1
// SPDX-License-Identifier: GPL-2.0
2
/*
3
 * NETLINK      Generic Netlink Family
4
 *
5
 * 		Authors:	Jamal Hadi Salim
6
 * 				Thomas Graf <[email protected]>
7
 *				Johannes Berg <[email protected]>
8
 */
9

10
#include <linux/module.h>
11
#include <linux/kernel.h>
12
#include <linux/slab.h>
13
#include <linux/errno.h>
14
#include <linux/types.h>
15
#include <linux/socket.h>
16
#include <linux/string_helpers.h>
17
#include <linux/skbuff.h>
18
#include <linux/mutex.h>
19
#include <linux/bitmap.h>
20
#include <linux/rwsem.h>
21
#include <linux/idr.h>
22
#include <net/sock.h>
23
#include <net/genetlink.h>
24

25
#include "genetlink.h"
26

27
static DEFINE_MUTEX(genl_mutex); /* serialization of message processing */
28
static DECLARE_RWSEM(cb_lock);
29

30
atomic_t genl_sk_destructing_cnt = ATOMIC_INIT(0);
31
DECLARE_WAIT_QUEUE_HEAD(genl_sk_destructing_waitq);
32

33
void genl_lock(void)
34
{
35
	mutex_lock(&genl_mutex);
36
}
37
EXPORT_SYMBOL(genl_lock);
38

39
void genl_unlock(void)
40
{
41
	mutex_unlock(&genl_mutex);
42
}
43
EXPORT_SYMBOL(genl_unlock);
44

45
static void genl_lock_all(void)
46
{
47
	down_write(&cb_lock);
48
	genl_lock();
49
}
50

51
static void genl_unlock_all(void)
52
{
53
	genl_unlock();
54
	up_write(&cb_lock);
55
}
56

57
static void genl_op_lock(const struct genl_family *family)
58
{
59
	if (!family->parallel_ops)
60
		genl_lock();
61
}
62

63
static void genl_op_unlock(const struct genl_family *family)
64
{
65
	if (!family->parallel_ops)
66
		genl_unlock();
67
}
68

69
static DEFINE_IDR(genl_fam_idr);
70

71
/*
72
 * Bitmap of multicast groups that are currently in use.
73
 *
74
 * To avoid an allocation at boot of just one unsigned long,
75
 * declare it global instead.
76
 * Bit 0 is marked as already used since group 0 is invalid.
77
 * Bit 1 is marked as already used since the drop-monitor code
78
 * abuses the API and thinks it can statically use group 1.
79
 * That group will typically conflict with other groups that
80
 * any proper users use.
81
 * Bit 16 is marked as used since it's used for generic netlink
82
 * and the code no longer marks pre-reserved IDs as used.
83
 * Bit 17 is marked as already used since the VFS quota code
84
 * also abused this API and relied on family == group ID, we
85
 * cater to that by giving it a static family and group ID.
86
 * Bit 18 is marked as already used since the PMCRAID driver
87
 * did the same thing as the VFS quota code (maybe copied?)
88
 */
89
static unsigned long mc_group_start = 0x3 | BIT(GENL_ID_CTRL) |
90
				      BIT(GENL_ID_VFS_DQUOT) |
91
				      BIT(GENL_ID_PMCRAID);
92
static unsigned long *mc_groups = &mc_group_start;
93
static unsigned long mc_groups_longs = 1;
94

95
/* We need the last attribute with non-zero ID therefore a 2-entry array */
96
static struct nla_policy genl_policy_reject_all[] = {
97
	{ .type = NLA_REJECT },
98
	{ .type = NLA_REJECT },
99
};
100

101
static int genl_ctrl_event(int event, const struct genl_family *family,
102
			   const struct genl_multicast_group *grp,
103
			   int grp_id);
104

105
static void
106
genl_op_fill_in_reject_policy(const struct genl_family *family,
107
			      struct genl_ops *op)
108
{
109
	BUILD_BUG_ON(ARRAY_SIZE(genl_policy_reject_all) - 1 != 1);
110

111
	if (op->policy || op->cmd < family->resv_start_op)
112
		return;
113

114
	op->policy = genl_policy_reject_all;
115
	op->maxattr = 1;
116
}
117

118
static void
119
genl_op_fill_in_reject_policy_split(const struct genl_family *family,
120
				    struct genl_split_ops *op)
121
{
122
	if (op->policy)
123
		return;
124

125
	op->policy = genl_policy_reject_all;
126
	op->maxattr = 1;
127
}
128

129
static const struct genl_family *genl_family_find_byid(unsigned int id)
130
{
131
	return idr_find(&genl_fam_idr, id);
132
}
133

134
static const struct genl_family *genl_family_find_byname(char *name)
135
{
136
	const struct genl_family *family;
137
	unsigned int id;
138

139
	idr_for_each_entry(&genl_fam_idr, family, id)
140
		if (strcmp(family->name, name) == 0)
141
			return family;
142

143
	return NULL;
144
}
145

146
struct genl_op_iter {
147
	const struct genl_family *family;
148
	struct genl_split_ops doit;
149
	struct genl_split_ops dumpit;
150
	int cmd_idx;
151
	int entry_idx;
152
	u32 cmd;
153
	u8 flags;
154
};
155

156
static void genl_op_from_full(const struct genl_family *family,
157
			      unsigned int i, struct genl_ops *op)
158
{
159
	*op = family->ops[i];
160

161
	if (!op->maxattr)
162
		op->maxattr = family->maxattr;
163
	if (!op->policy)
164
		op->policy = family->policy;
165

166
	genl_op_fill_in_reject_policy(family, op);
167
}
168

169
static int genl_get_cmd_full(u32 cmd, const struct genl_family *family,
170
			     struct genl_ops *op)
171
{
172
	int i;
173

174
	for (i = 0; i < family->n_ops; i++)
175
		if (family->ops[i].cmd == cmd) {
176
			genl_op_from_full(family, i, op);
177
			return 0;
178
		}
179

180
	return -ENOENT;
181
}
182

183
static void genl_op_from_small(const struct genl_family *family,
184
			       unsigned int i, struct genl_ops *op)
185
{
186
	memset(op, 0, sizeof(*op));
187
	op->doit	= family->small_ops[i].doit;
188
	op->dumpit	= family->small_ops[i].dumpit;
189
	op->cmd		= family->small_ops[i].cmd;
190
	op->internal_flags = family->small_ops[i].internal_flags;
191
	op->flags	= family->small_ops[i].flags;
192
	op->validate	= family->small_ops[i].validate;
193

194
	op->maxattr = family->maxattr;
195
	op->policy = family->policy;
196

197
	genl_op_fill_in_reject_policy(family, op);
198
}
199

200
static int genl_get_cmd_small(u32 cmd, const struct genl_family *family,
201
			      struct genl_ops *op)
202
{
203
	int i;
204

205
	for (i = 0; i < family->n_small_ops; i++)
206
		if (family->small_ops[i].cmd == cmd) {
207
			genl_op_from_small(family, i, op);
208
			return 0;
209
		}
210

211
	return -ENOENT;
212
}
213

214
static void genl_op_from_split(struct genl_op_iter *iter)
215
{
216
	const struct genl_family *family = iter->family;
217
	int i, cnt = 0;
218

219
	i = iter->entry_idx - family->n_ops - family->n_small_ops;
220

221
	if (family->split_ops[i + cnt].flags & GENL_CMD_CAP_DO) {
222
		iter->doit = family->split_ops[i + cnt];
223
		genl_op_fill_in_reject_policy_split(family, &iter->doit);
224
		cnt++;
225
	} else {
226
		memset(&iter->doit, 0, sizeof(iter->doit));
227
	}
228

229
	if (i + cnt < family->n_split_ops &&
230
	    family->split_ops[i + cnt].flags & GENL_CMD_CAP_DUMP &&
231
	    (!cnt || family->split_ops[i + cnt].cmd == iter->doit.cmd)) {
232
		iter->dumpit = family->split_ops[i + cnt];
233
		genl_op_fill_in_reject_policy_split(family, &iter->dumpit);
234
		cnt++;
235
	} else {
236
		memset(&iter->dumpit, 0, sizeof(iter->dumpit));
237
	}
238

239
	WARN_ON(!cnt);
240
	iter->entry_idx += cnt;
241
}
242

243
static int
244
genl_get_cmd_split(u32 cmd, u8 flag, const struct genl_family *family,
245
		   struct genl_split_ops *op)
246
{
247
	int i;
248

249
	for (i = 0; i < family->n_split_ops; i++)
250
		if (family->split_ops[i].cmd == cmd &&
251
		    family->split_ops[i].flags & flag) {
252
			*op = family->split_ops[i];
253
			return 0;
254
		}
255

