af_netlink.c 49.1 KB
Newer Older
L
Linus Torvalds 已提交
1 2 3
/*
 * NETLINK      Kernel-user communication protocol.
 *
4
 * 		Authors:	Alan Cox <alan@lxorguk.ukuu.org.uk>
L
Linus Torvalds 已提交
5 6 7 8 9 10
 * 				Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
 *
 *		This program is free software; you can redistribute it and/or
 *		modify it under the terms of the GNU General Public License
 *		as published by the Free Software Foundation; either version
 *		2 of the License, or (at your option) any later version.
11
 *
L
Linus Torvalds 已提交
12 13 14 15
 * Tue Jun 26 14:36:48 MEST 2001 Herbert "herp" Rosmanith
 *                               added netlink_proto_exit
 * Tue Jan 22 18:32:44 BRST 2002 Arnaldo C. de Melo <acme@conectiva.com.br>
 * 				 use nlk_sk, as sk->protinfo is on a diet 8)
16 17 18 19 20 21
 * Fri Jul 22 19:51:12 MEST 2005 Harald Welte <laforge@gnumonks.org>
 * 				 - inc module use count of module that owns
 * 				   the kernel socket in case userspace opens
 * 				   socket of same protocol
 * 				 - remove all module support, since netlink is
 * 				   mandatory if CONFIG_NET=y these days
L
Linus Torvalds 已提交
22 23 24 25
 */

#include <linux/module.h>

26
#include <linux/capability.h>
L
Linus Torvalds 已提交
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/signal.h>
#include <linux/sched.h>
#include <linux/errno.h>
#include <linux/string.h>
#include <linux/stat.h>
#include <linux/socket.h>
#include <linux/un.h>
#include <linux/fcntl.h>
#include <linux/termios.h>
#include <linux/sockios.h>
#include <linux/net.h>
#include <linux/fs.h>
#include <linux/slab.h>
#include <asm/uaccess.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include <linux/rtnetlink.h>
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
#include <linux/notifier.h>
#include <linux/security.h>
#include <linux/jhash.h>
#include <linux/jiffies.h>
#include <linux/random.h>
#include <linux/bitops.h>
#include <linux/mm.h>
#include <linux/types.h>
A
Andrew Morton 已提交
56
#include <linux/audit.h>
57
#include <linux/mutex.h>
A
Andrew Morton 已提交
58

59
#include <net/net_namespace.h>
L
Linus Torvalds 已提交
60 61
#include <net/sock.h>
#include <net/scm.h>
62
#include <net/netlink.h>
L
Linus Torvalds 已提交
63

64
#include "af_netlink.h"
L
Linus Torvalds 已提交
65

66 67 68
struct listeners {
	struct rcu_head		rcu;
	unsigned long		masks[0];
69 70
};

71 72 73 74
/* state bits */
#define NETLINK_CONGESTED	0x0

/* flags */
75
#define NETLINK_KERNEL_SOCKET	0x1
76
#define NETLINK_RECV_PKTINFO	0x2
77
#define NETLINK_BROADCAST_SEND_ERROR	0x4
78
#define NETLINK_RECV_NO_ENOBUFS	0x8
79

80
static inline int netlink_is_kernel(struct sock *sk)
81 82 83 84
{
	return nlk_sk(sk)->flags & NETLINK_KERNEL_SOCKET;
}

85 86
struct netlink_table *nl_table;
EXPORT_SYMBOL_GPL(nl_table);
L
Linus Torvalds 已提交
87 88 89 90 91

static DECLARE_WAIT_QUEUE_HEAD(nl_table_wait);

static int netlink_dump(struct sock *sk);

92 93
DEFINE_RWLOCK(nl_table_lock);
EXPORT_SYMBOL_GPL(nl_table_lock);
L
Linus Torvalds 已提交
94 95
static atomic_t nl_table_users = ATOMIC_INIT(0);

96 97
#define nl_deref_protected(X) rcu_dereference_protected(X, lockdep_is_held(&nl_table_lock));

98
static ATOMIC_NOTIFIER_HEAD(netlink_chain);
L
Linus Torvalds 已提交
99

100
static inline u32 netlink_group_mask(u32 group)
101 102 103 104
{
	return group ? 1 << (group - 1) : 0;
}

105
static inline struct hlist_head *nl_portid_hashfn(struct nl_portid_hash *hash, u32 portid)
L
Linus Torvalds 已提交
106
{
107
	return &hash->table[jhash_1word(portid, hash->rnd) & hash->mask];
L
Linus Torvalds 已提交
108 109
}

E
Eric Dumazet 已提交
110 111 112 113 114 115
static void netlink_destroy_callback(struct netlink_callback *cb)
{
	kfree_skb(cb->skb);
	kfree(cb);
}

116 117 118 119 120 121
static void netlink_consume_callback(struct netlink_callback *cb)
{
	consume_skb(cb->skb);
	kfree(cb);
}

122 123 124 125 126 127 128 129 130 131 132 133 134 135
static void netlink_skb_destructor(struct sk_buff *skb)
{
	sock_rfree(skb);
}

static void netlink_skb_set_owner_r(struct sk_buff *skb, struct sock *sk)
{
	WARN_ON(skb->sk != NULL);
	skb->sk = sk;
	skb->destructor = netlink_skb_destructor;
	atomic_add(skb->truesize, &sk->sk_rmem_alloc);
	sk_mem_charge(sk, skb->truesize);
}

L
Linus Torvalds 已提交
136 137
static void netlink_sock_destruct(struct sock *sk)
{
138 139 140 141 142
	struct netlink_sock *nlk = nlk_sk(sk);

	if (nlk->cb) {
		if (nlk->cb->done)
			nlk->cb->done(nlk->cb);
143 144

		module_put(nlk->cb->module);
145 146 147
		netlink_destroy_callback(nlk->cb);
	}

L
Linus Torvalds 已提交
148 149 150
	skb_queue_purge(&sk->sk_receive_queue);

	if (!sock_flag(sk, SOCK_DEAD)) {
151
		printk(KERN_ERR "Freeing alive netlink socket %p\n", sk);
L
Linus Torvalds 已提交
152 153
		return;
	}
154 155 156 157

	WARN_ON(atomic_read(&sk->sk_rmem_alloc));
	WARN_ON(atomic_read(&sk->sk_wmem_alloc));
	WARN_ON(nlk_sk(sk)->groups);
L
Linus Torvalds 已提交
158 159
}

160 161
/* This lock without WQ_FLAG_EXCLUSIVE is good on UP and it is _very_ bad on
 * SMP. Look, when several writers sleep and reader wakes them up, all but one
L
Linus Torvalds 已提交
162 163 164 165
 * immediately hit write lock and grab all the cpus. Exclusive sleep solves
 * this, _but_ remember, it adds useless work on UP machines.
 */

166
void netlink_table_grab(void)
167
	__acquires(nl_table_lock)
L
Linus Torvalds 已提交
168
{
169 170
	might_sleep();

171
	write_lock_irq(&nl_table_lock);
L
Linus Torvalds 已提交
172 173 174 175 176

	if (atomic_read(&nl_table_users)) {
		DECLARE_WAITQUEUE(wait, current);

		add_wait_queue_exclusive(&nl_table_wait, &wait);
177
		for (;;) {
L
Linus Torvalds 已提交
178 179 180
			set_current_state(TASK_UNINTERRUPTIBLE);
			if (atomic_read(&nl_table_users) == 0)
				break;
181
			write_unlock_irq(&nl_table_lock);
L
Linus Torvalds 已提交
182
			schedule();
183
			write_lock_irq(&nl_table_lock);
L
Linus Torvalds 已提交
184 185 186 187 188 189 190
		}

		__set_current_state(TASK_RUNNING);
		remove_wait_queue(&nl_table_wait, &wait);
	}
}

191
void netlink_table_ungrab(void)
192
	__releases(nl_table_lock)
L
Linus Torvalds 已提交
193
{
194
	write_unlock_irq(&nl_table_lock);
L
Linus Torvalds 已提交
195 196 197
	wake_up(&nl_table_wait);
}

198
static inline void
L
Linus Torvalds 已提交
199 200 201 202 203 204 205 206 207
netlink_lock_table(void)
{
	/* read_lock() synchronizes us to netlink_table_grab */

	read_lock(&nl_table_lock);
	atomic_inc(&nl_table_users);
	read_unlock(&nl_table_lock);
}

208
static inline void
L
Linus Torvalds 已提交
209 210 211 212 213 214
netlink_unlock_table(void)
{
	if (atomic_dec_and_test(&nl_table_users))
		wake_up(&nl_table_wait);
}

215
static struct sock *netlink_lookup(struct net *net, int protocol, u32 portid)
L
Linus Torvalds 已提交
216
{
217
	struct nl_portid_hash *hash = &nl_table[protocol].hash;
L
Linus Torvalds 已提交
218 219 220 221
	struct hlist_head *head;
	struct sock *sk;

	read_lock(&nl_table_lock);
222
	head = nl_portid_hashfn(hash, portid);
223
	sk_for_each(sk, head) {
224
		if (net_eq(sock_net(sk), net) && (nlk_sk(sk)->portid == portid)) {
L
Linus Torvalds 已提交
225 226 227 228 229 230 231 232 233 234
			sock_hold(sk);
			goto found;
		}
	}
	sk = NULL;
found:
	read_unlock(&nl_table_lock);
	return sk;
}

235
static struct hlist_head *nl_portid_hash_zalloc(size_t size)
L
Linus Torvalds 已提交
236 237
{
	if (size <= PAGE_SIZE)
E
Eric Dumazet 已提交
238
		return kzalloc(size, GFP_ATOMIC);
L
Linus Torvalds 已提交
239 240
	else
		return (struct hlist_head *)
E
Eric Dumazet 已提交
241 242
			__get_free_pages(GFP_ATOMIC | __GFP_ZERO,
					 get_order(size));
L
Linus Torvalds 已提交
243 244
}

245
static void nl_portid_hash_free(struct hlist_head *table, size_t size)
L
Linus Torvalds 已提交
246 247 248 249 250 251 252
{
	if (size <= PAGE_SIZE)
		kfree(table);
	else
		free_pages((unsigned long)table, get_order(size));
}

253
static int nl_portid_hash_rehash(struct nl_portid_hash *hash, int grow)
L
Linus Torvalds 已提交
254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270
{
	unsigned int omask, mask, shift;
	size_t osize, size;
	struct hlist_head *otable, *table;
	int i;

	omask = mask = hash->mask;
	osize = size = (mask + 1) * sizeof(*table);
	shift = hash->shift;

	if (grow) {
		if (++shift > hash->max_shift)
			return 0;
		mask = mask * 2 + 1;
		size *= 2;
	}

