net/unix/diag.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 #include <linux/types.h>
   3 #include <linux/spinlock.h>
   4 #include <linux/sock_diag.h>
   5 #include <linux/unix_diag.h>
   6 #include <linux/skbuff.h>
   7 #include <linux/module.h>
   8 #include <linux/uidgid.h>
   9 #include <net/netlink.h>
  10 #include <net/af_unix.h>
  11 #include <net/tcp_states.h>
  12 #include <net/sock.h>
  13
  14 static int sk_diag_dump_name(struct sock *sk, struct sk_buff *nlskb)
  15 {
  16         /* might or might not have unix_table_lock */
  17         struct unix_address *addr = smp_load_acquire(&unix_sk(sk)->addr);
  18
  19         if (!addr)
  20                 return 0;
  21
  22         return nla_put(nlskb, UNIX_DIAG_NAME, addr->len - sizeof(short),
  23                        addr->name->sun_path);
  24 }
  25
  26 static int sk_diag_dump_vfs(struct sock *sk, struct sk_buff *nlskb)
  27 {
  28         struct dentry *dentry = unix_sk(sk)->path.dentry;
  29
  30         if (dentry) {
  31                 struct unix_diag_vfs uv = {
  32                         .udiag_vfs_ino = d_backing_inode(dentry)->i_ino,
  33                         .udiag_vfs_dev = dentry->d_sb->s_dev,
  34                 };
  35
  36                 return nla_put(nlskb, UNIX_DIAG_VFS, sizeof(uv), &uv);
  37         }
  38
  39         return 0;
  40 }
  41
  42 static int sk_diag_dump_peer(struct sock *sk, struct sk_buff *nlskb)
  43 {
  44         struct sock *peer;
  45         int ino;
  46
  47         peer = unix_peer_get(sk);
  48         if (peer) {
  49                 unix_state_lock(peer);
  50                 ino = sock_i_ino(peer);
  51                 unix_state_unlock(peer);
  52                 sock_put(peer);
  53
  54                 return nla_put_u32(nlskb, UNIX_DIAG_PEER, ino);
  55         }
  56
  57         return 0;
  58 }
  59
  60 static int sk_diag_dump_icons(struct sock *sk, struct sk_buff *nlskb)
  61 {
  62         struct sk_buff *skb;
  63         struct nlattr *attr;
  64         u32 *buf;
  65         int i;
  66
  67         if (sk->sk_state == TCP_LISTEN) {
  68                 spin_lock(&sk->sk_receive_queue.lock);
  69
  70                 attr = nla_reserve(nlskb, UNIX_DIAG_ICONS,
  71                                    sk->sk_receive_queue.qlen * sizeof(u32));
  72                 if (!attr)
  73                         goto errout;
  74
  75                 buf = nla_data(attr);
  76                 i = 0;
  77                 skb_queue_walk(&sk->sk_receive_queue, skb) {
  78                         struct sock *req, *peer;
  79
  80                         req = skb->sk;
  81                         /*
  82                          * The state lock is outer for the same sk's
  83                          * queue lock. With the other's queue locked it's
  84                          * OK to lock the state.