256
	return -ENOENT;
257
}
258

259
static int
260
genl_cmd_full_to_split(struct genl_split_ops *op,
261
		       const struct genl_family *family,
262
		       const struct genl_ops *full, u8 flags)
263
{
264
	if ((flags & GENL_CMD_CAP_DO && !full->doit) ||
265
	    (flags & GENL_CMD_CAP_DUMP && !full->dumpit)) {
266
		memset(op, 0, sizeof(*op));
267
		return -ENOENT;
268
	}
269

270
	if (flags & GENL_CMD_CAP_DUMP) {
271
		op->start	= full->start;
272
		op->dumpit	= full->dumpit;
273
		op->done	= full->done;
274
	} else {
275
		op->pre_doit	= family->pre_doit;
276
		op->doit	= full->doit;
277
		op->post_doit	= family->post_doit;
278
	}
279

280
	if (flags & GENL_CMD_CAP_DUMP &&
281
	    full->validate & GENL_DONT_VALIDATE_DUMP) {
282
		op->policy	= NULL;
283
		op->maxattr	= 0;
284
	} else {
285
		op->policy	= full->policy;
286
		op->maxattr	= full->maxattr;
287
	}
288

289
	op->cmd			= full->cmd;
290
	op->internal_flags	= full->internal_flags;
291
	op->flags		= full->flags;
292
	op->validate		= full->validate;
293

294
	/* Make sure flags include the GENL_CMD_CAP_DO / GENL_CMD_CAP_DUMP */
295
	op->flags		|= flags;
296

297
	return 0;
298
}
299

300
/* Must make sure that op is initialized to 0 on failure */
301
static int
302
genl_get_cmd(u32 cmd, u8 flags, const struct genl_family *family,
303
	     struct genl_split_ops *op)
304
{
305
	struct genl_ops full;
306
	int err;
307

308
	err = genl_get_cmd_full(cmd, family, &full);
309
	if (err == -ENOENT)
310
		err = genl_get_cmd_small(cmd, family, &full);
311
	/* Found one of legacy forms */
312
	if (err == 0)
313
		return genl_cmd_full_to_split(op, family, &full, flags);
314

315
	err = genl_get_cmd_split(cmd, flags, family, op);
316
	if (err)
317
		memset(op, 0, sizeof(*op));
318
	return err;
319
}
320

321
/* For policy dumping only, get ops of both do and dump.
322
 * Fail if both are missing, genl_get_cmd() will zero-init in case of failure.
323
 */
324
static int
325
genl_get_cmd_both(u32 cmd, const struct genl_family *family,
326
		  struct genl_split_ops *doit, struct genl_split_ops *dumpit)
327
{
328
	int err1, err2;
329

330
	err1 = genl_get_cmd(cmd, GENL_CMD_CAP_DO, family, doit);
331
	err2 = genl_get_cmd(cmd, GENL_CMD_CAP_DUMP, family, dumpit);
332

333
	return err1 && err2 ? -ENOENT : 0;
334
}
335

336
static bool
337
genl_op_iter_init(const struct genl_family *family, struct genl_op_iter *iter)
338
{
339
	iter->family = family;
340
	iter->cmd_idx = 0;
341
	iter->entry_idx = 0;
342

343
	iter->flags = 0;
344

345
	return iter->family->n_ops +
346
		iter->family->n_small_ops +
347
		iter->family->n_split_ops;
348
}
349

350
static bool genl_op_iter_next(struct genl_op_iter *iter)
351
{
352
	const struct genl_family *family = iter->family;
353
	bool legacy_op = true;
354
	struct genl_ops op;
355

356
	if (iter->entry_idx < family->n_ops) {
357
		genl_op_from_full(family, iter->entry_idx, &op);
358
	} else if (iter->entry_idx < family->n_ops + family->n_small_ops) {
359
		genl_op_from_small(family, iter->entry_idx - family->n_ops,
360
				   &op);
361
	} else if (iter->entry_idx <
362
		   family->n_ops + family->n_small_ops + family->n_split_ops) {
363
		legacy_op = false;
364
		/* updates entry_idx */
365
		genl_op_from_split(iter);
366
	} else {
367
		return false;
368
	}
369

370
	iter->cmd_idx++;
371

372
	if (legacy_op) {
373
		iter->entry_idx++;
374

375
		genl_cmd_full_to_split(&iter->doit, family,
376
				       &op, GENL_CMD_CAP_DO);
377
		genl_cmd_full_to_split(&iter->dumpit, family,
378
				       &op, GENL_CMD_CAP_DUMP);
379
	}
380

381
	iter->cmd = iter->doit.cmd | iter->dumpit.cmd;
382
	iter->flags = iter->doit.flags | iter->dumpit.flags;
383

384
	return true;
385
}
386

387
static void
388
genl_op_iter_copy(struct genl_op_iter *dst, struct genl_op_iter *src)
389
{
390
	*dst = *src;
391
}
392

393
static unsigned int genl_op_iter_idx(struct genl_op_iter *iter)
394
{
395
	return iter->cmd_idx;
396
}
397

398
static int genl_allocate_reserve_groups(int n_groups, int *first_id)
399
{
400
	unsigned long *new_groups;
401
	int start = 0;
402
	int i;
403
	int id;
404
	bool fits;
405

406
	do {
407
		if (start == 0)
408
			id = find_first_zero_bit(mc_groups,
409
						 mc_groups_longs *
410
						 BITS_PER_LONG);
411
		else
412
			id = find_next_zero_bit(mc_groups,
413
						mc_groups_longs * BITS_PER_LONG,
414
						start);
415

416
		fits = true;
417
		for (i = id;
418
		     i < min_t(int, id + n_groups,
419
			       mc_groups_longs * BITS_PER_LONG);
420
		     i++) {
421
			if (test_bit(i, mc_groups)) {
422
				start = i;
423
				fits = false;
424
				break;
425
			}
426
		}
427

428
		if (id + n_groups > mc_groups_longs * BITS_PER_LONG) {
429
			unsigned long new_longs = mc_groups_longs +
430
						  BITS_TO_LONGS(n_groups);
431
			size_t nlen = new_longs * sizeof(unsigned long);
432

433
			if (mc_groups == &mc_group_start) {
434
				new_groups = kzalloc(nlen, GFP_KERNEL);
435
				if (!new_groups)
436
					return -ENOMEM;
437
				mc_groups = new_groups;
438
				*mc_groups = mc_group_start;
439
			} else {
440
				new_groups = krealloc(mc_groups, nlen,
441
						      GFP_KERNEL);
442
				if (!new_groups)
443
					return -ENOMEM;
444
				mc_groups = new_groups;
445
				for (i = 0; i < BITS_TO_LONGS(n_groups); i++)
446
					mc_groups[mc_groups_longs + i] = 0;
447
			}
448
			mc_groups_longs = new_longs;
449
		}
450
	} while (!fits);
451

452
	for (i = id; i < id + n_groups; i++)
453
		set_bit(i, mc_groups);
454
	*first_id = id;
455
	return 0;
456
}
457

458
static struct genl_family genl_ctrl;
459

460
static int genl_validate_assign_mc_groups(struct genl_family *family)
461
{
462
	int first_id;
463
	int n_groups = family->n_mcgrps;
464
	int err = 0, i;
465
	bool groups_allocated = false;
466

467
	if (!n_groups)
468
		return 0;
469

470
	for (i = 0; i < n_groups; i++) {
471
		const struct genl_multicast_group *grp = &family->mcgrps[i];
472

473
		if (WARN_ON(grp->name[0] == '\0'))
474
			return -EINVAL;
475
		if (WARN_ON(!string_is_terminated(grp->name, GENL_NAMSIZ)))
476
			return -EINVAL;
477
	}
478

479
	/* special-case our own group and hacks */
480
	if (family == &genl_ctrl) {
481
		first_id = GENL_ID_CTRL;
482
		BUG_ON(n_groups != 1);
483
	} else if (strcmp(family->name, "NET_DM") == 0) {
484
		first_id = 1;
485
		BUG_ON(n_groups != 1);
486
	} else if (family->id == GENL_ID_VFS_DQUOT) {
487
		first_id = GENL_ID_VFS_DQUOT;
488
		BUG_ON(n_groups != 1);
489
	} else if (family->id == GENL_ID_PMCRAID) {
490
		first_id = GENL_ID_PMCRAID;
491
		BUG_ON(n_groups != 1);
492
	} else {
493
		groups_allocated = true;
494
		err = genl_allocate_reserve_groups(n_groups, &first_id);
495
		if (err)
496
			return err;
497
	}
498

499
	family->mcgrp_offset = first_id;
500

501
	/* if still initializing, can't and don't need to realloc bitmaps */
502
	if (!init_net.genl_sock)
503
		return 0;
504

505
	if (family->netnsok) {
506
		struct net *net;
507

508
		netlink_table_grab();
509
		rcu_read_lock();
510
		for_each_net_rcu(net) {
511
			err = __netlink_change_ngroups(net->genl_sock,
512
					mc_groups_longs * BITS_PER_LONG);
513
			if (err) {
514
				/*
515
				 * No need to roll back, can only fail if
516
				 * memory allocation fails and then the
517
				 * number of _possible_ groups has been
518
				 * increased on some sockets which is ok.
519
				 */
520
				break;
521
			}
522
		}
523
		rcu_read_unlock();
524
		netlink_table_ungrab();
525
	} else {
526
		err = netlink_change_ngroups(init_net.genl_sock,
527
					     mc_groups_longs * BITS_PER_LONG);
528
	}
529