271
	table = nl_portid_hash_zalloc(size);
L
Linus Torvalds 已提交
272 273 274 275 276 277 278 279 280 281 282
	if (!table)
		return 0;

	otable = hash->table;
	hash->table = table;
	hash->mask = mask;
	hash->shift = shift;
	get_random_bytes(&hash->rnd, sizeof(hash->rnd));

	for (i = 0; i <= omask; i++) {
		struct sock *sk;
283
		struct hlist_node *tmp;
L
Linus Torvalds 已提交
284

285
		sk_for_each_safe(sk, tmp, &otable[i])
286
			__sk_add_node(sk, nl_portid_hashfn(hash, nlk_sk(sk)->portid));
L
Linus Torvalds 已提交
287 288
	}

289
	nl_portid_hash_free(otable, osize);
L
Linus Torvalds 已提交
290 291 292 293
	hash->rehash_time = jiffies + 10 * 60 * HZ;
	return 1;
}

294
static inline int nl_portid_hash_dilute(struct nl_portid_hash *hash, int len)
L
Linus Torvalds 已提交
295 296 297
{
	int avg = hash->entries >> hash->shift;

298
	if (unlikely(avg > 1) && nl_portid_hash_rehash(hash, 1))
L
Linus Torvalds 已提交
299 300 301
		return 1;

	if (unlikely(len > avg) && time_after(jiffies, hash->rehash_time)) {
302
		nl_portid_hash_rehash(hash, 0);
L
Linus Torvalds 已提交
303 304 305 306 307 308
		return 1;
	}

	return 0;
}

309
static const struct proto_ops netlink_ops;
L
Linus Torvalds 已提交
310

311 312 313 314 315 316
static void
netlink_update_listeners(struct sock *sk)
{
	struct netlink_table *tbl = &nl_table[sk->sk_protocol];
	unsigned long mask;
	unsigned int i;
317 318 319 320 321
	struct listeners *listeners;

	listeners = nl_deref_protected(tbl->listeners);
	if (!listeners)
		return;
322

323
	for (i = 0; i < NLGRPLONGS(tbl->groups); i++) {
324
		mask = 0;
325
		sk_for_each_bound(sk, &tbl->mc_list) {
326 327 328
			if (i < NLGRPLONGS(nlk_sk(sk)->ngroups))
				mask |= nlk_sk(sk)->groups[i];
		}
329
		listeners->masks[i] = mask;
330 331 332 333 334
	}
	/* this function is only called with the netlink table "grabbed", which
	 * makes sure updates are visible before bind or setsockopt return. */
}

335
static int netlink_insert(struct sock *sk, struct net *net, u32 portid)
L
Linus Torvalds 已提交
336
{
337
	struct nl_portid_hash *hash = &nl_table[sk->sk_protocol].hash;
L
Linus Torvalds 已提交
338 339 340 341 342 343
	struct hlist_head *head;
	int err = -EADDRINUSE;
	struct sock *osk;
	int len;

	netlink_table_grab();
344
	head = nl_portid_hashfn(hash, portid);
L
Linus Torvalds 已提交
345
	len = 0;
346
	sk_for_each(osk, head) {
347
		if (net_eq(sock_net(osk), net) && (nlk_sk(osk)->portid == portid))
L
Linus Torvalds 已提交
348 349 350
			break;
		len++;
	}
351
	if (osk)
L
Linus Torvalds 已提交
352 353 354
		goto err;

	err = -EBUSY;
355
	if (nlk_sk(sk)->portid)
L
Linus Torvalds 已提交
356 357 358 359 360 361
		goto err;

	err = -ENOMEM;
	if (BITS_PER_LONG > 32 && unlikely(hash->entries >= UINT_MAX))
		goto err;

362 363
	if (len && nl_portid_hash_dilute(hash, len))
		head = nl_portid_hashfn(hash, portid);
L
Linus Torvalds 已提交
364
	hash->entries++;
365
	nlk_sk(sk)->portid = portid;
L
Linus Torvalds 已提交
366 367 368 369 370 371 372 373 374 375 376
	sk_add_node(sk, head);
	err = 0;

err:
	netlink_table_ungrab();
	return err;
}

static void netlink_remove(struct sock *sk)
{
	netlink_table_grab();
377 378
	if (sk_del_node_init(sk))
		nl_table[sk->sk_protocol].hash.entries--;
379
	if (nlk_sk(sk)->subscriptions)
L
Linus Torvalds 已提交
380 381 382 383 384 385 386 387 388 389
		__sk_del_bind_node(sk);
	netlink_table_ungrab();
}

static struct proto netlink_proto = {
	.name	  = "NETLINK",
	.owner	  = THIS_MODULE,
	.obj_size = sizeof(struct netlink_sock),
};

390 391
static int __netlink_create(struct net *net, struct socket *sock,
			    struct mutex *cb_mutex, int protocol)
L
Linus Torvalds 已提交
392 393 394
{
	struct sock *sk;
	struct netlink_sock *nlk;
395 396 397

	sock->ops = &netlink_ops;

398
	sk = sk_alloc(net, PF_NETLINK, GFP_KERNEL, &netlink_proto);
399 400 401 402 403 404
	if (!sk)
		return -ENOMEM;

	sock_init_data(sock, sk);

	nlk = nlk_sk(sk);
E
Eric Dumazet 已提交
405
	if (cb_mutex) {
406
		nlk->cb_mutex = cb_mutex;
E
Eric Dumazet 已提交
407
	} else {
408 409 410
		nlk->cb_mutex = &nlk->cb_def_mutex;
		mutex_init(nlk->cb_mutex);
	}
411 412 413 414 415 416 417
	init_waitqueue_head(&nlk->wait);

	sk->sk_destruct = netlink_sock_destruct;
	sk->sk_protocol = protocol;
	return 0;
}

418 419
static int netlink_create(struct net *net, struct socket *sock, int protocol,
			  int kern)
420 421
{
	struct module *module = NULL;
422
	struct mutex *cb_mutex;
423
	struct netlink_sock *nlk;
424
	void (*bind)(int group);
425
	int err = 0;
L
Linus Torvalds 已提交
426 427 428 429 430 431

	sock->state = SS_UNCONNECTED;

	if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM)
		return -ESOCKTNOSUPPORT;

432
	if (protocol < 0 || protocol >= MAX_LINKS)
L
Linus Torvalds 已提交
433 434
		return -EPROTONOSUPPORT;

435
	netlink_lock_table();
436
#ifdef CONFIG_MODULES
437
	if (!nl_table[protocol].registered) {
438
		netlink_unlock_table();
439
		request_module("net-pf-%d-proto-%d", PF_NETLINK, protocol);
440
		netlink_lock_table();
441
	}
442 443 444 445
#endif
	if (nl_table[protocol].registered &&
	    try_module_get(nl_table[protocol].module))
		module = nl_table[protocol].module;
446 447
	else
		err = -EPROTONOSUPPORT;
448
	cb_mutex = nl_table[protocol].cb_mutex;
449
	bind = nl_table[protocol].bind;
450
	netlink_unlock_table();
451

452 453 454
	if (err < 0)
		goto out;

455 456
	err = __netlink_create(net, sock, cb_mutex, protocol);
	if (err < 0)
457 458
		goto out_module;

459
	local_bh_disable();
460
	sock_prot_inuse_add(net, &netlink_proto, 1);
461 462
	local_bh_enable();

463 464
	nlk = nlk_sk(sock->sk);
	nlk->module = module;
465
	nlk->netlink_bind = bind;
466 467
out:
	return err;
L
Linus Torvalds 已提交
468

469 470 471
out_module:
	module_put(module);
	goto out;
L
Linus Torvalds 已提交
472 473 474 475 476 477 478 479 480 481 482
}

static int netlink_release(struct socket *sock)
{
	struct sock *sk = sock->sk;
	struct netlink_sock *nlk;

	if (!sk)
		return 0;

	netlink_remove(sk);
483
	sock_orphan(sk);
L
Linus Torvalds 已提交
484 485
	nlk = nlk_sk(sk);

486 487 488 489
	/*
	 * OK. Socket is unlinked, any packets that arrive now
	 * will be purged.
	 */
L
Linus Torvalds 已提交
490 491 492 493 494 495

	sock->sk = NULL;
	wake_up_interruptible_all(&nlk->wait);

	skb_queue_purge(&sk->sk_write_queue);

496
	if (nlk->portid) {
L
Linus Torvalds 已提交
497
		struct netlink_notify n = {
498
						.net = sock_net(sk),
L
Linus Torvalds 已提交
499
						.protocol = sk->sk_protocol,
500
						.portid = nlk->portid,
L
Linus Torvalds 已提交
501
					  };
502 503
		atomic_notifier_call_chain(&netlink_chain,
				NETLINK_URELEASE, &n);
504
	}
505

506
	module_put(nlk->module);
507

508
	netlink_table_grab();
509
	if (netlink_is_kernel(sk)) {
510 511
		BUG_ON(nl_table[sk->sk_protocol].registered == 0);
		if (--nl_table[sk->sk_protocol].registered == 0) {
512 513 514 515 516
			struct listeners *old;

			old = nl_deref_protected(nl_table[sk->sk_protocol].listeners);
			RCU_INIT_POINTER(nl_table[sk->sk_protocol].listeners, NULL);
			kfree_rcu(old, rcu);
517
			nl_table[sk->sk_protocol].module = NULL;
518 519
			nl_table[sk->sk_protocol].bind = NULL;
			nl_table[sk->sk_protocol].flags = 0;
520 521
			nl_table[sk->sk_protocol].registered = 0;
		}
E
Eric Dumazet 已提交
522
	} else if (nlk->subscriptions) {
523
		netlink_update_listeners(sk);
E
Eric Dumazet 已提交
524
	}
525
	netlink_table_ungrab();
526

527 528 529
	kfree(nlk->groups);
	nlk->groups = NULL;

530
	local_bh_disable();
531
	sock_prot_inuse_add(sock_net(sk), &netlink_proto, -1);
532
	local_bh_enable();
L
Linus Torvalds 已提交
533 534 535 536 537 538 539
	sock_put(sk);
	return 0;
}

static int netlink_autobind(struct socket *sock)
{
	struct sock *sk = sock->sk;
540
	struct net *net = sock_net(sk);
541
	struct nl_portid_hash *hash = &nl_table[sk->sk_protocol].hash;
L
Linus Torvalds 已提交
542 543
	struct hlist_head *head;
	struct sock *osk;
544
	s32 portid = task_tgid_vnr(current);
L
Linus Torvalds 已提交
545 546 547 548 549 550
	int err;
	static s32 rover = -4097;

retry:
	cond_resched();
	netlink_table_grab();
551
	head = nl_portid_hashfn(hash, portid);
552
	sk_for_each(osk, head) {
553
		if (!net_eq(sock_net(osk), net))
554
			continue;
555 556 557
		if (nlk_sk(osk)->portid == portid) {
			/* Bind collision, search negative portid values. */
			portid = rover--;
L
Linus Torvalds 已提交
558 559 560 561 562 563 564 565
			if (rover > -4097)
				rover = -4097;
			netlink_table_ungrab();
			goto retry;
		}
	}
	netlink_table_ungrab();

