search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 4.14.5
[linux/fpc-iii.git] / net / packet / af_packet.c
blob2986941164b1952b3b6014ff81d2986b504c334a
1 /*
2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * PACKET - implements raw packet sockets.
7 *
8 * Authors: Ross Biro
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
11 *
12 * Fixes:
13 * Alan Cox : verify_area() now used correctly
14 * Alan Cox : new skbuff lists, look ma no backlogs!
15 * Alan Cox : tidied skbuff lists.
16 * Alan Cox : Now uses generic datagram routines I
17 * added. Also fixed the peek/read crash
18 * from all old Linux datagram code.
19 * Alan Cox : Uses the improved datagram code.
20 * Alan Cox : Added NULL's for socket options.
21 * Alan Cox : Re-commented the code.
22 * Alan Cox : Use new kernel side addressing
23 * Rob Janssen : Correct MTU usage.
24 * Dave Platt : Counter leaks caused by incorrect
25 * interrupt locking and some slightly
26 * dubious gcc output. Can you read
27 * compiler: it said _VOLATILE_
28 * Richard Kooijman : Timestamp fixes.
29 * Alan Cox : New buffers. Use sk->mac.raw.
30 * Alan Cox : sendmsg/recvmsg support.
31 * Alan Cox : Protocol setting support
32 * Alexey Kuznetsov : Untied from IPv4 stack.
33 * Cyrus Durgin : Fixed kerneld for kmod.
34 * Michal Ostrowski : Module initialization cleanup.
35 * Ulises Alonso : Frame number limit removal and
36 * packet_set_ring memory leak.
37 * Eric Biederman : Allow for > 8 byte hardware addresses.
38 * The convention is that longer addresses
39 * will simply extend the hardware address
40 * byte arrays at the end of sockaddr_ll
41 * and packet_mreq.
42 * Johann Baudy : Added TX RING.
43 * Chetan Loke : Implemented TPACKET_V3 block abstraction
44 * layer.
45 * Copyright (C) 2011, <lokec@ccs.neu.edu>
46 *
47 *
48 * This program is free software; you can redistribute it and/or
49 * modify it under the terms of the GNU General Public License
50 * as published by the Free Software Foundation; either version
51 * 2 of the License, or (at your option) any later version.
52 *
53 */
54
55 #include <linux/types.h>
56 #include <linux/mm.h>
57 #include <linux/capability.h>
58 #include <linux/fcntl.h>
59 #include <linux/socket.h>
60 #include <linux/in.h>
61 #include <linux/inet.h>
62 #include <linux/netdevice.h>
63 #include <linux/if_packet.h>
64 #include <linux/wireless.h>
65 #include <linux/kernel.h>
66 #include <linux/kmod.h>
67 #include <linux/slab.h>
68 #include <linux/vmalloc.h>
69 #include <net/net_namespace.h>
70 #include <net/ip.h>
71 #include <net/protocol.h>
72 #include <linux/skbuff.h>
73 #include <net/sock.h>
74 #include <linux/errno.h>
75 #include <linux/timer.h>
76 #include <linux/uaccess.h>
77 #include <asm/ioctls.h>
78 #include <asm/page.h>
79 #include <asm/cacheflush.h>
80 #include <asm/io.h>
81 #include <linux/proc_fs.h>
82 #include <linux/seq_file.h>
83 #include <linux/poll.h>
84 #include <linux/module.h>
85 #include <linux/init.h>
86 #include <linux/mutex.h>
87 #include <linux/if_vlan.h>
88 #include <linux/virtio_net.h>
89 #include <linux/errqueue.h>
90 #include <linux/net_tstamp.h>
91 #include <linux/percpu.h>
92 #ifdef CONFIG_INET
93 #include <net/inet_common.h>
94 #endif
95 #include <linux/bpf.h>
96 #include <net/compat.h>
97
98 #include "internal.h"
99
100 /*
101 Assumptions:
102 - if device has no dev->hard_header routine, it adds and removes ll header
103 inside itself. In this case ll header is invisible outside of device,
104 but higher levels still should reserve dev->hard_header_len.
105 Some devices are enough clever to reallocate skb, when header
106 will not fit to reserved space (tunnel), another ones are silly
107 (PPP).
108 - packet socket receives packets with pulled ll header,
109 so that SOCK_RAW should push it back.
110
111 On receive:
112 -----------
113
114 Incoming, dev->hard_header!=NULL
115 mac_header -> ll header
116 data -> data
117
118 Outgoing, dev->hard_header!=NULL
119 mac_header -> ll header
120 data -> ll header
121
122 Incoming, dev->hard_header==NULL
123 mac_header -> UNKNOWN position. It is very likely, that it points to ll
124 header. PPP makes it, that is wrong, because introduce
125 assymetry between rx and tx paths.
126 data -> data
127
128 Outgoing, dev->hard_header==NULL
129 mac_header -> data. ll header is still not built!
130 data -> data
131
132 Resume
133 If dev->hard_header==NULL we are unlikely to restore sensible ll header.
134
135
136 On transmit:
137 ------------
138
139 dev->hard_header != NULL
140 mac_header -> ll header
141 data -> ll header
142
143 dev->hard_header == NULL (ll header is added by device, we cannot control it)
144 mac_header -> data
145 data -> data
146
147 We should set nh.raw on output to correct posistion,
148 packet classifier depends on it.
149 */
150
151 /* Private packet socket structures. */
152
153 /* identical to struct packet_mreq except it has
154 * a longer address field.
155 */
156 struct packet_mreq_max {
157 int mr_ifindex;
158 unsigned short mr_type;
159 unsigned short mr_alen;
160 unsigned char mr_address[MAX_ADDR_LEN];
161 };
162
163 union tpacket_uhdr {
164 struct tpacket_hdr *h1;
165 struct tpacket2_hdr *h2;
166 struct tpacket3_hdr *h3;
167 void *raw;
168 };
169
170 static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
171 int closing, int tx_ring);
172
173 #define V3_ALIGNMENT (8)
174
175 #define BLK_HDR_LEN (ALIGN(sizeof(struct tpacket_block_desc), V3_ALIGNMENT))
176
177 #define BLK_PLUS_PRIV(sz_of_priv) \
178 (BLK_HDR_LEN + ALIGN((sz_of_priv), V3_ALIGNMENT))
179
180 #define BLOCK_STATUS(x) ((x)->hdr.bh1.block_status)
181 #define BLOCK_NUM_PKTS(x) ((x)->hdr.bh1.num_pkts)
182 #define BLOCK_O2FP(x) ((x)->hdr.bh1.offset_to_first_pkt)
183 #define BLOCK_LEN(x) ((x)->hdr.bh1.blk_len)
184 #define BLOCK_SNUM(x) ((x)->hdr.bh1.seq_num)
185 #define BLOCK_O2PRIV(x) ((x)->offset_to_priv)
186 #define BLOCK_PRIV(x) ((void *)((char *)(x) + BLOCK_O2PRIV(x)))
187
188 struct packet_sock;
189 static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
190 struct packet_type *pt, struct net_device *orig_dev);
191
192 static void *packet_previous_frame(struct packet_sock *po,
193 struct packet_ring_buffer *rb,
194 int status);
195 static void packet_increment_head(struct packet_ring_buffer *buff);
196 static int prb_curr_blk_in_use(struct tpacket_block_desc *);
197 static void *prb_dispatch_next_block(struct tpacket_kbdq_core *,
198 struct packet_sock *);
199 static void prb_retire_current_block(struct tpacket_kbdq_core *,
200 struct packet_sock *, unsigned int status);
201 static int prb_queue_frozen(struct tpacket_kbdq_core *);
202 static void prb_open_block(struct tpacket_kbdq_core *,
203 struct tpacket_block_desc *);
204 static void prb_retire_rx_blk_timer_expired(unsigned long);
205 static void _prb_refresh_rx_retire_blk_timer(struct tpacket_kbdq_core *);
206 static void prb_init_blk_timer(struct packet_sock *,
207 struct tpacket_kbdq_core *,
208 void (*func) (unsigned long));
209 static void prb_fill_rxhash(struct tpacket_kbdq_core *, struct tpacket3_hdr *);
210 static void prb_clear_rxhash(struct tpacket_kbdq_core *,
211 struct tpacket3_hdr *);
212 static void prb_fill_vlan_info(struct tpacket_kbdq_core *,
213 struct tpacket3_hdr *);
214 static void packet_flush_mclist(struct sock *sk);
215 static void packet_pick_tx_queue(struct net_device *dev, struct sk_buff *skb);
216
217 struct packet_skb_cb {
218 union {
219 struct sockaddr_pkt pkt;
220 union {
221 /* Trick: alias skb original length with
222 * ll.sll_family and ll.protocol in order
223 * to save room.
224 */
225 unsigned int origlen;
226 struct sockaddr_ll ll;
227 };
228 } sa;
229 };
230
231 #define vio_le() virtio_legacy_is_little_endian()
232
233 #define PACKET_SKB_CB(__skb) ((struct packet_skb_cb *)((__skb)->cb))
234
235 #define GET_PBDQC_FROM_RB(x) ((struct tpacket_kbdq_core *)(&(x)->prb_bdqc))
236 #define GET_PBLOCK_DESC(x, bid) \
237 ((struct tpacket_block_desc *)((x)->pkbdq[(bid)].buffer))
238 #define GET_CURR_PBLOCK_DESC_FROM_CORE(x) \
239 ((struct tpacket_block_desc *)((x)->pkbdq[(x)->kactive_blk_num].buffer))
240 #define GET_NEXT_PRB_BLK_NUM(x) \
241 (((x)->kactive_blk_num < ((x)->knum_blocks-1)) ? \
242 ((x)->kactive_blk_num+1) : 0)
243
244 static void __fanout_unlink(struct sock *sk, struct packet_sock *po);
245 static void __fanout_link(struct sock *sk, struct packet_sock *po);
246
247 static int packet_direct_xmit(struct sk_buff *skb)
248 {
249 struct net_device *dev = skb->dev;
250 struct sk_buff *orig_skb = skb;
251 struct netdev_queue *txq;
252 int ret = NETDEV_TX_BUSY;
253
254 if (unlikely(!netif_running(dev) ||
255 !netif_carrier_ok(dev)))
256 goto drop;
257
258 skb = validate_xmit_skb_list(skb, dev);
259 if (skb != orig_skb)
260 goto drop;
261
262 packet_pick_tx_queue(dev, skb);
263 txq = skb_get_tx_queue(dev, skb);
264
265 local_bh_disable();
266
267 HARD_TX_LOCK(dev, txq, smp_processor_id());
268 if (!netif_xmit_frozen_or_drv_stopped(txq))
269 ret = netdev_start_xmit(skb, dev, txq, false);
270 HARD_TX_UNLOCK(dev, txq);
271
272 local_bh_enable();
273
274 if (!dev_xmit_complete(ret))
275 kfree_skb(skb);
276
277 return ret;
278 drop:
279 atomic_long_inc(&dev->tx_dropped);
280 kfree_skb_list(skb);
281 return NET_XMIT_DROP;
282 }
283
284 static struct net_device *packet_cached_dev_get(struct packet_sock *po)
285 {
286 struct net_device *dev;
287
288 rcu_read_lock();
289 dev = rcu_dereference(po->cached_dev);
290 if (likely(dev))
291 dev_hold(dev);
292 rcu_read_unlock();
293
294 return dev;
295 }
296
297 static void packet_cached_dev_assign(struct packet_sock *po,
298 struct net_device *dev)
299 {
300 rcu_assign_pointer(po->cached_dev, dev);
301 }
302
303 static void packet_cached_dev_reset(struct packet_sock *po)
304 {
305 RCU_INIT_POINTER(po->cached_dev, NULL);
306 }
307
308 static bool packet_use_direct_xmit(const struct packet_sock *po)
309 {
310 return po->xmit == packet_direct_xmit;
311 }
312
313 static u16 __packet_pick_tx_queue(struct net_device *dev, struct sk_buff *skb)
314 {
315 return (u16) raw_smp_processor_id() % dev->real_num_tx_queues;
316 }
317
318 static void packet_pick_tx_queue(struct net_device *dev, struct sk_buff *skb)
319 {
320 const struct net_device_ops *ops = dev->netdev_ops;
321 u16 queue_index;
322
323 if (ops->ndo_select_queue) {
324 queue_index = ops->ndo_select_queue(dev, skb, NULL,
325 __packet_pick_tx_queue);
326 queue_index = netdev_cap_txqueue(dev, queue_index);
327 } else {
328 queue_index = __packet_pick_tx_queue(dev, skb);
329 }
330
331 skb_set_queue_mapping(skb, queue_index);
332 }
333
334 /* register_prot_hook must be invoked with the po->bind_lock held,
335 * or from a context in which asynchronous accesses to the packet
336 * socket is not possible (packet_create()).
337 */
338 static void register_prot_hook(struct sock *sk)
339 {
340 struct packet_sock *po = pkt_sk(sk);
341
342 if (!po->running) {
343 if (po->fanout)
344 __fanout_link(sk, po);
345 else
346 dev_add_pack(&po->prot_hook);
347
348 sock_hold(sk);
349 po->running = 1;
350 }
351 }
352
353 /* {,__}unregister_prot_hook() must be invoked with the po->bind_lock
354 * held. If the sync parameter is true, we will temporarily drop
355 * the po->bind_lock and do a synchronize_net to make sure no
356 * asynchronous packet processing paths still refer to the elements
357 * of po->prot_hook. If the sync parameter is false, it is the
358 * callers responsibility to take care of this.
