully delivered over Netlink. Of
course, this option would be settable via /proc as this approach reduces
performance (in terms of filtered connections per seconds by a stateful
firewall) but providing reliable logging and event delivery (for
conntrackd) in return.
This patch also changes some clients of netlink_broadcast() that
may report ENOBUFS errors via printk. This error handling is not
of any help. Instead, the userspace daemons that are listening to
those netlink messages should resync themselves with the kernel-side
if they hit ENOBUFS.
BTW, netlink_broadcast() clients include those that call
cn_netlink_send(), nlmsg_multicast() and genlmsg_multicast() since they
internally call netlink_broadcast() and return its error value.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-06 00:56:36 -07:00
|
|
|
info.delivery_failure = 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
info.congested = 0;
|
|
|
|
|
info.delivered = 0;
|
|
|
|
|
info.allocation = allocation;
|
|
|
|
|
info.skb = skb;
|
|
|
|
|
info.skb2 = NULL;
|
2010-05-04 18:36:46 -06:00
|
|
|
info.tx_filter = filter;
|
|
|
|
|
info.tx_data = filter_data;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
/* While we sleep in clone, do not allow to change socket list */
|
|
|
|
|
|
|
|
|
|
netlink_lock_table();
|
|
|
|
|
|
hlist: drop the node parameter from iterators
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.
Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.
The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
type T;
expression a,c,d,e;
identifier b;
statement S;
@@
-T b;
<+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
...+>
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-27 18:06:00 -07:00
|
|
|
sk_for_each_bound(sk, &nl_table[ssk->sk_protocol].mc_list)
|
2005-04-16 16:20:36 -06:00
|
|
|
do_one_broadcast(sk, &info);
|
|
|
|
|
|
2010-07-20 00:45:56 -06:00
|
|
|
consume_skb(skb);
|
2005-05-19 14:07:32 -06:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
netlink_unlock_table();
|
|
|
|
|
|
2010-07-20 00:45:56 -06:00
|
|
|
if (info.delivery_failure) {
|
|
|
|
|
kfree_skb(info.skb2);
|
netlink: change return-value logic of netlink_broadcast()
Currently, netlink_broadcast() reports errors to the caller if no
messages at all were delivered:
1) If, at least, one message has been delivered correctly, returns 0.
2) Otherwise, if no messages at all were delivered due to skb_clone()
failure, return -ENOBUFS.
3) Otherwise, if there are no listeners, return -ESRCH.
With this patch, the caller knows if the delivery of any of the
messages to the listeners have failed:
1) If it fails to deliver any message (for whatever reason), return
-ENOBUFS.
2) Otherwise, if all messages were delivered OK, returns 0.
3) Otherwise, if no listeners, return -ESRCH.
In the current ctnetlink code and in Netfilter in general, we can add
reliable logging and connection tracking event delivery by dropping the
packets whose events were not successfully delivered over Netlink. Of
course, this option would be settable via /proc as this approach reduces
performance (in terms of filtered connections per seconds by a stateful
firewall) but providing reliable logging and event delivery (for
conntrackd) in return.
This patch also changes some clients of netlink_broadcast() that
may report ENOBUFS errors via printk. This error handling is not
of any help. Instead, the userspace daemons that are listening to
those netlink messages should resync themselves with the kernel-side
if they hit ENOBUFS.
BTW, netlink_broadcast() clients include those that call
cn_netlink_send(), nlmsg_multicast() and genlmsg_multicast() since they
internally call netlink_broadcast() and return its error value.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-06 00:56:36 -07:00
|
|
|
return -ENOBUFS;
|
2012-04-22 15:30:21 -06:00
|
|
|
}
|
|
|
|
|
consume_skb(info.skb2);
|
netlink: change return-value logic of netlink_broadcast()
Currently, netlink_broadcast() reports errors to the caller if no
messages at all were delivered:
1) If, at least, one message has been delivered correctly, returns 0.
2) Otherwise, if no messages at all were delivered due to skb_clone()
failure, return -ENOBUFS.
3) Otherwise, if there are no listeners, return -ESRCH.
With this patch, the caller knows if the delivery of any of the
messages to the listeners have failed:
1) If it fails to deliver any message (for whatever reason), return
-ENOBUFS.
2) Otherwise, if all messages were delivered OK, returns 0.
3) Otherwise, if no listeners, return -ESRCH.
In the current ctnetlink code and in Netfilter in general, we can add
reliable logging and connection tracking event delivery by dropping the
packets whose events were not successfully delivered over Netlink. Of
course, this option would be settable via /proc as this approach reduces
performance (in terms of filtered connections per seconds by a stateful
firewall) but providing reliable logging and event delivery (for
conntrackd) in return.
This patch also changes some clients of netlink_broadcast() that
may report ENOBUFS errors via printk. This error handling is not
of any help. Instead, the userspace daemons that are listening to
those netlink messages should resync themselves with the kernel-side
if they hit ENOBUFS.
BTW, netlink_broadcast() clients include those that call
cn_netlink_send(), nlmsg_multicast() and genlmsg_multicast() since they
internally call netlink_broadcast() and return its error value.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-06 00:56:36 -07:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
if (info.delivered) {
|
2015-11-06 17:28:21 -07:00
|
|
|
if (info.congested && gfpflags_allow_blocking(allocation))
|
2005-04-16 16:20:36 -06:00
|
|
|
yield();
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
return -ESRCH;
|
|
|
|
|
}
|
2010-05-04 18:36:46 -06:00
|
|
|
EXPORT_SYMBOL(netlink_broadcast_filtered);
|
|
|
|
|
|
2012-09-07 14:12:54 -06:00
|
|
|
int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, u32 portid,
|
2010-05-04 18:36:46 -06:00
|
|
|
u32 group, gfp_t allocation)
|
|
|
|
|
{
|
2012-09-07 14:12:54 -06:00
|
|
|
return netlink_broadcast_filtered(ssk, skb, portid, group, allocation,
|
2010-05-04 18:36:46 -06:00
|
|
|
NULL, NULL);
|
|
|
|
|
}
|
2007-12-04 01:19:38 -07:00
|
|
|
EXPORT_SYMBOL(netlink_broadcast);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
struct netlink_set_err_data {
|
|
|
|
|
struct sock *exclude_sk;
|
2012-09-07 14:12:54 -06:00
|
|
|
u32 portid;
|
2005-04-16 16:20:36 -06:00
|
|
|
u32 group;
|
|
|
|
|
int code;
|
|
|
|
|
};
|
|
|
|
|
|
2011-12-22 01:52:02 -07:00
|
|
|
static int do_one_set_err(struct sock *sk, struct netlink_set_err_data *p)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
2010-03-18 08:24:42 -06:00
|
|
|
int ret = 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
if (sk == p->exclude_sk)
|
|
|
|
|
goto out;
|
|
|
|
|
|
2009-11-25 16:14:13 -07:00
|
|
|
if (!net_eq(sock_net(sk), sock_net(p->exclude_sk)))
|
2007-09-12 05:05:38 -06:00
|
|
|
goto out;
|
|
|
|
|
|
2012-09-07 14:12:54 -06:00
|
|
|
if (nlk->portid == p->portid || p->group - 1 >= nlk->ngroups ||
|
2005-08-15 13:29:13 -06:00
|
|
|
!test_bit(p->group - 1, nlk->groups))
|
2005-04-16 16:20:36 -06:00
|
|
|
goto out;
|
|
|
|
|
|
2015-05-07 03:02:52 -06:00
|
|
|
if (p->code == ENOBUFS && nlk->flags & NETLINK_F_RECV_NO_ENOBUFS) {
|
2010-03-18 08:24:42 -06:00
|
|
|
ret = 1;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
sk->sk_err = p->code;
|
|
|
|
|
sk->sk_error_report(sk);
|
|
|
|
|
out:
|
2010-03-18 08:24:42 -06:00
|
|
|
return ret;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2009-03-04 00:37:30 -07:00
|
|
|
/**
|
|
|
|
|
* netlink_set_err - report error to broadcast listeners
|
|
|
|
|
* @ssk: the kernel netlink socket, as returned by netlink_kernel_create()
|
2012-09-07 14:12:54 -06:00
|
|
|
* @portid: the PORTID of a process that we want to skip (if any)
|
2013-11-19 02:35:40 -07:00
|
|
|
* @group: the broadcast group that will notice the error
|
2009-03-04 00:37:30 -07:00
|
|
|
* @code: error code, must be negative (as usual in kernelspace)
|
2010-03-18 08:24:42 -06:00
|
|
|
*
|
|
|
|
|
* This function returns the number of broadcast listeners that have set the
|
2015-05-07 03:02:52 -06:00
|
|
|
* NETLINK_NO_ENOBUFS socket option.
|
2009-03-04 00:37:30 -07:00
|
|
|
*/
|
2012-09-07 14:12:54 -06:00
|
|
|
int netlink_set_err(struct sock *ssk, u32 portid, u32 group, int code)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
struct netlink_set_err_data info;
|
|
|
|
|
struct sock *sk;
|
2010-03-18 08:24:42 -06:00
|
|
|
int ret = 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
info.exclude_sk = ssk;
|
2012-09-07 14:12:54 -06:00
|
|
|
info.portid = portid;
|
2005-04-16 16:20:36 -06:00
|
|
|
info.group = group;
|
2009-03-04 00:37:30 -07:00
|
|
|
/* sk->sk_err wants a positive error value */
|
|
|
|
|
info.code = -code;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
read_lock(&nl_table_lock);
|
|
|
|
|
|
hlist: drop the node parameter from iterators
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.
Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.
The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
type T;
expression a,c,d,e;
identifier b;
statement S;
@@
-T b;
<+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
...+>
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-27 18:06:00 -07:00
|
|
|
sk_for_each_bound(sk, &nl_table[ssk->sk_protocol].mc_list)
|
2010-03-18 08:24:42 -06:00
|
|
|
ret += do_one_set_err(sk, &info);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
read_unlock(&nl_table_lock);
|
2010-03-18 08:24:42 -06:00
|
|
|
return ret;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2009-03-23 06:21:06 -06:00
|
|
|
EXPORT_SYMBOL(netlink_set_err);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2007-07-18 16:47:05 -06:00
|
|
|
/* must be called with netlink table grabbed */
|
|
|
|
|
static void netlink_update_socket_mc(struct netlink_sock *nlk,
|
|
|
|
|
unsigned int group,
|
|
|
|
|
int is_new)
|
|
|
|
|
{
|
|
|
|
|
int old, new = !!is_new, subscriptions;
|
|
|
|
|
|
|
|
|
|
old = test_bit(group - 1, nlk->groups);
|
|
|
|
|
subscriptions = nlk->subscriptions - old + new;
|
|
|
|
|
if (new)
|
|
|
|
|
__set_bit(group - 1, nlk->groups);
|
|
|
|
|
else
|
|
|
|
|
__clear_bit(group - 1, nlk->groups);
|
|
|
|
|
netlink_update_subscriptions(&nlk->sk, subscriptions);
|
|
|
|
|
netlink_update_listeners(&nlk->sk);
|
|
|
|
|
}
|
|
|
|
|
|
2005-08-15 13:32:15 -06:00
|
|
|
static int netlink_setsockopt(struct socket *sock, int level, int optname,
|
2009-09-30 17:12:20 -06:00
|
|
|
char __user *optval, unsigned int optlen)
|
2005-08-15 13:32:15 -06:00
|
|
|
{
|
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
2007-07-18 03:07:51 -06:00
|
|
|
unsigned int val = 0;
|
|
|
|
|
int err;
|
2005-08-15 13:32:15 -06:00
|
|
|
|
|
|
|
|
if (level != SOL_NETLINK)
|
|
|
|
|
return -ENOPROTOOPT;
|
|
|
|
|
|
netlink: remove mmapped netlink support
mmapped netlink has a number of unresolved issues:
- TX zerocopy support had to be disabled more than a year ago via
commit 4682a0358639b29cf ("netlink: Always copy on mmap TX.")
because the content of the mmapped area can change after netlink
attribute validation but before message processing.
- RX support was implemented mainly to speed up nfqueue dumping packet
payload to userspace. However, since commit ae08ce0021087a5d812d2
("netfilter: nfnetlink_queue: zero copy support") we avoid one copy
with the socket-based interface too (via the skb_zerocopy helper).
The other problem is that skbs attached to mmaped netlink socket
behave different from normal skbs:
- they don't have a shinfo area, so all functions that use skb_shinfo()
(e.g. skb_clone) cannot be used.
- reserving headroom prevents userspace from seeing the content as
it expects message to start at skb->head.
See for instance
commit aa3a022094fa ("netlink: not trim skb for mmaped socket when dump").
- skbs handed e.g. to netlink_ack must have non-NULL skb->sk, else we
crash because it needs the sk to check if a tx ring is attached.
Also not obvious, leads to non-intuitive bug fixes such as 7c7bdf359
("netfilter: nfnetlink: use original skbuff when acking batches").
mmaped netlink also didn't play nicely with the skb_zerocopy helper
used by nfqueue and openvswitch. Daniel Borkmann fixed this via
commit 6bb0fef489f6 ("netlink, mmap: fix edge-case leakages in nf queue
zero-copy")' but at the cost of also needing to provide remaining
length to the allocation function.
nfqueue also has problems when used with mmaped rx netlink:
- mmaped netlink doesn't allow use of nfqueue batch verdict messages.
Problem is that in the mmap case, the allocation time also determines
the ordering in which the frame will be seen by userspace (A
allocating before B means that A is located in earlier ring slot,
but this also means that B might get a lower sequence number then A
since seqno is decided later. To fix this we would need to extend the
spinlocked region to also cover the allocation and message setup which
isn't desirable.
- nfqueue can now be configured to queue large (GSO) skbs to userspace.
Queing GSO packets is faster than having to force a software segmentation
in the kernel, so this is a desirable option. However, with a mmap based
ring one has to use 64kb per ring slot element, else mmap has to fall back
to the socket path (NL_MMAP_STATUS_COPY) for all large packets.
To use the mmap interface, userspace not only has to probe for mmap netlink
support, it also has to implement a recv/socket receive path in order to
handle messages that exceed the size of an rx ring element.
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-18 07:03:24 -07:00
|
|
|
if (optlen >= sizeof(int) &&
|
2007-07-18 03:07:51 -06:00
|
|
|
get_user(val, (unsigned int __user *)optval))
|
2005-08-15 13:32:15 -06:00
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
|
|
switch (optname) {
|
|
|
|
|
case NETLINK_PKTINFO:
|
|
|
|
|
if (val)
|
2015-05-07 03:02:52 -06:00
|
|
|
nlk->flags |= NETLINK_F_RECV_PKTINFO;
|
2005-08-15 13:32:15 -06:00
|
|
|
else
|
2015-05-07 03:02:52 -06:00
|
|
|
nlk->flags &= ~NETLINK_F_RECV_PKTINFO;
|
2005-08-15 13:32:15 -06:00
|
|
|
err = 0;
|
|
|
|
|
break;
|
|
|
|
|
case NETLINK_ADD_MEMBERSHIP:
|
|
|
|
|
case NETLINK_DROP_MEMBERSHIP: {
|
2014-04-23 15:25:48 -06:00
|
|
|
if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
|
2005-08-15 13:32:15 -06:00
|
|
|
return -EPERM;
|
2007-07-18 16:46:06 -06:00
|
|
|
err = netlink_realloc_groups(sk);
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
2005-08-15 13:32:15 -06:00
|
|
|
if (!val || val - 1 >= nlk->ngroups)
|
|
|
|
|
return -EINVAL;
|
2014-04-22 19:31:55 -06:00
|
|
|
if (optname == NETLINK_ADD_MEMBERSHIP && nlk->netlink_bind) {
|
2014-12-23 13:00:06 -07:00
|
|
|
err = nlk->netlink_bind(sock_net(sk), val);
|
2014-04-22 19:31:54 -06:00
|
|
|
if (err)
|
|
|
|
|
return err;
|
|
|
|
|
}
|
2005-08-15 13:32:15 -06:00
|
|
|
netlink_table_grab();
|
2007-07-18 16:47:05 -06:00
|
|
|
netlink_update_socket_mc(nlk, val,
|
|
|
|
|
optname == NETLINK_ADD_MEMBERSHIP);
|
2005-08-15 13:32:15 -06:00
|
|
|
netlink_table_ungrab();
|
2014-04-22 19:31:55 -06:00
|
|
|
if (optname == NETLINK_DROP_MEMBERSHIP && nlk->netlink_unbind)
|
2014-12-23 13:00:06 -07:00
|
|
|
nlk->netlink_unbind(sock_net(sk), val);
|
2012-06-29 00:15:22 -06:00
|
|
|
|
2005-08-15 13:32:15 -06:00
|
|
|
err = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2009-02-17 18:40:43 -07:00
|
|
|
case NETLINK_BROADCAST_ERROR:
|
|
|
|
|
if (val)
|
2015-05-07 03:02:52 -06:00
|
|
|
nlk->flags |= NETLINK_F_BROADCAST_SEND_ERROR;
|
2009-02-17 18:40:43 -07:00
|
|
|
else
|
2015-05-07 03:02:52 -06:00
|
|
|
nlk->flags &= ~NETLINK_F_BROADCAST_SEND_ERROR;
|
2009-02-17 18:40:43 -07:00
|
|
|
err = 0;
|
|
|
|
|
break;
|
netlink: add NETLINK_NO_ENOBUFS socket flag
This patch adds the NETLINK_NO_ENOBUFS socket flag. This flag can
be used by unicast and broadcast listeners to avoid receiving
ENOBUFS errors.
Generally speaking, ENOBUFS errors are useful to notify two things
to the listener:
a) You may increase the receiver buffer size via setsockopt().
b) You have lost messages, you may be out of sync.
In some cases, ignoring ENOBUFS errors can be useful. For example:
a) nfnetlink_queue: this subsystem does not have any sort of resync
method and you can decide to ignore ENOBUFS once you have set a
given buffer size.
b) ctnetlink: you can use this together with the socket flag
NETLINK_BROADCAST_SEND_ERROR to stop getting ENOBUFS errors as
you do not need to resync (packets whose event are not delivered
are drop to provide reliable logging and state-synchronization).