530
	if (groups_allocated && err) {
531
		for (i = 0; i < family->n_mcgrps; i++)
532
			clear_bit(family->mcgrp_offset + i, mc_groups);
533
	}
534

535
	return err;
536
}
537

538
static void genl_unregister_mc_groups(const struct genl_family *family)
539
{
540
	struct net *net;
541
	int i;
542

543
	netlink_table_grab();
544
	rcu_read_lock();
545
	for_each_net_rcu(net) {
546
		for (i = 0; i < family->n_mcgrps; i++)
547
			__netlink_clear_multicast_users(
548
				net->genl_sock, family->mcgrp_offset + i);
549
	}
550
	rcu_read_unlock();
551
	netlink_table_ungrab();
552

553
	for (i = 0; i < family->n_mcgrps; i++) {
554
		int grp_id = family->mcgrp_offset + i;
555

556
		if (grp_id != 1)
557
			clear_bit(grp_id, mc_groups);
558
		genl_ctrl_event(CTRL_CMD_DELMCAST_GRP, family,
559
				&family->mcgrps[i], grp_id);
560
	}
561
}
562

563
static bool genl_split_op_check(const struct genl_split_ops *op)
564
{
565
	if (WARN_ON(hweight8(op->flags & (GENL_CMD_CAP_DO |
566
					  GENL_CMD_CAP_DUMP)) != 1))
567
		return true;
568
	return false;
569
}
570

571
static int genl_validate_ops(const struct genl_family *family)
572
{
573
	struct genl_op_iter i, j;
574
	unsigned int s;
575

576
	if (WARN_ON(family->n_ops && !family->ops) ||
577
	    WARN_ON(family->n_small_ops && !family->small_ops) ||
578
	    WARN_ON(family->n_split_ops && !family->split_ops))
579
		return -EINVAL;
580

581
	for (genl_op_iter_init(family, &i); genl_op_iter_next(&i); ) {
582
		if (!(i.flags & (GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP)))
583
			return -EINVAL;
584

585
		if (WARN_ON(i.cmd >= family->resv_start_op &&
586
			    (i.doit.validate || i.dumpit.validate)))
587
			return -EINVAL;
588

589
		genl_op_iter_copy(&j, &i);
590
		while (genl_op_iter_next(&j)) {
591
			if (i.cmd == j.cmd)
592
				return -EINVAL;
593
		}
594
	}
595

596
	if (family->n_split_ops) {
597
		if (genl_split_op_check(&family->split_ops[0]))
598
			return -EINVAL;
599
	}
600

601
	for (s = 1; s < family->n_split_ops; s++) {
602
		const struct genl_split_ops *a, *b;
603

604
		a = &family->split_ops[s - 1];
605
		b = &family->split_ops[s];
606

607
		if (genl_split_op_check(b))
608
			return -EINVAL;
609

610
		/* Check sort order */
611
		if (a->cmd < b->cmd) {
612
			continue;
613
		} else if (a->cmd > b->cmd) {
614
			WARN_ON(1);
615
			return -EINVAL;
616
		}
617

618
		if (a->internal_flags != b->internal_flags ||
619
		    ((a->flags ^ b->flags) & ~(GENL_CMD_CAP_DO |
620
					       GENL_CMD_CAP_DUMP))) {
621
			WARN_ON(1);
622
			return -EINVAL;
623
		}
624

625
		if ((a->flags & GENL_CMD_CAP_DO) &&
626
		    (b->flags & GENL_CMD_CAP_DUMP))
627
			continue;
628

629
		WARN_ON(1);
630
		return -EINVAL;
631
	}
632

633
	return 0;
634
}
635

636
static void *genl_sk_priv_alloc(struct genl_family *family)
637
{
638
	void *priv;
639

640
	priv = kzalloc(family->sock_priv_size, GFP_KERNEL);
641
	if (!priv)
642
		return ERR_PTR(-ENOMEM);
643

644
	if (family->sock_priv_init)
645
		family->sock_priv_init(priv);
646

647
	return priv;
648
}
649

650
static void genl_sk_priv_free(const struct genl_family *family, void *priv)
651
{
652
	if (family->sock_priv_destroy)
653
		family->sock_priv_destroy(priv);
654
	kfree(priv);
655
}
656

657
static int genl_sk_privs_alloc(struct genl_family *family)
658
{
659
	if (!family->sock_priv_size)
660
		return 0;
661

662
	family->sock_privs = kzalloc(sizeof(*family->sock_privs), GFP_KERNEL);
663
	if (!family->sock_privs)
664
		return -ENOMEM;
665
	xa_init(family->sock_privs);
666
	return 0;
667
}
668

669
static void genl_sk_privs_free(const struct genl_family *family)
670
{
671
	unsigned long id;
672
	void *priv;
673

674
	if (!family->sock_priv_size)
675
		return;
676

677
	xa_for_each(family->sock_privs, id, priv)
678
		genl_sk_priv_free(family, priv);
679

680
	xa_destroy(family->sock_privs);
681
	kfree(family->sock_privs);
682
}
683

684
static void genl_sk_priv_free_by_sock(struct genl_family *family,
685
				      struct sock *sk)
686
{
687
	void *priv;
688

689
	if (!family->sock_priv_size)
690
		return;
691
	priv = xa_erase(family->sock_privs, (unsigned long) sk);
692
	if (!priv)
693
		return;
694
	genl_sk_priv_free(family, priv);
695
}
696

697
static void genl_release(struct sock *sk, unsigned long *groups)
698
{
699
	struct genl_family *family;
700
	unsigned int id;
701

702
	down_read(&cb_lock);
703

704
	idr_for_each_entry(&genl_fam_idr, family, id)
705
		genl_sk_priv_free_by_sock(family, sk);
706

707
	up_read(&cb_lock);
708
}
709

710
/**
711
 * __genl_sk_priv_get - Get family private pointer for socket, if exists
712
 *
713
 * @family: family
714
 * @sk: socket
715
 *
716
 * Lookup a private memory for a Generic netlink family and specified socket.
717
 *
718
 * Caller should make sure this is called in RCU read locked section.
719
 *
720
 * Return: valid pointer on success, otherwise negative error value
721
 * encoded by ERR_PTR(), NULL in case priv does not exist.
722
 */
723
void *__genl_sk_priv_get(struct genl_family *family, struct sock *sk)
724
{
725
	if (WARN_ON_ONCE(!family->sock_privs))
726
		return ERR_PTR(-EINVAL);
727
	return xa_load(family->sock_privs, (unsigned long) sk);
728
}
729

730
/**
731
 * genl_sk_priv_get - Get family private pointer for socket
732
 *
733
 * @family: family
734
 * @sk: socket
735
 *
736
 * Lookup a private memory for a Generic netlink family and specified socket.
737
 * Allocate the private memory in case it was not already done.
738
 *
739
 * Return: valid pointer on success, otherwise negative error value
740
 * encoded by ERR_PTR().
741
 */
742
void *genl_sk_priv_get(struct genl_family *family, struct sock *sk)
743
{
744
	void *priv, *old_priv;
745

746
	priv = __genl_sk_priv_get(family, sk);
747
	if (priv)
748
		return priv;
749

750
	/* priv for the family does not exist so far, create it. */
751

752
	priv = genl_sk_priv_alloc(family);
753
	if (IS_ERR(priv))
754
		return ERR_CAST(priv);
755

756
	old_priv = xa_cmpxchg(family->sock_privs, (unsigned long) sk, NULL,
757
			      priv, GFP_KERNEL);
758
	if (old_priv) {
759
		genl_sk_priv_free(family, priv);
760
		if (xa_is_err(old_priv))
761
			return ERR_PTR(xa_err(old_priv));
762
		/* Race happened, priv for the socket was already inserted. */
763
		return old_priv;
764
	}
765
	return priv;
766
}
767

768
/**
769
 * genl_register_family - register a generic netlink family
770
 * @family: generic netlink family
771
 *
772
 * Registers the specified family after validating it first. Only one
773
 * family may be registered with the same family name or identifier.
774
 *
775
 * The family's ops, multicast groups and module pointer must already
776
 * be assigned.
777
 *
778
 * Return 0 on success or a negative error code.
779
 */
780
int genl_register_family(struct genl_family *family)
781
{
782
	int err, i;
783
	int start = GENL_START_ALLOC, end = GENL_MAX_ID;
784

785
	err = genl_validate_ops(family);
786
	if (err)
787
		return err;
788

789
	genl_lock_all();
790

791
	if (genl_family_find_byname(family->name)) {
792
		err = -EEXIST;
793
		goto errout_locked;
794
	}
795