359 */
360 static void __unregister_prot_hook(struct sock *sk, bool sync)
361 {
362 struct packet_sock *po = pkt_sk(sk);
363
364 po->running = 0;
365
366 if (po->fanout)
367 __fanout_unlink(sk, po);
368 else
369 __dev_remove_pack(&po->prot_hook);
370
371 __sock_put(sk);
372
373 if (sync) {
374 spin_unlock(&po->bind_lock);
375 synchronize_net();
376 spin_lock(&po->bind_lock);
377 }
378 }
379
380 static void unregister_prot_hook(struct sock *sk, bool sync)
381 {
382 struct packet_sock *po = pkt_sk(sk);
383
384 if (po->running)
385 __unregister_prot_hook(sk, sync);
386 }
387
388 static inline struct page * __pure pgv_to_page(void *addr)
389 {
390 if (is_vmalloc_addr(addr))
391 return vmalloc_to_page(addr);
392 return virt_to_page(addr);
393 }
394
395 static void __packet_set_status(struct packet_sock *po, void *frame, int status)
396 {
397 union tpacket_uhdr h;
398
399 h.raw = frame;
400 switch (po->tp_version) {
401 case TPACKET_V1:
402 h.h1->tp_status = status;
403 flush_dcache_page(pgv_to_page(&h.h1->tp_status));
404 break;
405 case TPACKET_V2:
406 h.h2->tp_status = status;
407 flush_dcache_page(pgv_to_page(&h.h2->tp_status));
408 break;
409 case TPACKET_V3:
410 h.h3->tp_status = status;
411 flush_dcache_page(pgv_to_page(&h.h3->tp_status));
412 break;
413 default:
414 WARN(1, "TPACKET version not supported.\n");
415 BUG();
416 }
417
418 smp_wmb();
419 }
420
421 static int __packet_get_status(struct packet_sock *po, void *frame)
422 {
423 union tpacket_uhdr h;
424
425 smp_rmb();
426
427 h.raw = frame;
428 switch (po->tp_version) {
429 case TPACKET_V1:
430 flush_dcache_page(pgv_to_page(&h.h1->tp_status));
431 return h.h1->tp_status;
432 case TPACKET_V2:
433 flush_dcache_page(pgv_to_page(&h.h2->tp_status));
434 return h.h2->tp_status;
435 case TPACKET_V3:
436 flush_dcache_page(pgv_to_page(&h.h3->tp_status));
437 return h.h3->tp_status;
438 default:
439 WARN(1, "TPACKET version not supported.\n");
440 BUG();
441 return 0;
442 }
443 }
444
445 static __u32 tpacket_get_timestamp(struct sk_buff *skb, struct timespec *ts,
446 unsigned int flags)
447 {
448 struct skb_shared_hwtstamps *shhwtstamps = skb_hwtstamps(skb);
449
450 if (shhwtstamps &&
451 (flags & SOF_TIMESTAMPING_RAW_HARDWARE) &&
452 ktime_to_timespec_cond(shhwtstamps->hwtstamp, ts))
453 return TP_STATUS_TS_RAW_HARDWARE;
454
455 if (ktime_to_timespec_cond(skb->tstamp, ts))
456 return TP_STATUS_TS_SOFTWARE;
457
458 return 0;
459 }
460
461 static __u32 __packet_set_timestamp(struct packet_sock *po, void *frame,
462 struct sk_buff *skb)
463 {
464 union tpacket_uhdr h;
465 struct timespec ts;
466 __u32 ts_status;
467
468 if (!(ts_status = tpacket_get_timestamp(skb, &ts, po->tp_tstamp)))
469 return 0;
470
471 h.raw = frame;
472 switch (po->tp_version) {
473 case TPACKET_V1:
474 h.h1->tp_sec = ts.tv_sec;
475 h.h1->tp_usec = ts.tv_nsec / NSEC_PER_USEC;
476 break;
477 case TPACKET_V2:
478 h.h2->tp_sec = ts.tv_sec;
479 h.h2->tp_nsec = ts.tv_nsec;
480 break;
481 case TPACKET_V3:
482 h.h3->tp_sec = ts.tv_sec;
483 h.h3->tp_nsec = ts.tv_nsec;
484 break;
485 default:
486 WARN(1, "TPACKET version not supported.\n");
487 BUG();
488 }
489
490 /* one flush is safe, as both fields always lie on the same cacheline */
491 flush_dcache_page(pgv_to_page(&h.h1->tp_sec));
492 smp_wmb();
493
494 return ts_status;
495 }
496
497 static void *packet_lookup_frame(struct packet_sock *po,
498 struct packet_ring_buffer *rb,
499 unsigned int position,
500 int status)
501 {
502 unsigned int pg_vec_pos, frame_offset;
503 union tpacket_uhdr h;
504
505 pg_vec_pos = position / rb->frames_per_block;
506 frame_offset = position % rb->frames_per_block;
507
508 h.raw = rb->pg_vec[pg_vec_pos].buffer +
509 (frame_offset * rb->frame_size);
510
511 if (status != __packet_get_status(po, h.raw))
512 return NULL;
513
514 return h.raw;
515 }
516
517 static void *packet_current_frame(struct packet_sock *po,
518 struct packet_ring_buffer *rb,
519 int status)
520 {
521 return packet_lookup_frame(po, rb, rb->head, status);
522 }
523
524 static void prb_del_retire_blk_timer(struct tpacket_kbdq_core *pkc)
525 {
526 del_timer_sync(&pkc->retire_blk_timer);
527 }
528
529 static void prb_shutdown_retire_blk_timer(struct packet_sock *po,
530 struct sk_buff_head *rb_queue)
531 {
532 struct tpacket_kbdq_core *pkc;
533
534 pkc = GET_PBDQC_FROM_RB(&po->rx_ring);
535
536 spin_lock_bh(&rb_queue->lock);
537 pkc->delete_blk_timer = 1;
538 spin_unlock_bh(&rb_queue->lock);
539
540 prb_del_retire_blk_timer(pkc);
541 }
542
543 static void prb_init_blk_timer(struct packet_sock *po,
544 struct tpacket_kbdq_core *pkc,
545 void (*func) (unsigned long))
546 {
547 init_timer(&pkc->retire_blk_timer);
548 pkc->retire_blk_timer.data = (long)po;
549 pkc->retire_blk_timer.function = func;
550 pkc->retire_blk_timer.expires = jiffies;
551 }
552
553 static void prb_setup_retire_blk_timer(struct packet_sock *po)
554 {
555 struct tpacket_kbdq_core *pkc;
556
557 pkc = GET_PBDQC_FROM_RB(&po->rx_ring);
558 prb_init_blk_timer(po, pkc, prb_retire_rx_blk_timer_expired);
559 }
560
561 static int prb_calc_retire_blk_tmo(struct packet_sock *po,
562 int blk_size_in_bytes)
563 {
564 struct net_device *dev;
565 unsigned int mbits = 0, msec = 0, div = 0, tmo = 0;
566 struct ethtool_link_ksettings ecmd;
567 int err;
568
569 rtnl_lock();
570 dev = __dev_get_by_index(sock_net(&po->sk), po->ifindex);
571 if (unlikely(!dev)) {
572 rtnl_unlock();
573 return DEFAULT_PRB_RETIRE_TOV;
574 }
575 err = __ethtool_get_link_ksettings(dev, &ecmd);
576 rtnl_unlock();
577 if (!err) {
578 /*
579 * If the link speed is so slow you don't really
580 * need to worry about perf anyways
581 */
582 if (ecmd.base.speed < SPEED_1000 ||
583 ecmd.base.speed == SPEED_UNKNOWN) {
584 return DEFAULT_PRB_RETIRE_TOV;
585 } else {
586 msec = 1;
587 div = ecmd.base.speed / 1000;
588 }
589 }
590
591 mbits = (blk_size_in_bytes * 8) / (1024 * 1024);
592
593 if (div)
594 mbits /= div;
595
596 tmo = mbits * msec;
597
598 if (div)
599 return tmo+1;
600 return tmo;
601 }
602
603 static void prb_init_ft_ops(struct tpacket_kbdq_core *p1,
604 union tpacket_req_u *req_u)
605 {
606 p1->feature_req_word = req_u->req3.tp_feature_req_word;
607 }
608
609 static void init_prb_bdqc(struct packet_sock *po,
610 struct packet_ring_buffer *rb,
611 struct pgv *pg_vec,
612 union tpacket_req_u *req_u)
613 {
614 struct tpacket_kbdq_core *p1 = GET_PBDQC_FROM_RB(rb);
615 struct tpacket_block_desc *pbd;
616
617 memset(p1, 0x0, sizeof(*p1));
618
619 p1->knxt_seq_num = 1;
620 p1->pkbdq = pg_vec;
621 pbd = (struct tpacket_block_desc *)pg_vec[0].buffer;
622 p1->pkblk_start = pg_vec[0].buffer;
623 p1->kblk_size = req_u->req3.tp_block_size;
624 p1->knum_blocks = req_u->req3.tp_block_nr;
625 p1->hdrlen = po->tp_hdrlen;
626 p1->version = po->tp_version;
627 p1->last_kactive_blk_num = 0;
628 po->stats.stats3.tp_freeze_q_cnt = 0;
629 if (req_u->req3.tp_retire_blk_tov)
630 p1->retire_blk_tov = req_u->req3.tp_retire_blk_tov;
631 else
632 p1->retire_blk_tov = prb_calc_retire_blk_tmo(po,
633 req_u->req3.tp_block_size);
634 p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov);
635 p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv;
636
637 p1->max_frame_len = p1->kblk_size - BLK_PLUS_PRIV(p1->blk_sizeof_priv);
638 prb_init_ft_ops(p1, req_u);
639 prb_setup_retire_blk_timer(po);
640 prb_open_block(p1, pbd);
641 }
642
643 /* Do NOT update the last_blk_num first.
644 * Assumes sk_buff_head lock is held.
645 */
646 static void _prb_refresh_rx_retire_blk_timer(struct tpacket_kbdq_core *pkc)
647 {
648 mod_timer(&pkc->retire_blk_timer,
649 jiffies + pkc->tov_in_jiffies);
650 pkc->last_kactive_blk_num = pkc->kactive_blk_num;
651 }
652
653 /*
654 * Timer logic:
655 * 1) We refresh the timer only when we open a block.
656 * By doing this we don't waste cycles refreshing the timer
657 * on packet-by-packet basis.
658 *
659 * With a 1MB block-size, on a 1Gbps line, it will take
660 * i) ~8 ms to fill a block + ii) memcpy etc.
661 * In this cut we are not accounting for the memcpy time.
662 *
663 * So, if the user sets the 'tmo' to 10ms then the timer
664 * will never fire while the block is still getting filled
665 * (which is what we want). However, the user could choose
666 * to close a block early and that's fine.
667 *
668 * But when the timer does fire, we check whether or not to refresh it.
669 * Since the tmo granularity is in msecs, it is not too expensive
670 * to refresh the timer, lets say every '8' msecs.
671 * Either the user can set the 'tmo' or we can derive it based on
672 * a) line-speed and b) block-size.
673 * prb_calc_retire_blk_tmo() calculates the tmo.
674 *
675 */
676 static void prb_retire_rx_blk_timer_expired(unsigned long data)
677 {
678 struct packet_sock *po = (struct packet_sock *)data;
679 struct tpacket_kbdq_core *pkc = GET_PBDQC_FROM_RB(&po->rx_ring);
680 unsigned int frozen;
681 struct tpacket_block_desc *pbd;
682
683 spin_lock(&po->sk.sk_receive_queue.lock);
684
685 frozen = prb_queue_frozen(pkc);
686 pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
687
688 if (unlikely(pkc->delete_blk_timer))
689 goto out;
690
691 /* We only need to plug the race when the block is partially filled.
692 * tpacket_rcv:
693 * lock(); increment BLOCK_NUM_PKTS; unlock()
694 * copy_bits() is in progress ...
695 * timer fires on other cpu:
696 * we can't retire the current block because copy_bits
697 * is in progress.
698 *
699 */
700 if (BLOCK_NUM_PKTS(pbd)) {
701 while (atomic_read(&pkc->blk_fill_in_prog)) {
702 /* Waiting for skb_copy_bits to finish... */
703 cpu_relax();
704 }
705 }
706
707 if (pkc->last_kactive_blk_num == pkc->kactive_blk_num) {
708 if (!frozen) {
709 if (!BLOCK_NUM_PKTS(pbd)) {
710 /* An empty block. Just refresh the timer. */
711 goto refresh_timer;
712 }
713 prb_retire_current_block(pkc, po, TP_STATUS_BLK_TMO);
714 if (!prb_dispatch_next_block(pkc, po))
715 goto refresh_timer;
716 else
717 goto out;
718 } else {
719 /* Case 1. Queue was frozen because user-space was
720 * lagging behind.
721 */
722 if (prb_curr_blk_in_use(pbd)) {
723 /*
724 * Ok, user-space is still behind.
725 * So just refresh the timer.
726 */
727 goto refresh_timer;
728 } else {
729 /* Case 2. queue was frozen,user-space caught up,
730 * now the link went idle && the timer fired.
731 * We don't have a block to close.So we open this
732 * block and restart the timer.
733 * opening a block thaws the queue,restarts timer
734 * Thawing/timer-refresh is a side effect.
735 */
736 prb_open_block(pkc, pbd);
737 goto out;
738 }
739 }
740 }
741
742 refresh_timer:
743 _prb_refresh_rx_retire_blk_timer(pkc);
744
745 out:
746 spin_unlock(&po->sk.sk_receive_queue.lock);
747 }
748
749 static void prb_flush_block(struct tpacket_kbdq_core *pkc1,
750 struct tpacket_block_desc *pbd1, __u32 status)
751 {
752 /* Flush everything minus the block header */
753
754 #if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE == 1
755 u8 *start, *end;
756
757 start = (u8 *)pbd1;
758
759 /* Skip the block header(we know header WILL fit in 4K) */
760 start += PAGE_SIZE;
761
762 end = (u8 *)PAGE_ALIGN((unsigned long)pkc1->pkblk_end);
763 for (; start < end; start += PAGE_SIZE)
764 flush_dcache_page(pgv_to_page(start));
765
766 smp_wmb();
767 #endif
768
769 /* Now update the block status. */
770
771 BLOCK_STATUS(pbd1) = status;
772
773 /* Flush the block header */
774
775 #if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE == 1
776 start = (u8 *)pbd1;
777 flush_dcache_page(pgv_to_page(start));
778
779 smp_wmb();
780 #endif
781 }
782
783 /*
784 * Side effect:
785 *
786 * 1) flush the block
787 * 2) Increment active_blk_num
788 *
789 * Note:We DONT refresh the timer on purpose.
790 * Because almost always the next block will be opened.
791 */
792 static void prb_close_block(struct tpacket_kbdq_core *pkc1,
793 struct tpacket_block_desc *pbd1,
794 struct packet_sock *po, unsigned int stat)
795 {
796 __u32 status = TP_STATUS_USER | stat;
797
798 struct tpacket3_hdr *last_pkt;
799 struct tpacket_hdr_v1 *h1 = &pbd1->hdr.bh1;
800 struct sock *sk = &po->sk;
801
802 if (po->stats.stats3.tp_drops)
803 status |= TP_STATUS_LOSING;
804
805 last_pkt = (struct tpacket3_hdr *)pkc1->prev;
806 last_pkt->tp_next_offset = 0;
807
808 /* Get the ts of the last pkt */
809 if (BLOCK_NUM_PKTS(pbd1)) {
810 h1->ts_last_pkt.ts_sec = last_pkt->tp_sec;
811 h1->ts_last_pkt.ts_nsec = last_pkt->tp_nsec;
812 } else {
813 /* Ok, we tmo'd - so get the current time.
814 *
815 * It shouldn't really happen as we don't close empty
816 * blocks. See prb_retire_rx_blk_timer_expired().
817 */
818 struct timespec ts;
819 getnstimeofday(&ts);
820 h1->ts_last_pkt.ts_sec = ts.tv_sec;
821 h1->ts_last_pkt.ts_nsec = ts.tv_nsec;
822 }
823
824 smp_wmb();
825
826 /* Flush the block */
827 prb_flush_block(pkc1, pbd1, status);
828
829 sk->sk_data_ready(sk);
830
831 pkc1->kactive_blk_num = GET_NEXT_PRB_BLK_NUM(pkc1);
832 }
833
834 static void prb_thaw_queue(struct tpacket_kbdq_core *pkc)
835 {
836 pkc->reset_pending_on_curr_blk = 0;
837 }
838
839 /*
840 * Side effect of opening a block:
841 *
842 * 1) prb_queue is thawed.
843 * 2) retire_blk_timer is refreshed.
844 *
845 */
846 static void prb_open_block(struct tpacket_kbdq_core *pkc1,
847 struct tpacket_block_desc *pbd1)
848 {
849 struct timespec ts;
850 struct tpacket_hdr_v1 *h1 = &pbd1->hdr.bh1;
851
852 smp_rmb();
853
854 /* We could have just memset this but we will lose the
855 * flexibility of making the priv area sticky
856 */
857
858 BLOCK_SNUM(pbd1) = pkc1->knxt_seq_num++;
859 BLOCK_NUM_PKTS(pbd1) = 0;
860 BLOCK_LEN(pbd1) = BLK_PLUS_PRIV(pkc1->blk_sizeof_priv);
861
862 getnstimeofday(&ts);
863
864 h1->ts_first_pkt.ts_sec = ts.tv_sec;
865 h1->ts_first_pkt.ts_nsec = ts.tv_nsec;
866
867 pkc1->pkblk_start = (char *)pbd1;
868 pkc1->nxt_offset = pkc1->pkblk_start + BLK_PLUS_PRIV(pkc1->blk_sizeof_priv);
869
870 BLOCK_O2FP(pbd1) = (__u32)BLK_PLUS_PRIV(pkc1->blk_sizeof_priv);
871 BLOCK_O2PRIV(pbd1) = BLK_HDR_LEN;
872
873 pbd1->version = pkc1->version;
874 pkc1->prev = pkc1->nxt_offset;
875 pkc1->pkblk_end = pkc1->pkblk_start + pkc1->kblk_size;
876
877 prb_thaw_queue(pkc1);
878 _prb_refresh_rx_retire_blk_timer(pkc1);
879
880 smp_wmb();
881 }
882
883 /*
884 * Queue freeze logic:
885 * 1) Assume tp_block_nr = 8 blocks.
886 * 2) At time 't0', user opens Rx ring.
887 * 3) Some time past 't0', kernel starts filling blocks starting from 0 .. 7
888 * 4) user-space is either sleeping or processing block '0'.
889 * 5) tpacket_rcv is currently filling block '7', since there is no space left,
890 * it will close block-7,loop around and try to fill block '0'.
891 * call-flow:
892 * __packet_lookup_frame_in_block
893 * prb_retire_current_block()
894 * prb_dispatch_next_block()
895 * |->(BLOCK_STATUS == USER) evaluates to true
896 * 5.1) Since block-0 is currently in-use, we just freeze the queue.
897 * 6) Now there are two cases:
898 * 6.1) Link goes idle right after the queue is frozen.
899 * But remember, the last open_block() refreshed the timer.
900 * When this timer expires,it will refresh itself so that we can
901 * re-open block-0 in near future.
902 * 6.2) Link is busy and keeps on receiving packets. This is a simple
903 * case and __packet_lookup_frame_in_block will check if block-0
904 * is free and can now be re-used.
905 */
906 static void prb_freeze_queue(struct tpacket_kbdq_core *pkc,
907 struct packet_sock *po)
908 {
909 pkc->reset_pending_on_curr_blk = 1;
910 po->stats.stats3.tp_freeze_q_cnt++;
911 }
912
913 #define TOTAL_PKT_LEN_INCL_ALIGN(length) (ALIGN((length), V3_ALIGNMENT))
914
915 /*
916 * If the next block is free then we will dispatch it
917 * and return a good offset.
918 * Else, we will freeze the queue.
919 * So, caller must check the return value.