Moreover, the use of NETLINK_NO_ENOBUFS also reduces a "go up, go down"
effect in terms of performance which is due to the netlink congestion
control when the listener cannot back off. The effect is the following:
1) throughput rate goes up and netlink messages are inserted in the
receiver buffer.
2) Then, netlink buffer fills and overruns (set on nlk->state bit 0).
3) While the listener empties the receiver buffer, netlink keeps
dropping messages. Thus, throughput goes dramatically down.
4) Then, once the listener has emptied the buffer (nlk->state
bit 0 is set off), goto step 1.
This effect is easy to trigger with netlink broadcast under heavy
load, and it is more noticeable when using a big receiver buffer.
You can find some results in [1] that show this problem.
[1] http://1984.lsi.us.es/linux/netlink/
This patch also includes the use of sk_drop to account the number of
netlink messages drop due to overrun. This value is shown in
/proc/net/netlink.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-03-24 17:37:55 -06:00
|
|
|
case NETLINK_NO_ENOBUFS:
|
|
|
|
|
if (val) {
|
2015-05-07 03:02:52 -06:00
|
|
|
nlk->flags |= NETLINK_F_RECV_NO_ENOBUFS;
|
|
|
|
|
clear_bit(NETLINK_S_CONGESTED, &nlk->state);
|
netlink: add NETLINK_NO_ENOBUFS socket flag
This patch adds the NETLINK_NO_ENOBUFS socket flag. This flag can
be used by unicast and broadcast listeners to avoid receiving
ENOBUFS errors.
Generally speaking, ENOBUFS errors are useful to notify two things
to the listener:
a) You may increase the receiver buffer size via setsockopt().
b) You have lost messages, you may be out of sync.
In some cases, ignoring ENOBUFS errors can be useful. For example:
a) nfnetlink_queue: this subsystem does not have any sort of resync
method and you can decide to ignore ENOBUFS once you have set a
given buffer size.
b) ctnetlink: you can use this together with the socket flag
NETLINK_BROADCAST_SEND_ERROR to stop getting ENOBUFS errors as
you do not need to resync (packets whose event are not delivered
are drop to provide reliable logging and state-synchronization).
Moreover, the use of NETLINK_NO_ENOBUFS also reduces a "go up, go down"
effect in terms of performance which is due to the netlink congestion
control when the listener cannot back off. The effect is the following:
1) throughput rate goes up and netlink messages are inserted in the
receiver buffer.
2) Then, netlink buffer fills and overruns (set on nlk->state bit 0).
3) While the listener empties the receiver buffer, netlink keeps
dropping messages. Thus, throughput goes dramatically down.
4) Then, once the listener has emptied the buffer (nlk->state
bit 0 is set off), goto step 1.
This effect is easy to trigger with netlink broadcast under heavy
load, and it is more noticeable when using a big receiver buffer.
You can find some results in [1] that show this problem.
[1] http://1984.lsi.us.es/linux/netlink/
This patch also includes the use of sk_drop to account the number of
netlink messages drop due to overrun. This value is shown in
/proc/net/netlink.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-03-24 17:37:55 -06:00
|
|
|
wake_up_interruptible(&nlk->wait);
|
2012-04-22 15:30:21 -06:00
|
|
|
} else {
|
2015-05-07 03:02:52 -06:00
|
|
|
nlk->flags &= ~NETLINK_F_RECV_NO_ENOBUFS;
|
2012-04-22 15:30:21 -06:00
|
|
|
}
|
netlink: add NETLINK_NO_ENOBUFS socket flag
This patch adds the NETLINK_NO_ENOBUFS socket flag. This flag can
be used by unicast and broadcast listeners to avoid receiving
ENOBUFS errors.
Generally speaking, ENOBUFS errors are useful to notify two things
to the listener:
a) You may increase the receiver buffer size via setsockopt().
b) You have lost messages, you may be out of sync.
In some cases, ignoring ENOBUFS errors can be useful. For example:
a) nfnetlink_queue: this subsystem does not have any sort of resync
method and you can decide to ignore ENOBUFS once you have set a
given buffer size.
b) ctnetlink: you can use this together with the socket flag
NETLINK_BROADCAST_SEND_ERROR to stop getting ENOBUFS errors as
you do not need to resync (packets whose event are not delivered
are drop to provide reliable logging and state-synchronization).
Moreover, the use of NETLINK_NO_ENOBUFS also reduces a "go up, go down"
effect in terms of performance which is due to the netlink congestion
control when the listener cannot back off. The effect is the following:
1) throughput rate goes up and netlink messages are inserted in the
receiver buffer.
2) Then, netlink buffer fills and overruns (set on nlk->state bit 0).
3) While the listener empties the receiver buffer, netlink keeps
dropping messages. Thus, throughput goes dramatically down.
4) Then, once the listener has emptied the buffer (nlk->state
bit 0 is set off), goto step 1.
This effect is easy to trigger with netlink broadcast under heavy
load, and it is more noticeable when using a big receiver buffer.
You can find some results in [1] that show this problem.
[1] http://1984.lsi.us.es/linux/netlink/
This patch also includes the use of sk_drop to account the number of
netlink messages drop due to overrun. This value is shown in
/proc/net/netlink.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-03-24 17:37:55 -06:00
|
|
|
err = 0;
|
|
|
|
|
break;
|
2015-05-07 03:02:53 -06:00
|
|
|
case NETLINK_LISTEN_ALL_NSID:
|
|
|
|
|
if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_BROADCAST))
|
|
|
|
|
return -EPERM;
|
|
|
|
|
|
|
|
|
|
if (val)
|
|
|
|
|
nlk->flags |= NETLINK_F_LISTEN_ALL_NSID;
|
|
|
|
|
else
|
|
|
|
|
nlk->flags &= ~NETLINK_F_LISTEN_ALL_NSID;
|
|
|
|
|
err = 0;
|
|
|
|
|
break;
|
2015-08-27 23:07:48 -06:00
|
|
|
case NETLINK_CAP_ACK:
|
|
|
|
|
if (val)
|
|
|
|
|
nlk->flags |= NETLINK_F_CAP_ACK;
|
|
|
|
|
else
|
|
|
|
|
nlk->flags &= ~NETLINK_F_CAP_ACK;
|
|
|
|
|
err = 0;
|
|
|
|
|
break;
|
2017-04-12 06:34:04 -06:00
|
|
|
case NETLINK_EXT_ACK:
|
|
|
|
|
if (val)
|
|
|
|
|
nlk->flags |= NETLINK_F_EXT_ACK;
|
|
|
|
|
else
|
|
|
|
|
nlk->flags &= ~NETLINK_F_EXT_ACK;
|
|
|
|
|
err = 0;
|
|
|
|
|
break;
|
2005-08-15 13:32:15 -06:00
|
|
|
default:
|
|
|
|
|
err = -ENOPROTOOPT;
|
|
|
|
|
}
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int netlink_getsockopt(struct socket *sock, int level, int optname,
|
2007-02-09 07:25:07 -07:00
|
|
|
char __user *optval, int __user *optlen)
|
2005-08-15 13:32:15 -06:00
|
|
|
{
|
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
|
|
|
|
int len, val, err;
|
|
|
|
|
|
|
|
|
|
if (level != SOL_NETLINK)
|
|
|
|
|
return -ENOPROTOOPT;
|
|
|
|
|
|
|
|
|
|
if (get_user(len, optlen))
|
|
|
|
|
return -EFAULT;
|
|
|
|
|
if (len < 0)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
switch (optname) {
|
|
|
|
|
case NETLINK_PKTINFO:
|
|
|
|
|
if (len < sizeof(int))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
len = sizeof(int);
|
2015-05-07 03:02:52 -06:00
|
|
|
val = nlk->flags & NETLINK_F_RECV_PKTINFO ? 1 : 0;
|
2006-10-30 16:06:12 -07:00
|
|
|
if (put_user(len, optlen) ||
|
|
|
|
|
put_user(val, optval))
|
|
|
|
|
return -EFAULT;
|
2005-08-15 13:32:15 -06:00
|
|
|
err = 0;
|
|
|
|
|
break;
|
2009-02-17 18:40:43 -07:00
|
|
|
case NETLINK_BROADCAST_ERROR:
|
|
|
|
|
if (len < sizeof(int))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
len = sizeof(int);
|
2015-05-07 03:02:52 -06:00
|
|
|
val = nlk->flags & NETLINK_F_BROADCAST_SEND_ERROR ? 1 : 0;
|
2009-02-17 18:40:43 -07:00
|
|
|
if (put_user(len, optlen) ||
|
|
|
|
|
put_user(val, optval))
|
|
|
|
|
return -EFAULT;
|
|
|
|
|
err = 0;
|
|
|
|
|
break;
|
netlink: add NETLINK_NO_ENOBUFS socket flag
This patch adds the NETLINK_NO_ENOBUFS socket flag. This flag can
be used by unicast and broadcast listeners to avoid receiving
ENOBUFS errors.
Generally speaking, ENOBUFS errors are useful to notify two things
to the listener:
a) You may increase the receiver buffer size via setsockopt().
b) You have lost messages, you may be out of sync.
In some cases, ignoring ENOBUFS errors can be useful. For example:
a) nfnetlink_queue: this subsystem does not have any sort of resync
method and you can decide to ignore ENOBUFS once you have set a
given buffer size.
b) ctnetlink: you can use this together with the socket flag
NETLINK_BROADCAST_SEND_ERROR to stop getting ENOBUFS errors as
you do not need to resync (packets whose event are not delivered
are drop to provide reliable logging and state-synchronization).
Moreover, the use of NETLINK_NO_ENOBUFS also reduces a "go up, go down"
effect in terms of performance which is due to the netlink congestion
control when the listener cannot back off. The effect is the following:
1) throughput rate goes up and netlink messages are inserted in the
receiver buffer.
2) Then, netlink buffer fills and overruns (set on nlk->state bit 0).
3) While the listener empties the receiver buffer, netlink keeps
dropping messages. Thus, throughput goes dramatically down.
4) Then, once the listener has emptied the buffer (nlk->state
bit 0 is set off), goto step 1.
This effect is easy to trigger with netlink broadcast under heavy
load, and it is more noticeable when using a big receiver buffer.
You can find some results in [1] that show this problem.
[1] http://1984.lsi.us.es/linux/netlink/
This patch also includes the use of sk_drop to account the number of
netlink messages drop due to overrun. This value is shown in
/proc/net/netlink.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-03-24 17:37:55 -06:00
|
|
|
case NETLINK_NO_ENOBUFS:
|
|
|
|
|
if (len < sizeof(int))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
len = sizeof(int);
|
2015-05-07 03:02:52 -06:00
|
|
|
val = nlk->flags & NETLINK_F_RECV_NO_ENOBUFS ? 1 : 0;
|
netlink: add NETLINK_NO_ENOBUFS socket flag
This patch adds the NETLINK_NO_ENOBUFS socket flag. This flag can
be used by unicast and broadcast listeners to avoid receiving
ENOBUFS errors.
Generally speaking, ENOBUFS errors are useful to notify two things
to the listener:
a) You may increase the receiver buffer size via setsockopt().
b) You have lost messages, you may be out of sync.
In some cases, ignoring ENOBUFS errors can be useful. For example:
a) nfnetlink_queue: this subsystem does not have any sort of resync
method and you can decide to ignore ENOBUFS once you have set a
given buffer size.
b) ctnetlink: you can use this together with the socket flag
NETLINK_BROADCAST_SEND_ERROR to stop getting ENOBUFS errors as
you do not need to resync (packets whose event are not delivered
are drop to provide reliable logging and state-synchronization).
Moreover, the use of NETLINK_NO_ENOBUFS also reduces a "go up, go down"
effect in terms of performance which is due to the netlink congestion
control when the listener cannot back off. The effect is the following:
1) throughput rate goes up and netlink messages are inserted in the
receiver buffer.
2) Then, netlink buffer fills and overruns (set on nlk->state bit 0).
3) While the listener empties the receiver buffer, netlink keeps
dropping messages. Thus, throughput goes dramatically down.
4) Then, once the listener has emptied the buffer (nlk->state
bit 0 is set off), goto step 1.
This effect is easy to trigger with netlink broadcast under heavy
load, and it is more noticeable when using a big receiver buffer.
You can find some results in [1] that show this problem.
[1] http://1984.lsi.us.es/linux/netlink/
This patch also includes the use of sk_drop to account the number of
netlink messages drop due to overrun. This value is shown in
/proc/net/netlink.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-03-24 17:37:55 -06:00
|
|
|
if (put_user(len, optlen) ||
|
|
|
|
|
put_user(val, optval))
|
|
|
|
|
return -EFAULT;
|
|
|
|
|
err = 0;
|
|
|
|
|
break;
|
2015-06-17 09:14:33 -06:00
|
|
|
case NETLINK_LIST_MEMBERSHIPS: {
|
|
|
|
|
int pos, idx, shift;
|
|
|
|
|
|
|
|
|
|
err = 0;
|
netlink: fix locking around NETLINK_LIST_MEMBERSHIPS
Currently, NETLINK_LIST_MEMBERSHIPS grabs the netlink table while copying
the membership state to user-space. However, grabing the netlink table is
effectively a write_lock_irq(), and as such we should not be triggering
page-faults in the critical section.
This can be easily reproduced by the following snippet:
int s = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
void *p = mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0);
int r = getsockopt(s, 0x10e, 9, p, (void*)((char*)p + 4092));
This should work just fine, but currently triggers EFAULT and a possible
WARN_ON below handle_mm_fault().
Fix this by reducing locking of NETLINK_LIST_MEMBERSHIPS to a read-side
lock. The write-lock was overkill in the first place, and the read-lock
allows page-faults just fine.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-21 03:47:43 -06:00
|
|
|
netlink_lock_table();
|
2015-06-17 09:14:33 -06:00
|
|
|
for (pos = 0; pos * 8 < nlk->ngroups; pos += sizeof(u32)) {
|
|
|
|
|
if (len - pos < sizeof(u32))
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
idx = pos / sizeof(unsigned long);
|
|
|
|
|
shift = (pos % sizeof(unsigned long)) * 8;
|
|
|
|
|
if (put_user((u32)(nlk->groups[idx] >> shift),
|
|
|
|
|
(u32 __user *)(optval + pos))) {
|
|
|
|
|
err = -EFAULT;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (put_user(ALIGN(nlk->ngroups / 8, sizeof(u32)), optlen))
|
|
|
|
|
err = -EFAULT;
|
netlink: fix locking around NETLINK_LIST_MEMBERSHIPS
Currently, NETLINK_LIST_MEMBERSHIPS grabs the netlink table while copying
the membership state to user-space. However, grabing the netlink table is
effectively a write_lock_irq(), and as such we should not be triggering
page-faults in the critical section.
This can be easily reproduced by the following snippet:
int s = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
void *p = mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0);
int r = getsockopt(s, 0x10e, 9, p, (void*)((char*)p + 4092));
This should work just fine, but currently triggers EFAULT and a possible
WARN_ON below handle_mm_fault().
Fix this by reducing locking of NETLINK_LIST_MEMBERSHIPS to a read-side
lock. The write-lock was overkill in the first place, and the read-lock
allows page-faults just fine.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-21 03:47:43 -06:00
|
|
|
netlink_unlock_table();
|
2015-06-17 09:14:33 -06:00
|
|
|
break;
|
|
|
|
|
}
|
2015-08-27 23:07:48 -06:00
|
|
|
case NETLINK_CAP_ACK:
|
|
|
|
|
if (len < sizeof(int))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
len = sizeof(int);
|
|
|
|
|
val = nlk->flags & NETLINK_F_CAP_ACK ? 1 : 0;
|
|
|
|
|
if (put_user(len, optlen) ||
|
|
|
|
|
put_user(val, optval))
|
|
|
|
|
return -EFAULT;
|
|
|
|
|
err = 0;
|
|
|
|
|
break;
|
2017-04-12 06:34:04 -06:00
|
|
|
case NETLINK_EXT_ACK:
|
|
|
|
|
if (len < sizeof(int))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
len = sizeof(int);
|
|
|
|
|
val = nlk->flags & NETLINK_F_EXT_ACK ? 1 : 0;
|
|
|
|
|
if (put_user(len, optlen) || put_user(val, optval))
|
|
|
|
|
return -EFAULT;
|
|
|
|
|
err = 0;
|
|
|
|
|
break;
|
2005-08-15 13:32:15 -06:00
|
|
|
default:
|
|
|
|
|
err = -ENOPROTOOPT;
|
|
|
|
|
}
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void netlink_cmsg_recv_pktinfo(struct msghdr *msg, struct sk_buff *skb)
|
|
|
|
|
{
|
|
|
|
|
struct nl_pktinfo info;
|
|
|
|
|
|
|
|
|
|
info.group = NETLINK_CB(skb).dst_group;
|
|
|
|
|
put_cmsg(msg, SOL_NETLINK, NETLINK_PKTINFO, sizeof(info), &info);
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-07 03:02:53 -06:00
|
|
|
static void netlink_cmsg_listen_all_nsid(struct sock *sk, struct msghdr *msg,
|
|
|
|
|
struct sk_buff *skb)
|
|
|
|
|
{
|
|
|
|
|
if (!NETLINK_CB(skb).nsid_is_set)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
put_cmsg(msg, SOL_NETLINK, NETLINK_LISTEN_ALL_NSID, sizeof(int),
|
|
|
|
|
&NETLINK_CB(skb).nsid);
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-02 00:37:48 -07:00
|
|
|
static int netlink_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
2014-01-17 14:53:15 -07:00
|
|
|
DECLARE_SOCKADDR(struct sockaddr_nl *, addr, msg->msg_name);
|
2012-09-07 14:12:54 -06:00
|
|
|
u32 dst_portid;
|
2005-08-14 20:27:50 -06:00
|
|
|
u32 dst_group;
|
2005-04-16 16:20:36 -06:00
|
|
|
struct sk_buff *skb;
|
|
|
|
|
int err;
|
|
|
|
|
struct scm_cookie scm;
|
2014-05-30 12:04:00 -06:00
|
|
|
u32 netlink_skb_flags = 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
if (msg->msg_flags&MSG_OOB)
|
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
|
2015-01-28 10:04:53 -07:00
|
|
|
err = scm_send(sock, msg, &scm, true);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (err < 0)
|
|
|
|
|
return err;
|
|
|
|
|
|
|
|
|
|
if (msg->msg_namelen) {
|
2010-06-12 21:31:06 -06:00
|
|
|
err = -EINVAL;
|
2018-04-07 14:42:37 -06:00
|
|
|
if (msg->msg_namelen < sizeof(struct sockaddr_nl))
|
|
|
|
|
goto out;
|
2005-04-16 16:20:36 -06:00
|
|
|
if (addr->nl_family != AF_NETLINK)
|
2010-06-12 21:31:06 -06:00
|
|
|
goto out;
|
2012-09-07 14:12:54 -06:00
|
|
|
dst_portid = addr->nl_pid;
|
2005-08-14 20:27:50 -06:00
|
|
|
dst_group = ffs(addr->nl_groups);
|
2010-06-12 21:31:06 -06:00
|
|
|
err = -EPERM;
|
2012-09-07 14:12:54 -06:00
|
|
|
if ((dst_group || dst_portid) &&
|
2014-04-23 15:25:48 -06:00
|
|
|
!netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
|
2010-06-12 21:31:06 -06:00
|
|
|
goto out;
|
2014-05-30 12:04:00 -06:00
|
|
|
netlink_skb_flags |= NETLINK_SKB_DST;
|
2005-04-16 16:20:36 -06:00
|
|
|
} else {
|
2012-09-07 14:12:54 -06:00
|
|
|
dst_portid = nlk->dst_portid;
|
2005-08-14 20:27:50 -06:00
|
|
|
dst_group = nlk->dst_group;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
netlink: Replace rhash_portid with bound
On Mon, Sep 21, 2015 at 02:20:22PM -0400, Tejun Heo wrote:
>
> store_release and load_acquire are different from the usual memory
> barriers and can't be paired this way. You have to pair store_release
> and load_acquire. Besides, it isn't a particularly good idea to
OK I've decided to drop the acquire/release helpers as they don't
help us at all and simply pessimises the code by using full memory
barriers (on some architectures) where only a write or read barrier
is needed.