  85                          */
  86                         unix_state_lock_nested(req);
  87                         peer = unix_sk(req)->peer;
  88                         buf[i++] = (peer ? sock_i_ino(peer) : 0);
  89                         unix_state_unlock(req);
  90                 }
  91                 spin_unlock(&sk->sk_receive_queue.lock);
  92         }
  93
  94         return 0;
  95
  96 errout:
  97         spin_unlock(&sk->sk_receive_queue.lock);
  98         return -EMSGSIZE;
  99 }
 100
 101 static int sk_diag_show_rqlen(struct sock *sk, struct sk_buff *nlskb)
 102 {
 103         struct unix_diag_rqlen rql;
 104
 105         if (sk->sk_state == TCP_LISTEN) {
 106                 rql.udiag_rqueue = sk->sk_receive_queue.qlen;
 107                 rql.udiag_wqueue = sk->sk_max_ack_backlog;
 108         } else {
 109                 rql.udiag_rqueue = (u32) unix_inq_len(sk);
 110                 rql.udiag_wqueue = (u32) unix_outq_len(sk);
 111         }
 112
 113         return nla_put(nlskb, UNIX_DIAG_RQLEN, sizeof(rql), &rql);
 114 }
 115
 116 static int sk_diag_dump_uid(struct sock *sk, struct sk_buff *nlskb)
 117 {
 118         uid_t uid = from_kuid_munged(sk_user_ns(nlskb->sk), sock_i_uid(sk));
 119         return nla_put(nlskb, UNIX_DIAG_UID, sizeof(uid_t), &uid);
 120 }
 121
 122 static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req,
 123                 u32 portid, u32 seq, u32 flags, int sk_ino)
 124 {
 125         struct nlmsghdr *nlh;
 126         struct unix_diag_msg *rep;
 127
 128         nlh = nlmsg_put(skb, portid, seq, SOCK_DIAG_BY_FAMILY, sizeof(*rep),
 129                         flags);
 130         if (!nlh)
 131                 return -EMSGSIZE;
 132
 133         rep = nlmsg_data(nlh);
 134         rep->udiag_family = AF_UNIX;
 135         rep->udiag_type = sk->sk_type;
 136         rep->udiag_state = sk->sk_state;
 137         rep->pad = 0;
 138         rep->udiag_ino = sk_ino;
 139         sock_diag_save_cookie(sk, rep->udiag_cookie);
 140
 141         if ((req->udiag_show & UDIAG_SHOW_NAME) &&
 142             sk_diag_dump_name(sk, skb))
 143                 goto out_nlmsg_trim;
 144
 145         if ((req->udiag_show & UDIAG_SHOW_VFS) &&
 146             sk_diag_dump_vfs(sk, skb))
 147                 goto out_nlmsg_trim;
 148
 149         if ((req->udiag_show & UDIAG_SHOW_PEER) &&
 150             sk_diag_dump_peer(sk, skb))
 151                 goto out_nlmsg_trim;
 152
 153         if ((req->udiag_show & UDIAG_SHOW_ICONS) &&
 154             sk_diag_dump_icons(sk, skb))
 155                 goto out_nlmsg_trim;
 156
 157         if ((req->udiag_show & UDIAG_SHOW_RQLEN) &&
 158             sk_diag_show_rqlen(sk, skb))
 159                 goto out_nlmsg_trim;
 160
 161         if ((req->udiag_show & UDIAG_SHOW_MEMINFO) &&
 162             sock_diag_put_meminfo(sk, skb, UNIX_DIAG_MEMINFO))
 163                 goto out_nlmsg_trim;
 164
 165         if (nla_put_u8(skb, UNIX_DIAG_SHUTDOWN, sk->sk_shutdown))
 166                 goto out_nlmsg_trim;
 167
 168         if ((req->udiag_show & UDIAG_SHOW_UID) &&
 169             sk_diag_dump_uid(sk, skb))
 170                 goto out_nlmsg_trim;
 171
 172         nlmsg_end(skb, nlh);
 173         return 0;
 174
 175 out_nlmsg_trim:
 176         nlmsg_cancel(skb, nlh);
 177         return -EMSGSIZE;
 178 }
 179
 180 static int sk_diag_dump(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req,
 181                 u32 portid, u32 seq, u32 flags)
 182 {
 183         int sk_ino;
 184
 185         unix_state_lock(sk);
 186         sk_ino = sock_i_ino(sk);
 187         unix_state_unlock(sk);
 188
 189         if (!sk_ino)
 190                 return 0;
 191
 192         return sk_diag_fill(sk, skb, req, portid, seq, flags, sk_ino);
 193 }
 194
 195 static int unix_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
 196 {
 197         struct unix_diag_req *req;
 198         int num, s_num, slot, s_slot;
 199         struct net *net = sock_net(skb->sk);
 200
 201         req = nlmsg_data(cb->nlh);
 202
 203         s_slot = cb->args[0];
 204         num = s_num = cb->args[1];
 205
 206         spin_lock(&unix_table_lock);
 207         for (slot = s_slot;
 208              slot < ARRAY_SIZE(unix_socket_table);
 209              s_num = 0, slot++) {
 210                 struct sock *sk;
 211
 212                 num = 0;
 213                 sk_for_each(sk, &unix_socket_table[slot]) {