920 */
921 static void *prb_dispatch_next_block(struct tpacket_kbdq_core *pkc,
922 struct packet_sock *po)
923 {
924 struct tpacket_block_desc *pbd;
925
926 smp_rmb();
927
928 /* 1. Get current block num */
929 pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
930
931 /* 2. If this block is currently in_use then freeze the queue */
932 if (TP_STATUS_USER & BLOCK_STATUS(pbd)) {
933 prb_freeze_queue(pkc, po);
934 return NULL;
935 }
936
937 /*
938 * 3.
939 * open this block and return the offset where the first packet
940 * needs to get stored.
941 */
942 prb_open_block(pkc, pbd);
943 return (void *)pkc->nxt_offset;
944 }
945
946 static void prb_retire_current_block(struct tpacket_kbdq_core *pkc,
947 struct packet_sock *po, unsigned int status)
948 {
949 struct tpacket_block_desc *pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
950
951 /* retire/close the current block */
952 if (likely(TP_STATUS_KERNEL == BLOCK_STATUS(pbd))) {
953 /*
954 * Plug the case where copy_bits() is in progress on
955 * cpu-0 and tpacket_rcv() got invoked on cpu-1, didn't
956 * have space to copy the pkt in the current block and
957 * called prb_retire_current_block()
958 *
959 * We don't need to worry about the TMO case because
960 * the timer-handler already handled this case.
961 */
962 if (!(status & TP_STATUS_BLK_TMO)) {
963 while (atomic_read(&pkc->blk_fill_in_prog)) {
964 /* Waiting for skb_copy_bits to finish... */
965 cpu_relax();
966 }
967 }
968 prb_close_block(pkc, pbd, po, status);
969 return;
970 }
971 }
972
973 static int prb_curr_blk_in_use(struct tpacket_block_desc *pbd)
974 {
975 return TP_STATUS_USER & BLOCK_STATUS(pbd);
976 }
977
978 static int prb_queue_frozen(struct tpacket_kbdq_core *pkc)
979 {
980 return pkc->reset_pending_on_curr_blk;
981 }
982
983 static void prb_clear_blk_fill_status(struct packet_ring_buffer *rb)
984 {
985 struct tpacket_kbdq_core *pkc = GET_PBDQC_FROM_RB(rb);
986 atomic_dec(&pkc->blk_fill_in_prog);
987 }
988
989 static void prb_fill_rxhash(struct tpacket_kbdq_core *pkc,
990 struct tpacket3_hdr *ppd)
991 {
992 ppd->hv1.tp_rxhash = skb_get_hash(pkc->skb);
993 }
994
995 static void prb_clear_rxhash(struct tpacket_kbdq_core *pkc,
996 struct tpacket3_hdr *ppd)
997 {
998 ppd->hv1.tp_rxhash = 0;
999 }
1000
1001 static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc,
1002 struct tpacket3_hdr *ppd)
1003 {
1004 if (skb_vlan_tag_present(pkc->skb)) {
1005 ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb);
1006 ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto);
1007 ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID;
1008 } else {
1009 ppd->hv1.tp_vlan_tci = 0;
1010 ppd->hv1.tp_vlan_tpid = 0;
1011 ppd->tp_status = TP_STATUS_AVAILABLE;
1012 }
1013 }
1014
1015 static void prb_run_all_ft_ops(struct tpacket_kbdq_core *pkc,
1016 struct tpacket3_hdr *ppd)
1017 {
1018 ppd->hv1.tp_padding = 0;
1019 prb_fill_vlan_info(pkc, ppd);
1020
1021 if (pkc->feature_req_word & TP_FT_REQ_FILL_RXHASH)
1022 prb_fill_rxhash(pkc, ppd);
1023 else
1024 prb_clear_rxhash(pkc, ppd);
1025 }
1026
1027 static void prb_fill_curr_block(char *curr,
1028 struct tpacket_kbdq_core *pkc,
1029 struct tpacket_block_desc *pbd,
1030 unsigned int len)
1031 {
1032 struct tpacket3_hdr *ppd;
1033
1034 ppd = (struct tpacket3_hdr *)curr;
1035 ppd->tp_next_offset = TOTAL_PKT_LEN_INCL_ALIGN(len);
1036 pkc->prev = curr;
1037 pkc->nxt_offset += TOTAL_PKT_LEN_INCL_ALIGN(len);
1038 BLOCK_LEN(pbd) += TOTAL_PKT_LEN_INCL_ALIGN(len);
1039 BLOCK_NUM_PKTS(pbd) += 1;
1040 atomic_inc(&pkc->blk_fill_in_prog);
1041 prb_run_all_ft_ops(pkc, ppd);
1042 }
1043
1044 /* Assumes caller has the sk->rx_queue.lock */
1045 static void *__packet_lookup_frame_in_block(struct packet_sock *po,
1046 struct sk_buff *skb,
1047 int status,
1048 unsigned int len
1049 )
1050 {
1051 struct tpacket_kbdq_core *pkc;
1052 struct tpacket_block_desc *pbd;
1053 char *curr, *end;
1054
1055 pkc = GET_PBDQC_FROM_RB(&po->rx_ring);
1056 pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
1057
1058 /* Queue is frozen when user space is lagging behind */
1059 if (prb_queue_frozen(pkc)) {
1060 /*
1061 * Check if that last block which caused the queue to freeze,
1062 * is still in_use by user-space.
1063 */
1064 if (prb_curr_blk_in_use(pbd)) {
1065 /* Can't record this packet */
1066 return NULL;
1067 } else {
1068 /*
1069 * Ok, the block was released by user-space.
1070 * Now let's open that block.
1071 * opening a block also thaws the queue.
1072 * Thawing is a side effect.
1073 */
1074 prb_open_block(pkc, pbd);
1075 }
1076 }
1077
1078 smp_mb();
1079 curr = pkc->nxt_offset;
1080 pkc->skb = skb;
1081 end = (char *)pbd + pkc->kblk_size;
1082
1083 /* first try the current block */
1084 if (curr+TOTAL_PKT_LEN_INCL_ALIGN(len) < end) {
1085 prb_fill_curr_block(curr, pkc, pbd, len);
1086 return (void *)curr;
1087 }
1088
1089 /* Ok, close the current block */
1090 prb_retire_current_block(pkc, po, 0);
1091
1092 /* Now, try to dispatch the next block */
1093 curr = (char *)prb_dispatch_next_block(pkc, po);
1094 if (curr) {
1095 pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
1096 prb_fill_curr_block(curr, pkc, pbd, len);
1097 return (void *)curr;
1098 }
1099
1100 /*
1101 * No free blocks are available.user_space hasn't caught up yet.
1102 * Queue was just frozen and now this packet will get dropped.
1103 */
1104 return NULL;
1105 }
1106
1107 static void *packet_current_rx_frame(struct packet_sock *po,
1108 struct sk_buff *skb,
1109 int status, unsigned int len)
1110 {
1111 char *curr = NULL;
1112 switch (po->tp_version) {
1113 case TPACKET_V1:
1114 case TPACKET_V2:
1115 curr = packet_lookup_frame(po, &po->rx_ring,
1116 po->rx_ring.head, status);
1117 return curr;
1118 case TPACKET_V3:
1119 return __packet_lookup_frame_in_block(po, skb, status, len);
1120 default:
1121 WARN(1, "TPACKET version not supported\n");
1122 BUG();
1123 return NULL;
1124 }
1125 }
1126
1127 static void *prb_lookup_block(struct packet_sock *po,
1128 struct packet_ring_buffer *rb,
1129 unsigned int idx,
1130 int status)
1131 {
1132 struct tpacket_kbdq_core *pkc = GET_PBDQC_FROM_RB(rb);
1133 struct tpacket_block_desc *pbd = GET_PBLOCK_DESC(pkc, idx);
1134
1135 if (status != BLOCK_STATUS(pbd))
1136 return NULL;
1137 return pbd;
1138 }
1139
1140 static int prb_previous_blk_num(struct packet_ring_buffer *rb)
1141 {
1142 unsigned int prev;
1143 if (rb->prb_bdqc.kactive_blk_num)
1144 prev = rb->prb_bdqc.kactive_blk_num-1;
1145 else
1146 prev = rb->prb_bdqc.knum_blocks-1;
1147 return prev;
1148 }
1149
1150 /* Assumes caller has held the rx_queue.lock */
1151 static void *__prb_previous_block(struct packet_sock *po,
1152 struct packet_ring_buffer *rb,
1153 int status)
1154 {
1155 unsigned int previous = prb_previous_blk_num(rb);
1156 return prb_lookup_block(po, rb, previous, status);
1157 }
1158
1159 static void *packet_previous_rx_frame(struct packet_sock *po,
1160 struct packet_ring_buffer *rb,
1161 int status)
1162 {
1163 if (po->tp_version <= TPACKET_V2)
1164 return packet_previous_frame(po, rb, status);
1165
1166 return __prb_previous_block(po, rb, status);
1167 }
1168
1169 static void packet_increment_rx_head(struct packet_sock *po,
1170 struct packet_ring_buffer *rb)
1171 {
1172 switch (po->tp_version) {
1173 case TPACKET_V1:
1174 case TPACKET_V2:
1175 return packet_increment_head(rb);
1176 case TPACKET_V3:
1177 default:
1178 WARN(1, "TPACKET version not supported.\n");
1179 BUG();
1180 return;
1181 }
1182 }
1183
1184 static void *packet_previous_frame(struct packet_sock *po,
1185 struct packet_ring_buffer *rb,
1186 int status)
1187 {
1188 unsigned int previous = rb->head ? rb->head - 1 : rb->frame_max;
1189 return packet_lookup_frame(po, rb, previous, status);
1190 }
1191
1192 static void packet_increment_head(struct packet_ring_buffer *buff)
1193 {
1194 buff->head = buff->head != buff->frame_max ? buff->head+1 : 0;
1195 }
1196
1197 static void packet_inc_pending(struct packet_ring_buffer *rb)
1198 {
1199 this_cpu_inc(*rb->pending_refcnt);
1200 }
1201
1202 static void packet_dec_pending(struct packet_ring_buffer *rb)
1203 {
1204 this_cpu_dec(*rb->pending_refcnt);
1205 }
1206
1207 static unsigned int packet_read_pending(const struct packet_ring_buffer *rb)
1208 {
1209 unsigned int refcnt = 0;
1210 int cpu;
1211
1212 /* We don't use pending refcount in rx_ring. */
1213 if (rb->pending_refcnt == NULL)
1214 return 0;
1215
1216 for_each_possible_cpu(cpu)
1217 refcnt += *per_cpu_ptr(rb->pending_refcnt, cpu);
1218
1219 return refcnt;
1220 }
1221
1222 static int packet_alloc_pending(struct packet_sock *po)
1223 {
1224 po->rx_ring.pending_refcnt = NULL;
1225
1226 po->tx_ring.pending_refcnt = alloc_percpu(unsigned int);
1227 if (unlikely(po->tx_ring.pending_refcnt == NULL))
1228 return -ENOBUFS;
1229
1230 return 0;
1231 }
1232
1233 static void packet_free_pending(struct packet_sock *po)
1234 {
1235 free_percpu(po->tx_ring.pending_refcnt);
1236 }
1237
1238 #define ROOM_POW_OFF 2
1239 #define ROOM_NONE 0x0
1240 #define ROOM_LOW 0x1
1241 #define ROOM_NORMAL 0x2
1242
1243 static bool __tpacket_has_room(struct packet_sock *po, int pow_off)
1244 {
1245 int idx, len;
1246
1247 len = po->rx_ring.frame_max + 1;
1248 idx = po->rx_ring.head;
1249 if (pow_off)
1250 idx += len >> pow_off;
1251 if (idx >= len)
1252 idx -= len;
1253 return packet_lookup_frame(po, &po->rx_ring, idx, TP_STATUS_KERNEL);
1254 }
1255
1256 static bool __tpacket_v3_has_room(struct packet_sock *po, int pow_off)
1257 {
1258 int idx, len;
1259
1260 len = po->rx_ring.prb_bdqc.knum_blocks;
1261 idx = po->rx_ring.prb_bdqc.kactive_blk_num;
1262 if (pow_off)
1263 idx += len >> pow_off;
1264 if (idx >= len)
1265 idx -= len;
1266 return prb_lookup_block(po, &po->rx_ring, idx, TP_STATUS_KERNEL);
1267 }
1268
1269 static int __packet_rcv_has_room(struct packet_sock *po, struct sk_buff *skb)
1270 {
1271 struct sock *sk = &po->sk;
1272 int ret = ROOM_NONE;
1273
1274 if (po->prot_hook.func != tpacket_rcv) {
1275 int avail = sk->sk_rcvbuf - atomic_read(&sk->sk_rmem_alloc)
1276 - (skb ? skb->truesize : 0);
1277 if (avail > (sk->sk_rcvbuf >> ROOM_POW_OFF))
1278 return ROOM_NORMAL;
1279 else if (avail > 0)
1280 return ROOM_LOW;
1281 else
1282 return ROOM_NONE;
1283 }
1284
1285 if (po->tp_version == TPACKET_V3) {
1286 if (__tpacket_v3_has_room(po, ROOM_POW_OFF))
1287 ret = ROOM_NORMAL;
1288 else if (__tpacket_v3_has_room(po, 0))
1289 ret = ROOM_LOW;
1290 } else {
1291 if (__tpacket_has_room(po, ROOM_POW_OFF))
1292 ret = ROOM_NORMAL;
1293 else if (__tpacket_has_room(po, 0))
1294 ret = ROOM_LOW;
1295 }
1296
1297 return ret;
1298 }
1299
1300 static int packet_rcv_has_room(struct packet_sock *po, struct sk_buff *skb)
1301 {
1302 int ret;
1303 bool has_room;
1304
1305 spin_lock_bh(&po->sk.sk_receive_queue.lock);
1306 ret = __packet_rcv_has_room(po, skb);
1307 has_room = ret == ROOM_NORMAL;
1308 if (po->pressure == has_room)
1309 po->pressure = !has_room;
1310 spin_unlock_bh(&po->sk.sk_receive_queue.lock);
1311
1312 return ret;
1313 }
1314
1315 static void packet_sock_destruct(struct sock *sk)
1316 {
1317 skb_queue_purge(&sk->sk_error_queue);
1318
1319 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
1320 WARN_ON(refcount_read(&sk->sk_wmem_alloc));
1321
1322 if (!sock_flag(sk, SOCK_DEAD)) {
1323 pr_err("Attempt to release alive packet socket: %p\n", sk);
1324 return;
1325 }
1326
1327 sk_refcnt_debug_dec(sk);
1328 }
1329
1330 static bool fanout_flow_is_huge(struct packet_sock *po, struct sk_buff *skb)
1331 {
1332 u32 rxhash;
1333 int i, count = 0;
1334
1335 rxhash = skb_get_hash(skb);
1336 for (i = 0; i < ROLLOVER_HLEN; i++)
1337 if (po->rollover->history[i] == rxhash)
1338 count++;
1339
1340 po->rollover->history[prandom_u32() % ROLLOVER_HLEN] = rxhash;
1341 return count > (ROLLOVER_HLEN >> 1);
1342 }
1343
1344 static unsigned int fanout_demux_hash(struct packet_fanout *f,
1345 struct sk_buff *skb,
1346 unsigned int num)
1347 {
1348 return reciprocal_scale(__skb_get_hash_symmetric(skb), num);
1349 }
1350
1351 static unsigned int fanout_demux_lb(struct packet_fanout *f,
1352 struct sk_buff *skb,
1353 unsigned int num)
1354 {
1355 unsigned int val = atomic_inc_return(&f->rr_cur);
1356
1357 return val % num;
1358 }
1359
1360 static unsigned int fanout_demux_cpu(struct packet_fanout *f,
1361 struct sk_buff *skb,
1362 unsigned int num)
1363 {
1364 return smp_processor_id() % num;
1365 }
1366
1367 static unsigned int fanout_demux_rnd(struct packet_fanout *f,
1368 struct sk_buff *skb,
1369 unsigned int num)
1370 {
1371 return prandom_u32_max(num);
1372 }
1373
1374 static unsigned int fanout_demux_rollover(struct packet_fanout *f,
1375 struct sk_buff *skb,
1376 unsigned int idx, bool try_self,
1377 unsigned int num)
1378 {
1379 struct packet_sock *po, *po_next, *po_skip = NULL;
1380 unsigned int i, j, room = ROOM_NONE;
1381