> depend on memory barriers embedded in other data structures like the
> above. Here, especially, rhashtable_insert() would have write barrier
> *before* the entry is hashed not necessarily *after*, which means that
> in the above case, a socket which appears to have set bound to a
> reader might not visible when the reader tries to look up the socket
> on the hashtable.
But you are right we do need an explicit write barrier here to
ensure that the hashing is visible.
> There's no reason to be overly smart here. This isn't a crazy hot
> path, write barriers tend to be very cheap, store_release more so.
> Please just do smp_store_release() and note what it's paired with.
It's not about being overly smart. It's about actually understanding
what's going on with the code. I've seen too many instances of
people simply sprinkling synchronisation primitives around without
any knowledge of what is happening underneath, which is just a recipe
for creating hard-to-debug races.
> > @@ -1539,7 +1546,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> > }
> > }
> >
> > - if (!nlk->portid) {
> > + if (!nlk->bound) {
>
> I don't think you can skip load_acquire here just because this is the
> second deref of the variable. That doesn't change anything. Race
> condition could still happen between the first and second tests and
> skipping the second would lead to the same kind of bug.
The reason this one is OK is because we do not use nlk->portid or
try to get nlk from the hash table before we return to user-space.
However, there is a real bug here that none of these acquire/release
helpers discovered. The two bound tests here used to be a single
one. Now that they are separate it is entirely possible for another
thread to come in the middle and bind the socket. So we need to
repeat the portid check in order to maintain consistency.
> > @@ -1587,7 +1594,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
> > !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
> > return -EPERM;
> >
> > - if (!nlk->portid)
> > + if (!nlk->bound)
>
> Don't we need load_acquire here too? Is this path holding a lock
> which makes that unnecessary?
Ditto.
---8<---
The commit 1f770c0a09da855a2b51af6d19de97fb955eca85 ("netlink:
Fix autobind race condition that leads to zero port ID") created
some new races that can occur due to inconcsistencies between the
two port IDs.
Tejun is right that a barrier is unavoidable. Therefore I am
reverting to the original patch that used a boolean to indicate
that a user netlink socket has been bound.
Barriers have been added where necessary to ensure that a valid
portid and the hashed socket is visible.
I have also changed netlink_insert to only return EBUSY if the
socket is bound to a portid different to the requested one. This
combined with only reading nlk->bound once in netlink_bind fixes
a race where two threads that bind the socket at the same time
with different port IDs may both succeed.
Fixes: 1f770c0a09da ("netlink: Fix autobind race condition that leads to zero port ID")
Reported-by: Tejun Heo <tj@kernel.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nacked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-21 21:38:56 -06:00
|
|
|
if (!nlk->bound) {
|
2005-04-16 16:20:36 -06:00
|
|
|
err = netlink_autobind(sock);
|
|
|
|
|
if (err)
|
|
|
|
|
goto out;
|
netlink: Replace rhash_portid with bound
On Mon, Sep 21, 2015 at 02:20:22PM -0400, Tejun Heo wrote:
>
> store_release and load_acquire are different from the usual memory
> barriers and can't be paired this way. You have to pair store_release
> and load_acquire. Besides, it isn't a particularly good idea to
OK I've decided to drop the acquire/release helpers as they don't
help us at all and simply pessimises the code by using full memory
barriers (on some architectures) where only a write or read barrier
is needed.
> depend on memory barriers embedded in other data structures like the
> above. Here, especially, rhashtable_insert() would have write barrier
> *before* the entry is hashed not necessarily *after*, which means that
> in the above case, a socket which appears to have set bound to a
> reader might not visible when the reader tries to look up the socket
> on the hashtable.
But you are right we do need an explicit write barrier here to
ensure that the hashing is visible.
> There's no reason to be overly smart here. This isn't a crazy hot
> path, write barriers tend to be very cheap, store_release more so.
> Please just do smp_store_release() and note what it's paired with.
It's not about being overly smart. It's about actually understanding
what's going on with the code. I've seen too many instances of
people simply sprinkling synchronisation primitives around without
any knowledge of what is happening underneath, which is just a recipe
for creating hard-to-debug races.
> > @@ -1539,7 +1546,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> > }
> > }
> >
> > - if (!nlk->portid) {
> > + if (!nlk->bound) {
>
> I don't think you can skip load_acquire here just because this is the
> second deref of the variable. That doesn't change anything. Race
> condition could still happen between the first and second tests and
> skipping the second would lead to the same kind of bug.
The reason this one is OK is because we do not use nlk->portid or
try to get nlk from the hash table before we return to user-space.
However, there is a real bug here that none of these acquire/release
helpers discovered. The two bound tests here used to be a single
one. Now that they are separate it is entirely possible for another
thread to come in the middle and bind the socket. So we need to
repeat the portid check in order to maintain consistency.
> > @@ -1587,7 +1594,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
> > !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
> > return -EPERM;
> >
> > - if (!nlk->portid)
> > + if (!nlk->bound)
>
> Don't we need load_acquire here too? Is this path holding a lock
> which makes that unnecessary?
Ditto.
---8<---
The commit 1f770c0a09da855a2b51af6d19de97fb955eca85 ("netlink:
Fix autobind race condition that leads to zero port ID") created
some new races that can occur due to inconcsistencies between the
two port IDs.
Tejun is right that a barrier is unavoidable. Therefore I am
reverting to the original patch that used a boolean to indicate
that a user netlink socket has been bound.
Barriers have been added where necessary to ensure that a valid
portid and the hashed socket is visible.
I have also changed netlink_insert to only return EBUSY if the
socket is bound to a portid different to the requested one. This
combined with only reading nlk->bound once in netlink_bind fixes
a race where two threads that bind the socket at the same time
with different port IDs may both succeed.
Fixes: 1f770c0a09da ("netlink: Fix autobind race condition that leads to zero port ID")
Reported-by: Tejun Heo <tj@kernel.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nacked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-21 21:38:56 -06:00
|
|
|
} else {
|
|
|
|
|
/* Ensure nlk is hashed and visible. */
|
|
|
|
|
smp_rmb();
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = -EMSGSIZE;
|
|
|
|
|
if (len > sk->sk_sndbuf - 32)
|
|
|
|
|
goto out;
|
|
|
|
|
err = -ENOBUFS;
|
2013-06-27 19:04:23 -06:00
|
|
|
skb = netlink_alloc_large_skb(len, dst_group);
|
2007-12-04 01:19:38 -07:00
|
|
|
if (skb == NULL)
|
2005-04-16 16:20:36 -06:00
|
|
|
goto out;
|
|
|
|
|
|
2012-09-07 14:12:54 -06:00
|
|
|
NETLINK_CB(skb).portid = nlk->portid;
|
2005-08-14 20:27:50 -06:00
|
|
|
NETLINK_CB(skb).dst_group = dst_group;
|
2015-01-28 10:04:53 -07:00
|
|
|
NETLINK_CB(skb).creds = scm.creds;
|
2014-05-30 12:04:00 -06:00
|
|
|
NETLINK_CB(skb).flags = netlink_skb_flags;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
err = -EFAULT;
|
2014-04-06 19:25:44 -06:00
|
|
|
if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
|
2005-04-16 16:20:36 -06:00
|
|
|
kfree_skb(skb);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = security_netlink_send(sk, skb);
|
|
|
|
|
if (err) {
|
|
|
|
|
kfree_skb(skb);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2005-08-14 20:27:50 -06:00
|
|
|
if (dst_group) {
|
2017-06-30 04:07:58 -06:00
|
|
|
refcount_inc(&skb->users);
|
2012-09-07 14:12:54 -06:00
|
|
|
netlink_broadcast(sk, skb, dst_portid, dst_group, GFP_KERNEL);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2012-09-07 14:12:54 -06:00
|
|
|
err = netlink_unicast(sk, skb, dst_portid, msg->msg_flags&MSG_DONTWAIT);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
out:
|
2015-01-28 10:04:53 -07:00
|
|
|
scm_destroy(&scm);
|
2005-04-16 16:20:36 -06:00
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-02 00:37:48 -07:00
|
|
|
static int netlink_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
|
2005-04-16 16:20:36 -06:00
|
|
|
int flags)
|
|
|
|
|
{
|
|
|
|
|
struct scm_cookie scm;
|
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
|
|
|
|
int noblock = flags&MSG_DONTWAIT;
|
|
|
|
|
size_t copied;
|
netlink: fix compat recvmsg
Since
commit 1dacc76d0014a034b8aca14237c127d7c19d7726
Author: Johannes Berg <johannes@sipsolutions.net>
Date: Wed Jul 1 11:26:02 2009 +0000
net/compat/wext: send different messages to compat tasks
we had a race condition when setting and then
restoring frag_list. Eric attempted to fix it,
but the fix created even worse problems.
However, the original motivation I had when I
added the code that turned out to be racy is
no longer clear to me, since we only copy up
to skb->len to userspace, which doesn't include
the frag_list length. As a result, not doing
any frag_list clearing and restoring avoids
the race condition, while not introducing any
other problems.
Additionally, while preparing this patch I found
that since none of the remaining netlink code is
really aware of the frag_list, we need to use the
original skb's information for packet information
and credentials. This fixes, for example, the
group information received by compat tasks.
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: stable@kernel.org [2.6.31+, for 2.6.35 revert 1235f504aa]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-08-15 15:20:44 -06:00
|
|
|
struct sk_buff *skb, *data_skb;
|
2011-02-20 19:40:47 -07:00
|
|
|
int err, ret;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
if (flags&MSG_OOB)
|
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
|
|
|
|
|
copied = 0;
|
|
|
|
|
|
2007-12-04 01:19:38 -07:00
|
|
|
skb = skb_recv_datagram(sk, flags, noblock, &err);
|
|
|
|
|
if (skb == NULL)
|
2005-04-16 16:20:36 -06:00
|
|
|
goto out;
|
|
|
|
|
|
netlink: fix compat recvmsg
Since
commit 1dacc76d0014a034b8aca14237c127d7c19d7726
Author: Johannes Berg <johannes@sipsolutions.net>
Date: Wed Jul 1 11:26:02 2009 +0000
net/compat/wext: send different messages to compat tasks
we had a race condition when setting and then
restoring frag_list. Eric attempted to fix it,
but the fix created even worse problems.
However, the original motivation I had when I
added the code that turned out to be racy is
no longer clear to me, since we only copy up
to skb->len to userspace, which doesn't include
the frag_list length. As a result, not doing
any frag_list clearing and restoring avoids
the race condition, while not introducing any
other problems.
Additionally, while preparing this patch I found
that since none of the remaining netlink code is
really aware of the frag_list, we need to use the
original skb's information for packet information
and credentials. This fixes, for example, the
group information received by compat tasks.
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: stable@kernel.org [2.6.31+, for 2.6.35 revert 1235f504aa]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-08-15 15:20:44 -06:00
|
|
|
data_skb = skb;
|
|
|
|
|
|
net/compat/wext: send different messages to compat tasks
Wireless extensions have the unfortunate problem that events
are multicast netlink messages, and are not independent of
pointer size. Thus, currently 32-bit tasks on 64-bit platforms
cannot properly receive events and fail with all kinds of
strange problems, for instance wpa_supplicant never notices
disassociations, due to the way the 64-bit event looks (to a
32-bit process), the fact that the address is all zeroes is
lost, it thinks instead it is 00:00:00:00:01:00.
The same problem existed with the ioctls, until David Miller
fixed those some time ago in an heroic effort.
A different problem caused by this is that we cannot send the
ASSOCREQIE/ASSOCRESPIE events because sending them causes a
32-bit wpa_supplicant on a 64-bit system to overwrite its
internal information, which is worse than it not getting the
information at all -- so we currently resort to sending a
custom string event that it then parses. This, however, has a
severe size limitation we are frequently hitting with modern
access points; this limitation would can be lifted after this
patch by sending the correct binary, not custom, event.
A similar problem apparently happens for some other netlink
users on x86_64 with 32-bit tasks due to the alignment for
64-bit quantities.
In order to fix these problems, I have implemented a way to
send compat messages to tasks. When sending an event, we send
the non-compat event data together with a compat event data in
skb_shinfo(main_skb)->frag_list. Then, when the event is read
from the socket, the netlink code makes sure to pass out only
the skb that is compatible with the task. This approach was
suggested by David Miller, my original approach required
always sending two skbs but that had various small problems.
To determine whether compat is needed or not, I have used the
MSG_CMSG_COMPAT flag, and adjusted the call path for recv and
recvfrom to include it, even if those calls do not have a cmsg
parameter.
I have not solved one small part of the problem, and I don't
think it is necessary to: if a 32-bit application uses read()
rather than any form of recvmsg() it will still get the wrong
(64-bit) event. However, neither do applications actually do
this, nor would it be a regression.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-07-01 05:26:02 -06:00
|
|
|
#ifdef CONFIG_COMPAT_NETLINK_MESSAGES
|
|
|
|
|
if (unlikely(skb_shinfo(skb)->frag_list)) {
|
|
|
|
|
/*
|
netlink: fix compat recvmsg
Since
commit 1dacc76d0014a034b8aca14237c127d7c19d7726
Author: Johannes Berg <johannes@sipsolutions.net>
Date: Wed Jul 1 11:26:02 2009 +0000
net/compat/wext: send different messages to compat tasks
we had a race condition when setting and then
restoring frag_list. Eric attempted to fix it,
but the fix created even worse problems.
However, the original motivation I had when I
added the code that turned out to be racy is
no longer clear to me, since we only copy up
to skb->len to userspace, which doesn't include
the frag_list length. As a result, not doing
any frag_list clearing and restoring avoids
the race condition, while not introducing any
other problems.
Additionally, while preparing this patch I found
that since none of the remaining netlink code is
really aware of the frag_list, we need to use the
original skb's information for packet information
and credentials. This fixes, for example, the
group information received by compat tasks.
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: stable@kernel.org [2.6.31+, for 2.6.35 revert 1235f504aa]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-08-15 15:20:44 -06:00
|
|
|
* If this skb has a frag_list, then here that means that we
|
|
|
|
|
* will have to use the frag_list skb's data for compat tasks
|
|
|
|
|
* and the regular skb's data for normal (non-compat) tasks.
|
net/compat/wext: send different messages to compat tasks
Wireless extensions have the unfortunate problem that events
are multicast netlink messages, and are not independent of
pointer size. Thus, currently 32-bit tasks on 64-bit platforms
cannot properly receive events and fail with all kinds of
strange problems, for instance wpa_supplicant never notices
disassociations, due to the way the 64-bit event looks (to a
32-bit process), the fact that the address is all zeroes is
lost, it thinks instead it is 00:00:00:00:01:00.
The same problem existed with the ioctls, until David Miller
fixed those some time ago in an heroic effort.
A different problem caused by this is that we cannot send the
ASSOCREQIE/ASSOCRESPIE events because sending them causes a
32-bit wpa_supplicant on a 64-bit system to overwrite its
internal information, which is worse than it not getting the
information at all -- so we currently resort to sending a
custom string event that it then parses. This, however, has a
severe size limitation we are frequently hitting with modern
access points; this limitation would can be lifted after this
patch by sending the correct binary, not custom, event.
A similar problem apparently happens for some other netlink
users on x86_64 with 32-bit tasks due to the alignment for
64-bit quantities.
In order to fix these problems, I have implemented a way to
send compat messages to tasks. When sending an event, we send
the non-compat event data together with a compat event data in
skb_shinfo(main_skb)->frag_list. Then, when the event is read
from the socket, the netlink code makes sure to pass out only
the skb that is compatible with the task. This approach was
suggested by David Miller, my original approach required
always sending two skbs but that had various small problems.
To determine whether compat is needed or not, I have used the
MSG_CMSG_COMPAT flag, and adjusted the call path for recv and
recvfrom to include it, even if those calls do not have a cmsg
parameter.
I have not solved one small part of the problem, and I don't
think it is necessary to: if a 32-bit application uses read()
rather than any form of recvmsg() it will still get the wrong
(64-bit) event. However, neither do applications actually do
this, nor would it be a regression.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-07-01 05:26:02 -06:00
|
|
|
*
|
netlink: fix compat recvmsg
Since
commit 1dacc76d0014a034b8aca14237c127d7c19d7726
Author: Johannes Berg <johannes@sipsolutions.net>
Date: Wed Jul 1 11:26:02 2009 +0000
net/compat/wext: send different messages to compat tasks
we had a race condition when setting and then
restoring frag_list. Eric attempted to fix it,
but the fix created even worse problems.