796
	err = genl_sk_privs_alloc(family);
797
	if (err)
798
		goto errout_locked;
799

800
	/*
801
	 * Sadly, a few cases need to be special-cased
802
	 * due to them having previously abused the API
803
	 * and having used their family ID also as their
804
	 * multicast group ID, so we use reserved IDs
805
	 * for both to be sure we can do that mapping.
806
	 */
807
	if (family == &genl_ctrl) {
808
		/* and this needs to be special for initial family lookups */
809
		start = end = GENL_ID_CTRL;
810
	} else if (strcmp(family->name, "pmcraid") == 0) {
811
		start = end = GENL_ID_PMCRAID;
812
	} else if (strcmp(family->name, "VFS_DQUOT") == 0) {
813
		start = end = GENL_ID_VFS_DQUOT;
814
	}
815

816
	family->id = idr_alloc_cyclic(&genl_fam_idr, family,
817
				      start, end + 1, GFP_KERNEL);
818
	if (family->id < 0) {
819
		err = family->id;
820
		goto errout_sk_privs_free;
821
	}
822

823
	err = genl_validate_assign_mc_groups(family);
824
	if (err)
825
		goto errout_remove;
826

827
	genl_unlock_all();
828

829
	/* send all events */
830
	genl_ctrl_event(CTRL_CMD_NEWFAMILY, family, NULL, 0);
831
	for (i = 0; i < family->n_mcgrps; i++)
832
		genl_ctrl_event(CTRL_CMD_NEWMCAST_GRP, family,
833
				&family->mcgrps[i], family->mcgrp_offset + i);
834

835
	return 0;
836

837
errout_remove:
838
	idr_remove(&genl_fam_idr, family->id);
839
errout_sk_privs_free:
840
	genl_sk_privs_free(family);
841
errout_locked:
842
	genl_unlock_all();
843
	return err;
844
}
845
EXPORT_SYMBOL(genl_register_family);
846

847
/**
848
 * genl_unregister_family - unregister generic netlink family
849
 * @family: generic netlink family
850
 *
851
 * Unregisters the specified family.
852
 *
853
 * Returns 0 on success or a negative error code.
854
 */
855
int genl_unregister_family(const struct genl_family *family)
856
{
857
	genl_lock_all();
858

859
	if (!genl_family_find_byid(family->id)) {
860
		genl_unlock_all();
861
		return -ENOENT;
862
	}
863

864
	genl_unregister_mc_groups(family);
865

866
	idr_remove(&genl_fam_idr, family->id);
867

868
	up_write(&cb_lock);
869
	wait_event(genl_sk_destructing_waitq,
870
		   atomic_read(&genl_sk_destructing_cnt) == 0);
871

872
	genl_sk_privs_free(family);
873

874
	genl_unlock();
875

876
	genl_ctrl_event(CTRL_CMD_DELFAMILY, family, NULL, 0);
877

878
	return 0;
879
}
880
EXPORT_SYMBOL(genl_unregister_family);
881

882
/**
883
 * genlmsg_put - Add generic netlink header to netlink message
884
 * @skb: socket buffer holding the message
885
 * @portid: netlink portid the message is addressed to
886
 * @seq: sequence number (usually the one of the sender)
887
 * @family: generic netlink family
888
 * @flags: netlink message flags
889
 * @cmd: generic netlink command
890
 *
891
 * Returns pointer to user specific header
892
 */
893
void *genlmsg_put(struct sk_buff *skb, u32 portid, u32 seq,
894
		  const struct genl_family *family, int flags, u8 cmd)
895
{
896
	struct nlmsghdr *nlh;
897
	struct genlmsghdr *hdr;
898

899
	nlh = nlmsg_put(skb, portid, seq, family->id, GENL_HDRLEN +
900
			family->hdrsize, flags);
901
	if (nlh == NULL)
902
		return NULL;
903

904
	hdr = nlmsg_data(nlh);
905
	hdr->cmd = cmd;
906
	hdr->version = family->version;
907
	hdr->reserved = 0;
908

909
	return (char *) hdr + GENL_HDRLEN;
910
}
911
EXPORT_SYMBOL(genlmsg_put);
912

913
static struct genl_dumpit_info *genl_dumpit_info_alloc(void)
914
{
915
	return kmalloc(sizeof(struct genl_dumpit_info), GFP_KERNEL);
916
}
917

918
static void genl_dumpit_info_free(const struct genl_dumpit_info *info)
919
{
920
	kfree(info);
921
}
922

923
static struct nlattr **
924
genl_family_rcv_msg_attrs_parse(const struct genl_family *family,
925
				struct nlmsghdr *nlh,
926
				struct netlink_ext_ack *extack,
927
				const struct genl_split_ops *ops,
928
				int hdrlen,
929
				enum genl_validate_flags no_strict_flag)
930
{
931
	enum netlink_validation validate = ops->validate & no_strict_flag ?
932
					   NL_VALIDATE_LIBERAL :
933
					   NL_VALIDATE_STRICT;
934
	struct nlattr **attrbuf;
935
	int err;
936

937
	if (!ops->maxattr)
938
		return NULL;
939

940
	attrbuf = kmalloc_array(ops->maxattr + 1,
941
				sizeof(struct nlattr *), GFP_KERNEL);
942
	if (!attrbuf)
943
		return ERR_PTR(-ENOMEM);
944

945
	err = __nlmsg_parse(nlh, hdrlen, attrbuf, ops->maxattr, ops->policy,
946
			    validate, extack);
947
	if (err) {
948
		kfree(attrbuf);
949
		return ERR_PTR(err);
950
	}
951
	return attrbuf;
952
}
953

954
static void genl_family_rcv_msg_attrs_free(struct nlattr **attrbuf)
955
{
956
	kfree(attrbuf);
957
}
958

959
struct genl_start_context {
960
	const struct genl_family *family;
961
	struct nlmsghdr *nlh;
962
	struct netlink_ext_ack *extack;
963
	const struct genl_split_ops *ops;
964
	int hdrlen;
965
};
966

967
static int genl_start(struct netlink_callback *cb)
968
{
969
	struct genl_start_context *ctx = cb->data;
970
	const struct genl_split_ops *ops;
971
	struct genl_dumpit_info *info;
972
	struct nlattr **attrs = NULL;
973
	int rc = 0;
974

975
	ops = ctx->ops;
976
	if (!(ops->validate & GENL_DONT_VALIDATE_DUMP) &&
977
	    ctx->nlh->nlmsg_len < nlmsg_msg_size(ctx->hdrlen))
978
		return -EINVAL;
979

980
	attrs = genl_family_rcv_msg_attrs_parse(ctx->family, ctx->nlh, ctx->extack,
981
						ops, ctx->hdrlen,
982
						GENL_DONT_VALIDATE_DUMP_STRICT);
983
	if (IS_ERR(attrs))
984
		return PTR_ERR(attrs);
985

986
	info = genl_dumpit_info_alloc();
987
	if (!info) {
988
		genl_family_rcv_msg_attrs_free(attrs);
989
		return -ENOMEM;
990
	}
991
	info->op = *ops;
992
	info->info.family	= ctx->family;
993
	info->info.snd_seq	= cb->nlh->nlmsg_seq;
994
	info->info.snd_portid	= NETLINK_CB(cb->skb).portid;
995
	info->info.nlhdr	= cb->nlh;
996
	info->info.genlhdr	= nlmsg_data(cb->nlh);
997
	info->info.attrs	= attrs;
998
	genl_info_net_set(&info->info, sock_net(cb->skb->sk));
999
	info->info.extack	= cb->extack;
1000
	memset(&info->info.ctx, 0, sizeof(info->info.ctx));
1001

1002
	cb->data = info;
1003
	if (ops->start) {
1004
		genl_op_lock(ctx->family);
1005
		rc = ops->start(cb);
1006
		genl_op_unlock(ctx->family);
1007
	}
1008

1009
	if (rc) {
1010
		genl_family_rcv_msg_attrs_free(info->info.attrs);
1011
		genl_dumpit_info_free(info);
1012
		cb->data = NULL;
1013
	}
1014
	return rc;
1015
}
1016

1017
static int genl_dumpit(struct sk_buff *skb, struct netlink_callback *cb)
1018
{
1019
	struct genl_dumpit_info *dump_info = cb->data;
1020
	const struct genl_split_ops *ops = &dump_info->op;
1021
	struct genl_info *info = &dump_info->info;
1022
	int rc;
1023

1024
	info->extack = cb->extack;
1025

1026
	genl_op_lock(info->family);
1027
	rc = ops->dumpit(skb, cb);
1028
	genl_op_unlock(info->family);
1029
	return rc;
1030
}
1031

1032
static int genl_done(struct netlink_callback *cb)
1033
{
1034
	struct genl_dumpit_info *dump_info = cb->data;
1035
	const struct genl_split_ops *ops = &dump_info->op;
1036
	struct genl_info *info = &dump_info->info;
1037
	int rc = 0;
1038