1382 po = pkt_sk(f->arr[idx]);
1383
1384 if (try_self) {
1385 room = packet_rcv_has_room(po, skb);
1386 if (room == ROOM_NORMAL ||
1387 (room == ROOM_LOW && !fanout_flow_is_huge(po, skb)))
1388 return idx;
1389 po_skip = po;
1390 }
1391
1392 i = j = min_t(int, po->rollover->sock, num - 1);
1393 do {
1394 po_next = pkt_sk(f->arr[i]);
1395 if (po_next != po_skip && !po_next->pressure &&
1396 packet_rcv_has_room(po_next, skb) == ROOM_NORMAL) {
1397 if (i != j)
1398 po->rollover->sock = i;
1399 atomic_long_inc(&po->rollover->num);
1400 if (room == ROOM_LOW)
1401 atomic_long_inc(&po->rollover->num_huge);
1402 return i;
1403 }
1404
1405 if (++i == num)
1406 i = 0;
1407 } while (i != j);
1408
1409 atomic_long_inc(&po->rollover->num_failed);
1410 return idx;
1411 }
1412
1413 static unsigned int fanout_demux_qm(struct packet_fanout *f,
1414 struct sk_buff *skb,
1415 unsigned int num)
1416 {
1417 return skb_get_queue_mapping(skb) % num;
1418 }
1419
1420 static unsigned int fanout_demux_bpf(struct packet_fanout *f,
1421 struct sk_buff *skb,
1422 unsigned int num)
1423 {
1424 struct bpf_prog *prog;
1425 unsigned int ret = 0;
1426
1427 rcu_read_lock();
1428 prog = rcu_dereference(f->bpf_prog);
1429 if (prog)
1430 ret = bpf_prog_run_clear_cb(prog, skb) % num;
1431 rcu_read_unlock();
1432
1433 return ret;
1434 }
1435
1436 static bool fanout_has_flag(struct packet_fanout *f, u16 flag)
1437 {
1438 return f->flags & (flag >> 8);
1439 }
1440
1441 static int packet_rcv_fanout(struct sk_buff *skb, struct net_device *dev,
1442 struct packet_type *pt, struct net_device *orig_dev)
1443 {
1444 struct packet_fanout *f = pt->af_packet_priv;
1445 unsigned int num = READ_ONCE(f->num_members);
1446 struct net *net = read_pnet(&f->net);
1447 struct packet_sock *po;
1448 unsigned int idx;
1449
1450 if (!net_eq(dev_net(dev), net) || !num) {
1451 kfree_skb(skb);
1452 return 0;
1453 }
1454
1455 if (fanout_has_flag(f, PACKET_FANOUT_FLAG_DEFRAG)) {
1456 skb = ip_check_defrag(net, skb, IP_DEFRAG_AF_PACKET);
1457 if (!skb)
1458 return 0;
1459 }
1460 switch (f->type) {
1461 case PACKET_FANOUT_HASH:
1462 default:
1463 idx = fanout_demux_hash(f, skb, num);
1464 break;
1465 case PACKET_FANOUT_LB:
1466 idx = fanout_demux_lb(f, skb, num);
1467 break;
1468 case PACKET_FANOUT_CPU:
1469 idx = fanout_demux_cpu(f, skb, num);
1470 break;
1471 case PACKET_FANOUT_RND:
1472 idx = fanout_demux_rnd(f, skb, num);
1473 break;
1474 case PACKET_FANOUT_QM:
1475 idx = fanout_demux_qm(f, skb, num);
1476 break;
1477 case PACKET_FANOUT_ROLLOVER:
1478 idx = fanout_demux_rollover(f, skb, 0, false, num);
1479 break;
1480 case PACKET_FANOUT_CBPF:
1481 case PACKET_FANOUT_EBPF:
1482 idx = fanout_demux_bpf(f, skb, num);
1483 break;
1484 }
1485
1486 if (fanout_has_flag(f, PACKET_FANOUT_FLAG_ROLLOVER))
1487 idx = fanout_demux_rollover(f, skb, idx, true, num);
1488
1489 po = pkt_sk(f->arr[idx]);
1490 return po->prot_hook.func(skb, dev, &po->prot_hook, orig_dev);
1491 }
1492
1493 DEFINE_MUTEX(fanout_mutex);
1494 EXPORT_SYMBOL_GPL(fanout_mutex);
1495 static LIST_HEAD(fanout_list);
1496 static u16 fanout_next_id;
1497
1498 static void __fanout_link(struct sock *sk, struct packet_sock *po)
1499 {
1500 struct packet_fanout *f = po->fanout;
1501
1502 spin_lock(&f->lock);
1503 f->arr[f->num_members] = sk;
1504 smp_wmb();
1505 f->num_members++;
1506 if (f->num_members == 1)
1507 dev_add_pack(&f->prot_hook);
1508 spin_unlock(&f->lock);
1509 }
1510
1511 static void __fanout_unlink(struct sock *sk, struct packet_sock *po)
1512 {
1513 struct packet_fanout *f = po->fanout;
1514 int i;
1515
1516 spin_lock(&f->lock);
1517 for (i = 0; i < f->num_members; i++) {
1518 if (f->arr[i] == sk)
1519 break;
1520 }
1521 BUG_ON(i >= f->num_members);
1522 f->arr[i] = f->arr[f->num_members - 1];
1523 f->num_members--;
1524 if (f->num_members == 0)
1525 __dev_remove_pack(&f->prot_hook);
1526 spin_unlock(&f->lock);
1527 }
1528
1529 static bool match_fanout_group(struct packet_type *ptype, struct sock *sk)
1530 {
1531 if (sk->sk_family != PF_PACKET)
1532 return false;
1533
1534 return ptype->af_packet_priv == pkt_sk(sk)->fanout;
1535 }
1536
1537 static void fanout_init_data(struct packet_fanout *f)
1538 {
1539 switch (f->type) {
1540 case PACKET_FANOUT_LB:
1541 atomic_set(&f->rr_cur, 0);
1542 break;
1543 case PACKET_FANOUT_CBPF:
1544 case PACKET_FANOUT_EBPF:
1545 RCU_INIT_POINTER(f->bpf_prog, NULL);
1546 break;
1547 }
1548 }
1549
1550 static void __fanout_set_data_bpf(struct packet_fanout *f, struct bpf_prog *new)
1551 {
1552 struct bpf_prog *old;
1553
1554 spin_lock(&f->lock);
1555 old = rcu_dereference_protected(f->bpf_prog, lockdep_is_held(&f->lock));
1556 rcu_assign_pointer(f->bpf_prog, new);
1557 spin_unlock(&f->lock);
1558
1559 if (old) {
1560 synchronize_net();
1561 bpf_prog_destroy(old);
1562 }
1563 }
1564
1565 static int fanout_set_data_cbpf(struct packet_sock *po, char __user *data,
1566 unsigned int len)
1567 {
1568 struct bpf_prog *new;
1569 struct sock_fprog fprog;
1570 int ret;
1571
1572 if (sock_flag(&po->sk, SOCK_FILTER_LOCKED))
1573 return -EPERM;
1574 if (len != sizeof(fprog))
1575 return -EINVAL;
1576 if (copy_from_user(&fprog, data, len))
1577 return -EFAULT;
1578
1579 ret = bpf_prog_create_from_user(&new, &fprog, NULL, false);
1580 if (ret)
1581 return ret;
1582
1583 __fanout_set_data_bpf(po->fanout, new);
1584 return 0;
1585 }
1586
1587 static int fanout_set_data_ebpf(struct packet_sock *po, char __user *data,
1588 unsigned int len)
1589 {
1590 struct bpf_prog *new;
1591 u32 fd;
1592
1593 if (sock_flag(&po->sk, SOCK_FILTER_LOCKED))
1594 return -EPERM;
1595 if (len != sizeof(fd))
1596 return -EINVAL;
1597 if (copy_from_user(&fd, data, len))
1598 return -EFAULT;
1599
1600 new = bpf_prog_get_type(fd, BPF_PROG_TYPE_SOCKET_FILTER);
1601 if (IS_ERR(new))
1602 return PTR_ERR(new);
1603
1604 __fanout_set_data_bpf(po->fanout, new);
1605 return 0;
1606 }
1607
1608 static int fanout_set_data(struct packet_sock *po, char __user *data,
1609 unsigned int len)
1610 {
1611 switch (po->fanout->type) {
1612 case PACKET_FANOUT_CBPF:
1613 return fanout_set_data_cbpf(po, data, len);
1614 case PACKET_FANOUT_EBPF:
1615 return fanout_set_data_ebpf(po, data, len);
1616 default:
1617 return -EINVAL;
1618 };
1619 }
1620
1621 static void fanout_release_data(struct packet_fanout *f)
1622 {
1623 switch (f->type) {
1624 case PACKET_FANOUT_CBPF:
1625 case PACKET_FANOUT_EBPF:
1626 __fanout_set_data_bpf(f, NULL);
1627 };
1628 }
1629
1630 static bool __fanout_id_is_free(struct sock *sk, u16 candidate_id)
1631 {
1632 struct packet_fanout *f;
1633
1634 list_for_each_entry(f, &fanout_list, list) {
1635 if (f->id == candidate_id &&
1636 read_pnet(&f->net) == sock_net(sk)) {
1637 return false;
1638 }
1639 }
1640 return true;
1641 }
1642
1643 static bool fanout_find_new_id(struct sock *sk, u16 *new_id)
1644 {
1645 u16 id = fanout_next_id;
1646
1647 do {
1648 if (__fanout_id_is_free(sk, id)) {
1649 *new_id = id;
1650 fanout_next_id = id + 1;
1651 return true;
1652 }
1653
1654 id++;
1655 } while (id != fanout_next_id);
1656
1657 return false;
1658 }
1659
1660 static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
1661 {
1662 struct packet_rollover *rollover = NULL;
1663 struct packet_sock *po = pkt_sk(sk);
1664 struct packet_fanout *f, *match;
1665 u8 type = type_flags & 0xff;
1666 u8 flags = type_flags >> 8;
1667 int err;
1668
1669 switch (type) {
1670 case PACKET_FANOUT_ROLLOVER:
1671 if (type_flags & PACKET_FANOUT_FLAG_ROLLOVER)
1672 return -EINVAL;
1673 case PACKET_FANOUT_HASH:
1674 case PACKET_FANOUT_LB:
1675 case PACKET_FANOUT_CPU:
1676 case PACKET_FANOUT_RND:
1677 case PACKET_FANOUT_QM:
1678 case PACKET_FANOUT_CBPF:
1679 case PACKET_FANOUT_EBPF:
1680 break;
1681 default:
1682 return -EINVAL;
1683 }
1684
1685 mutex_lock(&fanout_mutex);
1686
1687 err = -EALREADY;
1688 if (po->fanout)
1689 goto out;
1690
1691 if (type == PACKET_FANOUT_ROLLOVER ||
1692 (type_flags & PACKET_FANOUT_FLAG_ROLLOVER)) {
1693 err = -ENOMEM;
1694 rollover = kzalloc(sizeof(*rollover), GFP_KERNEL);
1695 if (!rollover)
1696 goto out;
1697 atomic_long_set(&rollover->num, 0);
1698 atomic_long_set(&rollover->num_huge, 0);
1699 atomic_long_set(&rollover->num_failed, 0);
1700 po->rollover = rollover;
1701 }
1702
1703 if (type_flags & PACKET_FANOUT_FLAG_UNIQUEID) {
1704 if (id != 0) {
1705 err = -EINVAL;
1706 goto out;
1707 }
1708 if (!fanout_find_new_id(sk, &id)) {
1709 err = -ENOMEM;
1710 goto out;
1711 }
1712 /* ephemeral flag for the first socket in the group: drop it */
1713 flags &= ~(PACKET_FANOUT_FLAG_UNIQUEID >> 8);
1714 }
1715
1716 match = NULL;
1717 list_for_each_entry(f, &fanout_list, list) {
1718 if (f->id == id &&
1719 read_pnet(&f->net) == sock_net(sk)) {
1720 match = f;
1721 break;
1722 }
1723 }
1724 err = -EINVAL;
1725 if (match && match->flags != flags)
1726 goto out;
1727 if (!match) {
1728 err = -ENOMEM;
1729 match = kzalloc(sizeof(*match), GFP_KERNEL);
1730 if (!match)
1731 goto out;
1732 write_pnet(&match->net, sock_net(sk));
1733 match->id = id;
1734 match->type = type;
1735 match->flags = flags;
1736 INIT_LIST_HEAD(&match->list);
1737 spin_lock_init(&match->lock);
1738 refcount_set(&match->sk_ref, 0);
1739 fanout_init_data(match);
1740 match->prot_hook.type = po->prot_hook.type;
1741 match->prot_hook.dev = po->prot_hook.dev;
1742 match->prot_hook.func = packet_rcv_fanout;
1743 match->prot_hook.af_packet_priv = match;
1744 match->prot_hook.id_match = match_fanout_group;
1745 list_add(&match->list, &fanout_list);
1746 }
1747 err = -EINVAL;
1748
1749 spin_lock(&po->bind_lock);
1750 if (po->running &&
1751 match->type == type &&
1752 match->prot_hook.type == po->prot_hook.type &&
1753 match->prot_hook.dev == po->prot_hook.dev) {
1754 err = -ENOSPC;
1755 if (refcount_read(&match->sk_ref) < PACKET_FANOUT_MAX) {
1756 __dev_remove_pack(&po->prot_hook);
1757 po->fanout = match;
1758 refcount_set(&match->sk_ref, refcount_read(&match->sk_ref) + 1);
1759 __fanout_link(sk, po);
1760 err = 0;
1761 }
1762 }
1763 spin_unlock(&po->bind_lock);
1764
1765 if (err && !refcount_read(&match->sk_ref)) {
1766 list_del(&match->list);
1767 kfree(match);
1768 }
1769
1770 out:
1771 if (err && rollover) {
1772 kfree_rcu(rollover, rcu);
1773 po->rollover = NULL;
1774 }
1775 mutex_unlock(&fanout_mutex);
1776 return err;
1777 }
1778
1779 /* If pkt_sk(sk)->fanout->sk_ref is zero, this function removes
1780 * pkt_sk(sk)->fanout from fanout_list and returns pkt_sk(sk)->fanout.
1781 * It is the responsibility of the caller to call fanout_release_data() and
1782 * free the returned packet_fanout (after synchronize_net())
1783 */
1784 static struct packet_fanout *fanout_release(struct sock *sk)
1785 {
1786 struct packet_sock *po = pkt_sk(sk);
1787 struct packet_fanout *f;
1788
1789 mutex_lock(&fanout_mutex);
1790 f = po->fanout;
1791 if (f) {
1792 po->fanout = NULL;
1793
1794 if (refcount_dec_and_test(&f->sk_ref))
1795 list_del(&f->list);
1796 else
1797 f = NULL;
1798
1799 if (po->rollover) {
1800 kfree_rcu(po->rollover, rcu);
1801 po->rollover = NULL;
1802 }
1803 }
1804 mutex_unlock(&fanout_mutex);
1805
1806 return f;
1807 }
1808
1809 static bool packet_extra_vlan_len_allowed(const struct net_device *dev,
1810 struct sk_buff *skb)
1811 {
1812 /* Earlier code assumed this would be a VLAN pkt, double-check
1813 * this now that we have the actual packet in hand. We can only
1814 * do this check on Ethernet devices.
1815 */
1816 if (unlikely(dev->type != ARPHRD_ETHER))
1817 return false;
1818
1819 skb_reset_mac_header(skb);
1820 return likely(eth_hdr(skb)->h_proto == htons(ETH_P_8021Q));
1821 }
1822
1823 static const struct proto_ops packet_ops;
1824
1825 static const struct proto_ops packet_ops_spkt;
1826
1827 static int packet_rcv_spkt(struct sk_buff *skb, struct net_device *dev,
1828 struct packet_type *pt, struct net_device *orig_dev)
1829 {
1830 struct sock *sk;
1831 struct sockaddr_pkt *spkt;
1832
1833 /*
1834 * When we registered the protocol we saved the socket in the data
1835 * field for just this event.
1836 */
1837
1838 sk = pt->af_packet_priv;
1839
1840 /*
1841 * Yank back the headers [hope the device set this
1842 * right or kerboom...]
1843 *
1844 * Incoming packets have ll header pulled,
1845 * push it back.
1846 *
1847 * For outgoing ones skb->data == skb_mac_header(skb)
1848 * so that this procedure is noop.
1849 */
1850
1851 if (skb->pkt_type == PACKET_LOOPBACK)
1852 goto out;
1853
1854 if (!net_eq(dev_net(dev), sock_net(sk)))
1855 goto out;
1856
1857 skb = skb_share_check(skb, GFP_ATOMIC);
1858 if (skb == NULL)
1859 goto oom;
1860
1861 /* drop any routing info */
1862 skb_dst_drop(skb);
1863
1864 /* drop conntrack reference */
1865 nf_reset(skb);
1866
1867 spkt = &PACKET_SKB_CB(skb)->sa.pkt;
1868
1869 skb_push(skb, skb->data - skb_mac_header(skb));
1870
1871 /*
1872 * The SOCK_PACKET socket receives _all_ frames.