However, the original motivation I had when I
added the code that turned out to be racy is
no longer clear to me, since we only copy up
to skb->len to userspace, which doesn't include
the frag_list length. As a result, not doing
any frag_list clearing and restoring avoids
the race condition, while not introducing any
other problems.
Additionally, while preparing this patch I found
that since none of the remaining netlink code is
really aware of the frag_list, we need to use the
original skb's information for packet information
and credentials. This fixes, for example, the
group information received by compat tasks.
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: stable@kernel.org [2.6.31+, for 2.6.35 revert 1235f504aa]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-08-15 15:20:44 -06:00
|
|
|
* If we need to send the compat skb, assign it to the
|
|
|
|
|
* 'data_skb' variable so that it will be used below for data
|
|
|
|
|
* copying. We keep 'skb' for everything else, including
|
|
|
|
|
* freeing both later.
|
net/compat/wext: send different messages to compat tasks
Wireless extensions have the unfortunate problem that events
are multicast netlink messages, and are not independent of
pointer size. Thus, currently 32-bit tasks on 64-bit platforms
cannot properly receive events and fail with all kinds of
strange problems, for instance wpa_supplicant never notices
disassociations, due to the way the 64-bit event looks (to a
32-bit process), the fact that the address is all zeroes is
lost, it thinks instead it is 00:00:00:00:01:00.
The same problem existed with the ioctls, until David Miller
fixed those some time ago in an heroic effort.
A different problem caused by this is that we cannot send the
ASSOCREQIE/ASSOCRESPIE events because sending them causes a
32-bit wpa_supplicant on a 64-bit system to overwrite its
internal information, which is worse than it not getting the
information at all -- so we currently resort to sending a
custom string event that it then parses. This, however, has a
severe size limitation we are frequently hitting with modern
access points; this limitation would can be lifted after this
patch by sending the correct binary, not custom, event.
A similar problem apparently happens for some other netlink
users on x86_64 with 32-bit tasks due to the alignment for
64-bit quantities.
In order to fix these problems, I have implemented a way to
send compat messages to tasks. When sending an event, we send
the non-compat event data together with a compat event data in
skb_shinfo(main_skb)->frag_list. Then, when the event is read
from the socket, the netlink code makes sure to pass out only
the skb that is compatible with the task. This approach was
suggested by David Miller, my original approach required
always sending two skbs but that had various small problems.
To determine whether compat is needed or not, I have used the
MSG_CMSG_COMPAT flag, and adjusted the call path for recv and
recvfrom to include it, even if those calls do not have a cmsg
parameter.
I have not solved one small part of the problem, and I don't
think it is necessary to: if a 32-bit application uses read()
rather than any form of recvmsg() it will still get the wrong
(64-bit) event. However, neither do applications actually do
this, nor would it be a regression.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-07-01 05:26:02 -06:00
|
|
|
*/
|
netlink: fix compat recvmsg
Since
commit 1dacc76d0014a034b8aca14237c127d7c19d7726
Author: Johannes Berg <johannes@sipsolutions.net>
Date: Wed Jul 1 11:26:02 2009 +0000
net/compat/wext: send different messages to compat tasks
we had a race condition when setting and then
restoring frag_list. Eric attempted to fix it,
but the fix created even worse problems.
However, the original motivation I had when I
added the code that turned out to be racy is
no longer clear to me, since we only copy up
to skb->len to userspace, which doesn't include
the frag_list length. As a result, not doing
any frag_list clearing and restoring avoids
the race condition, while not introducing any
other problems.
Additionally, while preparing this patch I found
that since none of the remaining netlink code is
really aware of the frag_list, we need to use the
original skb's information for packet information
and credentials. This fixes, for example, the
group information received by compat tasks.
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: stable@kernel.org [2.6.31+, for 2.6.35 revert 1235f504aa]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-08-15 15:20:44 -06:00
|
|
|
if (flags & MSG_CMSG_COMPAT)
|
|
|
|
|
data_skb = skb_shinfo(skb)->frag_list;
|
net/compat/wext: send different messages to compat tasks
Wireless extensions have the unfortunate problem that events
are multicast netlink messages, and are not independent of
pointer size. Thus, currently 32-bit tasks on 64-bit platforms
cannot properly receive events and fail with all kinds of
strange problems, for instance wpa_supplicant never notices
disassociations, due to the way the 64-bit event looks (to a
32-bit process), the fact that the address is all zeroes is
lost, it thinks instead it is 00:00:00:00:01:00.
The same problem existed with the ioctls, until David Miller
fixed those some time ago in an heroic effort.
A different problem caused by this is that we cannot send the
ASSOCREQIE/ASSOCRESPIE events because sending them causes a
32-bit wpa_supplicant on a 64-bit system to overwrite its
internal information, which is worse than it not getting the
information at all -- so we currently resort to sending a
custom string event that it then parses. This, however, has a
severe size limitation we are frequently hitting with modern
access points; this limitation would can be lifted after this
patch by sending the correct binary, not custom, event.
A similar problem apparently happens for some other netlink
users on x86_64 with 32-bit tasks due to the alignment for
64-bit quantities.
In order to fix these problems, I have implemented a way to
send compat messages to tasks. When sending an event, we send
the non-compat event data together with a compat event data in
skb_shinfo(main_skb)->frag_list. Then, when the event is read
from the socket, the netlink code makes sure to pass out only
the skb that is compatible with the task. This approach was
suggested by David Miller, my original approach required
always sending two skbs but that had various small problems.
To determine whether compat is needed or not, I have used the
MSG_CMSG_COMPAT flag, and adjusted the call path for recv and
recvfrom to include it, even if those calls do not have a cmsg
parameter.
I have not solved one small part of the problem, and I don't
think it is necessary to: if a 32-bit application uses read()
rather than any form of recvmsg() it will still get the wrong
(64-bit) event. However, neither do applications actually do
this, nor would it be a regression.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-07-01 05:26:02 -06:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2014-03-07 13:02:33 -07:00
|
|
|
/* Record the max length of recvmsg() calls for future allocations */
|
|
|
|
|
nlk->max_recvmsg_len = max(nlk->max_recvmsg_len, len);
|
|
|
|
|
nlk->max_recvmsg_len = min_t(size_t, nlk->max_recvmsg_len,
|
2016-10-05 13:13:18 -06:00
|
|
|
SKB_WITH_OVERHEAD(32768));
|
2014-03-07 13:02:33 -07:00
|
|
|
|
netlink: fix compat recvmsg
Since
commit 1dacc76d0014a034b8aca14237c127d7c19d7726
Author: Johannes Berg <johannes@sipsolutions.net>
Date: Wed Jul 1 11:26:02 2009 +0000
net/compat/wext: send different messages to compat tasks
we had a race condition when setting and then
restoring frag_list. Eric attempted to fix it,
but the fix created even worse problems.
However, the original motivation I had when I
added the code that turned out to be racy is
no longer clear to me, since we only copy up
to skb->len to userspace, which doesn't include
the frag_list length. As a result, not doing
any frag_list clearing and restoring avoids
the race condition, while not introducing any
other problems.
Additionally, while preparing this patch I found
that since none of the remaining netlink code is
really aware of the frag_list, we need to use the
original skb's information for packet information
and credentials. This fixes, for example, the
group information received by compat tasks.
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: stable@kernel.org [2.6.31+, for 2.6.35 revert 1235f504aa]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-08-15 15:20:44 -06:00
|
|
|
copied = data_skb->len;
|
2005-04-16 16:20:36 -06:00
|
|
|
if (len < copied) {
|
|
|
|
|
msg->msg_flags |= MSG_TRUNC;
|
|
|
|
|
copied = len;
|
|
|
|
|
}
|
|
|
|
|
|
netlink: fix compat recvmsg
Since
commit 1dacc76d0014a034b8aca14237c127d7c19d7726
Author: Johannes Berg <johannes@sipsolutions.net>
Date: Wed Jul 1 11:26:02 2009 +0000
net/compat/wext: send different messages to compat tasks
we had a race condition when setting and then
restoring frag_list. Eric attempted to fix it,
but the fix created even worse problems.
However, the original motivation I had when I
added the code that turned out to be racy is
no longer clear to me, since we only copy up
to skb->len to userspace, which doesn't include
the frag_list length. As a result, not doing
any frag_list clearing and restoring avoids
the race condition, while not introducing any
other problems.
Additionally, while preparing this patch I found
that since none of the remaining netlink code is
really aware of the frag_list, we need to use the
original skb's information for packet information
and credentials. This fixes, for example, the
group information received by compat tasks.
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: stable@kernel.org [2.6.31+, for 2.6.35 revert 1235f504aa]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-08-15 15:20:44 -06:00
|
|
|
skb_reset_transport_header(data_skb);
|
2014-11-05 14:46:40 -07:00
|
|
|
err = skb_copy_datagram_msg(data_skb, 0, msg, copied);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
if (msg->msg_name) {
|
2014-01-17 14:53:15 -07:00
|
|
|
DECLARE_SOCKADDR(struct sockaddr_nl *, addr, msg->msg_name);
|
2005-04-16 16:20:36 -06:00
|
|
|
addr->nl_family = AF_NETLINK;
|
|
|
|
|
addr->nl_pad = 0;
|
2012-09-07 14:12:54 -06:00
|
|
|
addr->nl_pid = NETLINK_CB(skb).portid;
|
2005-08-14 20:27:50 -06:00
|
|
|
addr->nl_groups = netlink_group_mask(NETLINK_CB(skb).dst_group);
|
2005-04-16 16:20:36 -06:00
|
|
|
msg->msg_namelen = sizeof(*addr);
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-07 03:02:52 -06:00
|
|
|
if (nlk->flags & NETLINK_F_RECV_PKTINFO)
|
2006-03-12 21:34:27 -07:00
|
|
|
netlink_cmsg_recv_pktinfo(msg, skb);
|
2015-05-07 03:02:53 -06:00
|
|
|
if (nlk->flags & NETLINK_F_LISTEN_ALL_NSID)
|
|
|
|
|
netlink_cmsg_listen_all_nsid(sk, msg, skb);
|
2006-03-12 21:34:27 -07:00
|
|
|
|
2015-01-28 10:04:53 -07:00
|
|
|
memset(&scm, 0, sizeof(scm));
|
|
|
|
|
scm.creds = *NETLINK_CREDS(skb);
|
2007-05-03 04:27:01 -06:00
|
|
|
if (flags & MSG_TRUNC)
|
netlink: fix compat recvmsg
Since
commit 1dacc76d0014a034b8aca14237c127d7c19d7726
Author: Johannes Berg <johannes@sipsolutions.net>
Date: Wed Jul 1 11:26:02 2009 +0000
net/compat/wext: send different messages to compat tasks
we had a race condition when setting and then
restoring frag_list. Eric attempted to fix it,
but the fix created even worse problems.
However, the original motivation I had when I
added the code that turned out to be racy is
no longer clear to me, since we only copy up
to skb->len to userspace, which doesn't include
the frag_list length. As a result, not doing
any frag_list clearing and restoring avoids
the race condition, while not introducing any
other problems.
Additionally, while preparing this patch I found
that since none of the remaining netlink code is
really aware of the frag_list, we need to use the
original skb's information for packet information
and credentials. This fixes, for example, the
group information received by compat tasks.
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: stable@kernel.org [2.6.31+, for 2.6.35 revert 1235f504aa]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-08-15 15:20:44 -06:00
|
|
|
copied = data_skb->len;
|
2010-08-16 00:21:50 -06:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
skb_free_datagram(sk, skb);
|
|
|
|
|
|
2013-08-15 16:31:06 -06:00
|
|
|
if (nlk->cb_running &&
|
|
|
|
|
atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf / 2) {
|
2011-02-20 19:40:47 -07:00
|
|
|
ret = netlink_dump(sk);
|
|
|
|
|
if (ret) {
|
2014-07-09 11:31:22 -06:00
|
|
|
sk->sk_err = -ret;
|
2011-02-20 19:40:47 -07:00
|
|
|
sk->sk_error_report(sk);
|
|
|
|
|
}
|
|
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-01-28 10:04:53 -07:00
|
|
|
scm_recv(sock, msg, &scm, flags);
|
2005-04-16 16:20:36 -06:00
|
|
|
out:
|
|
|
|
|
netlink_rcv_wake(sk);
|
|
|
|
|
return err ? : copied;
|
|
|
|
|
}
|
|
|
|
|
|
2014-04-11 14:15:36 -06:00
|
|
|
static void netlink_data_ready(struct sock *sk)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2007-10-10 22:15:29 -06:00
|
|
|
BUG();
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2007-02-09 07:25:07 -07:00
|
|
|
* We export these functions to other modules. They provide a
|
2005-04-16 16:20:36 -06:00
|
|
|
* complete set of kernel non-blocking support for message
|
|
|
|
|
* queueing.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
struct sock *
|
2012-09-07 20:53:54 -06:00
|
|
|
__netlink_kernel_create(struct net *net, int unit, struct module *module,
|
|
|
|
|
struct netlink_kernel_cfg *cfg)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
struct socket *sock;
|
|
|
|
|
struct sock *sk;
|
2005-08-14 20:27:13 -06:00
|
|
|
struct netlink_sock *nlk;
|
2010-10-23 22:27:10 -06:00
|
|
|
struct listeners *listeners = NULL;
|
2012-06-29 00:15:21 -06:00
|
|
|
struct mutex *cb_mutex = cfg ? cfg->cb_mutex : NULL;
|
|
|
|
|
unsigned int groups;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2006-08-29 03:15:24 -06:00
|
|
|
BUG_ON(!nl_table);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2007-12-04 01:19:38 -07:00
|
|
|
if (unit < 0 || unit >= MAX_LINKS)
|
2005-04-16 16:20:36 -06:00
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
if (sock_create_lite(PF_NETLINK, SOCK_DGRAM, unit, &sock))
|
|
|
|
|
return NULL;
|
2015-05-08 20:11:33 -06:00
|
|
|
|
|
|
|
|
if (__netlink_create(net, sock, cb_mutex, unit, 1) < 0)
|
[NETNS]: Fix race between put_net() and netlink_kernel_create().
The comment about "race free view of the set of network
namespaces" was a bit hasty. Look (there even can be only
one CPU, as discovered by Alexey Dobriyan and Denis Lunev):
put_net()
if (atomic_dec_and_test(&net->refcnt))
/* true */
__put_net(net);
queue_work(...);
/*
* note: the net now has refcnt 0, but still in
* the global list of net namespaces
*/
== re-schedule ==
register_pernet_subsys(&some_ops);
register_pernet_operations(&some_ops);
(*some_ops)->init(net);
/*
* we call netlink_kernel_create() here
* in some places
*/
netlink_kernel_create();
sk_alloc();
get_net(net); /* refcnt = 1 */
/*
* now we drop the net refcount not to
* block the net namespace exit in the
* future (or this can be done on the
* error path)
*/
put_net(sk->sk_net);
if (atomic_dec_and_test(&...))
/*
* true. BOOOM! The net is
* scheduled for release twice
*/
When thinking on this problem, I decided, that getting and
putting the net in init callback is wrong. If some init
callback needs to have a refcount-less reference on the struct
net, _it_ has to be careful himself, rather than relying on
the infrastructure to handle this correctly.
In case of netlink_kernel_create(), the problem is that the
sk_alloc() gets the given namespace, but passing the info
that we don't want to get it inside this call is too heavy.
Instead, I propose to crate the socket inside an init_net
namespace and then re-attach it to the desired one right
after the socket is created.
After doing this, we also have to be careful on error paths
not to drop the reference on the namespace, we didn't get
the one on.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Denis Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-30 20:31:06 -07:00
|
|
|
goto out_sock_release_nosk;
|
|
|
|
|
|
|
|
|
|
sk = sock->sk;
|
2005-08-09 20:40:55 -06:00
|
|
|
|
2012-06-29 00:15:21 -06:00
|
|
|
if (!cfg || cfg->groups < 32)
|
2006-03-20 19:52:01 -07:00
|
|
|
groups = 32;
|
2012-06-29 00:15:21 -06:00
|
|
|
else
|
|
|
|
|
groups = cfg->groups;
|
2006-03-20 19:52:01 -07:00
|
|
|
|
2010-10-23 22:27:10 -06:00
|
|
|
listeners = kzalloc(sizeof(*listeners) + NLGRPSZ(groups), GFP_KERNEL);
|
2006-03-20 19:52:01 -07:00
|
|
|
if (!listeners)
|
|
|
|
|
goto out_sock_release;
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
sk->sk_data_ready = netlink_data_ready;
|
2012-06-29 00:15:21 -06:00
|
|
|
if (cfg && cfg->input)
|
|
|
|
|
nlk_sk(sk)->netlink_rcv = cfg->input;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-01-25 20:02:56 -07:00
|
|
|
if (netlink_insert(sk, 0))
|
2005-08-14 20:27:13 -06:00
|
|
|
goto out_sock_release;
|
2005-08-09 20:40:55 -06:00
|
|
|
|
2005-08-14 20:27:13 -06:00
|
|
|
nlk = nlk_sk(sk);
|
2015-05-07 03:02:52 -06:00
|
|
|
nlk->flags |= NETLINK_F_KERNEL_SOCKET;
|
2005-08-09 20:40:55 -06:00
|
|
|
|
|
|
|
|
netlink_table_grab();
|
2007-09-12 05:05:38 -06:00
|
|
|
if (!nl_table[unit].registered) {
|
|
|
|
|
nl_table[unit].groups = groups;
|
2010-10-23 22:27:10 -06:00
|
|
|
rcu_assign_pointer(nl_table[unit].listeners, listeners);
|
2007-09-12 05:05:38 -06:00
|
|
|
nl_table[unit].cb_mutex = cb_mutex;
|
|
|
|
|
nl_table[unit].module = module;
|
2012-09-07 20:53:53 -06:00
|
|
|
if (cfg) {
|
|
|
|
|
nl_table[unit].bind = cfg->bind;
|
2014-11-12 12:24:10 -07:00
|
|
|
nl_table[unit].unbind = cfg->unbind;
|
2012-09-07 20:53:53 -06:00
|
|
|
nl_table[unit].flags = cfg->flags;
|
2013-06-06 00:49:11 -06:00
|
|
|
if (cfg->compare)
|
|
|
|
|
nl_table[unit].compare = cfg->compare;
|
2012-09-07 20:53:53 -06:00
|
|
|
}
|
2007-09-12 05:05:38 -06:00
|
|
|
nl_table[unit].registered = 1;
|
2007-10-15 02:39:12 -06:00
|
|
|
} else {
|
|
|
|
|
kfree(listeners);
|
2008-01-19 00:53:31 -07:00
|
|
|
nl_table[unit].registered++;
|
2007-09-12 05:05:38 -06:00
|
|
|
}
|
2005-08-09 20:40:55 -06:00
|
|
|
netlink_table_ungrab();
|
2005-08-14 20:27:13 -06:00
|
|
|
return sk;
|
|
|
|
|
|
2005-08-09 20:40:55 -06:00
|
|
|
out_sock_release:
|
2006-03-20 19:52:01 -07:00
|
|
|
kfree(listeners);
|
2008-02-29 12:17:56 -07:00
|
|
|
netlink_kernel_release(sk);
|
[NETNS]: Fix race between put_net() and netlink_kernel_create().