 214                         if (!net_eq(sock_net(sk), net))
 215                                 continue;
 216                         if (num < s_num)
 217                                 goto next;
 218                         if (!(req->udiag_states & (1 << sk->sk_state)))
 219                                 goto next;
 220                         if (sk_diag_dump(sk, skb, req,
 221                                          NETLINK_CB(cb->skb).portid,
 222                                          cb->nlh->nlmsg_seq,
 223                                          NLM_F_MULTI) < 0)
 224                                 goto done;
 225 next:
 226                         num++;
 227                 }
 228         }
 229 done:
 230         spin_unlock(&unix_table_lock);
 231         cb->args[0] = slot;
 232         cb->args[1] = num;
 233
 234         return skb->len;
 235 }
 236
 237 static struct sock *unix_lookup_by_ino(unsigned int ino)
 238 {
 239         int i;
 240         struct sock *sk;
 241
 242         spin_lock(&unix_table_lock);
 243         for (i = 0; i < ARRAY_SIZE(unix_socket_table); i++) {
 244                 sk_for_each(sk, &unix_socket_table[i])
 245                         if (ino == sock_i_ino(sk)) {
 246                                 sock_hold(sk);
 247                                 spin_unlock(&unix_table_lock);
 248
 249                                 return sk;
 250                         }
 251         }
 252
 253         spin_unlock(&unix_table_lock);
 254         return NULL;
 255 }
 256
 257 static int unix_diag_get_exact(struct sk_buff *in_skb,
 258                                const struct nlmsghdr *nlh,
 259                                struct unix_diag_req *req)
 260 {
 261         int err = -EINVAL;
 262         struct sock *sk;
 263         struct sk_buff *rep;
 264         unsigned int extra_len;
 265         struct net *net = sock_net(in_skb->sk);
 266
 267         if (req->udiag_ino == 0)
 268                 goto out_nosk;
 269
 270         sk = unix_lookup_by_ino(req->udiag_ino);
 271         err = -ENOENT;
 272         if (sk == NULL)
 273                 goto out_nosk;
 274         if (!net_eq(sock_net(sk), net))
 275                 goto out;
 276
 277         err = sock_diag_check_cookie(sk, req->udiag_cookie);
 278         if (err)
 279                 goto out;
 280
 281         extra_len = 256;
 282 again:
 283         err = -ENOMEM;
 284         rep = nlmsg_new(sizeof(struct unix_diag_msg) + extra_len, GFP_KERNEL);
 285         if (!rep)
 286                 goto out;
 287
 288         err = sk_diag_fill(sk, rep, req, NETLINK_CB(in_skb).portid,
 289                            nlh->nlmsg_seq, 0, req->udiag_ino);
 290         if (err < 0) {
 291                 nlmsg_free(rep);
 292                 extra_len += 256;
 293                 if (extra_len >= PAGE_SIZE)
 294                         goto out;
 295
 296                 goto again;
 297         }
 298         err = netlink_unicast(net->diag_nlsk, rep, NETLINK_CB(in_skb).portid,
 299                               MSG_DONTWAIT);
 300         if (err > 0)
 301                 err = 0;
 302 out:
 303         if (sk)
 304                 sock_put(sk);
 305 out_nosk:
 306         return err;
 307 }
 308
 309 static int unix_diag_handler_dump(struct sk_buff *skb, struct nlmsghdr *h)
 310 {
 311         int hdrlen = sizeof(struct unix_diag_req);
 312         struct net *net = sock_net(skb->sk);
 313
 314         if (nlmsg_len(h) < hdrlen)
 315                 return -EINVAL;
 316
 317         if (h->nlmsg_flags & NLM_F_DUMP) {
 318                 struct netlink_dump_control c = {
 319                         .dump = unix_diag_dump,
 320                 };
 321                 return netlink_dump_start(net->diag_nlsk, skb, h, &c);
 322         } else
 323                 return unix_diag_get_exact(skb, h, nlmsg_data(h));
 324 }
 325
 326 static const struct sock_diag_handler unix_diag_handler = {
 327         .family = AF_UNIX,
 328         .dump = unix_diag_handler_dump,
 329 };
 330
 331 static int __init unix_diag_init(void)
 332 {
 333         return sock_diag_register(&unix_diag_handler);
 334 }
 335
 336 static void __exit unix_diag_exit(void)
 337 {
 338         sock_diag_unregister(&unix_diag_handler);
 339 }
 340
 341 module_init(unix_diag_init);
 342 module_exit(unix_diag_exit);
 343 MODULE_LICENSE("GPL");
 344 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 1 /* AF_LOCAL */);