1873 */
1874
1875 spkt->spkt_family = dev->type;
1876 strlcpy(spkt->spkt_device, dev->name, sizeof(spkt->spkt_device));
1877 spkt->spkt_protocol = skb->protocol;
1878
1879 /*
1880 * Charge the memory to the socket. This is done specifically
1881 * to prevent sockets using all the memory up.
1882 */
1883
1884 if (sock_queue_rcv_skb(sk, skb) == 0)
1885 return 0;
1886
1887 out:
1888 kfree_skb(skb);
1889 oom:
1890 return 0;
1891 }
1892
1893
1894 /*
1895 * Output a raw packet to a device layer. This bypasses all the other
1896 * protocol layers and you must therefore supply it with a complete frame
1897 */
1898
1899 static int packet_sendmsg_spkt(struct socket *sock, struct msghdr *msg,
1900 size_t len)
1901 {
1902 struct sock *sk = sock->sk;
1903 DECLARE_SOCKADDR(struct sockaddr_pkt *, saddr, msg->msg_name);
1904 struct sk_buff *skb = NULL;
1905 struct net_device *dev;
1906 struct sockcm_cookie sockc;
1907 __be16 proto = 0;
1908 int err;
1909 int extra_len = 0;
1910
1911 /*
1912 * Get and verify the address.
1913 */
1914
1915 if (saddr) {
1916 if (msg->msg_namelen < sizeof(struct sockaddr))
1917 return -EINVAL;
1918 if (msg->msg_namelen == sizeof(struct sockaddr_pkt))
1919 proto = saddr->spkt_protocol;
1920 } else
1921 return -ENOTCONN; /* SOCK_PACKET must be sent giving an address */
1922
1923 /*
1924 * Find the device first to size check it
1925 */
1926
1927 saddr->spkt_device[sizeof(saddr->spkt_device) - 1] = 0;
1928 retry:
1929 rcu_read_lock();
1930 dev = dev_get_by_name_rcu(sock_net(sk), saddr->spkt_device);
1931 err = -ENODEV;
1932 if (dev == NULL)
1933 goto out_unlock;
1934
1935 err = -ENETDOWN;
1936 if (!(dev->flags & IFF_UP))
1937 goto out_unlock;
1938
1939 /*
1940 * You may not queue a frame bigger than the mtu. This is the lowest level
1941 * raw protocol and you must do your own fragmentation at this level.
1942 */
1943
1944 if (unlikely(sock_flag(sk, SOCK_NOFCS))) {
1945 if (!netif_supports_nofcs(dev)) {
1946 err = -EPROTONOSUPPORT;
1947 goto out_unlock;
1948 }
1949 extra_len = 4; /* We're doing our own CRC */
1950 }
1951
1952 err = -EMSGSIZE;
1953 if (len > dev->mtu + dev->hard_header_len + VLAN_HLEN + extra_len)
1954 goto out_unlock;
1955
1956 if (!skb) {
1957 size_t reserved = LL_RESERVED_SPACE(dev);
1958 int tlen = dev->needed_tailroom;
1959 unsigned int hhlen = dev->header_ops ? dev->hard_header_len : 0;
1960
1961 rcu_read_unlock();
1962 skb = sock_wmalloc(sk, len + reserved + tlen, 0, GFP_KERNEL);
1963 if (skb == NULL)
1964 return -ENOBUFS;
1965 /* FIXME: Save some space for broken drivers that write a hard
1966 * header at transmission time by themselves. PPP is the notable
1967 * one here. This should really be fixed at the driver level.
1968 */
1969 skb_reserve(skb, reserved);
1970 skb_reset_network_header(skb);
1971
1972 /* Try to align data part correctly */
1973 if (hhlen) {
1974 skb->data -= hhlen;
1975 skb->tail -= hhlen;
1976 if (len < hhlen)
1977 skb_reset_network_header(skb);
1978 }
1979 err = memcpy_from_msg(skb_put(skb, len), msg, len);
1980 if (err)
1981 goto out_free;
1982 goto retry;
1983 }
1984
1985 if (!dev_validate_header(dev, skb->data, len)) {
1986 err = -EINVAL;
1987 goto out_unlock;
1988 }
1989 if (len > (dev->mtu + dev->hard_header_len + extra_len) &&
1990 !packet_extra_vlan_len_allowed(dev, skb)) {
1991 err = -EMSGSIZE;
1992 goto out_unlock;
1993 }
1994
1995 sockc.tsflags = sk->sk_tsflags;
1996 if (msg->msg_controllen) {
1997 err = sock_cmsg_send(sk, msg, &sockc);
1998 if (unlikely(err))
1999 goto out_unlock;
2000 }
2001
2002 skb->protocol = proto;
2003 skb->dev = dev;
2004 skb->priority = sk->sk_priority;
2005 skb->mark = sk->sk_mark;
2006
2007 sock_tx_timestamp(sk, sockc.tsflags, &skb_shinfo(skb)->tx_flags);
2008
2009 if (unlikely(extra_len == 4))
2010 skb->no_fcs = 1;
2011
2012 skb_probe_transport_header(skb, 0);
2013
2014 dev_queue_xmit(skb);
2015 rcu_read_unlock();
2016 return len;
2017
2018 out_unlock:
2019 rcu_read_unlock();
2020 out_free:
2021 kfree_skb(skb);
2022 return err;
2023 }
2024
2025 static unsigned int run_filter(struct sk_buff *skb,
2026 const struct sock *sk,
2027 unsigned int res)
2028 {
2029 struct sk_filter *filter;
2030
2031 rcu_read_lock();
2032 filter = rcu_dereference(sk->sk_filter);
2033 if (filter != NULL)
2034 res = bpf_prog_run_clear_cb(filter->prog, skb);
2035 rcu_read_unlock();
2036
2037 return res;
2038 }
2039
2040 static int packet_rcv_vnet(struct msghdr *msg, const struct sk_buff *skb,
2041 size_t *len)
2042 {
2043 struct virtio_net_hdr vnet_hdr;
2044
2045 if (*len < sizeof(vnet_hdr))
2046 return -EINVAL;
2047 *len -= sizeof(vnet_hdr);
2048
2049 if (virtio_net_hdr_from_skb(skb, &vnet_hdr, vio_le(), true))
2050 return -EINVAL;
2051
2052 return memcpy_to_msg(msg, (void *)&vnet_hdr, sizeof(vnet_hdr));
2053 }
2054
2055 /*
2056 * This function makes lazy skb cloning in hope that most of packets
2057 * are discarded by BPF.
2058 *
2059 * Note tricky part: we DO mangle shared skb! skb->data, skb->len
2060 * and skb->cb are mangled. It works because (and until) packets
2061 * falling here are owned by current CPU. Output packets are cloned
2062 * by dev_queue_xmit_nit(), input packets are processed by net_bh
2063 * sequencially, so that if we return skb to original state on exit,
2064 * we will not harm anyone.
2065 */
2066
2067 static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
2068 struct packet_type *pt, struct net_device *orig_dev)
2069 {
2070 struct sock *sk;
2071 struct sockaddr_ll *sll;
2072 struct packet_sock *po;
2073 u8 *skb_head = skb->data;
2074 int skb_len = skb->len;
2075 unsigned int snaplen, res;
2076 bool is_drop_n_account = false;
2077
2078 if (skb->pkt_type == PACKET_LOOPBACK)
2079 goto drop;
2080
2081 sk = pt->af_packet_priv;
2082 po = pkt_sk(sk);
2083
2084 if (!net_eq(dev_net(dev), sock_net(sk)))
2085 goto drop;
2086
2087 skb->dev = dev;
2088
2089 if (dev->header_ops) {
2090 /* The device has an explicit notion of ll header,
2091 * exported to higher levels.
2092 *
2093 * Otherwise, the device hides details of its frame
2094 * structure, so that corresponding packet head is
2095 * never delivered to user.
2096 */
2097 if (sk->sk_type != SOCK_DGRAM)
2098 skb_push(skb, skb->data - skb_mac_header(skb));
2099 else if (skb->pkt_type == PACKET_OUTGOING) {
2100 /* Special case: outgoing packets have ll header at head */
2101 skb_pull(skb, skb_network_offset(skb));
2102 }
2103 }
2104
2105 snaplen = skb->len;
2106
2107 res = run_filter(skb, sk, snaplen);
2108 if (!res)
2109 goto drop_n_restore;
2110 if (snaplen > res)
2111 snaplen = res;
2112
2113 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
2114 goto drop_n_acct;
2115
2116 if (skb_shared(skb)) {
2117 struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC);
2118 if (nskb == NULL)
2119 goto drop_n_acct;
2120
2121 if (skb_head != skb->data) {
2122 skb->data = skb_head;
2123 skb->len = skb_len;
2124 }
2125 consume_skb(skb);
2126 skb = nskb;
2127 }
2128
2129 sock_skb_cb_check_size(sizeof(*PACKET_SKB_CB(skb)) + MAX_ADDR_LEN - 8);
2130
2131 sll = &PACKET_SKB_CB(skb)->sa.ll;
2132 sll->sll_hatype = dev->type;
2133 sll->sll_pkttype = skb->pkt_type;
2134 if (unlikely(po->origdev))
2135 sll->sll_ifindex = orig_dev->ifindex;
2136 else
2137 sll->sll_ifindex = dev->ifindex;
2138
2139 sll->sll_halen = dev_parse_header(skb, sll->sll_addr);
2140
2141 /* sll->sll_family and sll->sll_protocol are set in packet_recvmsg().
2142 * Use their space for storing the original skb length.
2143 */
2144 PACKET_SKB_CB(skb)->sa.origlen = skb->len;
2145
2146 if (pskb_trim(skb, snaplen))
2147 goto drop_n_acct;
2148
2149 skb_set_owner_r(skb, sk);
2150 skb->dev = NULL;
2151 skb_dst_drop(skb);
2152
2153 /* drop conntrack reference */
2154 nf_reset(skb);
2155
2156 spin_lock(&sk->sk_receive_queue.lock);
2157 po->stats.stats1.tp_packets++;
2158 sock_skb_set_dropcount(sk, skb);
2159 __skb_queue_tail(&sk->sk_receive_queue, skb);
2160 spin_unlock(&sk->sk_receive_queue.lock);
2161 sk->sk_data_ready(sk);
2162 return 0;
2163
2164 drop_n_acct:
2165 is_drop_n_account = true;
2166 spin_lock(&sk->sk_receive_queue.lock);
2167 po->stats.stats1.tp_drops++;
2168 atomic_inc(&sk->sk_drops);
2169 spin_unlock(&sk->sk_receive_queue.lock);
2170
2171 drop_n_restore:
2172 if (skb_head != skb->data && skb_shared(skb)) {
2173 skb->data = skb_head;
2174 skb->len = skb_len;
2175 }
2176 drop:
2177 if (!is_drop_n_account)
2178 consume_skb(skb);
2179 else
2180 kfree_skb(skb);
2181 return 0;
2182 }
2183
2184 static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
2185 struct packet_type *pt, struct net_device *orig_dev)
2186 {
2187 struct sock *sk;
2188 struct packet_sock *po;
2189 struct sockaddr_ll *sll;
2190 union tpacket_uhdr h;
2191 u8 *skb_head = skb->data;
2192 int skb_len = skb->len;
2193 unsigned int snaplen, res;
2194 unsigned long status = TP_STATUS_USER;
2195 unsigned short macoff, netoff, hdrlen;
2196 struct sk_buff *copy_skb = NULL;
2197 struct timespec ts;
2198 __u32 ts_status;
2199 bool is_drop_n_account = false;
2200 bool do_vnet = false;
2201
2202 /* struct tpacket{2,3}_hdr is aligned to a multiple of TPACKET_ALIGNMENT.
2203 * We may add members to them until current aligned size without forcing
2204 * userspace to call getsockopt(..., PACKET_HDRLEN, ...).
2205 */
2206 BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h2)) != 32);
2207 BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h3)) != 48);
2208
2209 if (skb->pkt_type == PACKET_LOOPBACK)
2210 goto drop;
2211
2212 sk = pt->af_packet_priv;
2213 po = pkt_sk(sk);
2214
2215 if (!net_eq(dev_net(dev), sock_net(sk)))
2216 goto drop;
2217
2218 if (dev->header_ops) {
2219 if (sk->sk_type != SOCK_DGRAM)
2220 skb_push(skb, skb->data - skb_mac_header(skb));
2221 else if (skb->pkt_type == PACKET_OUTGOING) {
2222 /* Special case: outgoing packets have ll header at head */
2223 skb_pull(skb, skb_network_offset(skb));
2224 }
2225 }
2226
2227 snaplen = skb->len;
2228
2229 res = run_filter(skb, sk, snaplen);
2230 if (!res)
2231 goto drop_n_restore;
2232
2233 if (skb->ip_summed == CHECKSUM_PARTIAL)
2234 status |= TP_STATUS_CSUMNOTREADY;
2235 else if (skb->pkt_type != PACKET_OUTGOING &&
2236 (skb->ip_summed == CHECKSUM_COMPLETE ||
2237 skb_csum_unnecessary(skb)))
2238 status |= TP_STATUS_CSUM_VALID;
2239
2240 if (snaplen > res)
2241 snaplen = res;
2242
2243 if (sk->sk_type == SOCK_DGRAM) {
2244 macoff = netoff = TPACKET_ALIGN(po->tp_hdrlen) + 16 +
2245 po->tp_reserve;
2246 } else {
2247 unsigned int maclen = skb_network_offset(skb);
2248 netoff = TPACKET_ALIGN(po->tp_hdrlen +
2249 (maclen < 16 ? 16 : maclen)) +
2250 po->tp_reserve;
2251 if (po->has_vnet_hdr) {
2252 netoff += sizeof(struct virtio_net_hdr);
2253 do_vnet = true;
2254 }
2255 macoff = netoff - maclen;
2256 }
2257 if (po->tp_version <= TPACKET_V2) {
2258 if (macoff + snaplen > po->rx_ring.frame_size) {
2259 if (po->copy_thresh &&
2260 atomic_read(&sk->sk_rmem_alloc) < sk->sk_rcvbuf) {
2261 if (skb_shared(skb)) {
2262 copy_skb = skb_clone(skb, GFP_ATOMIC);
2263 } else {
2264 copy_skb = skb_get(skb);
2265 skb_head = skb->data;
2266 }
2267 if (copy_skb)
2268 skb_set_owner_r(copy_skb, sk);
2269 }
2270 snaplen = po->rx_ring.frame_size - macoff;
2271 if ((int)snaplen < 0) {
2272 snaplen = 0;
2273 do_vnet = false;
2274 }
2275 }
2276 } else if (unlikely(macoff + snaplen >
2277 GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len)) {
2278 u32 nval;
2279
2280 nval = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len - macoff;
2281 pr_err_once("tpacket_rcv: packet too big, clamped from %u to %u. macoff=%u\n",
2282 snaplen, nval, macoff);
2283 snaplen = nval;
2284 if (unlikely((int)snaplen < 0)) {
2285 snaplen = 0;
2286 macoff = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len;
2287 do_vnet = false;
2288 }
2289 }
2290 spin_lock(&sk->sk_receive_queue.lock);
2291 h.raw = packet_current_rx_frame(po, skb,
2292 TP_STATUS_KERNEL, (macoff+snaplen));
2293 if (!h.raw)
2294 goto drop_n_account;
2295 if (po->tp_version <= TPACKET_V2) {
2296 packet_increment_rx_head(po, &po->rx_ring);
2297 /*
2298 * LOSING will be reported till you read the stats,
2299 * because it's COR - Clear On Read.
2300 * Anyways, moving it for V1/V2 only as V3 doesn't need this
2301 * at packet level.
2302 */
2303 if (po->stats.stats1.tp_drops)
2304 status |= TP_STATUS_LOSING;
2305 }
2306 po->stats.stats1.tp_packets++;
2307 if (copy_skb) {
2308 status |= TP_STATUS_COPY;
2309 __skb_queue_tail(&sk->sk_receive_queue, copy_skb);
2310 }
2311 spin_unlock(&sk->sk_receive_queue.lock);
2312
2313 if (do_vnet) {
2314 if (virtio_net_hdr_from_skb(skb, h.raw + macoff -
2315 sizeof(struct virtio_net_hdr),
2316 vio_le(), true)) {
2317 spin_lock(&sk->sk_receive_queue.lock);
2318 goto drop_n_account;
2319 }
2320 }
2321
2322 skb_copy_bits(skb, 0, h.raw + macoff, snaplen);
2323
2324 if (!(ts_status = tpacket_get_timestamp(skb, &ts, po->tp_tstamp)))
2325 getnstimeofday(&ts);
2326
2327 status |= ts_status;
2328
2329 switch (po->tp_version) {
2330 case TPACKET_V1:
2331 h.h1->tp_len = skb->len;
2332 h.h1->tp_snaplen = snaplen;
2333 h.h1->tp_mac = macoff;
2334 h.h1->tp_net = netoff;
2335 h.h1->tp_sec = ts.tv_sec;
2336 h.h1->tp_usec = ts.tv_nsec / NSEC_PER_USEC;
2337 hdrlen = sizeof(*h.h1);
2338 break;
2339 case TPACKET_V2:
2340 h.h2->tp_len = skb->len;
2341 h.h2->tp_snaplen = snaplen;
2342 h.h2->tp_mac = macoff;
2343 h.h2->tp_net = netoff;
2344 h.h2->tp_sec = ts.tv_sec;
2345 h.h2->tp_nsec = ts.tv_nsec;
2346 if (skb_vlan_tag_present(skb)) {
2347 h.h2->tp_vlan_tci = skb_vlan_tag_get(skb);
2348 h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto);
2349 status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID;
2350 } else {
2351 h.h2->tp_vlan_tci = 0;
2352 h.h2->tp_vlan_tpid = 0;
2353 }
2354 memset(h.h2->tp_padding, 0, sizeof(h.h2->tp_padding));
2355 hdrlen = sizeof(*h.h2);
2356 break;
2357 case TPACKET_V3:
2358 /* tp_nxt_offset,vlan are already populated above.