The comment about "race free view of the set of network
namespaces" was a bit hasty. Look (there even can be only
one CPU, as discovered by Alexey Dobriyan and Denis Lunev):
put_net()
if (atomic_dec_and_test(&net->refcnt))
/* true */
__put_net(net);
queue_work(...);
/*
* note: the net now has refcnt 0, but still in
* the global list of net namespaces
*/
== re-schedule ==
register_pernet_subsys(&some_ops);
register_pernet_operations(&some_ops);
(*some_ops)->init(net);
/*
* we call netlink_kernel_create() here
* in some places
*/
netlink_kernel_create();
sk_alloc();
get_net(net); /* refcnt = 1 */
/*
* now we drop the net refcount not to
* block the net namespace exit in the
* future (or this can be done on the
* error path)
*/
put_net(sk->sk_net);
if (atomic_dec_and_test(&...))
/*
* true. BOOOM! The net is
* scheduled for release twice
*/
When thinking on this problem, I decided, that getting and
putting the net in init callback is wrong. If some init
callback needs to have a refcount-less reference on the struct
net, _it_ has to be careful himself, rather than relying on
the infrastructure to handle this correctly.
In case of netlink_kernel_create(), the problem is that the
sk_alloc() gets the given namespace, but passing the info
that we don't want to get it inside this call is too heavy.
Instead, I propose to crate the socket inside an init_net
namespace and then re-attach it to the desired one right
after the socket is created.
After doing this, we also have to be careful on error paths
not to drop the reference on the namespace, we didn't get
the one on.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Denis Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-30 20:31:06 -07:00
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
out_sock_release_nosk:
|
2005-08-09 20:40:55 -06:00
|
|
|
sock_release(sock);
|
2005-08-14 20:27:13 -06:00
|
|
|
return NULL;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2012-09-07 20:53:54 -06:00
|
|
|
EXPORT_SYMBOL(__netlink_kernel_create);
|
2008-01-28 15:41:19 -07:00
|
|
|
|
|
|
|
|
void
|
|
|
|
|
netlink_kernel_release(struct sock *sk)
|
|
|
|
|
{
|
2015-05-08 20:11:33 -06:00
|
|
|
if (sk == NULL || sk->sk_socket == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
sock_release(sk->sk_socket);
|
2008-01-28 15:41:19 -07:00
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL(netlink_kernel_release);
|
|
|
|
|
|
2009-09-11 21:03:15 -06:00
|
|
|
int __netlink_change_ngroups(struct sock *sk, unsigned int groups)
|
2007-07-18 16:46:06 -06:00
|
|
|
{
|
2010-10-23 22:27:10 -06:00
|
|
|
struct listeners *new, *old;
|
2007-07-18 16:46:06 -06:00
|
|
|
struct netlink_table *tbl = &nl_table[sk->sk_protocol];
|
|
|
|
|
|
|
|
|
|
if (groups < 32)
|
|
|
|
|
groups = 32;
|
|
|
|
|
|
|
|
|
|
if (NLGRPSZ(tbl->groups) < NLGRPSZ(groups)) {
|
2010-10-23 22:27:10 -06:00
|
|
|
new = kzalloc(sizeof(*new) + NLGRPSZ(groups), GFP_ATOMIC);
|
|
|
|
|
if (!new)
|
2009-09-11 21:03:15 -06:00
|
|
|
return -ENOMEM;
|
2012-10-17 21:21:55 -06:00
|
|
|
old = nl_deref_protected(tbl->listeners);
|
2010-10-23 22:27:10 -06:00
|
|
|
memcpy(new->masks, old->masks, NLGRPSZ(tbl->groups));
|
|
|
|
|
rcu_assign_pointer(tbl->listeners, new);
|
|
|
|
|
|
2011-03-15 04:01:42 -06:00
|
|
|
kfree_rcu(old, rcu);
|
2007-07-18 16:46:06 -06:00
|
|
|
}
|
|
|
|
|
tbl->groups = groups;
|
|
|
|
|
|
2009-09-11 21:03:15 -06:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* netlink_change_ngroups - change number of multicast groups
|
|
|
|
|
*
|
|
|
|
|
* This changes the number of multicast groups that are available
|
|
|
|
|
* on a certain netlink family. Note that it is not possible to
|
|
|
|
|
* change the number of groups to below 32. Also note that it does
|
|
|
|
|
* not implicitly call netlink_clear_multicast_users() when the
|
|
|
|
|
* number of groups is reduced.
|
|
|
|
|
*
|
|
|
|
|
* @sk: The kernel netlink socket, as returned by netlink_kernel_create().
|
|
|
|
|
* @groups: The new number of groups.
|
|
|
|
|
*/
|
|
|
|
|
int netlink_change_ngroups(struct sock *sk, unsigned int groups)
|
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
netlink_table_grab();
|
|
|
|
|
err = __netlink_change_ngroups(sk, groups);
|
2007-07-18 16:46:06 -06:00
|
|
|
netlink_table_ungrab();
|
2009-09-11 21:03:15 -06:00
|
|
|
|
2007-07-18 16:46:06 -06:00
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2009-09-24 16:44:05 -06:00
|
|
|
void __netlink_clear_multicast_users(struct sock *ksk, unsigned int group)
|
|
|
|
|
{
|
|
|
|
|
struct sock *sk;
|
|
|
|
|
struct netlink_table *tbl = &nl_table[ksk->sk_protocol];
|
|
|
|
|
|
hlist: drop the node parameter from iterators
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.
Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.
The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
type T;
expression a,c,d,e;
identifier b;
statement S;
@@
-T b;
<+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
...+>
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-27 18:06:00 -07:00
|
|
|
sk_for_each_bound(sk, &tbl->mc_list)
|
2009-09-24 16:44:05 -06:00
|
|
|
netlink_update_socket_mc(nlk_sk(sk), group, 0);
|
|
|
|
|
}
|
|
|
|
|
|
2012-01-30 13:22:06 -07:00
|
|
|
struct nlmsghdr *
|
2012-09-07 14:12:54 -06:00
|
|
|
__nlmsg_put(struct sk_buff *skb, u32 portid, u32 seq, int type, int len, int flags)
|
2012-01-30 13:22:06 -07:00
|
|
|
{
|
|
|
|
|
struct nlmsghdr *nlh;
|
2013-03-27 00:47:04 -06:00
|
|
|
int size = nlmsg_msg_size(len);
|
2012-01-30 13:22:06 -07:00
|
|
|
|
networking: make skb_put & friends return void pointers
It seems like a historic accident that these return unsigned char *,
and in many places that means casts are required, more often than not.
Make these functions (skb_put, __skb_put and pskb_put) return void *
and remove all the casts across the tree, adding a (u8 *) cast only
where the unsigned char pointer was used directly, all done with the
following spatch:
@@
expression SKB, LEN;
typedef u8;
identifier fn = { skb_put, __skb_put };
@@
- *(fn(SKB, LEN))
+ *(u8 *)fn(SKB, LEN)
@@
expression E, SKB, LEN;
identifier fn = { skb_put, __skb_put };
type T;
@@
- E = ((T *)(fn(SKB, LEN)))
+ E = fn(SKB, LEN)
which actually doesn't cover pskb_put since there are only three
users overall.
A handful of stragglers were converted manually, notably a macro in
drivers/isdn/i4l/isdn_bsdcomp.c and, oddly enough, one of the many
instances in net/bluetooth/hci_sock.c. In the former file, I also
had to fix one whitespace problem spatch introduced.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-16 06:29:21 -06:00
|
|
|
nlh = skb_put(skb, NLMSG_ALIGN(size));
|
2012-01-30 13:22:06 -07:00
|
|
|
nlh->nlmsg_type = type;
|
|
|
|
|
nlh->nlmsg_len = size;
|
|
|
|
|
nlh->nlmsg_flags = flags;
|
2012-09-07 14:12:54 -06:00
|
|
|
nlh->nlmsg_pid = portid;
|
2012-01-30 13:22:06 -07:00
|
|
|
nlh->nlmsg_seq = seq;
|
|
|
|
|
if (!__builtin_constant_p(size) || NLMSG_ALIGN(size) - size != 0)
|
2013-03-27 00:47:04 -06:00
|
|
|
memset(nlmsg_data(nlh) + len, 0, NLMSG_ALIGN(size) - size);
|
2012-01-30 13:22:06 -07:00
|
|
|
return nlh;
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL(__nlmsg_put);
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
/*
|
|
|
|
|
* It looks a bit ugly.
|
|
|
|
|
* It would be better to create kernel thread.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static int netlink_dump(struct sock *sk)
|
|
|
|
|
{
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(sk);
|
|
|
|
|
struct netlink_callback *cb;
|
2011-06-09 19:27:09 -06:00
|
|
|
struct sk_buff *skb = NULL;
|
2005-04-16 16:20:36 -06:00
|
|
|
struct nlmsghdr *nlh;
|
2016-05-16 03:28:16 -06:00
|
|
|
struct module *module;
|
af_netlink: ensure that NLMSG_DONE never fails in dumps
[ Upstream commit 0642840b8bb008528dbdf929cec9f65ac4231ad0 ]
The way people generally use netlink_dump is that they fill in the skb
as much as possible, breaking when nla_put returns an error. Then, they
get called again and start filling out the next skb, and again, and so
forth. The mechanism at work here is the ability for the iterative
dumping function to detect when the skb is filled up and not fill it
past the brim, waiting for a fresh skb for the rest of the data.
However, if the attributes are small and nicely packed, it is possible
that a dump callback function successfully fills in attributes until the
skb is of size 4080 (libmnl's default page-sized receive buffer size).
The dump function completes, satisfied, and then, if it happens to be
that this is actually the last skb, and no further ones are to be sent,
then netlink_dump will add on the NLMSG_DONE part:
nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, sizeof(len), NLM_F_MULTI);
It is very important that netlink_dump does this, of course. However, in
this example, that call to nlmsg_put_answer will fail, because the
previous filling by the dump function did not leave it enough room. And
how could it possibly have done so? All of the nla_put variety of
functions simply check to see if the skb has enough tailroom,
independent of the context it is in.
In order to keep the important assumptions of all netlink dump users, it
is therefore important to give them an skb that has this end part of the
tail already reserved, so that the call to nlmsg_put_answer does not
fail. Otherwise, library authors are forced to find some bizarre sized
receive buffer that has a large modulo relative to the common sizes of
messages received, which is ugly and buggy.
This patch thus saves the NLMSG_DONE for an additional message, for the
case that things are dangerously close to the brim. This requires
keeping track of the errno from ->dump() across calls.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-08 21:04:44 -07:00
|
|
|
int err = -ENOBUFS;
|
2015-10-15 02:55:17 -06:00
|
|
|
int alloc_min_size;
|
2011-06-09 19:27:09 -06:00
|
|
|
int alloc_size;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2007-04-20 15:14:21 -06:00
|
|
|
mutex_lock(nlk->cb_mutex);
|
2013-08-15 16:31:06 -06:00
|
|
|
if (!nlk->cb_running) {
|
2006-08-05 00:03:29 -06:00
|
|
|
err = -EINVAL;
|
|
|
|
|
goto errout_skb;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
netlink: remove mmapped netlink support
mmapped netlink has a number of unresolved issues:
- TX zerocopy support had to be disabled more than a year ago via
commit 4682a0358639b29cf ("netlink: Always copy on mmap TX.")
because the content of the mmapped area can change after netlink
attribute validation but before message processing.
- RX support was implemented mainly to speed up nfqueue dumping packet
payload to userspace. However, since commit ae08ce0021087a5d812d2
("netfilter: nfnetlink_queue: zero copy support") we avoid one copy
with the socket-based interface too (via the skb_zerocopy helper).
The other problem is that skbs attached to mmaped netlink socket
behave different from normal skbs:
- they don't have a shinfo area, so all functions that use skb_shinfo()
(e.g. skb_clone) cannot be used.
- reserving headroom prevents userspace from seeing the content as
it expects message to start at skb->head.
See for instance
commit aa3a022094fa ("netlink: not trim skb for mmaped socket when dump").
- skbs handed e.g. to netlink_ack must have non-NULL skb->sk, else we
crash because it needs the sk to check if a tx ring is attached.
Also not obvious, leads to non-intuitive bug fixes such as 7c7bdf359
("netfilter: nfnetlink: use original skbuff when acking batches").
mmaped netlink also didn't play nicely with the skb_zerocopy helper
used by nfqueue and openvswitch. Daniel Borkmann fixed this via
commit 6bb0fef489f6 ("netlink, mmap: fix edge-case leakages in nf queue
zero-copy")' but at the cost of also needing to provide remaining
length to the allocation function.
nfqueue also has problems when used with mmaped rx netlink:
- mmaped netlink doesn't allow use of nfqueue batch verdict messages.
Problem is that in the mmap case, the allocation time also determines
the ordering in which the frame will be seen by userspace (A
allocating before B means that A is located in earlier ring slot,
but this also means that B might get a lower sequence number then A
since seqno is decided later. To fix this we would need to extend the
spinlocked region to also cover the allocation and message setup which
isn't desirable.
- nfqueue can now be configured to queue large (GSO) skbs to userspace.
Queing GSO packets is faster than having to force a software segmentation
in the kernel, so this is a desirable option. However, with a mmap based
ring one has to use 64kb per ring slot element, else mmap has to fall back
to the socket path (NL_MMAP_STATUS_COPY) for all large packets.
To use the mmap interface, userspace not only has to probe for mmap netlink
support, it also has to implement a recv/socket receive path in order to
handle messages that exceed the size of an rx ring element.
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-18 07:03:24 -07:00
|
|
|
if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
|
2013-04-17 00:47:04 -06:00
|
|
|
goto errout_skb;
|
2014-03-07 13:02:33 -07:00
|
|
|
|
|
|
|
|
/* NLMSG_GOODSIZE is small to avoid high order allocations being
|
|
|
|
|
* required, but it makes sense to _attempt_ a 16K bytes allocation
|
|
|
|
|
* to reduce number of system calls on dump operations, if user
|
|
|
|
|
* ever provided a big enough buffer.
|
|
|
|
|
*/
|
2015-10-15 02:55:17 -06:00
|
|
|
cb = &nlk->cb;
|
|
|
|
|
alloc_min_size = max_t(int, cb->min_dump_alloc, NLMSG_GOODSIZE);
|
|
|
|
|
|
|
|
|
|
if (alloc_min_size < nlk->max_recvmsg_len) {
|
|
|
|
|
alloc_size = nlk->max_recvmsg_len;
|
2016-10-05 13:13:18 -06:00
|
|
|
skb = alloc_skb(alloc_size,
|
|
|
|
|
(GFP_KERNEL & ~__GFP_DIRECT_RECLAIM) |
|
|
|
|
|
__GFP_NOWARN | __GFP_NORETRY);
|
2014-03-07 13:02:33 -07:00
|
|
|
}
|
2015-10-15 02:55:17 -06:00
|
|
|
if (!skb) {
|
|
|
|
|
alloc_size = alloc_min_size;
|
2016-02-18 07:03:28 -07:00
|
|
|
skb = alloc_skb(alloc_size, GFP_KERNEL);
|
2015-10-15 02:55:17 -06:00
|
|
|
}
|
2011-06-09 19:27:09 -06:00
|
|
|
if (!skb)
|
2011-06-14 21:11:42 -06:00
|
|
|
goto errout_skb;
|
2015-10-15 02:55:17 -06:00
|
|
|
|
|
|
|
|
/* Trim skb to allocated size. User is expected to provide buffer as
|
|
|
|
|
* large as max(min_dump_alloc, 16KiB (mac_recvmsg_len capped at
|
|
|
|
|
* netlink_recvmsg())). dump will pack as many smaller messages as
|
|
|
|
|
* could fit within the allocated skb. skb is typically allocated
|
|
|
|
|
* with larger space than required (could be as much as near 2x the
|
|
|
|
|
* requested size with align to next power of 2 approach). Allowing
|
|
|
|
|
* dump to use the excess space makes it difficult for a user to have a
|
|
|
|
|
* reasonable static buffer based on the expected largest dump of a
|
|
|
|
|
* single netdev. The outcome is MSG_TRUNC error.
|
|
|
|
|
*/
|
netlink: remove mmapped netlink support
mmapped netlink has a number of unresolved issues:
- TX zerocopy support had to be disabled more than a year ago via
commit 4682a0358639b29cf ("netlink: Always copy on mmap TX.")
because the content of the mmapped area can change after netlink
attribute validation but before message processing.
- RX support was implemented mainly to speed up nfqueue dumping packet
payload to userspace. However, since commit ae08ce0021087a5d812d2
("netfilter: nfnetlink_queue: zero copy support") we avoid one copy
with the socket-based interface too (via the skb_zerocopy helper).
The other problem is that skbs attached to mmaped netlink socket
behave different from normal skbs:
- they don't have a shinfo area, so all functions that use skb_shinfo()
(e.g. skb_clone) cannot be used.
- reserving headroom prevents userspace from seeing the content as
it expects message to start at skb->head.
See for instance
commit aa3a022094fa ("netlink: not trim skb for mmaped socket when dump").
- skbs handed e.g. to netlink_ack must have non-NULL skb->sk, else we
crash because it needs the sk to check if a tx ring is attached.