1039
	info->extack = cb->extack;
1040

1041
	if (ops->done) {
1042
		genl_op_lock(info->family);
1043
		rc = ops->done(cb);
1044
		genl_op_unlock(info->family);
1045
	}
1046
	genl_family_rcv_msg_attrs_free(info->attrs);
1047
	genl_dumpit_info_free(dump_info);
1048
	return rc;
1049
}
1050

1051
static int genl_family_rcv_msg_dumpit(const struct genl_family *family,
1052
				      struct sk_buff *skb,
1053
				      struct nlmsghdr *nlh,
1054
				      struct netlink_ext_ack *extack,
1055
				      const struct genl_split_ops *ops,
1056
				      int hdrlen, struct net *net)
1057
{
1058
	struct genl_start_context ctx;
1059
	struct netlink_dump_control c = {
1060
		.module = family->module,
1061
		.data = &ctx,
1062
		.start = genl_start,
1063
		.dump = genl_dumpit,
1064
		.done = genl_done,
1065
		.extack = extack,
1066
	};
1067
	int err;
1068

1069
	ctx.family = family;
1070
	ctx.nlh = nlh;
1071
	ctx.extack = extack;
1072
	ctx.ops = ops;
1073
	ctx.hdrlen = hdrlen;
1074

1075
	genl_op_unlock(family);
1076
	err = __netlink_dump_start(net->genl_sock, skb, nlh, &c);
1077
	genl_op_lock(family);
1078

1079
	return err;
1080
}
1081

1082
static int genl_family_rcv_msg_doit(const struct genl_family *family,
1083
				    struct sk_buff *skb,
1084
				    struct nlmsghdr *nlh,
1085
				    struct netlink_ext_ack *extack,
1086
				    const struct genl_split_ops *ops,
1087
				    int hdrlen, struct net *net)
1088
{
1089
	struct nlattr **attrbuf;
1090
	struct genl_info info;
1091
	int err;
1092

1093
	attrbuf = genl_family_rcv_msg_attrs_parse(family, nlh, extack,
1094
						  ops, hdrlen,
1095
						  GENL_DONT_VALIDATE_STRICT);
1096
	if (IS_ERR(attrbuf))
1097
		return PTR_ERR(attrbuf);
1098

1099
	info.snd_seq = nlh->nlmsg_seq;
1100
	info.snd_portid = NETLINK_CB(skb).portid;
1101
	info.family = family;
1102
	info.nlhdr = nlh;
1103
	info.genlhdr = nlmsg_data(nlh);
1104
	info.attrs = attrbuf;
1105
	info.extack = extack;
1106
	genl_info_net_set(&info, net);
1107
	memset(&info.ctx, 0, sizeof(info.ctx));
1108

1109
	if (ops->pre_doit) {
1110
		err = ops->pre_doit(ops, skb, &info);
1111
		if (err)
1112
			goto out;
1113
	}
1114

1115
	err = ops->doit(skb, &info);
1116

1117
	if (ops->post_doit)
1118
		ops->post_doit(ops, skb, &info);
1119

1120
out:
1121
	genl_family_rcv_msg_attrs_free(attrbuf);
1122

1123
	return err;
1124
}
1125

1126
static int genl_header_check(const struct genl_family *family,
1127
			     struct nlmsghdr *nlh, struct genlmsghdr *hdr,
1128
			     struct netlink_ext_ack *extack)
1129
{
1130
	u16 flags;
1131

1132
	/* Only for commands added after we started validating */
1133
	if (hdr->cmd < family->resv_start_op)
1134
		return 0;
1135

1136
	if (hdr->reserved) {
1137
		NL_SET_ERR_MSG(extack, "genlmsghdr.reserved field is not 0");
1138
		return -EINVAL;
1139
	}
1140

1141
	/* Old netlink flags have pretty loose semantics, allow only the flags
1142
	 * consumed by the core where we can enforce the meaning.
1143
	 */
1144
	flags = nlh->nlmsg_flags;
1145
	if ((flags & NLM_F_DUMP) == NLM_F_DUMP) /* DUMP is 2 bits */
1146
		flags &= ~NLM_F_DUMP;
1147
	if (flags & ~(NLM_F_REQUEST | NLM_F_ACK | NLM_F_ECHO)) {
1148
		NL_SET_ERR_MSG(extack,
1149
			       "ambiguous or reserved bits set in nlmsg_flags");
1150
		return -EINVAL;
1151
	}
1152

1153
	return 0;
1154
}
1155

1156
static int genl_family_rcv_msg(const struct genl_family *family,
1157
			       struct sk_buff *skb,
1158
			       struct nlmsghdr *nlh,
1159
			       struct netlink_ext_ack *extack)
1160
{
1161
	struct net *net = sock_net(skb->sk);
1162
	struct genlmsghdr *hdr = nlmsg_data(nlh);
1163
	struct genl_split_ops op;
1164
	int hdrlen;
1165
	u8 flags;
1166

1167
	/* this family doesn't exist in this netns */
1168
	if (!family->netnsok && !net_eq(net, &init_net))
1169
		return -ENOENT;
1170

1171
	hdrlen = GENL_HDRLEN + family->hdrsize;
1172
	if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen))
1173
		return -EINVAL;
1174

1175
	if (genl_header_check(family, nlh, hdr, extack))
1176
		return -EINVAL;
1177

1178
	flags = (nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP ?
1179
		GENL_CMD_CAP_DUMP : GENL_CMD_CAP_DO;
1180
	if (genl_get_cmd(hdr->cmd, flags, family, &op))
1181
		return -EOPNOTSUPP;
1182

1183
	if ((op.flags & GENL_ADMIN_PERM) &&
1184
	    !netlink_capable(skb, CAP_NET_ADMIN))
1185
		return -EPERM;
1186

1187
	if ((op.flags & GENL_UNS_ADMIN_PERM) &&
1188
	    !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
1189
		return -EPERM;
1190

1191
	if (flags & GENL_CMD_CAP_DUMP)
1192
		return genl_family_rcv_msg_dumpit(family, skb, nlh, extack,
1193
						  &op, hdrlen, net);
1194
	else
1195
		return genl_family_rcv_msg_doit(family, skb, nlh, extack,
1196
						&op, hdrlen, net);
1197
}
1198

1199
static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
1200
			struct netlink_ext_ack *extack)
1201
{
1202
	const struct genl_family *family;
1203
	int err;
1204

1205
	family = genl_family_find_byid(nlh->nlmsg_type);
1206
	if (family == NULL)
1207
		return -ENOENT;
1208

1209
	genl_op_lock(family);
1210
	err = genl_family_rcv_msg(family, skb, nlh, extack);
1211
	genl_op_unlock(family);
1212

1213
	return err;
1214
}
1215

1216
static void genl_rcv(struct sk_buff *skb)
1217
{
1218
	down_read(&cb_lock);
1219
	netlink_rcv_skb(skb, &genl_rcv_msg);
1220
	up_read(&cb_lock);
1221
}
1222

1223
/**************************************************************************
1224
 * Controller
1225
 **************************************************************************/
1226

1227
static struct genl_family genl_ctrl;
1228

1229
static int ctrl_fill_info(const struct genl_family *family, u32 portid, u32 seq,
1230
			  u32 flags, struct sk_buff *skb, u8 cmd)
1231
{
1232
	struct genl_op_iter i;
1233
	void *hdr;
1234

1235
	hdr = genlmsg_put(skb, portid, seq, &genl_ctrl, flags, cmd);
1236
	if (hdr == NULL)
1237
		return -EMSGSIZE;
1238

1239
	if (nla_put_string(skb, CTRL_ATTR_FAMILY_NAME, family->name) ||
1240
	    nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, family->id) ||
1241
	    nla_put_u32(skb, CTRL_ATTR_VERSION, family->version) ||
1242
	    nla_put_u32(skb, CTRL_ATTR_HDRSIZE, family->hdrsize) ||
1243
	    nla_put_u32(skb, CTRL_ATTR_MAXATTR, family->maxattr))
1244
		goto nla_put_failure;
1245

1246
	if (genl_op_iter_init(family, &i)) {
1247
		struct nlattr *nla_ops;
1248

1249
		nla_ops = nla_nest_start_noflag(skb, CTRL_ATTR_OPS);
1250
		if (nla_ops == NULL)
1251
			goto nla_put_failure;
1252

1253
		while (genl_op_iter_next(&i)) {
1254
			struct nlattr *nest;
1255
			u32 op_flags;
1256

1257
			op_flags = i.flags;
1258
			if (i.doit.policy || i.dumpit.policy)
1259
				op_flags |= GENL_CMD_CAP_HASPOL;
1260

1261
			nest = nla_nest_start_noflag(skb, genl_op_iter_idx(&i));
1262
			if (nest == NULL)
1263
				goto nla_put_failure;
1264