2359 * So DONT clear those fields here
2360 */
2361 h.h3->tp_status |= status;
2362 h.h3->tp_len = skb->len;
2363 h.h3->tp_snaplen = snaplen;
2364 h.h3->tp_mac = macoff;
2365 h.h3->tp_net = netoff;
2366 h.h3->tp_sec = ts.tv_sec;
2367 h.h3->tp_nsec = ts.tv_nsec;
2368 memset(h.h3->tp_padding, 0, sizeof(h.h3->tp_padding));
2369 hdrlen = sizeof(*h.h3);
2370 break;
2371 default:
2372 BUG();
2373 }
2374
2375 sll = h.raw + TPACKET_ALIGN(hdrlen);
2376 sll->sll_halen = dev_parse_header(skb, sll->sll_addr);
2377 sll->sll_family = AF_PACKET;
2378 sll->sll_hatype = dev->type;
2379 sll->sll_protocol = skb->protocol;
2380 sll->sll_pkttype = skb->pkt_type;
2381 if (unlikely(po->origdev))
2382 sll->sll_ifindex = orig_dev->ifindex;
2383 else
2384 sll->sll_ifindex = dev->ifindex;
2385
2386 smp_mb();
2387
2388 #if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE == 1
2389 if (po->tp_version <= TPACKET_V2) {
2390 u8 *start, *end;
2391
2392 end = (u8 *) PAGE_ALIGN((unsigned long) h.raw +
2393 macoff + snaplen);
2394
2395 for (start = h.raw; start < end; start += PAGE_SIZE)
2396 flush_dcache_page(pgv_to_page(start));
2397 }
2398 smp_wmb();
2399 #endif
2400
2401 if (po->tp_version <= TPACKET_V2) {
2402 __packet_set_status(po, h.raw, status);
2403 sk->sk_data_ready(sk);
2404 } else {
2405 prb_clear_blk_fill_status(&po->rx_ring);
2406 }
2407
2408 drop_n_restore:
2409 if (skb_head != skb->data && skb_shared(skb)) {
2410 skb->data = skb_head;
2411 skb->len = skb_len;
2412 }
2413 drop:
2414 if (!is_drop_n_account)
2415 consume_skb(skb);
2416 else
2417 kfree_skb(skb);
2418 return 0;
2419
2420 drop_n_account:
2421 is_drop_n_account = true;
2422 po->stats.stats1.tp_drops++;
2423 spin_unlock(&sk->sk_receive_queue.lock);
2424
2425 sk->sk_data_ready(sk);
2426 kfree_skb(copy_skb);
2427 goto drop_n_restore;
2428 }
2429
2430 static void tpacket_destruct_skb(struct sk_buff *skb)
2431 {
2432 struct packet_sock *po = pkt_sk(skb->sk);
2433
2434 if (likely(po->tx_ring.pg_vec)) {
2435 void *ph;
2436 __u32 ts;
2437
2438 ph = skb_shinfo(skb)->destructor_arg;
2439 packet_dec_pending(&po->tx_ring);
2440
2441 ts = __packet_set_timestamp(po, ph, skb);
2442 __packet_set_status(po, ph, TP_STATUS_AVAILABLE | ts);
2443 }
2444
2445 sock_wfree(skb);
2446 }
2447
2448 static void tpacket_set_protocol(const struct net_device *dev,
2449 struct sk_buff *skb)
2450 {
2451 if (dev->type == ARPHRD_ETHER) {
2452 skb_reset_mac_header(skb);
2453 skb->protocol = eth_hdr(skb)->h_proto;
2454 }
2455 }
2456
2457 static int __packet_snd_vnet_parse(struct virtio_net_hdr *vnet_hdr, size_t len)
2458 {
2459 if ((vnet_hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) &&
2460 (__virtio16_to_cpu(vio_le(), vnet_hdr->csum_start) +
2461 __virtio16_to_cpu(vio_le(), vnet_hdr->csum_offset) + 2 >
2462 __virtio16_to_cpu(vio_le(), vnet_hdr->hdr_len)))
2463 vnet_hdr->hdr_len = __cpu_to_virtio16(vio_le(),
2464 __virtio16_to_cpu(vio_le(), vnet_hdr->csum_start) +
2465 __virtio16_to_cpu(vio_le(), vnet_hdr->csum_offset) + 2);
2466
2467 if (__virtio16_to_cpu(vio_le(), vnet_hdr->hdr_len) > len)
2468 return -EINVAL;
2469
2470 return 0;
2471 }
2472
2473 static int packet_snd_vnet_parse(struct msghdr *msg, size_t *len,
2474 struct virtio_net_hdr *vnet_hdr)
2475 {
2476 if (*len < sizeof(*vnet_hdr))
2477 return -EINVAL;
2478 *len -= sizeof(*vnet_hdr);
2479
2480 if (!copy_from_iter_full(vnet_hdr, sizeof(*vnet_hdr), &msg->msg_iter))
2481 return -EFAULT;
2482
2483 return __packet_snd_vnet_parse(vnet_hdr, *len);
2484 }
2485
2486 static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb,
2487 void *frame, struct net_device *dev, void *data, int tp_len,
2488 __be16 proto, unsigned char *addr, int hlen, int copylen,
2489 const struct sockcm_cookie *sockc)
2490 {
2491 union tpacket_uhdr ph;
2492 int to_write, offset, len, nr_frags, len_max;
2493 struct socket *sock = po->sk.sk_socket;
2494 struct page *page;
2495 int err;
2496
2497 ph.raw = frame;
2498
2499 skb->protocol = proto;
2500 skb->dev = dev;
2501 skb->priority = po->sk.sk_priority;
2502 skb->mark = po->sk.sk_mark;
2503 sock_tx_timestamp(&po->sk, sockc->tsflags, &skb_shinfo(skb)->tx_flags);
2504 skb_shinfo(skb)->destructor_arg = ph.raw;
2505
2506 skb_reserve(skb, hlen);
2507 skb_reset_network_header(skb);
2508
2509 to_write = tp_len;
2510
2511 if (sock->type == SOCK_DGRAM) {
2512 err = dev_hard_header(skb, dev, ntohs(proto), addr,
2513 NULL, tp_len);
2514 if (unlikely(err < 0))
2515 return -EINVAL;
2516 } else if (copylen) {
2517 int hdrlen = min_t(int, copylen, tp_len);
2518
2519 skb_push(skb, dev->hard_header_len);
2520 skb_put(skb, copylen - dev->hard_header_len);
2521 err = skb_store_bits(skb, 0, data, hdrlen);
2522 if (unlikely(err))
2523 return err;
2524 if (!dev_validate_header(dev, skb->data, hdrlen))
2525 return -EINVAL;
2526 if (!skb->protocol)
2527 tpacket_set_protocol(dev, skb);
2528
2529 data += hdrlen;
2530 to_write -= hdrlen;
2531 }
2532
2533 offset = offset_in_page(data);
2534 len_max = PAGE_SIZE - offset;
2535 len = ((to_write > len_max) ? len_max : to_write);
2536
2537 skb->data_len = to_write;
2538 skb->len += to_write;
2539 skb->truesize += to_write;
2540 refcount_add(to_write, &po->sk.sk_wmem_alloc);
2541
2542 while (likely(to_write)) {
2543 nr_frags = skb_shinfo(skb)->nr_frags;
2544
2545 if (unlikely(nr_frags >= MAX_SKB_FRAGS)) {
2546 pr_err("Packet exceed the number of skb frags(%lu)\n",
2547 MAX_SKB_FRAGS);
2548 return -EFAULT;
2549 }
2550
2551 page = pgv_to_page(data);
2552 data += len;
2553 flush_dcache_page(page);
2554 get_page(page);
2555 skb_fill_page_desc(skb, nr_frags, page, offset, len);
2556 to_write -= len;
2557 offset = 0;
2558 len_max = PAGE_SIZE;
2559 len = ((to_write > len_max) ? len_max : to_write);
2560 }
2561
2562 skb_probe_transport_header(skb, 0);
2563
2564 return tp_len;
2565 }
2566
2567 static int tpacket_parse_header(struct packet_sock *po, void *frame,
2568 int size_max, void **data)
2569 {
2570 union tpacket_uhdr ph;
2571 int tp_len, off;
2572
2573 ph.raw = frame;
2574
2575 switch (po->tp_version) {
2576 case TPACKET_V3:
2577 if (ph.h3->tp_next_offset != 0) {
2578 pr_warn_once("variable sized slot not supported");
2579 return -EINVAL;
2580 }
2581 tp_len = ph.h3->tp_len;
2582 break;
2583 case TPACKET_V2:
2584 tp_len = ph.h2->tp_len;
2585 break;
2586 default:
2587 tp_len = ph.h1->tp_len;
2588 break;
2589 }
2590 if (unlikely(tp_len > size_max)) {
2591 pr_err("packet size is too long (%d > %d)\n", tp_len, size_max);
2592 return -EMSGSIZE;
2593 }
2594
2595 if (unlikely(po->tp_tx_has_off)) {
2596 int off_min, off_max;
2597
2598 off_min = po->tp_hdrlen - sizeof(struct sockaddr_ll);
2599 off_max = po->tx_ring.frame_size - tp_len;
2600 if (po->sk.sk_type == SOCK_DGRAM) {
2601 switch (po->tp_version) {
2602 case TPACKET_V3:
2603 off = ph.h3->tp_net;
2604 break;
2605 case TPACKET_V2:
2606 off = ph.h2->tp_net;
2607 break;
2608 default:
2609 off = ph.h1->tp_net;
2610 break;
2611 }
2612 } else {
2613 switch (po->tp_version) {
2614 case TPACKET_V3:
2615 off = ph.h3->tp_mac;
2616 break;
2617 case TPACKET_V2:
2618 off = ph.h2->tp_mac;
2619 break;
2620 default:
2621 off = ph.h1->tp_mac;
2622 break;
2623 }
2624 }
2625 if (unlikely((off < off_min) || (off_max < off)))
2626 return -EINVAL;
2627 } else {
2628 off = po->tp_hdrlen - sizeof(struct sockaddr_ll);
2629 }
2630
2631 *data = frame + off;
2632 return tp_len;
2633 }
2634
2635 static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
2636 {
2637 struct sk_buff *skb;
2638 struct net_device *dev;
2639 struct virtio_net_hdr *vnet_hdr = NULL;
2640 struct sockcm_cookie sockc;
2641 __be16 proto;
2642 int err, reserve = 0;
2643 void *ph;
2644 DECLARE_SOCKADDR(struct sockaddr_ll *, saddr, msg->msg_name);
2645 bool need_wait = !(msg->msg_flags & MSG_DONTWAIT);
2646 int tp_len, size_max;
2647 unsigned char *addr;
2648 void *data;
2649 int len_sum = 0;
2650 int status = TP_STATUS_AVAILABLE;
2651 int hlen, tlen, copylen = 0;
2652
2653 mutex_lock(&po->pg_vec_lock);
2654
2655 if (likely(saddr == NULL)) {
2656 dev = packet_cached_dev_get(po);
2657 proto = po->num;
2658 addr = NULL;
2659 } else {
2660 err = -EINVAL;
2661 if (msg->msg_namelen < sizeof(struct sockaddr_ll))
2662 goto out;
2663 if (msg->msg_namelen < (saddr->sll_halen
2664 + offsetof(struct sockaddr_ll,
2665 sll_addr)))
2666 goto out;
2667 proto = saddr->sll_protocol;
2668 addr = saddr->sll_addr;
2669 dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex);
2670 }
2671
2672 err = -ENXIO;
2673 if (unlikely(dev == NULL))
2674 goto out;
2675 err = -ENETDOWN;
2676 if (unlikely(!(dev->flags & IFF_UP)))
2677 goto out_put;
2678
2679 sockc.tsflags = po->sk.sk_tsflags;
2680 if (msg->msg_controllen) {
2681 err = sock_cmsg_send(&po->sk, msg, &sockc);
2682 if (unlikely(err))
2683 goto out_put;
2684 }
2685
2686 if (po->sk.sk_socket->type == SOCK_RAW)
2687 reserve = dev->hard_header_len;
2688 size_max = po->tx_ring.frame_size
2689 - (po->tp_hdrlen - sizeof(struct sockaddr_ll));
2690
2691 if ((size_max > dev->mtu + reserve + VLAN_HLEN) && !po->has_vnet_hdr)
2692 size_max = dev->mtu + reserve + VLAN_HLEN;
2693
2694 do {
2695 ph = packet_current_frame(po, &po->tx_ring,
2696 TP_STATUS_SEND_REQUEST);
2697 if (unlikely(ph == NULL)) {
2698 if (need_wait && need_resched())
2699 schedule();
2700 continue;
2701 }
2702
2703 skb = NULL;
2704 tp_len = tpacket_parse_header(po, ph, size_max, &data);
2705 if (tp_len < 0)
2706 goto tpacket_error;
2707
2708 status = TP_STATUS_SEND_REQUEST;
2709 hlen = LL_RESERVED_SPACE(dev);
2710 tlen = dev->needed_tailroom;
2711 if (po->has_vnet_hdr) {
2712 vnet_hdr = data;
2713 data += sizeof(*vnet_hdr);
2714 tp_len -= sizeof(*vnet_hdr);
2715 if (tp_len < 0 ||
2716 __packet_snd_vnet_parse(vnet_hdr, tp_len)) {
2717 tp_len = -EINVAL;
2718 goto tpacket_error;
2719 }
2720 copylen = __virtio16_to_cpu(vio_le(),
2721 vnet_hdr->hdr_len);
2722 }
2723 copylen = max_t(int, copylen, dev->hard_header_len);
2724 skb = sock_alloc_send_skb(&po->sk,
2725 hlen + tlen + sizeof(struct sockaddr_ll) +
2726 (copylen - dev->hard_header_len),
2727 !need_wait, &err);
2728
2729 if (unlikely(skb == NULL)) {
2730 /* we assume the socket was initially writeable ... */
2731 if (likely(len_sum > 0))
2732 err = len_sum;
2733 goto out_status;
2734 }
2735 tp_len = tpacket_fill_skb(po, skb, ph, dev, data, tp_len, proto,
2736 addr, hlen, copylen, &sockc);
2737 if (likely(tp_len >= 0) &&
2738 tp_len > dev->mtu + reserve &&
2739 !po->has_vnet_hdr &&
2740 !packet_extra_vlan_len_allowed(dev, skb))
2741 tp_len = -EMSGSIZE;
2742
2743 if (unlikely(tp_len < 0)) {
2744 tpacket_error:
2745 if (po->tp_loss) {
2746 __packet_set_status(po, ph,
2747 TP_STATUS_AVAILABLE);
2748 packet_increment_head(&po->tx_ring);
2749 kfree_skb(skb);
2750 continue;
2751 } else {
2752 status = TP_STATUS_WRONG_FORMAT;
2753 err = tp_len;
2754 goto out_status;
2755 }
2756 }
2757
2758 if (po->has_vnet_hdr && virtio_net_hdr_to_skb(skb, vnet_hdr,
2759 vio_le())) {
2760 tp_len = -EINVAL;
2761 goto tpacket_error;
2762 }
2763
2764 skb->destructor = tpacket_destruct_skb;
2765 __packet_set_status(po, ph, TP_STATUS_SENDING);
2766 packet_inc_pending(&po->tx_ring);
2767
2768 status = TP_STATUS_SEND_REQUEST;
2769 err = po->xmit(skb);
2770 if (unlikely(err > 0)) {
2771 err = net_xmit_errno(err);
2772 if (err && __packet_get_status(po, ph) ==
2773 TP_STATUS_AVAILABLE) {
2774 /* skb was destructed already */
2775 skb = NULL;
2776 goto out_status;
2777 }
2778 /*
2779 * skb was dropped but not destructed yet;
2780 * let's treat it like congestion or err < 0
2781 */
2782 err = 0;
2783 }
2784 packet_increment_head(&po->tx_ring);
2785 len_sum += tp_len;
2786 } while (likely((ph != NULL) ||
2787 /* Note: packet_read_pending() might be slow if we have
2788 * to call it as it's per_cpu variable, but in fast-path
2789 * we already short-circuit the loop with the first
2790 * condition, and luckily don't have to go that path
2791 * anyway.