Also not obvious, leads to non-intuitive bug fixes such as 7c7bdf359
("netfilter: nfnetlink: use original skbuff when acking batches").
mmaped netlink also didn't play nicely with the skb_zerocopy helper
used by nfqueue and openvswitch. Daniel Borkmann fixed this via
commit 6bb0fef489f6 ("netlink, mmap: fix edge-case leakages in nf queue
zero-copy")' but at the cost of also needing to provide remaining
length to the allocation function.
nfqueue also has problems when used with mmaped rx netlink:
- mmaped netlink doesn't allow use of nfqueue batch verdict messages.
Problem is that in the mmap case, the allocation time also determines
the ordering in which the frame will be seen by userspace (A
allocating before B means that A is located in earlier ring slot,
but this also means that B might get a lower sequence number then A
since seqno is decided later. To fix this we would need to extend the
spinlocked region to also cover the allocation and message setup which
isn't desirable.
- nfqueue can now be configured to queue large (GSO) skbs to userspace.
Queing GSO packets is faster than having to force a software segmentation
in the kernel, so this is a desirable option. However, with a mmap based
ring one has to use 64kb per ring slot element, else mmap has to fall back
to the socket path (NL_MMAP_STATUS_COPY) for all large packets.
To use the mmap interface, userspace not only has to probe for mmap netlink
support, it also has to implement a recv/socket receive path in order to
handle messages that exceed the size of an rx ring element.
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-18 07:03:24 -07:00
|
|
|
skb_reserve(skb, skb_tailroom(skb) - alloc_size);
|
2013-04-17 00:47:04 -06:00
|
|
|
netlink_skb_set_owner_r(skb, sk);
|
2011-06-09 19:27:09 -06:00
|
|
|
|
af_netlink: ensure that NLMSG_DONE never fails in dumps
[ Upstream commit 0642840b8bb008528dbdf929cec9f65ac4231ad0 ]
The way people generally use netlink_dump is that they fill in the skb
as much as possible, breaking when nla_put returns an error. Then, they
get called again and start filling out the next skb, and again, and so
forth. The mechanism at work here is the ability for the iterative
dumping function to detect when the skb is filled up and not fill it
past the brim, waiting for a fresh skb for the rest of the data.
However, if the attributes are small and nicely packed, it is possible
that a dump callback function successfully fills in attributes until the
skb is of size 4080 (libmnl's default page-sized receive buffer size).
The dump function completes, satisfied, and then, if it happens to be
that this is actually the last skb, and no further ones are to be sent,
then netlink_dump will add on the NLMSG_DONE part:
nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, sizeof(len), NLM_F_MULTI);
It is very important that netlink_dump does this, of course. However, in
this example, that call to nlmsg_put_answer will fail, because the
previous filling by the dump function did not leave it enough room. And
how could it possibly have done so? All of the nla_put variety of
functions simply check to see if the skb has enough tailroom,
independent of the context it is in.
In order to keep the important assumptions of all netlink dump users, it
is therefore important to give them an skb that has this end part of the
tail already reserved, so that the call to nlmsg_put_answer does not
fail. Otherwise, library authors are forced to find some bizarre sized
receive buffer that has a large modulo relative to the common sizes of
messages received, which is ugly and buggy.
This patch thus saves the NLMSG_DONE for an additional message, for the
case that things are dangerously close to the brim. This requires
keeping track of the errno from ->dump() across calls.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-08 21:04:44 -07:00
|
|
|
if (nlk->dump_done_errno > 0)
|
|
|
|
|
nlk->dump_done_errno = cb->dump(skb, cb);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
af_netlink: ensure that NLMSG_DONE never fails in dumps
[ Upstream commit 0642840b8bb008528dbdf929cec9f65ac4231ad0 ]
The way people generally use netlink_dump is that they fill in the skb
as much as possible, breaking when nla_put returns an error. Then, they
get called again and start filling out the next skb, and again, and so
forth. The mechanism at work here is the ability for the iterative
dumping function to detect when the skb is filled up and not fill it
past the brim, waiting for a fresh skb for the rest of the data.
However, if the attributes are small and nicely packed, it is possible
that a dump callback function successfully fills in attributes until the
skb is of size 4080 (libmnl's default page-sized receive buffer size).
The dump function completes, satisfied, and then, if it happens to be
that this is actually the last skb, and no further ones are to be sent,
then netlink_dump will add on the NLMSG_DONE part:
nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, sizeof(len), NLM_F_MULTI);
It is very important that netlink_dump does this, of course. However, in
this example, that call to nlmsg_put_answer will fail, because the
previous filling by the dump function did not leave it enough room. And
how could it possibly have done so? All of the nla_put variety of
functions simply check to see if the skb has enough tailroom,
independent of the context it is in.
In order to keep the important assumptions of all netlink dump users, it
is therefore important to give them an skb that has this end part of the
tail already reserved, so that the call to nlmsg_put_answer does not
fail. Otherwise, library authors are forced to find some bizarre sized
receive buffer that has a large modulo relative to the common sizes of
messages received, which is ugly and buggy.
This patch thus saves the NLMSG_DONE for an additional message, for the
case that things are dangerously close to the brim. This requires
keeping track of the errno from ->dump() across calls.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-08 21:04:44 -07:00
|
|
|
if (nlk->dump_done_errno > 0 ||
|
|
|
|
|
skb_tailroom(skb) < nlmsg_total_size(sizeof(nlk->dump_done_errno))) {
|
2007-04-20 15:14:21 -06:00
|
|
|
mutex_unlock(nlk->cb_mutex);
|
2008-03-21 16:46:12 -06:00
|
|
|
|
|
|
|
|
if (sk_filter(sk, skb))
|
|
|
|
|
kfree_skb(skb);
|
2012-04-05 16:17:46 -06:00
|
|
|
else
|
|
|
|
|
__netlink_sendskb(sk, skb);
|
2005-04-16 16:20:36 -06:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
af_netlink: ensure that NLMSG_DONE never fails in dumps
[ Upstream commit 0642840b8bb008528dbdf929cec9f65ac4231ad0 ]
The way people generally use netlink_dump is that they fill in the skb
as much as possible, breaking when nla_put returns an error. Then, they
get called again and start filling out the next skb, and again, and so
forth. The mechanism at work here is the ability for the iterative
dumping function to detect when the skb is filled up and not fill it
past the brim, waiting for a fresh skb for the rest of the data.
However, if the attributes are small and nicely packed, it is possible
that a dump callback function successfully fills in attributes until the
skb is of size 4080 (libmnl's default page-sized receive buffer size).
The dump function completes, satisfied, and then, if it happens to be
that this is actually the last skb, and no further ones are to be sent,
then netlink_dump will add on the NLMSG_DONE part:
nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, sizeof(len), NLM_F_MULTI);
It is very important that netlink_dump does this, of course. However, in
this example, that call to nlmsg_put_answer will fail, because the
previous filling by the dump function did not leave it enough room. And
how could it possibly have done so? All of the nla_put variety of
functions simply check to see if the skb has enough tailroom,
independent of the context it is in.
In order to keep the important assumptions of all netlink dump users, it
is therefore important to give them an skb that has this end part of the
tail already reserved, so that the call to nlmsg_put_answer does not
fail. Otherwise, library authors are forced to find some bizarre sized
receive buffer that has a large modulo relative to the common sizes of
messages received, which is ugly and buggy.
This patch thus saves the NLMSG_DONE for an additional message, for the
case that things are dangerously close to the brim. This requires
keeping track of the errno from ->dump() across calls.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-08 21:04:44 -07:00
|
|
|
nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE,
|
|
|
|
|
sizeof(nlk->dump_done_errno), NLM_F_MULTI);
|
|
|
|
|
if (WARN_ON(!nlh))
|
2006-08-05 00:03:29 -06:00
|
|
|
goto errout_skb;
|
|
|
|
|
|
netlink: advertise incomplete dumps
Consider the following situation:
* a dump that would show 8 entries, four in the first
round, and four in the second
* between the first and second rounds, 6 entries are
removed
* now the second round will not show any entry, and
even if there is a sequence/generation counter the
application will not know
To solve this problem, add a new flag NLM_F_DUMP_INTR
to the netlink header that indicates the dump wasn't
consistent, this flag can also be set on the MSG_DONE
message that terminates the dump, and as such above
situation can be detected.
To achieve this, add a sequence counter to the netlink
callback struct. Of course, netlink code still needs
to use this new functionality. The correct way to do
that is to always set cb->seq when a dumpit callback
is invoked and call nl_dump_check_consistent() for
each new message. The core code will also call this
function for the final MSG_DONE message.
To make it usable with generic netlink, a new function
genlmsg_nlhdr() is needed to obtain the netlink header
from the genetlink user header.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-06-20 05:40:46 -06:00
|
|
|
nl_dump_check_consistent(cb, nlh);
|
|
|
|
|
|
af_netlink: ensure that NLMSG_DONE never fails in dumps
[ Upstream commit 0642840b8bb008528dbdf929cec9f65ac4231ad0 ]
The way people generally use netlink_dump is that they fill in the skb
as much as possible, breaking when nla_put returns an error. Then, they
get called again and start filling out the next skb, and again, and so
forth. The mechanism at work here is the ability for the iterative
dumping function to detect when the skb is filled up and not fill it
past the brim, waiting for a fresh skb for the rest of the data.
However, if the attributes are small and nicely packed, it is possible
that a dump callback function successfully fills in attributes until the
skb is of size 4080 (libmnl's default page-sized receive buffer size).
The dump function completes, satisfied, and then, if it happens to be
that this is actually the last skb, and no further ones are to be sent,
then netlink_dump will add on the NLMSG_DONE part:
nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, sizeof(len), NLM_F_MULTI);
It is very important that netlink_dump does this, of course. However, in
this example, that call to nlmsg_put_answer will fail, because the
previous filling by the dump function did not leave it enough room. And
how could it possibly have done so? All of the nla_put variety of
functions simply check to see if the skb has enough tailroom,
independent of the context it is in.
In order to keep the important assumptions of all netlink dump users, it
is therefore important to give them an skb that has this end part of the
tail already reserved, so that the call to nlmsg_put_answer does not
fail. Otherwise, library authors are forced to find some bizarre sized
receive buffer that has a large modulo relative to the common sizes of
messages received, which is ugly and buggy.
This patch thus saves the NLMSG_DONE for an additional message, for the
case that things are dangerously close to the brim. This requires
keeping track of the errno from ->dump() across calls.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-08 21:04:44 -07:00
|
|
|
memcpy(nlmsg_data(nlh), &nlk->dump_done_errno,
|
|
|
|
|
sizeof(nlk->dump_done_errno));
|
2006-08-05 00:03:29 -06:00
|
|
|
|
2008-03-21 16:46:12 -06:00
|
|
|
if (sk_filter(sk, skb))
|
|
|
|
|
kfree_skb(skb);
|
2012-04-05 16:17:46 -06:00
|
|
|
else
|
|
|
|
|
__netlink_sendskb(sk, skb);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2005-11-09 18:25:52 -07:00
|
|
|
if (cb->done)
|
|
|
|
|
cb->done(cb);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2013-08-15 16:31:06 -06:00
|
|
|
nlk->cb_running = false;
|
2016-05-16 03:28:16 -06:00
|
|
|
module = cb->module;
|
|
|
|
|
skb = cb->skb;
|
2013-08-15 16:31:06 -06:00
|
|
|
mutex_unlock(nlk->cb_mutex);
|
2016-05-16 03:28:16 -06:00
|
|
|
module_put(module);
|
|
|
|
|
consume_skb(skb);
|
2005-04-16 16:20:36 -06:00
|
|
|
return 0;
|
2005-06-18 23:53:48 -06:00
|
|
|
|
2006-08-05 00:03:29 -06:00
|
|
|
errout_skb:
|
2007-04-20 15:14:21 -06:00
|
|
|
mutex_unlock(nlk->cb_mutex);
|
2006-08-05 00:03:29 -06:00
|
|
|
kfree_skb(skb);
|
|
|
|
|
return err;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2012-10-04 14:15:48 -06:00
|
|
|
int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
|
|
|
|
|
const struct nlmsghdr *nlh,
|
|
|
|
|
struct netlink_dump_control *control)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
struct netlink_callback *cb;
|
|
|
|
|
struct sock *sk;
|
|
|
|
|
struct netlink_sock *nlk;
|
2011-02-20 19:40:47 -07:00
|
|
|
int ret;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2017-06-30 04:07:58 -06:00
|
|
|
refcount_inc(&skb->users);
|
2013-04-17 00:47:04 -06:00
|
|
|
|
2012-09-07 14:12:54 -06:00
|
|
|
sk = netlink_lookup(sock_net(ssk), ssk->sk_protocol, NETLINK_CB(skb).portid);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (sk == NULL) {
|
2013-08-15 16:31:06 -06:00
|
|
|
ret = -ECONNREFUSED;
|
|
|
|
|
goto error_free;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2012-10-04 14:15:48 -06:00
|
|
|
|
2013-08-15 16:31:06 -06:00
|
|
|
nlk = nlk_sk(sk);
|
2007-04-20 15:14:21 -06:00
|
|
|
mutex_lock(nlk->cb_mutex);
|
2012-10-04 14:15:48 -06:00
|
|
|
/* A dump is in progress... */
|
2013-08-15 16:31:06 -06:00
|
|
|
if (nlk->cb_running) {
|
2012-10-04 14:15:48 -06:00
|
|
|
ret = -EBUSY;
|
2013-08-15 16:31:06 -06:00
|
|
|
goto error_unlock;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2012-10-04 14:15:48 -06:00
|
|
|
/* add reference of module which cb->dump belongs to */
|
2013-08-15 16:31:06 -06:00
|
|
|
if (!try_module_get(control->module)) {
|
2012-10-04 14:15:48 -06:00
|
|
|
ret = -EPROTONOSUPPORT;
|
2013-08-15 16:31:06 -06:00
|
|
|
goto error_unlock;
|
2012-10-04 14:15:48 -06:00
|
|
|
}
|
|
|
|
|
|
2013-08-15 16:31:06 -06:00
|
|
|
cb = &nlk->cb;
|
|
|
|
|
memset(cb, 0, sizeof(*cb));
|
2015-12-15 16:41:37 -07:00
|
|
|
cb->start = control->start;
|
2013-08-15 16:31:06 -06:00
|
|
|
cb->dump = control->dump;
|
|
|
|
|
cb->done = control->done;
|
|
|
|
|
cb->nlh = nlh;
|
|
|
|
|
cb->data = control->data;
|
|
|
|
|
cb->module = control->module;
|
|
|
|
|
cb->min_dump_alloc = control->min_dump_alloc;
|
|
|
|
|
cb->skb = skb;
|
|
|
|
|
|
2017-10-09 06:14:51 -06:00
|
|
|
if (cb->start) {
|
|
|
|
|
ret = cb->start(cb);
|
|
|
|
|
if (ret)
|
2018-02-20 20:41:59 -07:00
|
|
|
goto error_put;
|
2017-10-09 06:14:51 -06:00
|
|
|
}
|
|
|
|
|
|
2013-08-15 16:31:06 -06:00
|
|
|
nlk->cb_running = true;
|
af_netlink: ensure that NLMSG_DONE never fails in dumps
[ Upstream commit 0642840b8bb008528dbdf929cec9f65ac4231ad0 ]
The way people generally use netlink_dump is that they fill in the skb
as much as possible, breaking when nla_put returns an error. Then, they
get called again and start filling out the next skb, and again, and so
forth. The mechanism at work here is the ability for the iterative
dumping function to detect when the skb is filled up and not fill it
past the brim, waiting for a fresh skb for the rest of the data.
However, if the attributes are small and nicely packed, it is possible
that a dump callback function successfully fills in attributes until the
skb is of size 4080 (libmnl's default page-sized receive buffer size).
The dump function completes, satisfied, and then, if it happens to be
that this is actually the last skb, and no further ones are to be sent,
then netlink_dump will add on the NLMSG_DONE part:
nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, sizeof(len), NLM_F_MULTI);
It is very important that netlink_dump does this, of course. However, in
this example, that call to nlmsg_put_answer will fail, because the
previous filling by the dump function did not leave it enough room. And
how could it possibly have done so? All of the nla_put variety of
functions simply check to see if the skb has enough tailroom,
independent of the context it is in.
In order to keep the important assumptions of all netlink dump users, it
is therefore important to give them an skb that has this end part of the
tail already reserved, so that the call to nlmsg_put_answer does not
fail. Otherwise, library authors are forced to find some bizarre sized
receive buffer that has a large modulo relative to the common sizes of
messages received, which is ugly and buggy.