566
	err = netlink_insert(sk, net, portid);
L
Linus Torvalds 已提交
567 568
	if (err == -EADDRINUSE)
		goto retry;
569 570 571 572 573 574

	/* If 2 threads race to autobind, that is fine.  */
	if (err == -EBUSY)
		err = 0;

	return err;
L
Linus Torvalds 已提交
575 576
}

577
static inline int netlink_capable(const struct socket *sock, unsigned int flag)
578
{
579
	return (nl_table[sock->sk->sk_protocol].flags & flag) ||
580
		ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN);
581
}
L
Linus Torvalds 已提交
582

583 584 585 586 587 588 589 590 591 592 593 594
static void
netlink_update_subscriptions(struct sock *sk, unsigned int subscriptions)
{
	struct netlink_sock *nlk = nlk_sk(sk);

	if (nlk->subscriptions && !subscriptions)
		__sk_del_bind_node(sk);
	else if (!nlk->subscriptions && subscriptions)
		sk_add_bind_node(sk, &nl_table[sk->sk_protocol].mc_list);
	nlk->subscriptions = subscriptions;
}

595
static int netlink_realloc_groups(struct sock *sk)
596 597 598
{
	struct netlink_sock *nlk = nlk_sk(sk);
	unsigned int groups;
599
	unsigned long *new_groups;
600 601
	int err = 0;

602 603
	netlink_table_grab();

604
	groups = nl_table[sk->sk_protocol].groups;
605
	if (!nl_table[sk->sk_protocol].registered) {
606
		err = -ENOENT;
607 608
		goto out_unlock;
	}
609

610 611
	if (nlk->ngroups >= groups)
		goto out_unlock;
612

613 614 615 616 617
	new_groups = krealloc(nlk->groups, NLGRPSZ(groups), GFP_ATOMIC);
	if (new_groups == NULL) {
		err = -ENOMEM;
		goto out_unlock;
	}
618
	memset((char *)new_groups + NLGRPSZ(nlk->ngroups), 0,
619 620 621
	       NLGRPSZ(groups) - NLGRPSZ(nlk->ngroups));

	nlk->groups = new_groups;
622
	nlk->ngroups = groups;
623 624 625
 out_unlock:
	netlink_table_ungrab();
	return err;
626 627
}

628 629
static int netlink_bind(struct socket *sock, struct sockaddr *addr,
			int addr_len)
L
Linus Torvalds 已提交
630 631
{
	struct sock *sk = sock->sk;
632
	struct net *net = sock_net(sk);
L
Linus Torvalds 已提交
633 634 635
	struct netlink_sock *nlk = nlk_sk(sk);
	struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr;
	int err;
636

637 638 639
	if (addr_len < sizeof(struct sockaddr_nl))
		return -EINVAL;

L
Linus Torvalds 已提交
640 641 642 643
	if (nladdr->nl_family != AF_NETLINK)
		return -EINVAL;

	/* Only superuser is allowed to listen multicasts */
644
	if (nladdr->nl_groups) {
645
		if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
646
			return -EPERM;
647 648 649
		err = netlink_realloc_groups(sk);
		if (err)
			return err;
650
	}
L
Linus Torvalds 已提交
651

652 653
	if (nlk->portid) {
		if (nladdr->nl_pid != nlk->portid)
L
Linus Torvalds 已提交
654 655 656
			return -EINVAL;
	} else {
		err = nladdr->nl_pid ?
657
			netlink_insert(sk, net, nladdr->nl_pid) :
L
Linus Torvalds 已提交
658 659 660 661 662
			netlink_autobind(sock);
		if (err)
			return err;
	}

663
	if (!nladdr->nl_groups && (nlk->groups == NULL || !(u32)nlk->groups[0]))
L
Linus Torvalds 已提交
664 665 666
		return 0;

	netlink_table_grab();
667
	netlink_update_subscriptions(sk, nlk->subscriptions +
668 669 670
					 hweight32(nladdr->nl_groups) -
					 hweight32(nlk->groups[0]));
	nlk->groups[0] = (nlk->groups[0] & ~0xffffffffUL) | nladdr->nl_groups;
671
	netlink_update_listeners(sk);
L
Linus Torvalds 已提交
672 673
	netlink_table_ungrab();

674 675 676 677 678 679 680 681 682
	if (nlk->netlink_bind && nlk->groups[0]) {
		int i;

		for (i=0; i<nlk->ngroups; i++) {
			if (test_bit(i, nlk->groups))
				nlk->netlink_bind(i);
		}
	}

L
Linus Torvalds 已提交
683 684 685 686 687 688 689 690 691
	return 0;
}

static int netlink_connect(struct socket *sock, struct sockaddr *addr,
			   int alen, int flags)
{
	int err = 0;
	struct sock *sk = sock->sk;
	struct netlink_sock *nlk = nlk_sk(sk);
692
	struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr;
L
Linus Torvalds 已提交
693

694 695 696
	if (alen < sizeof(addr->sa_family))
		return -EINVAL;

L
Linus Torvalds 已提交
697 698
	if (addr->sa_family == AF_UNSPEC) {
		sk->sk_state	= NETLINK_UNCONNECTED;
699
		nlk->dst_portid	= 0;
700
		nlk->dst_group  = 0;
L
Linus Torvalds 已提交
701 702 703 704 705 706
		return 0;
	}
	if (addr->sa_family != AF_NETLINK)
		return -EINVAL;

	/* Only superuser is allowed to send multicasts */
707
	if (nladdr->nl_groups && !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
L
Linus Torvalds 已提交
708 709
		return -EPERM;

710
	if (!nlk->portid)
L
Linus Torvalds 已提交
711 712 713 714
		err = netlink_autobind(sock);

	if (err == 0) {
		sk->sk_state	= NETLINK_CONNECTED;
715
		nlk->dst_portid = nladdr->nl_pid;
716
		nlk->dst_group  = ffs(nladdr->nl_groups);
L
Linus Torvalds 已提交
717 718 719 720 721
	}

	return err;
}

722 723
static int netlink_getname(struct socket *sock, struct sockaddr *addr,
			   int *addr_len, int peer)
L
Linus Torvalds 已提交
724 725 726
{
	struct sock *sk = sock->sk;
	struct netlink_sock *nlk = nlk_sk(sk);
727
	DECLARE_SOCKADDR(struct sockaddr_nl *, nladdr, addr);
728

L
Linus Torvalds 已提交
729 730 731 732 733
	nladdr->nl_family = AF_NETLINK;
	nladdr->nl_pad = 0;
	*addr_len = sizeof(*nladdr);

	if (peer) {
734
		nladdr->nl_pid = nlk->dst_portid;
735
		nladdr->nl_groups = netlink_group_mask(nlk->dst_group);
L
Linus Torvalds 已提交
736
	} else {
737
		nladdr->nl_pid = nlk->portid;
738
		nladdr->nl_groups = nlk->groups ? nlk->groups[0] : 0;
L
Linus Torvalds 已提交
739 740 741 742 743 744
	}
	return 0;
}

static void netlink_overrun(struct sock *sk)
{
745 746 747
	struct netlink_sock *nlk = nlk_sk(sk);

	if (!(nlk->flags & NETLINK_RECV_NO_ENOBUFS)) {
748
		if (!test_and_set_bit(NETLINK_CONGESTED, &nlk_sk(sk)->state)) {
749 750 751
			sk->sk_err = ENOBUFS;
			sk->sk_error_report(sk);
		}
L
Linus Torvalds 已提交
752
	}
753
	atomic_inc(&sk->sk_drops);
L
Linus Torvalds 已提交
754 755
}

756
static struct sock *netlink_getsockbyportid(struct sock *ssk, u32 portid)
L
Linus Torvalds 已提交
757 758 759 760
{
	struct sock *sock;
	struct netlink_sock *nlk;

761
	sock = netlink_lookup(sock_net(ssk), ssk->sk_protocol, portid);
L
Linus Torvalds 已提交
762 763 764 765 766
	if (!sock)
		return ERR_PTR(-ECONNREFUSED);

	/* Don't bother queuing skb if kernel socket has no input function */
	nlk = nlk_sk(sock);
767
	if (sock->sk_state == NETLINK_CONNECTED &&
768
	    nlk->dst_portid != nlk_sk(ssk)->portid) {
L
Linus Torvalds 已提交
769 770 771 772 773 774 775 776
		sock_put(sock);
		return ERR_PTR(-ECONNREFUSED);
	}
	return sock;
}

struct sock *netlink_getsockbyfilp(struct file *filp)
{
A
Al Viro 已提交
777
	struct inode *inode = file_inode(filp);
L
Linus Torvalds 已提交
778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800
	struct sock *sock;

	if (!S_ISSOCK(inode->i_mode))
		return ERR_PTR(-ENOTSOCK);

	sock = SOCKET_I(inode)->sk;
	if (sock->sk_family != AF_NETLINK)
		return ERR_PTR(-EINVAL);

	sock_hold(sock);
	return sock;
}

/*
 * Attach a skb to a netlink socket.
 * The caller must hold a reference to the destination socket. On error, the
 * reference is dropped. The skb is not send to the destination, just all
 * all error checks are performed and memory in the queue is reserved.
 * Return values:
 * < 0: error. skb freed, reference to sock dropped.
 * 0: continue
 * 1: repeat lookup - reference dropped while waiting for socket memory.
 */
801
int netlink_attachskb(struct sock *sk, struct sk_buff *skb,
P
Patrick McHardy 已提交
802
		      long *timeo, struct sock *ssk)
L
Linus Torvalds 已提交
803 804 805 806 807 808
{
	struct netlink_sock *nlk;

	nlk = nlk_sk(sk);

	if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf ||
809
	    test_bit(NETLINK_CONGESTED, &nlk->state)) {
L
Linus Torvalds 已提交
810
		DECLARE_WAITQUEUE(wait, current);
P
Patrick McHardy 已提交
811
		if (!*timeo) {
812
			if (!ssk || netlink_is_kernel(ssk))
L
Linus Torvalds 已提交
813 814 815 816 817 818 819 820 821 822
				netlink_overrun(sk);
			sock_put(sk);
			kfree_skb(skb);
			return -EAGAIN;
		}

		__set_current_state(TASK_INTERRUPTIBLE);
		add_wait_queue(&nlk->wait, &wait);

		if ((atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf ||
823
		     test_bit(NETLINK_CONGESTED, &nlk->state)) &&
L
Linus Torvalds 已提交
824
		    !sock_flag(sk, SOCK_DEAD))
P
Patrick McHardy 已提交
825
			*timeo = schedule_timeout(*timeo);
L
Linus Torvalds 已提交
826 827 828 829 830 831 832

		__set_current_state(TASK_RUNNING);
		remove_wait_queue(&nlk->wait, &wait);
		sock_put(sk);

		if (signal_pending(current)) {
			kfree_skb(skb);
P
Patrick McHardy 已提交
833
			return sock_intr_errno(*timeo);
L
Linus Torvalds 已提交
834 835 836
		}
		return 1;
	}
837
	netlink_skb_set_owner_r(skb, sk);
L
Linus Torvalds 已提交
838 839 840
	return 0;
}