1265
			if (nla_put_u32(skb, CTRL_ATTR_OP_ID, i.cmd) ||
1266
			    nla_put_u32(skb, CTRL_ATTR_OP_FLAGS, op_flags))
1267
				goto nla_put_failure;
1268

1269
			nla_nest_end(skb, nest);
1270
		}
1271

1272
		nla_nest_end(skb, nla_ops);
1273
	}
1274

1275
	if (family->n_mcgrps) {
1276
		struct nlattr *nla_grps;
1277
		int i;
1278

1279
		nla_grps = nla_nest_start_noflag(skb, CTRL_ATTR_MCAST_GROUPS);
1280
		if (nla_grps == NULL)
1281
			goto nla_put_failure;
1282

1283
		for (i = 0; i < family->n_mcgrps; i++) {
1284
			struct nlattr *nest;
1285
			const struct genl_multicast_group *grp;
1286

1287
			grp = &family->mcgrps[i];
1288

1289
			nest = nla_nest_start_noflag(skb, i + 1);
1290
			if (nest == NULL)
1291
				goto nla_put_failure;
1292

1293
			if (nla_put_u32(skb, CTRL_ATTR_MCAST_GRP_ID,
1294
					family->mcgrp_offset + i) ||
1295
			    nla_put_string(skb, CTRL_ATTR_MCAST_GRP_NAME,
1296
					   grp->name))
1297
				goto nla_put_failure;
1298

1299
			nla_nest_end(skb, nest);
1300
		}
1301
		nla_nest_end(skb, nla_grps);
1302
	}
1303

1304
	genlmsg_end(skb, hdr);
1305
	return 0;
1306

1307
nla_put_failure:
1308
	genlmsg_cancel(skb, hdr);
1309
	return -EMSGSIZE;
1310
}
1311

1312
static int ctrl_fill_mcgrp_info(const struct genl_family *family,
1313
				const struct genl_multicast_group *grp,
1314
				int grp_id, u32 portid, u32 seq, u32 flags,
1315
				struct sk_buff *skb, u8 cmd)
1316
{
1317
	void *hdr;
1318
	struct nlattr *nla_grps;
1319
	struct nlattr *nest;
1320

1321
	hdr = genlmsg_put(skb, portid, seq, &genl_ctrl, flags, cmd);
1322
	if (hdr == NULL)
1323
		return -1;
1324

1325
	if (nla_put_string(skb, CTRL_ATTR_FAMILY_NAME, family->name) ||
1326
	    nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, family->id))
1327
		goto nla_put_failure;
1328

1329
	nla_grps = nla_nest_start_noflag(skb, CTRL_ATTR_MCAST_GROUPS);
1330
	if (nla_grps == NULL)
1331
		goto nla_put_failure;
1332

1333
	nest = nla_nest_start_noflag(skb, 1);
1334
	if (nest == NULL)
1335
		goto nla_put_failure;
1336

1337
	if (nla_put_u32(skb, CTRL_ATTR_MCAST_GRP_ID, grp_id) ||
1338
	    nla_put_string(skb, CTRL_ATTR_MCAST_GRP_NAME,
1339
			   grp->name))
1340
		goto nla_put_failure;
1341

1342
	nla_nest_end(skb, nest);
1343
	nla_nest_end(skb, nla_grps);
1344

1345
	genlmsg_end(skb, hdr);
1346
	return 0;
1347

1348
nla_put_failure:
1349
	genlmsg_cancel(skb, hdr);
1350
	return -EMSGSIZE;
1351
}
1352

1353
static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb)
1354
{
1355
	int n = 0;
1356
	struct genl_family *rt;
1357
	struct net *net = sock_net(skb->sk);
1358
	int fams_to_skip = cb->args[0];
1359
	unsigned int id;
1360
	int err = 0;
1361

1362
	idr_for_each_entry(&genl_fam_idr, rt, id) {
1363
		if (!rt->netnsok && !net_eq(net, &init_net))
1364
			continue;
1365

1366
		if (n++ < fams_to_skip)
1367
			continue;
1368

1369
		err = ctrl_fill_info(rt, NETLINK_CB(cb->skb).portid,
1370
				     cb->nlh->nlmsg_seq, NLM_F_MULTI,
1371
				     skb, CTRL_CMD_NEWFAMILY);
1372
		if (err) {
1373
			n--;
1374
			break;
1375
		}
1376
	}
1377

1378
	cb->args[0] = n;
1379
	return err;
1380
}
1381

1382
static struct sk_buff *ctrl_build_family_msg(const struct genl_family *family,
1383
					     u32 portid, int seq, u8 cmd)
1384
{
1385
	struct sk_buff *skb;
1386
	int err;
1387

1388
	skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1389
	if (skb == NULL)
1390
		return ERR_PTR(-ENOBUFS);
1391

1392
	err = ctrl_fill_info(family, portid, seq, 0, skb, cmd);
1393
	if (err < 0) {
1394
		nlmsg_free(skb);
1395
		return ERR_PTR(err);
1396
	}
1397

1398
	return skb;
1399
}
1400

1401
static struct sk_buff *
1402
ctrl_build_mcgrp_msg(const struct genl_family *family,
1403
		     const struct genl_multicast_group *grp,
1404
		     int grp_id, u32 portid, int seq, u8 cmd)
1405
{
1406
	struct sk_buff *skb;
1407
	int err;
1408

1409
	skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1410
	if (skb == NULL)
1411
		return ERR_PTR(-ENOBUFS);
1412

1413
	err = ctrl_fill_mcgrp_info(family, grp, grp_id, portid,
1414
				   seq, 0, skb, cmd);
1415
	if (err < 0) {
1416
		nlmsg_free(skb);
1417
		return ERR_PTR(err);
1418
	}
1419

1420
	return skb;
1421
}
1422

1423
static const struct nla_policy ctrl_policy_family[] = {
1424
	[CTRL_ATTR_FAMILY_ID]	= { .type = NLA_U16 },
1425
	[CTRL_ATTR_FAMILY_NAME]	= { .type = NLA_NUL_STRING,
1426
				    .len = GENL_NAMSIZ - 1 },
1427
};
1428

1429
static int ctrl_getfamily(struct sk_buff *skb, struct genl_info *info)
1430
{
1431
	struct sk_buff *msg;
1432
	const struct genl_family *res = NULL;
1433
	int err = -EINVAL;
1434

1435
	if (info->attrs[CTRL_ATTR_FAMILY_ID]) {
1436
		u16 id = nla_get_u16(info->attrs[CTRL_ATTR_FAMILY_ID]);
1437
		res = genl_family_find_byid(id);
1438
		err = -ENOENT;
1439
	}
1440

1441
	if (info->attrs[CTRL_ATTR_FAMILY_NAME]) {
1442
		char *name;
1443

1444
		name = nla_data(info->attrs[CTRL_ATTR_FAMILY_NAME]);
1445
		res = genl_family_find_byname(name);
1446
#ifdef CONFIG_MODULES
1447
		if (res == NULL) {
1448
			genl_unlock();
1449
			up_read(&cb_lock);
1450
			request_module("net-pf-%d-proto-%d-family-%s",
1451
				       PF_NETLINK, NETLINK_GENERIC, name);
1452
			down_read(&cb_lock);
1453
			genl_lock();
1454
			res = genl_family_find_byname(name);
1455
		}
1456
#endif
1457
		err = -ENOENT;
1458
	}
1459

1460
	if (res == NULL)
1461
		return err;
1462

1463
	if (!res->netnsok && !net_eq(genl_info_net(info), &init_net)) {
1464
		/* family doesn't exist here */
1465
		return -ENOENT;
1466
	}
1467

1468
	msg = ctrl_build_family_msg(res, info->snd_portid, info->snd_seq,
1469
				    CTRL_CMD_NEWFAMILY);
1470
	if (IS_ERR(msg))
1471
		return PTR_ERR(msg);
1472

1473
	return genlmsg_reply(msg, info);
1474
}
1475

1476
static int genl_ctrl_event(int event, const struct genl_family *family,
1477
			   const struct genl_multicast_group *grp,
1478
			   int grp_id)
1479
{
1480
	struct sk_buff *msg;
1481

1482
	/* genl is still initialising */
1483
	if (!init_net.genl_sock)
1484
		return 0;
1485

1486
	switch (event) {
1487
	case CTRL_CMD_NEWFAMILY:
1488
	case CTRL_CMD_DELFAMILY:
1489
		WARN_ON(grp);
1490
		msg = ctrl_build_family_msg(family, 0, 0, event);
1491
		break;
1492
	case CTRL_CMD_NEWMCAST_GRP:
1493
	case CTRL_CMD_DELMCAST_GRP:
1494
		BUG_ON(!grp);
1495
		msg = ctrl_build_mcgrp_msg(family, grp, grp_id, 0, 0, event);
1496
		break;
1497
	default:
1498
		return -EINVAL;
1499
	}
1500