2792 */
2793 (need_wait && packet_read_pending(&po->tx_ring))));
2794
2795 err = len_sum;
2796 goto out_put;
2797
2798 out_status:
2799 __packet_set_status(po, ph, status);
2800 kfree_skb(skb);
2801 out_put:
2802 dev_put(dev);
2803 out:
2804 mutex_unlock(&po->pg_vec_lock);
2805 return err;
2806 }
2807
2808 static struct sk_buff *packet_alloc_skb(struct sock *sk, size_t prepad,
2809 size_t reserve, size_t len,
2810 size_t linear, int noblock,
2811 int *err)
2812 {
2813 struct sk_buff *skb;
2814
2815 /* Under a page? Don't bother with paged skb. */
2816 if (prepad + len < PAGE_SIZE || !linear)
2817 linear = len;
2818
2819 skb = sock_alloc_send_pskb(sk, prepad + linear, len - linear, noblock,
2820 err, 0);
2821 if (!skb)
2822 return NULL;
2823
2824 skb_reserve(skb, reserve);
2825 skb_put(skb, linear);
2826 skb->data_len = len - linear;
2827 skb->len += len - linear;
2828
2829 return skb;
2830 }
2831
2832 static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
2833 {
2834 struct sock *sk = sock->sk;
2835 DECLARE_SOCKADDR(struct sockaddr_ll *, saddr, msg->msg_name);
2836 struct sk_buff *skb;
2837 struct net_device *dev;
2838 __be16 proto;
2839 unsigned char *addr;
2840 int err, reserve = 0;
2841 struct sockcm_cookie sockc;
2842 struct virtio_net_hdr vnet_hdr = { 0 };
2843 int offset = 0;
2844 struct packet_sock *po = pkt_sk(sk);
2845 bool has_vnet_hdr = false;
2846 int hlen, tlen, linear;
2847 int extra_len = 0;
2848
2849 /*
2850 * Get and verify the address.
2851 */
2852
2853 if (likely(saddr == NULL)) {
2854 dev = packet_cached_dev_get(po);
2855 proto = po->num;
2856 addr = NULL;
2857 } else {
2858 err = -EINVAL;
2859 if (msg->msg_namelen < sizeof(struct sockaddr_ll))
2860 goto out;
2861 if (msg->msg_namelen < (saddr->sll_halen + offsetof(struct sockaddr_ll, sll_addr)))
2862 goto out;
2863 proto = saddr->sll_protocol;
2864 addr = saddr->sll_addr;
2865 dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex);
2866 }
2867
2868 err = -ENXIO;
2869 if (unlikely(dev == NULL))
2870 goto out_unlock;
2871 err = -ENETDOWN;
2872 if (unlikely(!(dev->flags & IFF_UP)))
2873 goto out_unlock;
2874
2875 sockc.tsflags = sk->sk_tsflags;
2876 sockc.mark = sk->sk_mark;
2877 if (msg->msg_controllen) {
2878 err = sock_cmsg_send(sk, msg, &sockc);
2879 if (unlikely(err))
2880 goto out_unlock;
2881 }
2882
2883 if (sock->type == SOCK_RAW)
2884 reserve = dev->hard_header_len;
2885 if (po->has_vnet_hdr) {
2886 err = packet_snd_vnet_parse(msg, &len, &vnet_hdr);
2887 if (err)
2888 goto out_unlock;
2889 has_vnet_hdr = true;
2890 }
2891
2892 if (unlikely(sock_flag(sk, SOCK_NOFCS))) {
2893 if (!netif_supports_nofcs(dev)) {
2894 err = -EPROTONOSUPPORT;
2895 goto out_unlock;
2896 }
2897 extra_len = 4; /* We're doing our own CRC */
2898 }
2899
2900 err = -EMSGSIZE;
2901 if (!vnet_hdr.gso_type &&
2902 (len > dev->mtu + reserve + VLAN_HLEN + extra_len))
2903 goto out_unlock;
2904
2905 err = -ENOBUFS;
2906 hlen = LL_RESERVED_SPACE(dev);
2907 tlen = dev->needed_tailroom;
2908 linear = __virtio16_to_cpu(vio_le(), vnet_hdr.hdr_len);
2909 linear = max(linear, min_t(int, len, dev->hard_header_len));
2910 skb = packet_alloc_skb(sk, hlen + tlen, hlen, len, linear,
2911 msg->msg_flags & MSG_DONTWAIT, &err);
2912 if (skb == NULL)
2913 goto out_unlock;
2914
2915 skb_set_network_header(skb, reserve);
2916
2917 err = -EINVAL;
2918 if (sock->type == SOCK_DGRAM) {
2919 offset = dev_hard_header(skb, dev, ntohs(proto), addr, NULL, len);
2920 if (unlikely(offset < 0))
2921 goto out_free;
2922 }
2923
2924 /* Returns -EFAULT on error */
2925 err = skb_copy_datagram_from_iter(skb, offset, &msg->msg_iter, len);
2926 if (err)
2927 goto out_free;
2928
2929 if (sock->type == SOCK_RAW &&
2930 !dev_validate_header(dev, skb->data, len)) {
2931 err = -EINVAL;
2932 goto out_free;
2933 }
2934
2935 sock_tx_timestamp(sk, sockc.tsflags, &skb_shinfo(skb)->tx_flags);
2936
2937 if (!vnet_hdr.gso_type && (len > dev->mtu + reserve + extra_len) &&
2938 !packet_extra_vlan_len_allowed(dev, skb)) {
2939 err = -EMSGSIZE;
2940 goto out_free;
2941 }
2942
2943 skb->protocol = proto;
2944 skb->dev = dev;
2945 skb->priority = sk->sk_priority;
2946 skb->mark = sockc.mark;
2947
2948 if (has_vnet_hdr) {
2949 err = virtio_net_hdr_to_skb(skb, &vnet_hdr, vio_le());
2950 if (err)
2951 goto out_free;
2952 len += sizeof(vnet_hdr);
2953 }
2954
2955 skb_probe_transport_header(skb, reserve);
2956
2957 if (unlikely(extra_len == 4))
2958 skb->no_fcs = 1;
2959
2960 err = po->xmit(skb);
2961 if (err > 0 && (err = net_xmit_errno(err)) != 0)
2962 goto out_unlock;
2963
2964 dev_put(dev);
2965
2966 return len;
2967
2968 out_free:
2969 kfree_skb(skb);
2970 out_unlock:
2971 if (dev)
2972 dev_put(dev);
2973 out:
2974 return err;
2975 }
2976
2977 static int packet_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
2978 {
2979 struct sock *sk = sock->sk;
2980 struct packet_sock *po = pkt_sk(sk);
2981
2982 if (po->tx_ring.pg_vec)
2983 return tpacket_snd(po, msg);
2984 else
2985 return packet_snd(sock, msg, len);
2986 }
2987
2988 /*
2989 * Close a PACKET socket. This is fairly simple. We immediately go
2990 * to 'closed' state and remove our protocol entry in the device list.
2991 */
2992
2993 static int packet_release(struct socket *sock)
2994 {
2995 struct sock *sk = sock->sk;
2996 struct packet_sock *po;
2997 struct packet_fanout *f;
2998 struct net *net;
2999 union tpacket_req_u req_u;
3000
3001 if (!sk)
3002 return 0;
3003
3004 net = sock_net(sk);
3005 po = pkt_sk(sk);
3006
3007 mutex_lock(&net->packet.sklist_lock);
3008 sk_del_node_init_rcu(sk);
3009 mutex_unlock(&net->packet.sklist_lock);
3010
3011 preempt_disable();
3012 sock_prot_inuse_add(net, sk->sk_prot, -1);
3013 preempt_enable();
3014
3015 spin_lock(&po->bind_lock);
3016 unregister_prot_hook(sk, false);
3017 packet_cached_dev_reset(po);
3018
3019 if (po->prot_hook.dev) {
3020 dev_put(po->prot_hook.dev);
3021 po->prot_hook.dev = NULL;
3022 }
3023 spin_unlock(&po->bind_lock);
3024
3025 packet_flush_mclist(sk);
3026
3027 if (po->rx_ring.pg_vec) {
3028 memset(&req_u, 0, sizeof(req_u));
3029 packet_set_ring(sk, &req_u, 1, 0);
3030 }
3031
3032 if (po->tx_ring.pg_vec) {
3033 memset(&req_u, 0, sizeof(req_u));
3034 packet_set_ring(sk, &req_u, 1, 1);
3035 }
3036
3037 f = fanout_release(sk);
3038
3039 synchronize_net();
3040
3041 if (f) {
3042 fanout_release_data(f);
3043 kfree(f);
3044 }
3045 /*
3046 * Now the socket is dead. No more input will appear.
3047 */
3048 sock_orphan(sk);
3049 sock->sk = NULL;
3050
3051 /* Purge queues */
3052
3053 skb_queue_purge(&sk->sk_receive_queue);
3054 packet_free_pending(po);
3055 sk_refcnt_debug_release(sk);
3056
3057 sock_put(sk);
3058 return 0;
3059 }
3060
3061 /*
3062 * Attach a packet hook.
3063 */
3064
3065 static int packet_do_bind(struct sock *sk, const char *name, int ifindex,
3066 __be16 proto)
3067 {
3068 struct packet_sock *po = pkt_sk(sk);
3069 struct net_device *dev_curr;
3070 __be16 proto_curr;
3071 bool need_rehook;
3072 struct net_device *dev = NULL;
3073 int ret = 0;
3074 bool unlisted = false;
3075
3076 lock_sock(sk);
3077 spin_lock(&po->bind_lock);
3078 rcu_read_lock();
3079
3080 if (po->fanout) {
3081 ret = -EINVAL;
3082 goto out_unlock;
3083 }
3084
3085 if (name) {
3086 dev = dev_get_by_name_rcu(sock_net(sk), name);
3087 if (!dev) {
3088 ret = -ENODEV;
3089 goto out_unlock;
3090 }
3091 } else if (ifindex) {
3092 dev = dev_get_by_index_rcu(sock_net(sk), ifindex);
3093 if (!dev) {
3094 ret = -ENODEV;
3095 goto out_unlock;
3096 }
3097 }
3098
3099 if (dev)
3100 dev_hold(dev);
3101
3102 proto_curr = po->prot_hook.type;
3103 dev_curr = po->prot_hook.dev;
3104
3105 need_rehook = proto_curr != proto || dev_curr != dev;
3106
3107 if (need_rehook) {
3108 if (po->running) {
3109 rcu_read_unlock();
3110 __unregister_prot_hook(sk, true);
3111 rcu_read_lock();
3112 dev_curr = po->prot_hook.dev;
3113 if (dev)
3114 unlisted = !dev_get_by_index_rcu(sock_net(sk),
3115 dev->ifindex);
3116 }
3117
3118 po->num = proto;
3119 po->prot_hook.type = proto;
3120
3121 if (unlikely(unlisted)) {
3122 dev_put(dev);
3123 po->prot_hook.dev = NULL;
3124 po->ifindex = -1;
3125 packet_cached_dev_reset(po);
3126 } else {
3127 po->prot_hook.dev = dev;
3128 po->ifindex = dev ? dev->ifindex : 0;
3129 packet_cached_dev_assign(po, dev);
3130 }
3131 }
3132 if (dev_curr)
3133 dev_put(dev_curr);
3134
3135 if (proto == 0 || !need_rehook)
3136 goto out_unlock;
3137
3138 if (!unlisted && (!dev || (dev->flags & IFF_UP))) {
3139 register_prot_hook(sk);
3140 } else {
3141 sk->sk_err = ENETDOWN;
3142 if (!sock_flag(sk, SOCK_DEAD))
3143 sk->sk_error_report(sk);
3144 }
3145
3146 out_unlock:
3147 rcu_read_unlock();
3148 spin_unlock(&po->bind_lock);
3149 release_sock(sk);
3150 return ret;
3151 }
3152
3153 /*
3154 * Bind a packet socket to a device
3155 */
3156
3157 static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr,
3158 int addr_len)
3159 {
3160 struct sock *sk = sock->sk;
3161 char name[sizeof(uaddr->sa_data) + 1];
3162
3163 /*
3164 * Check legality
3165 */
3166
3167 if (addr_len != sizeof(struct sockaddr))
3168 return -EINVAL;
3169 /* uaddr->sa_data comes from the userspace, it's not guaranteed to be
3170 * zero-terminated.
3171 */
3172 memcpy(name, uaddr->sa_data, sizeof(uaddr->sa_data));
3173 name[sizeof(uaddr->sa_data)] = 0;
3174
3175 return packet_do_bind(sk, name, 0, pkt_sk(sk)->num);
3176 }
3177
3178 static int packet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
3179 {
3180 struct sockaddr_ll *sll = (struct sockaddr_ll *)uaddr;
3181 struct sock *sk = sock->sk;
3182
3183 /*
3184 * Check legality
3185 */
3186
3187 if (addr_len < sizeof(struct sockaddr_ll))
3188 return -EINVAL;
3189 if (sll->sll_family != AF_PACKET)
3190 return -EINVAL;
3191
3192 return packet_do_bind(sk, NULL, sll->sll_ifindex,
3193 sll->sll_protocol ? : pkt_sk(sk)->num);
3194 }
3195
3196 static struct proto packet_proto = {
3197 .name = "PACKET",
3198 .owner = THIS_MODULE,
3199 .obj_size = sizeof(struct packet_sock),
3200 };
3201
3202 /*
3203 * Create a packet of type SOCK_PACKET.
3204 */
3205
3206 static int packet_create(struct net *net, struct socket *sock, int protocol,
3207 int kern)
3208 {
3209 struct sock *sk;
3210 struct packet_sock *po;
3211 __be16 proto = (__force __be16)protocol; /* weird, but documented */
3212 int err;
3213
3214 if (!ns_capable(net->user_ns, CAP_NET_RAW))
3215 return -EPERM;
3216 if (sock->type != SOCK_DGRAM && sock->type != SOCK_RAW &&
3217 sock->type != SOCK_PACKET)
3218 return -ESOCKTNOSUPPORT;
3219
3220 sock->state = SS_UNCONNECTED;
3221
3222 err = -ENOBUFS;
3223 sk = sk_alloc(net, PF_PACKET, GFP_KERNEL, &packet_proto, kern);
3224 if (sk == NULL)
3225 goto out;
3226
3227 sock->ops = &packet_ops;
3228 if (sock->type == SOCK_PACKET)
3229 sock->ops = &packet_ops_spkt;
3230
3231 sock_init_data(sock, sk);
3232
3233 po = pkt_sk(sk);
3234 sk->sk_family = PF_PACKET;
3235 po->num = proto;
3236 po->xmit = dev_queue_xmit;
3237
3238 err = packet_alloc_pending(po);
3239 if (err)
3240 goto out2;
3241
3242 packet_cached_dev_reset(po);
3243
3244 sk->sk_destruct = packet_sock_destruct;
3245 sk_refcnt_debug_inc(sk);
3246
3247 /*
3248 * Attach a protocol block
3249 */
3250
3251 spin_lock_init(&po->bind_lock);
3252 mutex_init(&po->pg_vec_lock);
3253 po->rollover = NULL;
3254 po->prot_hook.func = packet_rcv;
3255
3256 if (sock->type == SOCK_PACKET)
3257 po->prot_hook.func = packet_rcv_spkt;
3258
3259 po->prot_hook.af_packet_priv = sk;
3260
3261 if (proto) {
3262 po->prot_hook.type = proto;
3263 register_prot_hook(sk);
3264 }
3265
3266 mutex_lock(&net->packet.sklist_lock);
3267 sk_add_node_rcu(sk, &net->packet.sklist);
3268 mutex_unlock(&net->packet.sklist_lock);
3269
3270 preempt_disable();
3271 sock_prot_inuse_add(net, &packet_proto, 1);
3272 preempt_enable();
3273
3274 return 0;
3275 out2:
3276 sk_free(sk);
3277 out:
3278 return err;
3279 }
3280
3281 /*
3282 * Pull a packet from our receive queue and hand it to the user.
3283 * If necessary we block.