841
static int __netlink_sendskb(struct sock *sk, struct sk_buff *skb)
L
Linus Torvalds 已提交
842 843 844 845 846
{
	int len = skb->len;

	skb_queue_tail(&sk->sk_receive_queue, skb);
	sk->sk_data_ready(sk, len);
847 848 849 850 851 852 853
	return len;
}

int netlink_sendskb(struct sock *sk, struct sk_buff *skb)
{
	int len = __netlink_sendskb(sk, skb);

L
Linus Torvalds 已提交
854 855 856 857 858 859 860 861 862 863
	sock_put(sk);
	return len;
}

void netlink_detachskb(struct sock *sk, struct sk_buff *skb)
{
	kfree_skb(skb);
	sock_put(sk);
}

864
static struct sk_buff *netlink_trim(struct sk_buff *skb, gfp_t allocation)
L
Linus Torvalds 已提交
865 866 867
{
	int delta;

868
	WARN_ON(skb->sk != NULL);
L
Linus Torvalds 已提交
869

870
	delta = skb->end - skb->tail;
L
Linus Torvalds 已提交
871 872 873 874 875 876 877
	if (delta * 2 < skb->truesize)
		return skb;

	if (skb_shared(skb)) {
		struct sk_buff *nskb = skb_clone(skb, allocation);
		if (!nskb)
			return skb;
878
		consume_skb(skb);
L
Linus Torvalds 已提交
879 880 881 882 883 884 885 886 887
		skb = nskb;
	}

	if (!pskb_expand_head(skb, 0, -delta, allocation))
		skb->truesize -= delta;

	return skb;
}

888
static void netlink_rcv_wake(struct sock *sk)
889 890 891 892
{
	struct netlink_sock *nlk = nlk_sk(sk);

	if (skb_queue_empty(&sk->sk_receive_queue))
893 894
		clear_bit(NETLINK_CONGESTED, &nlk->state);
	if (!test_bit(NETLINK_CONGESTED, &nlk->state))
895 896 897
		wake_up_interruptible(&nlk->wait);
}

898 899
static int netlink_unicast_kernel(struct sock *sk, struct sk_buff *skb,
				  struct sock *ssk)
900 901 902 903 904 905 906
{
	int ret;
	struct netlink_sock *nlk = nlk_sk(sk);

	ret = -ECONNREFUSED;
	if (nlk->netlink_rcv != NULL) {
		ret = skb->len;
907
		netlink_skb_set_owner_r(skb, sk);
908
		NETLINK_CB(skb).sk = ssk;
909
		nlk->netlink_rcv(skb);
910 911 912
		consume_skb(skb);
	} else {
		kfree_skb(skb);
913 914 915 916 917 918
	}
	sock_put(sk);
	return ret;
}

int netlink_unicast(struct sock *ssk, struct sk_buff *skb,
919
		    u32 portid, int nonblock)
L
Linus Torvalds 已提交
920 921 922 923 924 925 926 927 928
{
	struct sock *sk;
	int err;
	long timeo;

	skb = netlink_trim(skb, gfp_any());

	timeo = sock_sndtimeo(ssk, nonblock);
retry:
929
	sk = netlink_getsockbyportid(ssk, portid);
L
Linus Torvalds 已提交
930 931 932 933
	if (IS_ERR(sk)) {
		kfree_skb(skb);
		return PTR_ERR(sk);
	}
934
	if (netlink_is_kernel(sk))
935
		return netlink_unicast_kernel(sk, skb, ssk);
936

937
	if (sk_filter(sk, skb)) {
W
Wang Chen 已提交
938
		err = skb->len;
939 940 941 942 943
		kfree_skb(skb);
		sock_put(sk);
		return err;
	}

944
	err = netlink_attachskb(sk, skb, &timeo, ssk);
L
Linus Torvalds 已提交
945 946 947 948 949
	if (err == 1)
		goto retry;
	if (err)
		return err;

950
	return netlink_sendskb(sk, skb);
L
Linus Torvalds 已提交
951
}
952
EXPORT_SYMBOL(netlink_unicast);
L
Linus Torvalds 已提交
953

954 955 956
int netlink_has_listeners(struct sock *sk, unsigned int group)
{
	int res = 0;
957
	struct listeners *listeners;
958

959
	BUG_ON(!netlink_is_kernel(sk));
960 961 962 963

	rcu_read_lock();
	listeners = rcu_dereference(nl_table[sk->sk_protocol].listeners);

964
	if (listeners && group - 1 < nl_table[sk->sk_protocol].groups)
965
		res = test_bit(group - 1, listeners->masks);
966 967 968

	rcu_read_unlock();

969 970 971 972
	return res;
}
EXPORT_SYMBOL_GPL(netlink_has_listeners);

973
static int netlink_broadcast_deliver(struct sock *sk, struct sk_buff *skb)
L
Linus Torvalds 已提交
974 975 976 977
{
	struct netlink_sock *nlk = nlk_sk(sk);

	if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf &&
978
	    !test_bit(NETLINK_CONGESTED, &nlk->state)) {
979
		netlink_skb_set_owner_r(skb, sk);
980
		__netlink_sendskb(sk, skb);
981
		return atomic_read(&sk->sk_rmem_alloc) > (sk->sk_rcvbuf >> 1);
L
Linus Torvalds 已提交
982 983 984 985 986 987
	}
	return -1;
}

struct netlink_broadcast_data {
	struct sock *exclude_sk;
988
	struct net *net;
989
	u32 portid;
L
Linus Torvalds 已提交
990 991
	u32 group;
	int failure;
992
	int delivery_failure;
L
Linus Torvalds 已提交
993 994
	int congested;
	int delivered;
A
Al Viro 已提交
995
	gfp_t allocation;
L
Linus Torvalds 已提交
996
	struct sk_buff *skb, *skb2;
997 998
	int (*tx_filter)(struct sock *dsk, struct sk_buff *skb, void *data);
	void *tx_data;
L
Linus Torvalds 已提交
999 1000
};

1001
static int do_one_broadcast(struct sock *sk,
L
Linus Torvalds 已提交
1002 1003 1004 1005 1006 1007 1008 1009
				   struct netlink_broadcast_data *p)
{
	struct netlink_sock *nlk = nlk_sk(sk);
	int val;

	if (p->exclude_sk == sk)
		goto out;

1010
	if (nlk->portid == p->portid || p->group - 1 >= nlk->ngroups ||
1011
	    !test_bit(p->group - 1, nlk->groups))
L
Linus Torvalds 已提交
1012 1013
		goto out;

1014
	if (!net_eq(sock_net(sk), p->net))
1015 1016
		goto out;

L
Linus Torvalds 已提交
1017 1018 1019 1020 1021 1022 1023
	if (p->failure) {
		netlink_overrun(sk);
		goto out;
	}

	sock_hold(sk);
	if (p->skb2 == NULL) {
1024
		if (skb_shared(p->skb)) {
L
Linus Torvalds 已提交
1025 1026
			p->skb2 = skb_clone(p->skb, p->allocation);
		} else {
1027 1028 1029 1030 1031 1032
			p->skb2 = skb_get(p->skb);
			/*
			 * skb ownership may have been set when
			 * delivered to a previous socket.
			 */
			skb_orphan(p->skb2);
L
Linus Torvalds 已提交
1033 1034 1035 1036 1037 1038
		}
	}
	if (p->skb2 == NULL) {
		netlink_overrun(sk);
		/* Clone failed. Notify ALL listeners. */
		p->failure = 1;
1039 1040
		if (nlk->flags & NETLINK_BROADCAST_SEND_ERROR)
			p->delivery_failure = 1;
1041 1042 1043
	} else if (p->tx_filter && p->tx_filter(sk, p->skb2, p->tx_data)) {
		kfree_skb(p->skb2);
		p->skb2 = NULL;
1044 1045 1046
	} else if (sk_filter(sk, p->skb2)) {
		kfree_skb(p->skb2);
		p->skb2 = NULL;
L
Linus Torvalds 已提交
1047 1048
	} else if ((val = netlink_broadcast_deliver(sk, p->skb2)) < 0) {
		netlink_overrun(sk);
1049 1050
		if (nlk->flags & NETLINK_BROADCAST_SEND_ERROR)
			p->delivery_failure = 1;
L
Linus Torvalds 已提交
1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061
	} else {
		p->congested |= val;
		p->delivered = 1;
		p->skb2 = NULL;
	}
	sock_put(sk);

out:
	return 0;
}

1062
int netlink_broadcast_filtered(struct sock *ssk, struct sk_buff *skb, u32 portid,
1063 1064 1065
	u32 group, gfp_t allocation,
	int (*filter)(struct sock *dsk, struct sk_buff *skb, void *data),
	void *filter_data)
L
Linus Torvalds 已提交
1066
{
1067
	struct net *net = sock_net(ssk);
L
Linus Torvalds 已提交
1068 1069 1070 1071 1072 1073
	struct netlink_broadcast_data info;
	struct sock *sk;

	skb = netlink_trim(skb, allocation);

	info.exclude_sk = ssk;
1074
	info.net = net;
1075
	info.portid = portid;
L
Linus Torvalds 已提交
1076 1077
	info.group = group;
	info.failure = 0;
1078
	info.delivery_failure = 0;
L
Linus Torvalds 已提交
1079 1080 1081 1082 1083
	info.congested = 0;
	info.delivered = 0;
	info.allocation = allocation;
	info.skb = skb;
	info.skb2 = NULL;
1084 1085
	info.tx_filter = filter;
	info.tx_data = filter_data;
L
Linus Torvalds 已提交
1086 1087 1088 1089 1090

	/* While we sleep in clone, do not allow to change socket list */

	netlink_lock_table();

1091
	sk_for_each_bound(sk, &nl_table[ssk->sk_protocol].mc_list)
L
Linus Torvalds 已提交
1092 1093
		do_one_broadcast(sk, &info);

1094
	consume_skb(skb);
1095

L
Linus Torvalds 已提交
1096 1097
	netlink_unlock_table();

1098 1099
	if (info.delivery_failure) {
		kfree_skb(info.skb2);
1100
		return -ENOBUFS;
E
Eric Dumazet 已提交
1101 1102
	}
	consume_skb(info.skb2);
1103

L
Linus Torvalds 已提交
1104 1105 1106 1107 1108 1109 1110
	if (info.delivered) {
		if (info.congested && (allocation & __GFP_WAIT))
			yield();
		return 0;
	}
	return -ESRCH;
}
1111 1112
EXPORT_SYMBOL(netlink_broadcast_filtered);