This patch thus saves the NLMSG_DONE for an additional message, for the
case that things are dangerously close to the brim. This requires
keeping track of the errno from ->dump() across calls.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-08 21:04:44 -07:00
|
|
|
nlk->dump_done_errno = INT_MAX;
|
2013-08-15 16:31:06 -06:00
|
|
|
|
2007-04-20 15:14:21 -06:00
|
|
|
mutex_unlock(nlk->cb_mutex);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2017-10-09 06:14:51 -06:00
|
|
|
ret = netlink_dump(sk);
|
2015-12-15 16:41:37 -07:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
sock_put(sk);
|
2007-10-23 21:29:25 -06:00
|
|
|
|
2011-02-20 19:40:47 -07:00
|
|
|
if (ret)
|
|
|
|
|
return ret;
|
|
|
|
|
|
2007-10-23 21:29:25 -06:00
|
|
|
/* We successfully started a dump, by returning -EINTR we
|
|
|
|
|
* signal not to send ACK even if it was requested.
|
|
|
|
|
*/
|
|
|
|
|
return -EINTR;
|
2013-08-15 16:31:06 -06:00
|
|
|
|
2018-02-20 20:41:59 -07:00
|
|
|
error_put:
|
|
|
|
|
module_put(control->module);
|
2013-08-15 16:31:06 -06:00
|
|
|
error_unlock:
|
|
|
|
|
sock_put(sk);
|
|
|
|
|
mutex_unlock(nlk->cb_mutex);
|
|
|
|
|
error_free:
|
|
|
|
|
kfree_skb(skb);
|
|
|
|
|
return ret;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2012-10-04 14:15:48 -06:00
|
|
|
EXPORT_SYMBOL(__netlink_dump_start);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2017-04-12 06:34:04 -06:00
|
|
|
void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err,
|
|
|
|
|
const struct netlink_ext_ack *extack)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
struct sk_buff *skb;
|
|
|
|
|
struct nlmsghdr *rep;
|
|
|
|
|
struct nlmsgerr *errmsg;
|
2006-11-10 15:10:15 -07:00
|
|
|
size_t payload = sizeof(*errmsg);
|
2017-04-12 06:34:04 -06:00
|
|
|
size_t tlvlen = 0;
|
2015-08-27 23:07:48 -06:00
|
|
|
struct netlink_sock *nlk = nlk_sk(NETLINK_CB(in_skb).sk);
|
2017-04-12 06:34:04 -06:00
|
|
|
unsigned int flags = 0;
|
2017-10-16 09:09:53 -06:00
|
|
|
bool nlk_has_extack = nlk->flags & NETLINK_F_EXT_ACK;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-08-27 23:07:48 -06:00
|
|
|
/* Error messages get the original request appened, unless the user
|
2017-04-12 06:34:04 -06:00
|
|
|
* requests to cap the error message, and get extra error data if
|
|
|
|
|
* requested.
|
2015-08-27 23:07:48 -06:00
|
|
|
*/
|
2017-04-12 06:34:04 -06:00
|
|
|
if (err) {
|
|
|
|
|
if (!(nlk->flags & NETLINK_F_CAP_ACK))
|
|
|
|
|
payload += nlmsg_len(nlh);
|
|
|
|
|
else
|
|
|
|
|
flags |= NLM_F_CAPPED;
|
2017-10-16 09:09:53 -06:00
|
|
|
if (nlk_has_extack && extack) {
|
2017-04-12 06:34:04 -06:00
|
|
|
if (extack->_msg)
|
|
|
|
|
tlvlen += nla_total_size(strlen(extack->_msg) + 1);
|
|
|
|
|
if (extack->bad_attr)
|
|
|
|
|
tlvlen += nla_total_size(sizeof(u32));
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
flags |= NLM_F_CAPPED;
|
2017-04-12 06:34:06 -06:00
|
|
|
|
2017-10-16 09:09:53 -06:00
|
|
|
if (nlk_has_extack && extack && extack->cookie_len)
|
2017-04-12 06:34:06 -06:00
|
|
|
tlvlen += nla_total_size(extack->cookie_len);
|
2017-04-12 06:34:04 -06:00
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2017-04-12 06:34:04 -06:00
|
|
|
if (tlvlen)
|
|
|
|
|
flags |= NLM_F_ACK_TLVS;
|
|
|
|
|
|
|
|
|
|
skb = nlmsg_new(payload + tlvlen, GFP_KERNEL);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (!skb) {
|
|
|
|
|
struct sock *sk;
|
|
|
|
|
|
2008-03-25 11:26:21 -06:00
|
|
|
sk = netlink_lookup(sock_net(in_skb->sk),
|
2007-09-12 05:05:38 -06:00
|
|
|
in_skb->sk->sk_protocol,
|
2012-09-07 14:12:54 -06:00
|
|
|
NETLINK_CB(in_skb).portid);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (sk) {
|
|
|
|
|
sk->sk_err = ENOBUFS;
|
|
|
|
|
sk->sk_error_report(sk);
|
|
|
|
|
sock_put(sk);
|
|
|
|
|
}
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-07 14:12:54 -06:00
|
|
|
rep = __nlmsg_put(skb, NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
|
2017-04-12 06:34:04 -06:00
|
|
|
NLMSG_ERROR, payload, flags);
|
2006-08-05 00:03:29 -06:00
|
|
|
errmsg = nlmsg_data(rep);
|
2005-04-16 16:20:36 -06:00
|
|
|
errmsg->error = err;
|
2015-08-27 23:07:48 -06:00
|
|
|
memcpy(&errmsg->msg, nlh, payload > sizeof(*errmsg) ? nlh->nlmsg_len : sizeof(*nlh));
|
2017-04-12 06:34:04 -06:00
|
|
|
|
2017-10-16 09:09:53 -06:00
|
|
|
if (nlk_has_extack && extack) {
|
2017-04-12 06:34:06 -06:00
|
|
|
if (err) {
|
|
|
|
|
if (extack->_msg)
|
|
|
|
|
WARN_ON(nla_put_string(skb, NLMSGERR_ATTR_MSG,
|
|
|
|
|
extack->_msg));
|
|
|
|
|
if (extack->bad_attr &&
|
|
|
|
|
!WARN_ON((u8 *)extack->bad_attr < in_skb->data ||
|
|
|
|
|
(u8 *)extack->bad_attr >= in_skb->data +
|
|
|
|
|
in_skb->len))
|
|
|
|
|
WARN_ON(nla_put_u32(skb, NLMSGERR_ATTR_OFFS,
|
|
|
|
|
(u8 *)extack->bad_attr -
|
|
|
|
|
in_skb->data));
|
|
|
|
|
} else {
|
|
|
|
|
if (extack->cookie_len)
|
|
|
|
|
WARN_ON(nla_put(skb, NLMSGERR_ATTR_COOKIE,
|
|
|
|
|
extack->cookie_len,
|
|
|
|
|
extack->cookie));
|
|
|
|
|
}
|
2017-04-12 06:34:04 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nlmsg_end(skb, rep);
|
|
|
|
|
|
2012-09-07 14:12:54 -06:00
|
|
|
netlink_unicast(in_skb->sk, skb, NETLINK_CB(in_skb).portid, MSG_DONTWAIT);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2007-12-04 01:19:38 -07:00
|
|
|
EXPORT_SYMBOL(netlink_ack);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2007-10-10 22:15:29 -06:00
|
|
|
int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *,
|
2017-04-12 06:34:04 -06:00
|
|
|
struct nlmsghdr *,
|
|
|
|
|
struct netlink_ext_ack *))
|
2005-11-09 18:25:53 -07:00
|
|
|
{
|
2018-01-10 14:00:39 -07:00
|
|
|
struct netlink_ext_ack extack;
|
2005-11-09 18:25:53 -07:00
|
|
|
struct nlmsghdr *nlh;
|
|
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
while (skb->len >= nlmsg_total_size(0)) {
|
2007-10-10 22:15:29 -06:00
|
|
|
int msglen;
|
|
|
|
|
|
2018-01-17 23:48:03 -07:00
|
|
|
memset(&extack, 0, sizeof(extack));
|
2007-04-25 20:08:35 -06:00
|
|
|
nlh = nlmsg_hdr(skb);
|
2007-03-23 00:28:46 -06:00
|
|
|
err = 0;
|
2005-11-09 18:25:53 -07:00
|
|
|
|
2006-01-10 14:02:29 -07:00
|
|
|
if (nlh->nlmsg_len < NLMSG_HDRLEN || skb->len < nlh->nlmsg_len)
|
2005-11-09 18:25:53 -07:00
|
|
|
return 0;
|
|
|
|
|
|
2007-03-23 00:28:46 -06:00
|
|
|
/* Only requests are handled by the kernel */
|
|
|
|
|
if (!(nlh->nlmsg_flags & NLM_F_REQUEST))
|
2007-10-23 21:29:25 -06:00
|
|
|
goto ack;
|
2007-03-23 00:29:10 -06:00
|
|
|
|
|
|
|
|
/* Skip control messages */
|
|
|
|
|
if (nlh->nlmsg_type < NLMSG_MIN_TYPE)
|
2007-10-23 21:29:25 -06:00
|
|
|
goto ack;
|
2007-03-23 00:28:46 -06:00
|
|
|
|
2017-04-12 06:34:04 -06:00
|
|
|
err = cb(skb, nlh, &extack);
|
2007-10-23 21:29:25 -06:00
|
|
|
if (err == -EINTR)
|
|
|
|
|
goto skip;
|
|
|
|
|
|
|
|
|
|
ack:
|
2007-03-23 00:28:46 -06:00
|
|
|
if (nlh->nlmsg_flags & NLM_F_ACK || err)
|
2017-04-12 06:34:04 -06:00
|
|
|
netlink_ack(skb, nlh, err, &extack);
|
2005-11-09 18:25:53 -07:00
|
|
|
|
2007-10-23 21:29:25 -06:00
|
|
|
skip:
|
2007-12-04 01:19:38 -07:00
|
|
|
msglen = NLMSG_ALIGN(nlh->nlmsg_len);
|
2007-10-10 22:15:29 -06:00
|
|
|
if (msglen > skb->len)
|
|
|
|
|
msglen = skb->len;
|
|
|
|
|
skb_pull(skb, msglen);
|
2005-11-09 18:25:53 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2007-12-04 01:19:38 -07:00
|
|
|
EXPORT_SYMBOL(netlink_rcv_skb);
|
2005-11-09 18:25:53 -07:00
|
|
|
|
2006-08-15 01:31:06 -06:00
|
|
|
/**
|
|
|
|
|
* nlmsg_notify - send a notification netlink message
|
|
|
|
|
* @sk: netlink socket to use
|
|
|
|
|
* @skb: notification message
|
2012-09-07 14:12:54 -06:00
|
|
|
* @portid: destination netlink portid for reports or 0
|
2006-08-15 01:31:06 -06:00
|
|
|
* @group: destination multicast group or 0
|
|
|
|
|
* @report: 1 to report back, 0 to disable
|
|
|
|
|
* @flags: allocation flags
|
|
|
|
|
*/
|
2012-09-07 14:12:54 -06:00
|
|
|
int nlmsg_notify(struct sock *sk, struct sk_buff *skb, u32 portid,
|
2006-08-15 01:31:06 -06:00
|
|
|
unsigned int group, int report, gfp_t flags)
|
|
|
|
|
{
|
|
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
|
|
if (group) {
|
2012-09-07 14:12:54 -06:00
|
|
|
int exclude_portid = 0;
|
2006-08-15 01:31:06 -06:00
|
|
|
|
|
|
|
|
if (report) {
|
2017-06-30 04:07:58 -06:00
|
|
|
refcount_inc(&skb->users);
|
2012-09-07 14:12:54 -06:00
|
|
|
exclude_portid = portid;
|
2006-08-15 01:31:06 -06:00
|
|
|
}
|
|
|
|
|
|
2009-02-25 00:18:28 -07:00
|
|
|
/* errors reported via destination sk->sk_err, but propagate
|
|
|
|
|
* delivery errors if NETLINK_BROADCAST_ERROR flag is set */
|
2012-09-07 14:12:54 -06:00
|
|
|
err = nlmsg_multicast(sk, skb, exclude_portid, group, flags);
|
2006-08-15 01:31:06 -06:00
|
|
|
}
|
|
|
|
|
|
2009-02-25 00:18:28 -07:00
|
|
|
if (report) {
|
|
|
|
|
int err2;
|
|
|
|
|
|
2012-09-07 14:12:54 -06:00
|
|
|
err2 = nlmsg_unicast(sk, skb, portid);
|
2009-02-25 00:18:28 -07:00
|
|
|
if (!err || err == -ESRCH)
|
|
|
|
|
err = err2;
|
|
|
|
|
}
|
2006-08-15 01:31:06 -06:00
|
|
|
|
|
|
|
|
return err;
|
|
|
|
|
}
|
2007-12-04 01:19:38 -07:00
|
|
|
EXPORT_SYMBOL(nlmsg_notify);
|
2006-08-15 01:31:06 -06:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
#ifdef CONFIG_PROC_FS
|
|
|
|
|
struct nl_seq_iter {
|
2007-11-19 23:31:54 -07:00
|
|
|
struct seq_net_private p;
|
2015-02-03 13:33:24 -07:00
|
|
|
struct rhashtable_iter hti;
|
2005-04-16 16:20:36 -06:00
|
|
|
int link;
|
|
|
|
|
};
|
|
|
|
|
|
2015-02-03 13:33:24 -07:00
|
|
|
static int netlink_walk_start(struct nl_seq_iter *iter)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2015-02-03 13:33:24 -07:00
|
|
|
int err;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2016-03-02 08:09:19 -07:00
|
|
|
err = rhashtable_walk_init(&nl_table[iter->link].hash, &iter->hti,
|
|
|
|
|
GFP_KERNEL);
|
2015-02-03 13:33:24 -07:00
|
|
|
if (err) {
|
|
|
|
|
iter->link = MAX_LINKS;
|
|
|
|
|
return err;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2015-02-03 13:33:24 -07:00
|
|
|
|
|
|
|
|
err = rhashtable_walk_start(&iter->hti);
|
|
|
|
|
return err == -EAGAIN ? 0 : err;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2015-02-03 13:33:24 -07:00
|
|
|
static void netlink_walk_stop(struct nl_seq_iter *iter)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2015-02-03 13:33:24 -07:00
|
|
|
rhashtable_walk_stop(&iter->hti);
|
|
|
|
|
rhashtable_walk_exit(&iter->hti);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2015-02-03 13:33:24 -07:00
|
|
|
static void *__netlink_seq_next(struct seq_file *seq)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2015-02-03 13:33:24 -07:00
|
|
|
struct nl_seq_iter *iter = seq->private;
|
2014-08-02 03:47:45 -06:00
|
|
|
struct netlink_sock *nlk;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-02-03 13:33:24 -07:00
|
|
|
do {
|
|
|
|
|
for (;;) {
|
|
|
|
|
int err;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-02-03 13:33:24 -07:00
|
|
|
nlk = rhashtable_walk_next(&iter->hti);
|
2007-02-09 07:25:07 -07:00
|
|
|
|
2015-02-03 13:33:24 -07:00
|
|
|
if (IS_ERR(nlk)) {
|
|
|
|
|
if (PTR_ERR(nlk) == -EAGAIN)
|
|
|
|
|
continue;
|
2014-08-02 03:47:45 -06:00
|
|
|
|
2015-02-03 13:33:24 -07:00
|
|
|
return nlk;
|
|
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-02-03 13:33:24 -07:00
|
|
|
if (nlk)
|
|
|
|
|
break;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-02-03 13:33:24 -07:00
|
|
|
netlink_walk_stop(iter);
|
|
|
|
|
if (++iter->link >= MAX_LINKS)
|
|
|
|
|
return NULL;
|
2013-06-06 00:49:11 -06:00
|
|
|
|
2015-02-03 13:33:24 -07:00
|
|
|
err = netlink_walk_start(iter);
|
|
|
|
|
if (err)
|
|
|
|
|
return ERR_PTR(err);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2015-02-03 13:33:24 -07:00
|
|
|
} while (sock_net(&nlk->sk) != seq_file_net(seq));
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-02-03 13:33:24 -07:00
|
|
|
return nlk;
|
|
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-02-03 13:33:24 -07:00
|
|
|
static void *netlink_seq_start(struct seq_file *seq, loff_t *posp)
|
|
|
|
|
{
|
|
|
|
|
struct nl_seq_iter *iter = seq->private;
|
|
|
|
|
void *obj = SEQ_START_TOKEN;
|
|
|
|
|
loff_t pos;
|
|
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
iter->link = 0;
|
|
|
|
|
|
|
|
|
|
err = netlink_walk_start(iter);
|
|
|
|
|
if (err)
|
|
|
|
|
return ERR_PTR(err);
|
|
|
|
|
|
|
|
|
|
for (pos = *posp; pos && obj && !IS_ERR(obj); pos--)
|
|
|
|
|
obj = __netlink_seq_next(seq);
|
|
|
|
|
|
|
|
|
|
return obj;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void *netlink_seq_next(struct seq_file *seq, void *v, loff_t *pos)
|
|
|
|
|
{
|
|
|
|
|
++*pos;
|
|
|
|
|
return __netlink_seq_next(seq);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void netlink_seq_stop(struct seq_file *seq, void *v)
|
|
|
|
|
{
|
2015-02-03 13:33:24 -07:00
|
|
|
struct nl_seq_iter *iter = seq->private;
|
|
|
|
|
|
|
|
|
|
if (iter->link >= MAX_LINKS)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
netlink_walk_stop(iter);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int netlink_seq_show(struct seq_file *seq, void *v)
|
|
|
|
|
{
|
2012-04-22 15:30:21 -06:00
|
|
|
if (v == SEQ_START_TOKEN) {
|
2005-04-16 16:20:36 -06:00
|
|
|
seq_puts(seq,
|
|
|
|
|
"sk Eth Pid Groups "
|
netlink: Adding inode field to /proc/net/netlink
The Inode field in /proc/net/{tcp,udp,packet,raw,...} is useful to know the types of
file descriptors associated to a process. Actually lsof utility uses the field.
Unfortunately, unlike /proc/net/{tcp,udp,packet,raw,...}, /proc/net/netlink doesn't have the field.
This patch adds the field to /proc/net/netlink.
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-02-27 12:45:37 -07:00
|
|
|
"Rmem Wmem Dump Locks Drops Inode\n");
|
2012-04-22 15:30:21 -06:00
|
|
|
} else {
|
2005-04-16 16:20:36 -06:00
|
|
|
struct sock *s = v;
|
|
|
|
|
struct netlink_sock *nlk = nlk_sk(s);
|
|
|
|
|
|
2013-08-15 16:31:06 -06:00
|
|
|
seq_printf(seq, "%pK %-3d %-6u %08x %-8d %-8d %d %-8d %-8d %-8lu\n",
|
2005-04-16 16:20:36 -06:00
|
|
|
s,
|
|
|
|
|
s->sk_protocol,
|
2012-09-07 14:12:54 -06:00
|
|
|
nlk->portid,
|
2005-09-06 16:43:59 -06:00
|
|
|
nlk->groups ? (u32)nlk->groups[0] : 0,
|
2009-06-17 20:05:41 -06:00
|
|
|
sk_rmem_alloc_get(s),
|
|
|
|
|
sk_wmem_alloc_get(s),
|
2013-08-15 16:31:06 -06:00
|
|
|
nlk->cb_running,
|
2017-06-30 04:08:01 -06:00
|
|
|
refcount_read(&s->sk_refcnt),
|
netlink: Adding inode field to /proc/net/netlink
The Inode field in /proc/net/{tcp,udp,packet,raw,...} is useful to know the types of
file descriptors associated to a process. Actually lsof utility uses the field.
Unfortunately, unlike /proc/net/{tcp,udp,packet,raw,...}, /proc/net/netlink doesn't have the field.