1501
	if (IS_ERR(msg))
1502
		return PTR_ERR(msg);
1503

1504
	if (!family->netnsok)
1505
		genlmsg_multicast_netns(&genl_ctrl, &init_net, msg, 0,
1506
					0, GFP_KERNEL);
1507
	else
1508
		genlmsg_multicast_allns(&genl_ctrl, msg, 0, 0);
1509

1510
	return 0;
1511
}
1512

1513
struct ctrl_dump_policy_ctx {
1514
	struct netlink_policy_dump_state *state;
1515
	const struct genl_family *rt;
1516
	struct genl_op_iter *op_iter;
1517
	u32 op;
1518
	u16 fam_id;
1519
	u8 dump_map:1,
1520
	   single_op:1;
1521
};
1522

1523
static const struct nla_policy ctrl_policy_policy[] = {
1524
	[CTRL_ATTR_FAMILY_ID]	= { .type = NLA_U16 },
1525
	[CTRL_ATTR_FAMILY_NAME]	= { .type = NLA_NUL_STRING,
1526
				    .len = GENL_NAMSIZ - 1 },
1527
	[CTRL_ATTR_OP]		= { .type = NLA_U32 },
1528
};
1529

1530
static int ctrl_dumppolicy_start(struct netlink_callback *cb)
1531
{
1532
	const struct genl_dumpit_info *info = genl_dumpit_info(cb);
1533
	struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1534
	struct nlattr **tb = info->info.attrs;
1535
	const struct genl_family *rt;
1536
	struct genl_op_iter i;
1537
	int err;
1538

1539
	BUILD_BUG_ON(sizeof(*ctx) > sizeof(cb->ctx));
1540

1541
	if (!tb[CTRL_ATTR_FAMILY_ID] && !tb[CTRL_ATTR_FAMILY_NAME])
1542
		return -EINVAL;
1543

1544
	if (tb[CTRL_ATTR_FAMILY_ID]) {
1545
		ctx->fam_id = nla_get_u16(tb[CTRL_ATTR_FAMILY_ID]);
1546
	} else {
1547
		rt = genl_family_find_byname(
1548
			nla_data(tb[CTRL_ATTR_FAMILY_NAME]));
1549
		if (!rt)
1550
			return -ENOENT;
1551
		ctx->fam_id = rt->id;
1552
	}
1553

1554
	rt = genl_family_find_byid(ctx->fam_id);
1555
	if (!rt)
1556
		return -ENOENT;
1557

1558
	ctx->rt = rt;
1559

1560
	if (tb[CTRL_ATTR_OP]) {
1561
		struct genl_split_ops doit, dump;
1562

1563
		ctx->single_op = true;
1564
		ctx->op = nla_get_u32(tb[CTRL_ATTR_OP]);
1565

1566
		err = genl_get_cmd_both(ctx->op, rt, &doit, &dump);
1567
		if (err) {
1568
			NL_SET_BAD_ATTR(cb->extack, tb[CTRL_ATTR_OP]);
1569
			return err;
1570
		}
1571

1572
		if (doit.policy) {
1573
			err = netlink_policy_dump_add_policy(&ctx->state,
1574
							     doit.policy,
1575
							     doit.maxattr);
1576
			if (err)
1577
				goto err_free_state;
1578
		}
1579
		if (dump.policy) {
1580
			err = netlink_policy_dump_add_policy(&ctx->state,
1581
							     dump.policy,
1582
							     dump.maxattr);
1583
			if (err)
1584
				goto err_free_state;
1585
		}
1586

1587
		if (!ctx->state)
1588
			return -ENODATA;
1589

1590
		ctx->dump_map = 1;
1591
		return 0;
1592
	}
1593

1594
	ctx->op_iter = kmalloc(sizeof(*ctx->op_iter), GFP_KERNEL);
1595
	if (!ctx->op_iter)
1596
		return -ENOMEM;
1597

1598
	genl_op_iter_init(rt, ctx->op_iter);
1599
	ctx->dump_map = genl_op_iter_next(ctx->op_iter);
1600

1601
	for (genl_op_iter_init(rt, &i); genl_op_iter_next(&i); ) {
1602
		if (i.doit.policy) {
1603
			err = netlink_policy_dump_add_policy(&ctx->state,
1604
							     i.doit.policy,
1605
							     i.doit.maxattr);
1606
			if (err)
1607
				goto err_free_state;
1608
		}
1609
		if (i.dumpit.policy) {
1610
			err = netlink_policy_dump_add_policy(&ctx->state,
1611
							     i.dumpit.policy,
1612
							     i.dumpit.maxattr);
1613
			if (err)
1614
				goto err_free_state;
1615
		}
1616
	}
1617

1618
	if (!ctx->state) {
1619
		err = -ENODATA;
1620
		goto err_free_op_iter;
1621
	}
1622
	return 0;
1623

1624
err_free_state:
1625
	netlink_policy_dump_free(ctx->state);
1626
err_free_op_iter:
1627
	kfree(ctx->op_iter);
1628
	return err;
1629
}
1630

1631
static void *ctrl_dumppolicy_prep(struct sk_buff *skb,
1632
				  struct netlink_callback *cb)
1633
{
1634
	struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1635
	void *hdr;
1636

1637
	hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid,
1638
			  cb->nlh->nlmsg_seq, &genl_ctrl,
1639
			  NLM_F_MULTI, CTRL_CMD_GETPOLICY);
1640
	if (!hdr)
1641
		return NULL;
1642

1643
	if (nla_put_u16(skb, CTRL_ATTR_FAMILY_ID, ctx->fam_id))
1644
		return NULL;
1645

1646
	return hdr;
1647
}
1648

1649
static int ctrl_dumppolicy_put_op(struct sk_buff *skb,
1650
				  struct netlink_callback *cb,
1651
				  struct genl_split_ops *doit,
1652
				  struct genl_split_ops *dumpit)
1653
{
1654
	struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1655
	struct nlattr *nest_pol, *nest_op;
1656
	void *hdr;
1657
	int idx;
1658

1659
	/* skip if we have nothing to show */
1660
	if (!doit->policy && !dumpit->policy)
1661
		return 0;
1662

1663
	hdr = ctrl_dumppolicy_prep(skb, cb);
1664
	if (!hdr)
1665
		return -ENOBUFS;
1666

1667
	nest_pol = nla_nest_start(skb, CTRL_ATTR_OP_POLICY);
1668
	if (!nest_pol)
1669
		goto err;
1670

1671
	nest_op = nla_nest_start(skb, doit->cmd);
1672
	if (!nest_op)
1673
		goto err;
1674

1675
	if (doit->policy) {
1676
		idx = netlink_policy_dump_get_policy_idx(ctx->state,
1677
							 doit->policy,
1678
							 doit->maxattr);
1679

1680
		if (nla_put_u32(skb, CTRL_ATTR_POLICY_DO, idx))
1681
			goto err;
1682
	}
1683
	if (dumpit->policy) {
1684
		idx = netlink_policy_dump_get_policy_idx(ctx->state,
1685
							 dumpit->policy,
1686
							 dumpit->maxattr);
1687

1688
		if (nla_put_u32(skb, CTRL_ATTR_POLICY_DUMP, idx))
1689
			goto err;
1690
	}
1691

1692
	nla_nest_end(skb, nest_op);
1693
	nla_nest_end(skb, nest_pol);
1694
	genlmsg_end(skb, hdr);
1695

1696
	return 0;
1697
err:
1698
	genlmsg_cancel(skb, hdr);
1699
	return -ENOBUFS;
1700
}
1701

1702
static int ctrl_dumppolicy(struct sk_buff *skb, struct netlink_callback *cb)
1703
{
1704
	struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1705
	void *hdr;
1706

1707
	if (ctx->dump_map) {
1708
		if (ctx->single_op) {
1709
			struct genl_split_ops doit, dumpit;
1710

1711
			if (WARN_ON(genl_get_cmd_both(ctx->op, ctx->rt,
1712
						      &doit, &dumpit)))
1713
				return -ENOENT;
1714

1715
			if (ctrl_dumppolicy_put_op(skb, cb, &doit, &dumpit))
1716
				return skb->len;
1717

1718
			/* done with the per-op policy index list */
1719
			ctx->dump_map = 0;
1720
		}
1721

1722
		while (ctx->dump_map) {
1723
			if (ctrl_dumppolicy_put_op(skb, cb,
1724
						   &ctx->op_iter->doit,
1725
						   &ctx->op_iter->dumpit))
1726
				return skb->len;
1727

1728
			ctx->dump_map = genl_op_iter_next(ctx->op_iter);
1729
		}
1730
	}
1731

1732
	while (netlink_policy_dump_loop(ctx->state)) {
1733
		struct nlattr *nest;
1734

1735
		hdr = ctrl_dumppolicy_prep(skb, cb);
1736
		if (!hdr)
1737
			goto nla_put_failure;
1738

1739
		nest = nla_nest_start(skb, CTRL_ATTR_POLICY);
1740
		if (!nest)
1741
			goto nla_put_failure;
1742