1113
int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, u32 portid,
1114 1115
		      u32 group, gfp_t allocation)
{
1116
	return netlink_broadcast_filtered(ssk, skb, portid, group, allocation,
1117 1118
		NULL, NULL);
}
1119
EXPORT_SYMBOL(netlink_broadcast);
L
Linus Torvalds 已提交
1120 1121 1122

struct netlink_set_err_data {
	struct sock *exclude_sk;
1123
	u32 portid;
L
Linus Torvalds 已提交
1124 1125 1126 1127
	u32 group;
	int code;
};

1128
static int do_one_set_err(struct sock *sk, struct netlink_set_err_data *p)
L
Linus Torvalds 已提交
1129 1130
{
	struct netlink_sock *nlk = nlk_sk(sk);
1131
	int ret = 0;
L
Linus Torvalds 已提交
1132 1133 1134 1135

	if (sk == p->exclude_sk)
		goto out;

O
Octavian Purdila 已提交
1136
	if (!net_eq(sock_net(sk), sock_net(p->exclude_sk)))
1137 1138
		goto out;

1139
	if (nlk->portid == p->portid || p->group - 1 >= nlk->ngroups ||
1140
	    !test_bit(p->group - 1, nlk->groups))
L
Linus Torvalds 已提交
1141 1142
		goto out;

1143 1144 1145 1146 1147
	if (p->code == ENOBUFS && nlk->flags & NETLINK_RECV_NO_ENOBUFS) {
		ret = 1;
		goto out;
	}

L
Linus Torvalds 已提交
1148 1149 1150
	sk->sk_err = p->code;
	sk->sk_error_report(sk);
out:
1151
	return ret;
L
Linus Torvalds 已提交
1152 1153
}

1154 1155 1156
/**
 * netlink_set_err - report error to broadcast listeners
 * @ssk: the kernel netlink socket, as returned by netlink_kernel_create()
1157
 * @portid: the PORTID of a process that we want to skip (if any)
1158 1159
 * @groups: the broadcast group that will notice the error
 * @code: error code, must be negative (as usual in kernelspace)
1160 1161 1162
 *
 * This function returns the number of broadcast listeners that have set the
 * NETLINK_RECV_NO_ENOBUFS socket option.
1163
 */
1164
int netlink_set_err(struct sock *ssk, u32 portid, u32 group, int code)
L
Linus Torvalds 已提交
1165 1166 1167
{
	struct netlink_set_err_data info;
	struct sock *sk;
1168
	int ret = 0;
L
Linus Torvalds 已提交
1169 1170

	info.exclude_sk = ssk;
1171
	info.portid = portid;
L
Linus Torvalds 已提交
1172
	info.group = group;
1173 1174
	/* sk->sk_err wants a positive error value */
	info.code = -code;
L
Linus Torvalds 已提交
1175 1176 1177

	read_lock(&nl_table_lock);

1178
	sk_for_each_bound(sk, &nl_table[ssk->sk_protocol].mc_list)
1179
		ret += do_one_set_err(sk, &info);
L
Linus Torvalds 已提交
1180 1181

	read_unlock(&nl_table_lock);
1182
	return ret;
L
Linus Torvalds 已提交
1183
}
1184
EXPORT_SYMBOL(netlink_set_err);
L
Linus Torvalds 已提交
1185

1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202
/* must be called with netlink table grabbed */
static void netlink_update_socket_mc(struct netlink_sock *nlk,
				     unsigned int group,
				     int is_new)
{
	int old, new = !!is_new, subscriptions;

	old = test_bit(group - 1, nlk->groups);
	subscriptions = nlk->subscriptions - old + new;
	if (new)
		__set_bit(group - 1, nlk->groups);
	else
		__clear_bit(group - 1, nlk->groups);
	netlink_update_subscriptions(&nlk->sk, subscriptions);
	netlink_update_listeners(&nlk->sk);
}

1203
static int netlink_setsockopt(struct socket *sock, int level, int optname,
1204
			      char __user *optval, unsigned int optlen)
1205 1206 1207
{
	struct sock *sk = sock->sk;
	struct netlink_sock *nlk = nlk_sk(sk);
1208 1209
	unsigned int val = 0;
	int err;
1210 1211 1212 1213 1214

	if (level != SOL_NETLINK)
		return -ENOPROTOOPT;

	if (optlen >= sizeof(int) &&
1215
	    get_user(val, (unsigned int __user *)optval))
1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227
		return -EFAULT;

	switch (optname) {
	case NETLINK_PKTINFO:
		if (val)
			nlk->flags |= NETLINK_RECV_PKTINFO;
		else
			nlk->flags &= ~NETLINK_RECV_PKTINFO;
		err = 0;
		break;
	case NETLINK_ADD_MEMBERSHIP:
	case NETLINK_DROP_MEMBERSHIP: {
1228
		if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
1229
			return -EPERM;
1230 1231 1232
		err = netlink_realloc_groups(sk);
		if (err)
			return err;
1233 1234 1235
		if (!val || val - 1 >= nlk->ngroups)
			return -EINVAL;
		netlink_table_grab();
1236 1237
		netlink_update_socket_mc(nlk, val,
					 optname == NETLINK_ADD_MEMBERSHIP);
1238
		netlink_table_ungrab();
1239 1240 1241 1242

		if (nlk->netlink_bind)
			nlk->netlink_bind(val);

1243 1244 1245
		err = 0;
		break;
	}
1246 1247 1248 1249 1250 1251 1252
	case NETLINK_BROADCAST_ERROR:
		if (val)
			nlk->flags |= NETLINK_BROADCAST_SEND_ERROR;
		else
			nlk->flags &= ~NETLINK_BROADCAST_SEND_ERROR;
		err = 0;
		break;
1253 1254 1255
	case NETLINK_NO_ENOBUFS:
		if (val) {
			nlk->flags |= NETLINK_RECV_NO_ENOBUFS;
1256
			clear_bit(NETLINK_CONGESTED, &nlk->state);
1257
			wake_up_interruptible(&nlk->wait);
E
Eric Dumazet 已提交
1258
		} else {
1259
			nlk->flags &= ~NETLINK_RECV_NO_ENOBUFS;
E
Eric Dumazet 已提交
1260
		}
1261 1262
		err = 0;
		break;
1263 1264 1265 1266 1267 1268 1269
	default:
		err = -ENOPROTOOPT;
	}
	return err;
}

static int netlink_getsockopt(struct socket *sock, int level, int optname,
1270
			      char __user *optval, int __user *optlen)
1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289
{
	struct sock *sk = sock->sk;
	struct netlink_sock *nlk = nlk_sk(sk);
	int len, val, err;

	if (level != SOL_NETLINK)
		return -ENOPROTOOPT;

	if (get_user(len, optlen))
		return -EFAULT;
	if (len < 0)
		return -EINVAL;

	switch (optname) {
	case NETLINK_PKTINFO:
		if (len < sizeof(int))
			return -EINVAL;
		len = sizeof(int);
		val = nlk->flags & NETLINK_RECV_PKTINFO ? 1 : 0;
H
Heiko Carstens 已提交
1290 1291 1292
		if (put_user(len, optlen) ||
		    put_user(val, optval))
			return -EFAULT;
1293 1294
		err = 0;
		break;
1295 1296 1297 1298 1299 1300 1301 1302 1303 1304
	case NETLINK_BROADCAST_ERROR:
		if (len < sizeof(int))
			return -EINVAL;
		len = sizeof(int);
		val = nlk->flags & NETLINK_BROADCAST_SEND_ERROR ? 1 : 0;
		if (put_user(len, optlen) ||
		    put_user(val, optval))
			return -EFAULT;
		err = 0;
		break;
1305 1306 1307 1308 1309 1310 1311 1312 1313 1314
	case NETLINK_NO_ENOBUFS:
		if (len < sizeof(int))
			return -EINVAL;
		len = sizeof(int);
		val = nlk->flags & NETLINK_RECV_NO_ENOBUFS ? 1 : 0;
		if (put_user(len, optlen) ||
		    put_user(val, optval))
			return -EFAULT;
		err = 0;
		break;
1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328
	default:
		err = -ENOPROTOOPT;
	}
	return err;
}

static void netlink_cmsg_recv_pktinfo(struct msghdr *msg, struct sk_buff *skb)
{
	struct nl_pktinfo info;

	info.group = NETLINK_CB(skb).dst_group;
	put_cmsg(msg, SOL_NETLINK, NETLINK_PKTINFO, sizeof(info), &info);
}

L
Linus Torvalds 已提交
1329 1330 1331 1332 1333 1334
static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
			   struct msghdr *msg, size_t len)
{
	struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
	struct sock *sk = sock->sk;
	struct netlink_sock *nlk = nlk_sk(sk);
1335
	struct sockaddr_nl *addr = msg->msg_name;
1336
	u32 dst_portid;
1337
	u32 dst_group;
L
Linus Torvalds 已提交
1338 1339 1340 1341 1342 1343 1344
	struct sk_buff *skb;
	int err;
	struct scm_cookie scm;

	if (msg->msg_flags&MSG_OOB)
		return -EOPNOTSUPP;

1345
	if (NULL == siocb->scm)
L
Linus Torvalds 已提交
1346
		siocb->scm = &scm;
1347

1348
	err = scm_send(sock, msg, siocb->scm, true);
L
Linus Torvalds 已提交
1349 1350 1351 1352
	if (err < 0)
		return err;

	if (msg->msg_namelen) {
1353
		err = -EINVAL;
L
Linus Torvalds 已提交
1354
		if (addr->nl_family != AF_NETLINK)
1355
			goto out;
1356
		dst_portid = addr->nl_pid;
1357
		dst_group = ffs(addr->nl_groups);
1358
		err =  -EPERM;
1359
		if ((dst_group || dst_portid) &&
1360
		    !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
1361
			goto out;
L
Linus Torvalds 已提交
1362
	} else {
1363
		dst_portid = nlk->dst_portid;
1364
		dst_group = nlk->dst_group;
L
Linus Torvalds 已提交
1365 1366
	}

1367
	if (!nlk->portid) {
L
Linus Torvalds 已提交
1368 1369 1370 1371 1372 1373 1374 1375 1376
		err = netlink_autobind(sock);
		if (err)
			goto out;
	}

	err = -EMSGSIZE;
	if (len > sk->sk_sndbuf - 32)
		goto out;
	err = -ENOBUFS;
1377
	skb = alloc_skb(len, GFP_KERNEL);
1378
	if (skb == NULL)
L
Linus Torvalds 已提交
1379 1380
		goto out;

1381
	NETLINK_CB(skb).portid	= nlk->portid;
1382
	NETLINK_CB(skb).dst_group = dst_group;
1383
	NETLINK_CB(skb).creds	= siocb->scm->creds;
L
Linus Torvalds 已提交
1384 1385

	err = -EFAULT;
1386
	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
L
Linus Torvalds 已提交
1387 1388 1389 1390 1391 1392 1393 1394 1395 1396
		kfree_skb(skb);
		goto out;
	}

	err = security_netlink_send(sk, skb);
	if (err) {
		kfree_skb(skb);
		goto out;
	}