This patch adds the field to /proc/net/netlink.
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-02-27 12:45:37 -07:00
|
|
|
atomic_read(&s->sk_drops),
|
|
|
|
|
sock_i_ino(s)
|
2005-04-16 16:20:36 -06:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2007-07-11 00:07:31 -06:00
|
|
|
static const struct seq_operations netlink_seq_ops = {
|
2005-04-16 16:20:36 -06:00
|
|
|
.start = netlink_seq_start,
|
|
|
|
|
.next = netlink_seq_next,
|
|
|
|
|
.stop = netlink_seq_stop,
|
|
|
|
|
.show = netlink_seq_show,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int netlink_seq_open(struct inode *inode, struct file *file)
|
|
|
|
|
{
|
2007-11-19 23:31:54 -07:00
|
|
|
return seq_open_net(inode, file, &netlink_seq_ops,
|
|
|
|
|
sizeof(struct nl_seq_iter));
|
2007-09-12 05:05:38 -06:00
|
|
|
}
|
|
|
|
|
|
2007-02-12 01:55:36 -07:00
|
|
|
static const struct file_operations netlink_seq_fops = {
|
2005-04-16 16:20:36 -06:00
|
|
|
.owner = THIS_MODULE,
|
|
|
|
|
.open = netlink_seq_open,
|
|
|
|
|
.read = seq_read,
|
|
|
|
|
.llseek = seq_lseek,
|
2007-11-19 23:31:54 -07:00
|
|
|
.release = seq_release_net,
|
2005-04-16 16:20:36 -06:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
int netlink_register_notifier(struct notifier_block *nb)
|
|
|
|
|
{
|
2016-12-09 22:10:59 -07:00
|
|
|
return blocking_notifier_chain_register(&netlink_chain, nb);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2007-12-04 01:19:38 -07:00
|
|
|
EXPORT_SYMBOL(netlink_register_notifier);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
int netlink_unregister_notifier(struct notifier_block *nb)
|
|
|
|
|
{
|
2016-12-09 22:10:59 -07:00
|
|
|
return blocking_notifier_chain_unregister(&netlink_chain, nb);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2007-12-04 01:19:38 -07:00
|
|
|
EXPORT_SYMBOL(netlink_unregister_notifier);
|
2007-02-09 07:25:07 -07:00
|
|
|
|
2005-12-22 13:49:22 -07:00
|
|
|
static const struct proto_ops netlink_ops = {
|
2005-04-16 16:20:36 -06:00
|
|
|
.family = PF_NETLINK,
|
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
|
.release = netlink_release,
|
|
|
|
|
.bind = netlink_bind,
|
|
|
|
|
.connect = netlink_connect,
|
|
|
|
|
.socketpair = sock_no_socketpair,
|
|
|
|
|
.accept = sock_no_accept,
|
|
|
|
|
.getname = netlink_getname,
|
netlink: remove mmapped netlink support
mmapped netlink has a number of unresolved issues:
- TX zerocopy support had to be disabled more than a year ago via
commit 4682a0358639b29cf ("netlink: Always copy on mmap TX.")
because the content of the mmapped area can change after netlink
attribute validation but before message processing.
- RX support was implemented mainly to speed up nfqueue dumping packet
payload to userspace. However, since commit ae08ce0021087a5d812d2
("netfilter: nfnetlink_queue: zero copy support") we avoid one copy
with the socket-based interface too (via the skb_zerocopy helper).
The other problem is that skbs attached to mmaped netlink socket
behave different from normal skbs:
- they don't have a shinfo area, so all functions that use skb_shinfo()
(e.g. skb_clone) cannot be used.
- reserving headroom prevents userspace from seeing the content as
it expects message to start at skb->head.
See for instance
commit aa3a022094fa ("netlink: not trim skb for mmaped socket when dump").
- skbs handed e.g. to netlink_ack must have non-NULL skb->sk, else we
crash because it needs the sk to check if a tx ring is attached.
Also not obvious, leads to non-intuitive bug fixes such as 7c7bdf359
("netfilter: nfnetlink: use original skbuff when acking batches").
mmaped netlink also didn't play nicely with the skb_zerocopy helper
used by nfqueue and openvswitch. Daniel Borkmann fixed this via
commit 6bb0fef489f6 ("netlink, mmap: fix edge-case leakages in nf queue
zero-copy")' but at the cost of also needing to provide remaining
length to the allocation function.
nfqueue also has problems when used with mmaped rx netlink:
- mmaped netlink doesn't allow use of nfqueue batch verdict messages.
Problem is that in the mmap case, the allocation time also determines
the ordering in which the frame will be seen by userspace (A
allocating before B means that A is located in earlier ring slot,
but this also means that B might get a lower sequence number then A
since seqno is decided later. To fix this we would need to extend the
spinlocked region to also cover the allocation and message setup which
isn't desirable.
- nfqueue can now be configured to queue large (GSO) skbs to userspace.
Queing GSO packets is faster than having to force a software segmentation
in the kernel, so this is a desirable option. However, with a mmap based
ring one has to use 64kb per ring slot element, else mmap has to fall back
to the socket path (NL_MMAP_STATUS_COPY) for all large packets.
To use the mmap interface, userspace not only has to probe for mmap netlink
support, it also has to implement a recv/socket receive path in order to
handle messages that exceed the size of an rx ring element.
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-18 07:03:24 -07:00
|
|
|
.poll = datagram_poll,
|
2016-03-21 11:15:35 -06:00
|
|
|
.ioctl = netlink_ioctl,
|
2005-04-16 16:20:36 -06:00
|
|
|
.listen = sock_no_listen,
|
|
|
|
|
.shutdown = sock_no_shutdown,
|
2005-08-15 13:32:15 -06:00
|
|
|
.setsockopt = netlink_setsockopt,
|
|
|
|
|
.getsockopt = netlink_getsockopt,
|
2005-04-16 16:20:36 -06:00
|
|
|
.sendmsg = netlink_sendmsg,
|
|
|
|
|
.recvmsg = netlink_recvmsg,
|
netlink: remove mmapped netlink support
mmapped netlink has a number of unresolved issues:
- TX zerocopy support had to be disabled more than a year ago via
commit 4682a0358639b29cf ("netlink: Always copy on mmap TX.")
because the content of the mmapped area can change after netlink
attribute validation but before message processing.
- RX support was implemented mainly to speed up nfqueue dumping packet
payload to userspace. However, since commit ae08ce0021087a5d812d2
("netfilter: nfnetlink_queue: zero copy support") we avoid one copy
with the socket-based interface too (via the skb_zerocopy helper).
The other problem is that skbs attached to mmaped netlink socket
behave different from normal skbs:
- they don't have a shinfo area, so all functions that use skb_shinfo()
(e.g. skb_clone) cannot be used.
- reserving headroom prevents userspace from seeing the content as
it expects message to start at skb->head.
See for instance
commit aa3a022094fa ("netlink: not trim skb for mmaped socket when dump").
- skbs handed e.g. to netlink_ack must have non-NULL skb->sk, else we
crash because it needs the sk to check if a tx ring is attached.
Also not obvious, leads to non-intuitive bug fixes such as 7c7bdf359
("netfilter: nfnetlink: use original skbuff when acking batches").
mmaped netlink also didn't play nicely with the skb_zerocopy helper
used by nfqueue and openvswitch. Daniel Borkmann fixed this via
commit 6bb0fef489f6 ("netlink, mmap: fix edge-case leakages in nf queue
zero-copy")' but at the cost of also needing to provide remaining
length to the allocation function.
nfqueue also has problems when used with mmaped rx netlink:
- mmaped netlink doesn't allow use of nfqueue batch verdict messages.
Problem is that in the mmap case, the allocation time also determines
the ordering in which the frame will be seen by userspace (A
allocating before B means that A is located in earlier ring slot,
but this also means that B might get a lower sequence number then A
since seqno is decided later. To fix this we would need to extend the
spinlocked region to also cover the allocation and message setup which
isn't desirable.
- nfqueue can now be configured to queue large (GSO) skbs to userspace.
Queing GSO packets is faster than having to force a software segmentation
in the kernel, so this is a desirable option. However, with a mmap based
ring one has to use 64kb per ring slot element, else mmap has to fall back
to the socket path (NL_MMAP_STATUS_COPY) for all large packets.
To use the mmap interface, userspace not only has to probe for mmap netlink
support, it also has to implement a recv/socket receive path in order to
handle messages that exceed the size of an rx ring element.
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-18 07:03:24 -07:00
|
|
|
.mmap = sock_no_mmap,
|
2005-04-16 16:20:36 -06:00
|
|
|
.sendpage = sock_no_sendpage,
|
|
|
|
|
};
|
|
|
|
|
|
2009-10-04 23:58:39 -06:00
|
|
|
static const struct net_proto_family netlink_family_ops = {
|
2005-04-16 16:20:36 -06:00
|
|
|
.family = PF_NETLINK,
|
|
|
|
|
.create = netlink_create,
|
|
|
|
|
.owner = THIS_MODULE, /* for consistency 8) */
|
|
|
|
|
};
|
|
|
|
|
|
2007-10-08 21:38:39 -06:00
|
|
|
static int __net_init netlink_net_init(struct net *net)
|
2007-09-12 05:05:38 -06:00
|
|
|
{
|
|
|
|
|
#ifdef CONFIG_PROC_FS
|
2013-02-17 18:34:54 -07:00
|
|
|
if (!proc_create("netlink", 0, net->proc_net, &netlink_seq_fops))
|
2007-09-12 05:05:38 -06:00
|
|
|
return -ENOMEM;
|
|
|
|
|
#endif
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2007-10-08 21:38:39 -06:00
|
|
|
static void __net_exit netlink_net_exit(struct net *net)
|
2007-09-12 05:05:38 -06:00
|
|
|
{
|
|
|
|
|
#ifdef CONFIG_PROC_FS
|
2013-02-17 18:34:56 -07:00
|
|
|
remove_proc_entry("netlink", net->proc_net);
|
2007-09-12 05:05:38 -06:00
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2010-08-30 20:08:01 -06:00
|
|
|
static void __init netlink_add_usersock_entry(void)
|
|
|
|
|
{
|
2010-10-23 22:27:10 -06:00
|
|
|
struct listeners *listeners;
|
2010-08-30 20:08:01 -06:00
|
|
|
int groups = 32;
|
|
|
|
|
|
2010-10-23 22:27:10 -06:00
|
|
|
listeners = kzalloc(sizeof(*listeners) + NLGRPSZ(groups), GFP_KERNEL);
|
2010-08-30 20:08:01 -06:00
|
|
|
if (!listeners)
|
2010-10-23 22:27:10 -06:00
|
|
|
panic("netlink_add_usersock_entry: Cannot allocate listeners\n");
|
2010-08-30 20:08:01 -06:00
|
|
|
|
|
|
|
|
netlink_table_grab();
|
|
|
|
|
|
|
|
|
|
nl_table[NETLINK_USERSOCK].groups = groups;
|
2010-10-23 22:27:10 -06:00
|
|
|
rcu_assign_pointer(nl_table[NETLINK_USERSOCK].listeners, listeners);
|
2010-08-30 20:08:01 -06:00
|
|
|
nl_table[NETLINK_USERSOCK].module = THIS_MODULE;
|
|
|
|
|
nl_table[NETLINK_USERSOCK].registered = 1;
|
2012-09-07 20:53:53 -06:00
|
|
|
nl_table[NETLINK_USERSOCK].flags = NL_CFG_F_NONROOT_SEND;
|
2010-08-30 20:08:01 -06:00
|
|
|
|
|
|
|
|
netlink_table_ungrab();
|
|
|
|
|
}
|
|
|
|
|
|
2007-11-13 04:23:50 -07:00
|
|
|
static struct pernet_operations __net_initdata netlink_net_ops = {
|
2007-09-12 05:05:38 -06:00
|
|
|
.init = netlink_net_init,
|
|
|
|
|
.exit = netlink_net_exit,
|
|
|
|
|
};
|
|
|
|
|
|
2015-03-25 07:07:45 -06:00
|
|
|
static inline u32 netlink_hash(const void *data, u32 len, u32 seed)
|
2015-03-20 04:57:01 -06:00
|
|
|
{
|
|
|
|
|
const struct netlink_sock *nlk = data;
|
|
|
|
|
struct netlink_compare_arg arg;
|
|
|
|
|
|
netlink: Replace rhash_portid with bound
On Mon, Sep 21, 2015 at 02:20:22PM -0400, Tejun Heo wrote:
>
> store_release and load_acquire are different from the usual memory
> barriers and can't be paired this way. You have to pair store_release
> and load_acquire. Besides, it isn't a particularly good idea to
OK I've decided to drop the acquire/release helpers as they don't
help us at all and simply pessimises the code by using full memory
barriers (on some architectures) where only a write or read barrier
is needed.
> depend on memory barriers embedded in other data structures like the
> above. Here, especially, rhashtable_insert() would have write barrier
> *before* the entry is hashed not necessarily *after*, which means that
> in the above case, a socket which appears to have set bound to a
> reader might not visible when the reader tries to look up the socket
> on the hashtable.
But you are right we do need an explicit write barrier here to
ensure that the hashing is visible.
> There's no reason to be overly smart here. This isn't a crazy hot
> path, write barriers tend to be very cheap, store_release more so.
> Please just do smp_store_release() and note what it's paired with.
It's not about being overly smart. It's about actually understanding
what's going on with the code. I've seen too many instances of
people simply sprinkling synchronisation primitives around without
any knowledge of what is happening underneath, which is just a recipe
for creating hard-to-debug races.
> > @@ -1539,7 +1546,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> > }
> > }
> >
> > - if (!nlk->portid) {
> > + if (!nlk->bound) {
>
> I don't think you can skip load_acquire here just because this is the
> second deref of the variable. That doesn't change anything. Race
> condition could still happen between the first and second tests and
> skipping the second would lead to the same kind of bug.
The reason this one is OK is because we do not use nlk->portid or
try to get nlk from the hash table before we return to user-space.
However, there is a real bug here that none of these acquire/release
helpers discovered. The two bound tests here used to be a single
one. Now that they are separate it is entirely possible for another
thread to come in the middle and bind the socket. So we need to
repeat the portid check in order to maintain consistency.
> > @@ -1587,7 +1594,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
> > !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
> > return -EPERM;
> >
> > - if (!nlk->portid)
> > + if (!nlk->bound)
>
> Don't we need load_acquire here too? Is this path holding a lock
> which makes that unnecessary?
Ditto.
---8<---
The commit 1f770c0a09da855a2b51af6d19de97fb955eca85 ("netlink:
Fix autobind race condition that leads to zero port ID") created
some new races that can occur due to inconcsistencies between the
two port IDs.
Tejun is right that a barrier is unavoidable. Therefore I am
reverting to the original patch that used a boolean to indicate
that a user netlink socket has been bound.
Barriers have been added where necessary to ensure that a valid
portid and the hashed socket is visible.
I have also changed netlink_insert to only return EBUSY if the
socket is bound to a portid different to the requested one. This
combined with only reading nlk->bound once in netlink_bind fixes
a race where two threads that bind the socket at the same time
with different port IDs may both succeed.
Fixes: 1f770c0a09da ("netlink: Fix autobind race condition that leads to zero port ID")
Reported-by: Tejun Heo <tj@kernel.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nacked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-21 21:38:56 -06:00
|
|
|
netlink_compare_arg_init(&arg, sock_net(&nlk->sk), nlk->portid);
|
2015-03-23 07:50:22 -06:00
|
|
|
return jhash2((u32 *)&arg, netlink_compare_arg_len / sizeof(u32), seed);
|
2015-03-20 04:57:01 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const struct rhashtable_params netlink_rhashtable_params = {
|
|
|
|
|
.head_offset = offsetof(struct netlink_sock, node),
|
|
|
|
|
.key_len = netlink_compare_arg_len,
|
|
|
|
|
.obj_hashfn = netlink_hash,
|
|
|
|
|
.obj_cmpfn = netlink_compare,
|
2015-03-24 14:42:19 -06:00
|
|
|
.automatic_shrinking = true,
|
2015-03-20 04:57:01 -06:00
|
|
|
};
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
static int __init netlink_proto_init(void)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
int err = proto_register(&netlink_proto, 0);
|
|
|
|
|
|
|
|
|
|
if (err != 0)
|
|
|
|
|
goto out;
|
|
|
|
|
|
2013-01-09 00:19:48 -07:00
|
|
|
BUILD_BUG_ON(sizeof(struct netlink_skb_parms) > FIELD_SIZEOF(struct sk_buff, cb));
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2006-07-21 15:51:30 -06:00
|
|
|
nl_table = kcalloc(MAX_LINKS, sizeof(*nl_table), GFP_KERNEL);
|
2006-08-29 03:15:24 -06:00
|
|
|
if (!nl_table)
|
|
|
|
|
goto panic;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
for (i = 0; i < MAX_LINKS; i++) {
|
2015-03-20 04:57:01 -06:00
|
|
|
if (rhashtable_init(&nl_table[i].hash,
|
|
|
|
|
&netlink_rhashtable_params) < 0) {
|
2014-08-02 03:47:45 -06:00
|
|
|
while (--i > 0)
|
|
|
|
|
rhashtable_destroy(&nl_table[i].hash);
|
2005-04-16 16:20:36 -06:00
|
|
|
kfree(nl_table);
|
2006-08-29 03:15:24 -06:00
|
|
|
goto panic;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-21 11:38:07 -06:00
|
|
|
INIT_LIST_HEAD(&netlink_tap_all);
|
|
|
|
|
|
2010-08-30 20:08:01 -06:00
|
|
|
netlink_add_usersock_entry();
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
sock_register(&netlink_family_ops);
|
2007-09-12 05:05:38 -06:00
|
|
|
register_pernet_subsys(&netlink_net_ops);
|
2007-02-09 07:25:07 -07:00
|
|
|
/* The netlink device handler may be needed early. */
|
2005-04-16 16:20:36 -06:00
|
|
|
rtnetlink_init();
|
|
|
|
|
out:
|
|
|
|
|
return err;
|
2006-08-29 03:15:24 -06:00
|
|
|
panic:
|
|
|
|
|
panic("netlink_init: Cannot allocate nl_table\n");
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
core_initcall(netlink_proto_init);
|