1743
		if (netlink_policy_dump_write(skb, ctx->state))
1744
			goto nla_put_failure;
1745

1746
		nla_nest_end(skb, nest);
1747

1748
		genlmsg_end(skb, hdr);
1749
	}
1750

1751
	return skb->len;
1752

1753
nla_put_failure:
1754
	genlmsg_cancel(skb, hdr);
1755
	return skb->len;
1756
}
1757

1758
static int ctrl_dumppolicy_done(struct netlink_callback *cb)
1759
{
1760
	struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx;
1761

1762
	kfree(ctx->op_iter);
1763
	netlink_policy_dump_free(ctx->state);
1764
	return 0;
1765
}
1766

1767
static const struct genl_split_ops genl_ctrl_ops[] = {
1768
	{
1769
		.cmd		= CTRL_CMD_GETFAMILY,
1770
		.validate	= GENL_DONT_VALIDATE_STRICT,
1771
		.policy		= ctrl_policy_family,
1772
		.maxattr	= ARRAY_SIZE(ctrl_policy_family) - 1,
1773
		.doit		= ctrl_getfamily,
1774
		.flags		= GENL_CMD_CAP_DO,
1775
	},
1776
	{
1777
		.cmd		= CTRL_CMD_GETFAMILY,
1778
		.validate	= GENL_DONT_VALIDATE_DUMP,
1779
		.policy		= ctrl_policy_family,
1780
		.maxattr	= ARRAY_SIZE(ctrl_policy_family) - 1,
1781
		.dumpit		= ctrl_dumpfamily,
1782
		.flags		= GENL_CMD_CAP_DUMP,
1783
	},
1784
	{
1785
		.cmd		= CTRL_CMD_GETPOLICY,
1786
		.policy		= ctrl_policy_policy,
1787
		.maxattr	= ARRAY_SIZE(ctrl_policy_policy) - 1,
1788
		.start		= ctrl_dumppolicy_start,
1789
		.dumpit		= ctrl_dumppolicy,
1790
		.done		= ctrl_dumppolicy_done,
1791
		.flags		= GENL_CMD_CAP_DUMP,
1792
	},
1793
};
1794

1795
static const struct genl_multicast_group genl_ctrl_groups[] = {
1796
	{ .name = "notify", },
1797
};
1798

1799
static struct genl_family genl_ctrl __ro_after_init = {
1800
	.module = THIS_MODULE,
1801
	.split_ops = genl_ctrl_ops,
1802
	.n_split_ops = ARRAY_SIZE(genl_ctrl_ops),
1803
	.resv_start_op = CTRL_CMD_GETPOLICY + 1,
1804
	.mcgrps = genl_ctrl_groups,
1805
	.n_mcgrps = ARRAY_SIZE(genl_ctrl_groups),
1806
	.id = GENL_ID_CTRL,
1807
	.name = "nlctrl",
1808
	.version = 0x2,
1809
	.netnsok = true,
1810
};
1811

1812
static int genl_bind(struct net *net, int group)
1813
{
1814
	const struct genl_family *family;
1815
	unsigned int id;
1816
	int ret = 0;
1817

1818
	down_read(&cb_lock);
1819

1820
	idr_for_each_entry(&genl_fam_idr, family, id) {
1821
		const struct genl_multicast_group *grp;
1822
		int i;
1823

1824
		if (family->n_mcgrps == 0)
1825
			continue;
1826

1827
		i = group - family->mcgrp_offset;
1828
		if (i < 0 || i >= family->n_mcgrps)
1829
			continue;
1830

1831
		grp = &family->mcgrps[i];
1832
		if ((grp->flags & GENL_MCAST_CAP_NET_ADMIN) &&
1833
		    !ns_capable(net->user_ns, CAP_NET_ADMIN))
1834
			ret = -EPERM;
1835
		if ((grp->flags & GENL_MCAST_CAP_SYS_ADMIN) &&
1836
		    !ns_capable(net->user_ns, CAP_SYS_ADMIN))
1837
			ret = -EPERM;
1838

1839
		if (family->bind)
1840
			family->bind(i);
1841

1842
		break;
1843
	}
1844

1845
	up_read(&cb_lock);
1846
	return ret;
1847
}
1848

1849
static void genl_unbind(struct net *net, int group)
1850
{
1851
	const struct genl_family *family;
1852
	unsigned int id;
1853

1854
	down_read(&cb_lock);
1855

1856
	idr_for_each_entry(&genl_fam_idr, family, id) {
1857
		int i;
1858

1859
		if (family->n_mcgrps == 0)
1860
			continue;
1861

1862
		i = group - family->mcgrp_offset;
1863
		if (i < 0 || i >= family->n_mcgrps)
1864
			continue;
1865

1866
		if (family->unbind)
1867
			family->unbind(i);
1868

1869
		break;
1870
	}
1871

1872
	up_read(&cb_lock);
1873
}
1874

1875
static int __net_init genl_pernet_init(struct net *net)
1876
{
1877
	struct netlink_kernel_cfg cfg = {
1878
		.input		= genl_rcv,
1879
		.flags		= NL_CFG_F_NONROOT_RECV,
1880
		.bind		= genl_bind,
1881
		.unbind		= genl_unbind,
1882
		.release	= genl_release,
1883
	};
1884

1885
	/* we'll bump the group number right afterwards */
1886
	net->genl_sock = netlink_kernel_create(net, NETLINK_GENERIC, &cfg);
1887

1888
	if (!net->genl_sock && net_eq(net, &init_net))
1889
		panic("GENL: Cannot initialize generic netlink\n");
1890

1891
	if (!net->genl_sock)
1892
		return -ENOMEM;
1893

1894
	return 0;
1895
}
1896

1897
static void __net_exit genl_pernet_exit(struct net *net)
1898
{
1899
	netlink_kernel_release(net->genl_sock);
1900
	net->genl_sock = NULL;
1901
}
1902

1903
static struct pernet_operations genl_pernet_ops = {
1904
	.init = genl_pernet_init,
1905
	.exit = genl_pernet_exit,
1906
};
1907

1908
static int __init genl_init(void)
1909
{
1910
	int err;
1911

1912
	err = genl_register_family(&genl_ctrl);
1913
	if (err < 0)
1914
		goto problem;
1915

1916
	err = register_pernet_subsys(&genl_pernet_ops);
1917
	if (err)
1918
		goto problem;
1919

1920
	return 0;
1921

1922
problem:
1923
	panic("GENL: Cannot register controller: %d\n", err);
1924
}
1925

1926
core_initcall(genl_init);
1927

1928
static int genlmsg_mcast(struct sk_buff *skb, u32 portid, unsigned long group)
1929
{
1930
	struct sk_buff *tmp;
1931
	struct net *net, *prev = NULL;
1932
	bool delivered = false;
1933
	int err;
1934

1935
	rcu_read_lock();
1936
	for_each_net_rcu(net) {
1937
		if (prev) {
1938
			tmp = skb_clone(skb, GFP_ATOMIC);
1939
			if (!tmp) {
1940
				err = -ENOMEM;
1941
				goto error;
1942
			}
1943
			err = nlmsg_multicast(prev->genl_sock, tmp,
1944
					      portid, group, GFP_ATOMIC);
1945
			if (!err)
1946
				delivered = true;
1947
			else if (err != -ESRCH)
1948
				goto error;
1949
		}
1950

1951
		prev = net;
1952
	}
1953
	err = nlmsg_multicast(prev->genl_sock, skb, portid, group, GFP_ATOMIC);
1954

1955
	rcu_read_unlock();
1956

1957
	if (!err)
1958
		delivered = true;
1959
	else if (err != -ESRCH)
1960
		return err;
1961
	return delivered ? 0 : -ESRCH;
1962
 error:
1963
	rcu_read_unlock();
1964

1965
	kfree_skb(skb);
1966
	return err;
1967
}
1968

1969
int genlmsg_multicast_allns(const struct genl_family *family,
1970
			    struct sk_buff *skb, u32 portid,
1971
			    unsigned int group)
1972
{
1973
	if (WARN_ON_ONCE(group >= family->n_mcgrps))
1974
		return -EINVAL;
1975

1976
	group = family->mcgrp_offset + group;
1977
	return genlmsg_mcast(skb, portid, group);
1978
}
1979
EXPORT_SYMBOL(genlmsg_multicast_allns);
1980

1981
void genl_notify(const struct genl_family *family, struct sk_buff *skb,
1982
		 struct genl_info *info, u32 group, gfp_t flags)
1983
{
1984
	struct net *net = genl_info_net(info);
1985
	struct sock *sk = net->genl_sock;
1986

1987
	if (WARN_ON_ONCE(group >= family->n_mcgrps))
1988
		return;
1989

1990
	group = family->mcgrp_offset + group;
1991
	nlmsg_notify(sk, skb, info->snd_portid, group,
1992
		     nlmsg_report(info->nlhdr), flags);
1993
}
1994
EXPORT_SYMBOL(genl_notify);
1995

1996