1397
	if (dst_group) {
L
Linus Torvalds 已提交
1398
		atomic_inc(&skb->users);
1399
		netlink_broadcast(sk, skb, dst_portid, dst_group, GFP_KERNEL);
L
Linus Torvalds 已提交
1400
	}
1401
	err = netlink_unicast(sk, skb, dst_portid, msg->msg_flags&MSG_DONTWAIT);
L
Linus Torvalds 已提交
1402 1403

out:
1404
	scm_destroy(siocb->scm);
L
Linus Torvalds 已提交
1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417
	return err;
}

static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock,
			   struct msghdr *msg, size_t len,
			   int flags)
{
	struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
	struct scm_cookie scm;
	struct sock *sk = sock->sk;
	struct netlink_sock *nlk = nlk_sk(sk);
	int noblock = flags&MSG_DONTWAIT;
	size_t copied;
J
Johannes Berg 已提交
1418
	struct sk_buff *skb, *data_skb;
1419
	int err, ret;
L
Linus Torvalds 已提交
1420 1421 1422 1423 1424 1425

	if (flags&MSG_OOB)
		return -EOPNOTSUPP;

	copied = 0;

1426 1427
	skb = skb_recv_datagram(sk, flags, noblock, &err);
	if (skb == NULL)
L
Linus Torvalds 已提交
1428 1429
		goto out;

J
Johannes Berg 已提交
1430 1431
	data_skb = skb;

1432 1433 1434
#ifdef CONFIG_COMPAT_NETLINK_MESSAGES
	if (unlikely(skb_shinfo(skb)->frag_list)) {
		/*
J
Johannes Berg 已提交
1435 1436 1437
		 * If this skb has a frag_list, then here that means that we
		 * will have to use the frag_list skb's data for compat tasks
		 * and the regular skb's data for normal (non-compat) tasks.
1438
		 *
J
Johannes Berg 已提交
1439 1440 1441 1442
		 * If we need to send the compat skb, assign it to the
		 * 'data_skb' variable so that it will be used below for data
		 * copying. We keep 'skb' for everything else, including
		 * freeing both later.
1443
		 */
J
Johannes Berg 已提交
1444 1445
		if (flags & MSG_CMSG_COMPAT)
			data_skb = skb_shinfo(skb)->frag_list;
1446 1447 1448
	}
#endif

L
Linus Torvalds 已提交
1449 1450
	msg->msg_namelen = 0;

J
Johannes Berg 已提交
1451
	copied = data_skb->len;
L
Linus Torvalds 已提交
1452 1453 1454 1455 1456
	if (len < copied) {
		msg->msg_flags |= MSG_TRUNC;
		copied = len;
	}

J
Johannes Berg 已提交
1457 1458
	skb_reset_transport_header(data_skb);
	err = skb_copy_datagram_iovec(data_skb, 0, msg->msg_iov, copied);
L
Linus Torvalds 已提交
1459 1460

	if (msg->msg_name) {
1461
		struct sockaddr_nl *addr = (struct sockaddr_nl *)msg->msg_name;
L
Linus Torvalds 已提交
1462 1463
		addr->nl_family = AF_NETLINK;
		addr->nl_pad    = 0;
1464
		addr->nl_pid	= NETLINK_CB(skb).portid;
1465
		addr->nl_groups	= netlink_group_mask(NETLINK_CB(skb).dst_group);
L
Linus Torvalds 已提交
1466 1467 1468
		msg->msg_namelen = sizeof(*addr);
	}

1469 1470 1471
	if (nlk->flags & NETLINK_RECV_PKTINFO)
		netlink_cmsg_recv_pktinfo(msg, skb);

L
Linus Torvalds 已提交
1472 1473 1474 1475 1476
	if (NULL == siocb->scm) {
		memset(&scm, 0, sizeof(scm));
		siocb->scm = &scm;
	}
	siocb->scm->creds = *NETLINK_CREDS(skb);
1477
	if (flags & MSG_TRUNC)
J
Johannes Berg 已提交
1478
		copied = data_skb->len;
1479

L
Linus Torvalds 已提交
1480 1481
	skb_free_datagram(sk, skb);

1482 1483 1484 1485 1486 1487 1488
	if (nlk->cb && atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf / 2) {
		ret = netlink_dump(sk);
		if (ret) {
			sk->sk_err = ret;
			sk->sk_error_report(sk);
		}
	}
L
Linus Torvalds 已提交
1489 1490 1491 1492 1493 1494 1495 1496 1497

	scm_recv(sock, msg, siocb->scm, flags);
out:
	netlink_rcv_wake(sk);
	return err ? : copied;
}

static void netlink_data_ready(struct sock *sk, int len)
{
1498
	BUG();
L
Linus Torvalds 已提交
1499 1500 1501
}

/*
1502
 *	We export these functions to other modules. They provide a
L
Linus Torvalds 已提交
1503 1504 1505 1506 1507
 *	complete set of kernel non-blocking support for message
 *	queueing.
 */

struct sock *
1508 1509
__netlink_kernel_create(struct net *net, int unit, struct module *module,
			struct netlink_kernel_cfg *cfg)
L
Linus Torvalds 已提交
1510 1511 1512
{
	struct socket *sock;
	struct sock *sk;
1513
	struct netlink_sock *nlk;
1514
	struct listeners *listeners = NULL;
1515 1516
	struct mutex *cb_mutex = cfg ? cfg->cb_mutex : NULL;
	unsigned int groups;
L
Linus Torvalds 已提交
1517

1518
	BUG_ON(!nl_table);
L
Linus Torvalds 已提交
1519

1520
	if (unit < 0 || unit >= MAX_LINKS)
L
Linus Torvalds 已提交
1521 1522 1523 1524 1525
		return NULL;

	if (sock_create_lite(PF_NETLINK, SOCK_DGRAM, unit, &sock))
		return NULL;

1526 1527 1528 1529 1530 1531 1532 1533 1534 1535
	/*
	 * We have to just have a reference on the net from sk, but don't
	 * get_net it. Besides, we cannot get and then put the net here.
	 * So we create one inside init_net and the move it to net.
	 */

	if (__netlink_create(&init_net, sock, cb_mutex, unit) < 0)
		goto out_sock_release_nosk;

	sk = sock->sk;
1536
	sk_change_net(sk, net);
1537

1538
	if (!cfg || cfg->groups < 32)
1539
		groups = 32;
1540 1541
	else
		groups = cfg->groups;
1542

1543
	listeners = kzalloc(sizeof(*listeners) + NLGRPSZ(groups), GFP_KERNEL);
1544 1545 1546
	if (!listeners)
		goto out_sock_release;

L
Linus Torvalds 已提交
1547
	sk->sk_data_ready = netlink_data_ready;
1548 1549
	if (cfg && cfg->input)
		nlk_sk(sk)->netlink_rcv = cfg->input;
L
Linus Torvalds 已提交
1550

1551
	if (netlink_insert(sk, net, 0))
1552
		goto out_sock_release;
1553

1554 1555
	nlk = nlk_sk(sk);
	nlk->flags |= NETLINK_KERNEL_SOCKET;
1556 1557

	netlink_table_grab();
1558 1559
	if (!nl_table[unit].registered) {
		nl_table[unit].groups = groups;
1560
		rcu_assign_pointer(nl_table[unit].listeners, listeners);
1561 1562
		nl_table[unit].cb_mutex = cb_mutex;
		nl_table[unit].module = module;
1563 1564 1565 1566
		if (cfg) {
			nl_table[unit].bind = cfg->bind;
			nl_table[unit].flags = cfg->flags;
		}
1567
		nl_table[unit].registered = 1;
1568 1569
	} else {
		kfree(listeners);
1570
		nl_table[unit].registered++;
1571
	}
1572
	netlink_table_ungrab();
1573 1574
	return sk;

1575
out_sock_release:
1576
	kfree(listeners);
1577
	netlink_kernel_release(sk);
1578 1579 1580
	return NULL;

out_sock_release_nosk:
1581
	sock_release(sock);
1582
	return NULL;
L
Linus Torvalds 已提交
1583
}
1584
EXPORT_SYMBOL(__netlink_kernel_create);
1585 1586 1587 1588

void
netlink_kernel_release(struct sock *sk)
{
1589
	sk_release_kernel(sk);
1590 1591 1592
}
EXPORT_SYMBOL(netlink_kernel_release);

1593
int __netlink_change_ngroups(struct sock *sk, unsigned int groups)
1594
{
1595
	struct listeners *new, *old;
1596 1597 1598 1599 1600 1601
	struct netlink_table *tbl = &nl_table[sk->sk_protocol];

	if (groups < 32)
		groups = 32;

	if (NLGRPSZ(tbl->groups) < NLGRPSZ(groups)) {
1602 1603
		new = kzalloc(sizeof(*new) + NLGRPSZ(groups), GFP_ATOMIC);
		if (!new)
1604
			return -ENOMEM;
1605
		old = nl_deref_protected(tbl->listeners);
1606 1607 1608
		memcpy(new->masks, old->masks, NLGRPSZ(tbl->groups));
		rcu_assign_pointer(tbl->listeners, new);

1609
		kfree_rcu(old, rcu);
1610 1611 1612
	}
	tbl->groups = groups;

1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633
	return 0;
}

/**
 * netlink_change_ngroups - change number of multicast groups
 *
 * This changes the number of multicast groups that are available
 * on a certain netlink family. Note that it is not possible to
 * change the number of groups to below 32. Also note that it does
 * not implicitly call netlink_clear_multicast_users() when the
 * number of groups is reduced.
 *
 * @sk: The kernel netlink socket, as returned by netlink_kernel_create().
 * @groups: The new number of groups.
 */
int netlink_change_ngroups(struct sock *sk, unsigned int groups)
{
	int err;

	netlink_table_grab();
	err = __netlink_change_ngroups(sk, groups);
1634
	netlink_table_ungrab();
1635

1636 1637 1638
	return err;
}

1639 1640 1641 1642 1643
void __netlink_clear_multicast_users(struct sock *ksk, unsigned int group)
{
	struct sock *sk;
	struct netlink_table *tbl = &nl_table[ksk->sk_protocol];

1644
	sk_for_each_bound(sk, &tbl->mc_list)
1645 1646 1647
		netlink_update_socket_mc(nlk_sk(sk), group, 0);
}

1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658
/**
 * netlink_clear_multicast_users - kick off multicast listeners
 *
 * This function removes all listeners from the given group.
 * @ksk: The kernel netlink socket, as returned by
 *	netlink_kernel_create().
 * @group: The multicast group to clear.
 */
void netlink_clear_multicast_users(struct sock *ksk, unsigned int group)
{
	netlink_table_grab();
1659
	__netlink_clear_multicast_users(ksk, group);
1660 1661 1662
	netlink_table_ungrab();
}

1663
struct nlmsghdr *
1664
__nlmsg_put(struct sk_buff *skb, u32 portid, u32 seq, int type, int len, int flags)
1665 1666
{
	struct nlmsghdr *nlh;
1667
	int size = nlmsg_msg_size(len);
1668 1669 1670 1671 1672

	nlh = (struct nlmsghdr*)skb_put(skb, NLMSG_ALIGN(size));
	nlh->nlmsg_type = type;
	nlh->nlmsg_len = size;
	nlh->nlmsg_flags = flags;
1673
	nlh->nlmsg_pid = portid;
1674 1675
	nlh->nlmsg_seq = seq;
	if (!__builtin_constant_p(size) || NLMSG_ALIGN(size) - size != 0)
1676
		memset(nlmsg_data(nlh) + len, 0, NLMSG_ALIGN(size) - size);
1677 1678 1679 1680
	return nlh;
}
EXPORT_SYMBOL(__nlmsg_put);

L
Linus Torvalds 已提交
1681 1682 1683 1684 1685 1686 1687 1688 1689
/*
 * It looks a bit ugly.
 * It would be better to create kernel thread.
 */

static int netlink_dump(struct sock *sk)
{
	struct netlink_sock *nlk = nlk_sk(sk);
	struct netlink_callback *cb;
1690
	struct sk_buff *skb = NULL;
L
Linus Torvalds 已提交
1691
	struct nlmsghdr *nlh;
1692
	int len, err = -ENOBUFS;
1693
	int alloc_size;
L
Linus Torvalds 已提交
1694

1695
	mutex_lock(nlk->cb_mutex);
L
Linus Torvalds 已提交
1696 1697 1698

	cb = nlk->cb;
	if (cb == NULL) {
1699 1700
		err = -EINVAL;
		goto errout_skb;
L
Linus Torvalds 已提交
1701 1702
	}

1703 1704 1705 1706
	alloc_size = max_t(int, cb->min_dump_alloc, NLMSG_GOODSIZE);

	skb = sock_rmalloc(sk, alloc_size, 0, GFP_KERNEL);
	if (!skb)
1707
		goto errout_skb;
1708

L
Linus Torvalds 已提交
1709 1710 1711
	len = cb->dump(skb, cb);

	if (len > 0) {
1712
		mutex_unlock(nlk->cb_mutex);
1713 1714 1715

		if (sk_filter(sk, skb))
			kfree_skb(skb);
1716 1717
		else
			__netlink_sendskb(sk, skb);
L
Linus Torvalds 已提交
1718 1719 1720
		return 0;
	}

1721 1722 1723 1724
	nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, sizeof(len), NLM_F_MULTI);
	if (!nlh)
		goto errout_skb;

1725 1726
	nl_dump_check_consistent(cb, nlh);

1727 1728
	memcpy(nlmsg_data(nlh), &len, sizeof(len));

1729 1730
	if (sk_filter(sk, skb))
		kfree_skb(skb);
1731 1732
	else
		__netlink_sendskb(sk, skb);
L
Linus Torvalds 已提交
1733

1734 1735
	if (cb->done)
		cb->done(cb);
L
Linus Torvalds 已提交
1736
	nlk->cb = NULL;
1737
	mutex_unlock(nlk->cb_mutex);
L
Linus Torvalds 已提交
1738

1739
	module_put(cb->module);
1740
	netlink_consume_callback(cb);
L
Linus Torvalds 已提交
1741
	return 0;
1742

1743
errout_skb:
1744
	mutex_unlock(nlk->cb_mutex);
1745 1746
	kfree_skb(skb);
	return err;
L
Linus Torvalds 已提交
1747 1748
}

1749 1750 1751
int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
			 const struct nlmsghdr *nlh,
			 struct netlink_dump_control *control)
L
Linus Torvalds 已提交
1752 1753 1754 1755
{
	struct netlink_callback *cb;
	struct sock *sk;
	struct netlink_sock *nlk;
1756
	int ret;
L
Linus Torvalds 已提交
1757

1758
	cb = kzalloc(sizeof(*cb), GFP_KERNEL);
L
Linus Torvalds 已提交
1759 1760 1761
	if (cb == NULL)
		return -ENOBUFS;

1762 1763
	cb->dump = control->dump;
	cb->done = control->done;
L
Linus Torvalds 已提交
1764
	cb->nlh = nlh;
1765
	cb->data = control->data;
1766
	cb->module = control->module;
1767
	cb->min_dump_alloc = control->min_dump_alloc;
L
Linus Torvalds 已提交
1768 1769 1770
	atomic_inc(&skb->users);
	cb->skb = skb;

1771
	sk = netlink_lookup(sock_net(ssk), ssk->sk_protocol, NETLINK_CB(skb).portid);
L
Linus Torvalds 已提交
1772 1773 1774 1775 1776
	if (sk == NULL) {
		netlink_destroy_callback(cb);
		return -ECONNREFUSED;
	}
	nlk = nlk_sk(sk);
1777

1778
	mutex_lock(nlk->cb_mutex);
1779
	/* A dump is in progress... */
1780
	if (nlk->cb) {
1781
		mutex_unlock(nlk->cb_mutex);
L
Linus Torvalds 已提交
1782
		netlink_destroy_callback(cb);
1783 1784
		ret = -EBUSY;
		goto out;
L
Linus Torvalds 已提交
1785
	}
1786 1787 1788 1789 1790 1791 1792 1793
	/* add reference of module which cb->dump belongs to */
	if (!try_module_get(cb->module)) {
		mutex_unlock(nlk->cb_mutex);
		netlink_destroy_callback(cb);
		ret = -EPROTONOSUPPORT;
		goto out;
	}

L
Linus Torvalds 已提交
1794
	nlk->cb = cb;
1795
	mutex_unlock(nlk->cb_mutex);
L
Linus Torvalds 已提交
1796

1797
	ret = netlink_dump(sk);
1798
out:
L
Linus Torvalds 已提交
1799
	sock_put(sk);
1800

1801 1802 1803
	if (ret)
		return ret;

1804 1805 1806 1807
	/* We successfully started a dump, by returning -EINTR we
	 * signal not to send ACK even if it was requested.
	 */
	return -EINTR;
L
Linus Torvalds 已提交
1808
}
1809
EXPORT_SYMBOL(__netlink_dump_start);
L
Linus Torvalds 已提交
1810 1811 1812 1813 1814 1815

void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err)
{
	struct sk_buff *skb;
	struct nlmsghdr *rep;
	struct nlmsgerr *errmsg;
1816
	size_t payload = sizeof(*errmsg);
L
Linus Torvalds 已提交
1817

1818 1819 1820
	/* error messages get the original request appened */
	if (err)
		payload += nlmsg_len(nlh);
L
Linus Torvalds 已提交
1821

1822
	skb = nlmsg_new(payload, GFP_KERNEL);
L
Linus Torvalds 已提交
1823 1824 1825
	if (!skb) {
		struct sock *sk;

1826
		sk = netlink_lookup(sock_net(in_skb->sk),
1827
				    in_skb->sk->sk_protocol,
1828
				    NETLINK_CB(in_skb).portid);
L
Linus Torvalds 已提交
1829 1830 1831 1832 1833 1834 1835 1836
		if (sk) {
			sk->sk_err = ENOBUFS;
			sk->sk_error_report(sk);
			sock_put(sk);
		}
		return;
	}

1837
	rep = __nlmsg_put(skb, NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
1838
			  NLMSG_ERROR, payload, 0);
1839
	errmsg = nlmsg_data(rep);
L
Linus Torvalds 已提交
1840
	errmsg->error = err;
1841
	memcpy(&errmsg->msg, nlh, err ? nlh->nlmsg_len : sizeof(*nlh));
1842
	netlink_unicast(in_skb->sk, skb, NETLINK_CB(in_skb).portid, MSG_DONTWAIT);
L
Linus Torvalds 已提交
1843
}
1844
EXPORT_SYMBOL(netlink_ack);
L
Linus Torvalds 已提交
1845

1846
int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *,
1847
						     struct nlmsghdr *))
1848 1849 1850 1851 1852
{
	struct nlmsghdr *nlh;
	int err;

	while (skb->len >= nlmsg_total_size(0)) {
1853 1854
		int msglen;

1855
		nlh = nlmsg_hdr(skb);
1856
		err = 0;
1857

1858
		if (nlh->nlmsg_len < NLMSG_HDRLEN || skb->len < nlh->nlmsg_len)
1859 1860
			return 0;

1861 1862
		/* Only requests are handled by the kernel */
		if (!(nlh->nlmsg_flags & NLM_F_REQUEST))
1863
			goto ack;
1864 1865 1866

		/* Skip control messages */
		if (nlh->nlmsg_type < NLMSG_MIN_TYPE)
1867
			goto ack;
1868

1869
		err = cb(skb, nlh);
1870 1871 1872 1873
		if (err == -EINTR)
			goto skip;

ack:
1874
		if (nlh->nlmsg_flags & NLM_F_ACK || err)
1875 1876
			netlink_ack(skb, nlh, err);

1877
skip:
1878
		msglen = NLMSG_ALIGN(nlh->nlmsg_len);
1879 1880 1881
		if (msglen > skb->len)
			msglen = skb->len;
		skb_pull(skb, msglen);
1882 1883 1884 1885
	}

	return 0;
}
1886
EXPORT_SYMBOL(netlink_rcv_skb);
1887

1888 1889 1890 1891
/**
 * nlmsg_notify - send a notification netlink message
 * @sk: netlink socket to use
 * @skb: notification message
1892
 * @portid: destination netlink portid for reports or 0
1893 1894 1895 1896
 * @group: destination multicast group or 0
 * @report: 1 to report back, 0 to disable
 * @flags: allocation flags
 */
1897
int nlmsg_notify(struct sock *sk, struct sk_buff *skb, u32 portid,
1898 1899 1900 1901 1902
		 unsigned int group, int report, gfp_t flags)
{
	int err = 0;

	if (group) {
1903
		int exclude_portid = 0;
1904 1905 1906

		if (report) {
			atomic_inc(&skb->users);
1907
			exclude_portid = portid;
1908 1909
		}

1910 1911
		/* errors reported via destination sk->sk_err, but propagate
		 * delivery errors if NETLINK_BROADCAST_ERROR flag is set */
1912
		err = nlmsg_multicast(sk, skb, exclude_portid, group, flags);
1913 1914
	}

1915 1916 1917
	if (report) {
		int err2;

1918
		err2 = nlmsg_unicast(sk, skb, portid);
1919 1920 1921
		if (!err || err == -ESRCH)
			err = err2;
	}
1922 1923 1924

	return err;
}
1925
EXPORT_SYMBOL(nlmsg_notify);
1926

L
Linus Torvalds 已提交
1927 1928
#ifdef CONFIG_PROC_FS
struct nl_seq_iter {
1929
	struct seq_net_private p;
L
Linus Torvalds 已提交
1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940
	int link;
	int hash_idx;
};

static struct sock *netlink_seq_socket_idx(struct seq_file *seq, loff_t pos)
{
	struct nl_seq_iter *iter = seq->private;
	int i, j;
	struct sock *s;
	loff_t off = 0;

1941
	for (i = 0; i < MAX_LINKS; i++) {
1942
		struct nl_portid_hash *hash = &nl_table[i].hash;
L
Linus Torvalds 已提交
1943 1944

		for (j = 0; j <= hash->mask; j++) {
1945
			sk_for_each(s, &hash->table[j]) {
1946
				if (sock_net(s) != seq_file_net(seq))
1947
					continue;
L
Linus Torvalds 已提交
1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960
				if (off == pos) {
					iter->link = i;
					iter->hash_idx = j;
					return s;
				}
				++off;
			}
		}
	}
	return NULL;
}

static void *netlink_seq_start(struct seq_file *seq, loff_t *pos)
1961
	__acquires(nl_table_lock)
L
Linus Torvalds 已提交
1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976
{
	read_lock(&nl_table_lock);
	return *pos ? netlink_seq_socket_idx(seq, *pos - 1) : SEQ_START_TOKEN;
}

static void *netlink_seq_next(struct seq_file *seq, void *v, loff_t *pos)
{
	struct sock *s;
	struct nl_seq_iter *iter;
	int i, j;

	++*pos;

	if (v == SEQ_START_TOKEN)
		return netlink_seq_socket_idx(seq, 0);
1977

1978 1979 1980 1981
	iter = seq->private;
	s = v;
	do {
		s = sk_next(s);
1982
	} while (s && sock_net(s) != seq_file_net(seq));
L
Linus Torvalds 已提交
1983 1984 1985 1986 1987 1988 1989
	if (s)
		return s;

	i = iter->link;
	j = iter->hash_idx + 1;

	do {
1990
		struct nl_portid_hash *hash = &nl_table[i].hash;
L
Linus Torvalds 已提交
1991 1992 1993

		for (; j <= hash->mask; j++) {
			s = sk_head(&hash->table[j]);
1994
			while (s && sock_net(s) != seq_file_net(seq))
1995
				s = sk_next(s);
L
Linus Torvalds 已提交
1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009
			if (s) {
				iter->link = i;
				iter->hash_idx = j;
				return s;
			}
		}

		j = 0;
	} while (++i < MAX_LINKS);

	return NULL;
}

static void netlink_seq_stop(struct seq_file *seq, void *v)
2010
	__releases(nl_table_lock)
L
Linus Torvalds 已提交
2011 2012 2013 2014 2015 2016 2017
{
	read_unlock(&nl_table_lock);
}


static int netlink_seq_show(struct seq_file *seq, void *v)
{
E
Eric Dumazet 已提交
2018
	if (v == SEQ_START_TOKEN) {
L
Linus Torvalds 已提交
2019 2020
		seq_puts(seq,
			 "sk       Eth Pid    Groups   "
2021
			 "Rmem     Wmem     Dump     Locks     Drops     Inode\n");
E
Eric Dumazet 已提交
2022
	} else {
L
Linus Torvalds 已提交
2023 2024 2025
		struct sock *s = v;
		struct netlink_sock *nlk = nlk_sk(s);

2026
		seq_printf(seq, "%pK %-3d %-6u %08x %-8d %-8d %pK %-8d %-8d %-8lu\n",
L
Linus Torvalds 已提交
2027 2028
			   s,
			   s->sk_protocol,
2029
			   nlk->portid,
2030
			   nlk->groups ? (u32)nlk->groups[0] : 0,
2031 2032
			   sk_rmem_alloc_get(s),
			   sk_wmem_alloc_get(s),
L
Linus Torvalds 已提交
2033
			   nlk->cb,
2034
			   atomic_read(&s->sk_refcnt),
2035 2036
			   atomic_read(&s->sk_drops),
			   sock_i_ino(s)
L
Linus Torvalds 已提交
2037 2038 2039 2040 2041 2042
			);

	}
	return 0;
}

2043
static const struct seq_operations netlink_seq_ops = {
L
Linus Torvalds 已提交
2044 2045 2046 2047 2048 2049 2050 2051 2052
	.start  = netlink_seq_start,
	.next   = netlink_seq_next,
	.stop   = netlink_seq_stop,
	.show   = netlink_seq_show,
};


static int netlink_seq_open(struct inode *inode, struct file *file)
{
2053 2054
	return seq_open_net(inode, file, &netlink_seq_ops,
				sizeof(struct nl_seq_iter));
2055 2056
}

2057
static const struct file_operations netlink_seq_fops = {
L
Linus Torvalds 已提交
2058 2059 2060 2061
	.owner		= THIS_MODULE,
	.open		= netlink_seq_open,
	.read		= seq_read,
	.llseek		= seq_lseek,
2062
	.release	= seq_release_net,
L
Linus Torvalds 已提交
2063 2064 2065 2066 2067 2068
};

#endif

int netlink_register_notifier(struct notifier_block *nb)
{
2069
	return atomic_notifier_chain_register(&netlink_chain, nb);
L
Linus Torvalds 已提交
2070
}
2071
EXPORT_SYMBOL(netlink_register_notifier);
L
Linus Torvalds 已提交
2072 2073 2074

int netlink_unregister_notifier(struct notifier_block *nb)
{
2075
	return atomic_notifier_chain_unregister(&netlink_chain, nb);
L
Linus Torvalds 已提交
2076
}
2077
EXPORT_SYMBOL(netlink_unregister_notifier);
2078

2079
static const struct proto_ops netlink_ops = {
L
Linus Torvalds 已提交
2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091
	.family =	PF_NETLINK,
	.owner =	THIS_MODULE,
	.release =	netlink_release,
	.bind =		netlink_bind,
	.connect =	netlink_connect,
	.socketpair =	sock_no_socketpair,
	.accept =	sock_no_accept,
	.getname =	netlink_getname,
	.poll =		datagram_poll,
	.ioctl =	sock_no_ioctl,
	.listen =	sock_no_listen,
	.shutdown =	sock_no_shutdown,
2092 2093
	.setsockopt =	netlink_setsockopt,
	.getsockopt =	netlink_getsockopt,
L
Linus Torvalds 已提交
2094 2095 2096 2097 2098 2099
	.sendmsg =	netlink_sendmsg,
	.recvmsg =	netlink_recvmsg,
	.mmap =		sock_no_mmap,
	.sendpage =	sock_no_sendpage,
};

2100
static const struct net_proto_family netlink_family_ops = {
L
Linus Torvalds 已提交
2101 2102 2103 2104 2105
	.family = PF_NETLINK,
	.create = netlink_create,
	.owner	= THIS_MODULE,	/* for consistency 8) */
};

2106
static int __net_init netlink_net_init(struct net *net)
2107 2108
{
#ifdef CONFIG_PROC_FS
2109
	if (!proc_create("netlink", 0, net->proc_net, &netlink_seq_fops))
2110 2111 2112 2113 2114
		return -ENOMEM;
#endif
	return 0;
}

2115
static void __net_exit netlink_net_exit(struct net *net)
2116 2117
{
#ifdef CONFIG_PROC_FS
2118
	remove_proc_entry("netlink", net->proc_net);
2119 2120 2121
#endif
}

2122 2123
static void __init netlink_add_usersock_entry(void)
{
2124
	struct listeners *listeners;
2125 2126
	int groups = 32;

2127
	listeners = kzalloc(sizeof(*listeners) + NLGRPSZ(groups), GFP_KERNEL);
2128
	if (!listeners)
2129
		panic("netlink_add_usersock_entry: Cannot allocate listeners\n");
2130 2131 2132 2133

	netlink_table_grab();

	nl_table[NETLINK_USERSOCK].groups = groups;
2134
	rcu_assign_pointer(nl_table[NETLINK_USERSOCK].listeners, listeners);
2135 2136
	nl_table[NETLINK_USERSOCK].module = THIS_MODULE;
	nl_table[NETLINK_USERSOCK].registered = 1;
2137
	nl_table[NETLINK_USERSOCK].flags = NL_CFG_F_NONROOT_SEND;
2138 2139 2140 2141

	netlink_table_ungrab();
}

2142
static struct pernet_operations __net_initdata netlink_net_ops = {
2143 2144 2145 2146
	.init = netlink_net_init,
	.exit = netlink_net_exit,
};

L
Linus Torvalds 已提交
2147 2148 2149
static int __init netlink_proto_init(void)
{
	int i;
2150
	unsigned long limit;
L
Linus Torvalds 已提交
2151 2152 2153 2154 2155 2156
	unsigned int order;
	int err = proto_register(&netlink_proto, 0);

	if (err != 0)
		goto out;

2157
	BUILD_BUG_ON(sizeof(struct netlink_skb_parms) > FIELD_SIZEOF(struct sk_buff, cb));
L
Linus Torvalds 已提交
2158

2159
	nl_table = kcalloc(MAX_LINKS, sizeof(*nl_table), GFP_KERNEL);
2160 2161
	if (!nl_table)
		goto panic;
L
Linus Torvalds 已提交
2162

2163 2164
	if (totalram_pages >= (128 * 1024))
		limit = totalram_pages >> (21 - PAGE_SHIFT);
L
Linus Torvalds 已提交
2165
	else
2166
		limit = totalram_pages >> (23 - PAGE_SHIFT);
L
Linus Torvalds 已提交
2167

2168 2169 2170
	order = get_bitmask_order(limit) - 1 + PAGE_SHIFT;
	limit = (1UL << order) / sizeof(struct hlist_head);
	order = get_bitmask_order(min(limit, (unsigned long)UINT_MAX)) - 1;
L
Linus Torvalds 已提交
2171 2172

	for (i = 0; i < MAX_LINKS; i++) {
2173
		struct nl_portid_hash *hash = &nl_table[i].hash;
L
Linus Torvalds 已提交
2174

2175
		hash->table = nl_portid_hash_zalloc(1 * sizeof(*hash->table));
L
Linus Torvalds 已提交
2176 2177
		if (!hash->table) {
			while (i-- > 0)
2178
				nl_portid_hash_free(nl_table[i].hash.table,
L
Linus Torvalds 已提交
2179 2180
						 1 * sizeof(*hash->table));
			kfree(nl_table);
2181
			goto panic;
L
Linus Torvalds 已提交
2182 2183 2184 2185 2186 2187 2188
		}
		hash->max_shift = order;
		hash->shift = 0;
		hash->mask = 0;
		hash->rehash_time = jiffies;
	}

2189 2190
	netlink_add_usersock_entry();

L
Linus Torvalds 已提交
2191
	sock_register(&netlink_family_ops);
2192
	register_pernet_subsys(&netlink_net_ops);
2193
	/* The netlink device handler may be needed early. */
L
Linus Torvalds 已提交
2194 2195 2196
	rtnetlink_init();
out:
	return err;
2197 2198
panic:
	panic("netlink_init: Cannot allocate nl_table\n");
L
Linus Torvalds 已提交
2199 2200 2201
}

core_initcall(netlink_proto_init);