3284 */
3285
3286 static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
3287 int flags)
3288 {
3289 struct sock *sk = sock->sk;
3290 struct sk_buff *skb;
3291 int copied, err;
3292 int vnet_hdr_len = 0;
3293 unsigned int origlen = 0;
3294
3295 err = -EINVAL;
3296 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT|MSG_ERRQUEUE))
3297 goto out;
3298
3299 #if 0
3300 /* What error should we return now? EUNATTACH? */
3301 if (pkt_sk(sk)->ifindex < 0)
3302 return -ENODEV;
3303 #endif
3304
3305 if (flags & MSG_ERRQUEUE) {
3306 err = sock_recv_errqueue(sk, msg, len,
3307 SOL_PACKET, PACKET_TX_TIMESTAMP);
3308 goto out;
3309 }
3310
3311 /*
3312 * Call the generic datagram receiver. This handles all sorts
3313 * of horrible races and re-entrancy so we can forget about it
3314 * in the protocol layers.
3315 *
3316 * Now it will return ENETDOWN, if device have just gone down,
3317 * but then it will block.
3318 */
3319
3320 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err);
3321
3322 /*
3323 * An error occurred so return it. Because skb_recv_datagram()
3324 * handles the blocking we don't see and worry about blocking
3325 * retries.
3326 */
3327
3328 if (skb == NULL)
3329 goto out;
3330
3331 if (pkt_sk(sk)->pressure)
3332 packet_rcv_has_room(pkt_sk(sk), NULL);
3333
3334 if (pkt_sk(sk)->has_vnet_hdr) {
3335 err = packet_rcv_vnet(msg, skb, &len);
3336 if (err)
3337 goto out_free;
3338 vnet_hdr_len = sizeof(struct virtio_net_hdr);
3339 }
3340
3341 /* You lose any data beyond the buffer you gave. If it worries
3342 * a user program they can ask the device for its MTU
3343 * anyway.
3344 */
3345 copied = skb->len;
3346 if (copied > len) {
3347 copied = len;
3348 msg->msg_flags |= MSG_TRUNC;
3349 }
3350
3351 err = skb_copy_datagram_msg(skb, 0, msg, copied);
3352 if (err)
3353 goto out_free;
3354
3355 if (sock->type != SOCK_PACKET) {
3356 struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll;
3357
3358 /* Original length was stored in sockaddr_ll fields */
3359 origlen = PACKET_SKB_CB(skb)->sa.origlen;
3360 sll->sll_family = AF_PACKET;
3361 sll->sll_protocol = skb->protocol;
3362 }
3363
3364 sock_recv_ts_and_drops(msg, sk, skb);
3365
3366 if (msg->msg_name) {
3367 /* If the address length field is there to be filled
3368 * in, we fill it in now.
3369 */
3370 if (sock->type == SOCK_PACKET) {
3371 __sockaddr_check_size(sizeof(struct sockaddr_pkt));
3372 msg->msg_namelen = sizeof(struct sockaddr_pkt);
3373 } else {
3374 struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll;
3375
3376 msg->msg_namelen = sll->sll_halen +
3377 offsetof(struct sockaddr_ll, sll_addr);
3378 }
3379 memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa,
3380 msg->msg_namelen);
3381 }
3382
3383 if (pkt_sk(sk)->auxdata) {
3384 struct tpacket_auxdata aux;
3385
3386 aux.tp_status = TP_STATUS_USER;
3387 if (skb->ip_summed == CHECKSUM_PARTIAL)
3388 aux.tp_status |= TP_STATUS_CSUMNOTREADY;
3389 else if (skb->pkt_type != PACKET_OUTGOING &&
3390 (skb->ip_summed == CHECKSUM_COMPLETE ||
3391 skb_csum_unnecessary(skb)))
3392 aux.tp_status |= TP_STATUS_CSUM_VALID;
3393
3394 aux.tp_len = origlen;
3395 aux.tp_snaplen = skb->len;
3396 aux.tp_mac = 0;
3397 aux.tp_net = skb_network_offset(skb);
3398 if (skb_vlan_tag_present(skb)) {
3399 aux.tp_vlan_tci = skb_vlan_tag_get(skb);
3400 aux.tp_vlan_tpid = ntohs(skb->vlan_proto);
3401 aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID;
3402 } else {
3403 aux.tp_vlan_tci = 0;
3404 aux.tp_vlan_tpid = 0;
3405 }
3406 put_cmsg(msg, SOL_PACKET, PACKET_AUXDATA, sizeof(aux), &aux);
3407 }
3408
3409 /*
3410 * Free or return the buffer as appropriate. Again this
3411 * hides all the races and re-entrancy issues from us.
3412 */
3413 err = vnet_hdr_len + ((flags&MSG_TRUNC) ? skb->len : copied);
3414
3415 out_free:
3416 skb_free_datagram(sk, skb);
3417 out:
3418 return err;
3419 }
3420
3421 static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr,
3422 int *uaddr_len, int peer)
3423 {
3424 struct net_device *dev;
3425 struct sock *sk = sock->sk;
3426
3427 if (peer)
3428 return -EOPNOTSUPP;
3429
3430 uaddr->sa_family = AF_PACKET;
3431 memset(uaddr->sa_data, 0, sizeof(uaddr->sa_data));
3432 rcu_read_lock();
3433 dev = dev_get_by_index_rcu(sock_net(sk), pkt_sk(sk)->ifindex);
3434 if (dev)
3435 strlcpy(uaddr->sa_data, dev->name, sizeof(uaddr->sa_data));
3436 rcu_read_unlock();
3437 *uaddr_len = sizeof(*uaddr);
3438
3439 return 0;
3440 }
3441
3442 static int packet_getname(struct socket *sock, struct sockaddr *uaddr,
3443 int *uaddr_len, int peer)
3444 {
3445 struct net_device *dev;
3446 struct sock *sk = sock->sk;
3447 struct packet_sock *po = pkt_sk(sk);
3448 DECLARE_SOCKADDR(struct sockaddr_ll *, sll, uaddr);
3449
3450 if (peer)
3451 return -EOPNOTSUPP;
3452
3453 sll->sll_family = AF_PACKET;
3454 sll->sll_ifindex = po->ifindex;
3455 sll->sll_protocol = po->num;
3456 sll->sll_pkttype = 0;
3457 rcu_read_lock();
3458 dev = dev_get_by_index_rcu(sock_net(sk), po->ifindex);
3459 if (dev) {
3460 sll->sll_hatype = dev->type;
3461 sll->sll_halen = dev->addr_len;
3462 memcpy(sll->sll_addr, dev->dev_addr, dev->addr_len);
3463 } else {
3464 sll->sll_hatype = 0; /* Bad: we have no ARPHRD_UNSPEC */
3465 sll->sll_halen = 0;
3466 }
3467 rcu_read_unlock();
3468 *uaddr_len = offsetof(struct sockaddr_ll, sll_addr) + sll->sll_halen;
3469
3470 return 0;
3471 }
3472
3473 static int packet_dev_mc(struct net_device *dev, struct packet_mclist *i,
3474 int what)
3475 {
3476 switch (i->type) {
3477 case PACKET_MR_MULTICAST:
3478 if (i->alen != dev->addr_len)
3479 return -EINVAL;
3480 if (what > 0)
3481 return dev_mc_add(dev, i->addr);
3482 else
3483 return dev_mc_del(dev, i->addr);
3484 break;
3485 case PACKET_MR_PROMISC:
3486 return dev_set_promiscuity(dev, what);
3487 case PACKET_MR_ALLMULTI:
3488 return dev_set_allmulti(dev, what);
3489 case PACKET_MR_UNICAST:
3490 if (i->alen != dev->addr_len)
3491 return -EINVAL;
3492 if (what > 0)
3493 return dev_uc_add(dev, i->addr);
3494 else
3495 return dev_uc_del(dev, i->addr);
3496 break;
3497 default:
3498 break;
3499 }
3500 return 0;
3501 }
3502
3503 static void packet_dev_mclist_delete(struct net_device *dev,
3504 struct packet_mclist **mlp)
3505 {
3506 struct packet_mclist *ml;
3507
3508 while ((ml = *mlp) != NULL) {
3509 if (ml->ifindex == dev->ifindex) {
3510 packet_dev_mc(dev, ml, -1);
3511 *mlp = ml->next;
3512 kfree(ml);
3513 } else
3514 mlp = &ml->next;
3515 }
3516 }
3517
3518 static int packet_mc_add(struct sock *sk, struct packet_mreq_max *mreq)
3519 {
3520 struct packet_sock *po = pkt_sk(sk);
3521 struct packet_mclist *ml, *i;
3522 struct net_device *dev;
3523 int err;
3524
3525 rtnl_lock();
3526
3527 err = -ENODEV;
3528 dev = __dev_get_by_index(sock_net(sk), mreq->mr_ifindex);
3529 if (!dev)
3530 goto done;
3531
3532 err = -EINVAL;
3533 if (mreq->mr_alen > dev->addr_len)
3534 goto done;
3535
3536 err = -ENOBUFS;
3537 i = kmalloc(sizeof(*i), GFP_KERNEL);
3538 if (i == NULL)
3539 goto done;
3540
3541 err = 0;
3542 for (ml = po->mclist; ml; ml = ml->next) {
3543 if (ml->ifindex == mreq->mr_ifindex &&
3544 ml->type == mreq->mr_type &&
3545 ml->alen == mreq->mr_alen &&
3546 memcmp(ml->addr, mreq->mr_address, ml->alen) == 0) {
3547 ml->count++;
3548 /* Free the new element ... */
3549 kfree(i);
3550 goto done;
3551 }
3552 }
3553
3554 i->type = mreq->mr_type;
3555 i->ifindex = mreq->mr_ifindex;
3556 i->alen = mreq->mr_alen;
3557 memcpy(i->addr, mreq->mr_address, i->alen);
3558 memset(i->addr + i->alen, 0, sizeof(i->addr) - i->alen);
3559 i->count = 1;
3560 i->next = po->mclist;
3561 po->mclist = i;
3562 err = packet_dev_mc(dev, i, 1);
3563 if (err) {
3564 po->mclist = i->next;
3565 kfree(i);
3566 }
3567
3568 done:
3569 rtnl_unlock();
3570 return err;
3571 }
3572
3573 static int packet_mc_drop(struct sock *sk, struct packet_mreq_max *mreq)
3574 {
3575 struct packet_mclist *ml, **mlp;
3576
3577 rtnl_lock();
3578
3579 for (mlp = &pkt_sk(sk)->mclist; (ml = *mlp) != NULL; mlp = &ml->next) {
3580 if (ml->ifindex == mreq->mr_ifindex &&
3581 ml->type == mreq->mr_type &&
3582 ml->alen == mreq->mr_alen &&
3583 memcmp(ml->addr, mreq->mr_address, ml->alen) == 0) {
3584 if (--ml->count == 0) {
3585 struct net_device *dev;
3586 *mlp = ml->next;
3587 dev = __dev_get_by_index(sock_net(sk), ml->ifindex);
3588 if (dev)
3589 packet_dev_mc(dev, ml, -1);
3590 kfree(ml);
3591 }
3592 break;
3593 }
3594 }
3595 rtnl_unlock();
3596 return 0;
3597 }
3598
3599 static void packet_flush_mclist(struct sock *sk)
3600 {
3601 struct packet_sock *po = pkt_sk(sk);
3602 struct packet_mclist *ml;
3603
3604 if (!po->mclist)
3605 return;
3606
3607 rtnl_lock();
3608 while ((ml = po->mclist) != NULL) {
3609 struct net_device *dev;
3610
3611 po->mclist = ml->next;
3612 dev = __dev_get_by_index(sock_net(sk), ml->ifindex);
3613 if (dev != NULL)
3614 packet_dev_mc(dev, ml, -1);
3615 kfree(ml);
3616 }
3617 rtnl_unlock();
3618 }
3619
3620 static int
3621 packet_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
3622 {
3623 struct sock *sk = sock->sk;
3624 struct packet_sock *po = pkt_sk(sk);
3625 int ret;
3626
3627 if (level != SOL_PACKET)
3628 return -ENOPROTOOPT;
3629
3630 switch (optname) {
3631 case PACKET_ADD_MEMBERSHIP:
3632 case PACKET_DROP_MEMBERSHIP:
3633 {
3634 struct packet_mreq_max mreq;
3635 int len = optlen;
3636 memset(&mreq, 0, sizeof(mreq));
3637 if (len < sizeof(struct packet_mreq))
3638 return -EINVAL;
3639 if (len > sizeof(mreq))
3640 len = sizeof(mreq);
3641 if (copy_from_user(&mreq, optval, len))
3642 return -EFAULT;
3643 if (len < (mreq.mr_alen + offsetof(struct packet_mreq, mr_address)))
3644 return -EINVAL;
3645 if (optname == PACKET_ADD_MEMBERSHIP)
3646 ret = packet_mc_add(sk, &mreq);
3647 else
3648 ret = packet_mc_drop(sk, &mreq);
3649 return ret;
3650 }
3651
3652 case PACKET_RX_RING:
3653 case PACKET_TX_RING:
3654 {
3655 union tpacket_req_u req_u;
3656 int len;
3657
3658 switch (po->tp_version) {
3659 case TPACKET_V1:
3660 case TPACKET_V2:
3661 len = sizeof(req_u.req);
3662 break;
3663 case TPACKET_V3:
3664 default:
3665 len = sizeof(req_u.req3);
3666 break;
3667 }
3668 if (optlen < len)
3669 return -EINVAL;
3670 if (copy_from_user(&req_u.req, optval, len))
3671 return -EFAULT;
3672 return packet_set_ring(sk, &req_u, 0,
3673 optname == PACKET_TX_RING);
3674 }
3675 case PACKET_COPY_THRESH:
3676 {
3677 int val;
3678
3679 if (optlen != sizeof(val))
3680 return -EINVAL;
3681 if (copy_from_user(&val, optval, sizeof(val)))
3682 return -EFAULT;
3683
3684 pkt_sk(sk)->copy_thresh = val;
3685 return 0;
3686 }
3687 case PACKET_VERSION:
3688 {
3689 int val;
3690
3691 if (optlen != sizeof(val))
3692 return -EINVAL;
3693 if (copy_from_user(&val, optval, sizeof(val)))
3694 return -EFAULT;
3695 switch (val) {
3696 case TPACKET_V1:
3697 case TPACKET_V2:
3698 case TPACKET_V3:
3699 break;
3700 default:
3701 return -EINVAL;
3702 }
3703 lock_sock(sk);
3704 if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) {
3705 ret = -EBUSY;
3706 } else {
3707 po->tp_version = val;
3708 ret = 0;
3709 }
3710 release_sock(sk);
3711 return ret;
3712 }
3713 case PACKET_RESERVE:
3714 {
3715 unsigned int val;
3716
3717 if (optlen != sizeof(val))
3718 return -EINVAL;
3719 if (copy_from_user(&val, optval, sizeof(val)))
3720 return -EFAULT;
3721 if (val > INT_MAX)
3722 return -EINVAL;
3723 lock_sock(sk);
3724 if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) {
3725 ret = -EBUSY;
3726 } else {
3727 po->tp_reserve = val;
3728 ret = 0;
3729 }
3730 release_sock(sk);
3731 return ret;
3732 }
3733 case PACKET_LOSS:
3734 {
3735 unsigned int val;
3736
3737 if (optlen != sizeof(val))
3738 return -EINVAL;
3739 if (po->rx_ring.pg_vec || po->tx_ring.pg_vec)
3740 return -EBUSY;
3741 if (copy_from_user(&val, optval, sizeof(val)))
3742 return -EFAULT;
3743 po->tp_loss = !!val;
3744 return 0;
3745 }
3746 case PACKET_AUXDATA:
3747 {
3748 int val;
3749
3750 if (optlen < sizeof(val))
3751 return -EINVAL;
3752 if (copy_from_user(&val, optval, sizeof(val)))
3753 return -EFAULT;
3754
3755 po->auxdata = !!val;
3756 return 0;
3757 }
3758 case PACKET_ORIGDEV:
3759 {
3760 int val;
3761
3762 if (optlen < sizeof(val))
3763 return -EINVAL;
3764 if (copy_from_user(&val, optval, sizeof(val)))
3765 return -EFAULT;
3766
3767 po->origdev = !!val;
3768 return 0;
3769 }
3770 case PACKET_VNET_HDR:
3771 {
3772 int val;
3773
3774 if (sock->type != SOCK_RAW)
3775 return -EINVAL;
3776 if (po->rx_ring.pg_vec || po->tx_ring.pg_vec)
3777 return -EBUSY;
3778 if (optlen < sizeof(val))
3779 return -EINVAL;
3780 if (copy_from_user(&val, optval, sizeof(val)))
3781 return -EFAULT;
3782
3783 po->has_vnet_hdr = !!val;
3784 return 0;
3785 }
3786 case PACKET_TIMESTAMP:
3787 {
3788 int val;
3789
3790 if (optlen != sizeof(val))
3791 return -EINVAL;
3792 if (copy_from_user(&val, optval, sizeof(val)))
3793 return -EFAULT;
3794
3795 po->tp_tstamp = val;
3796 return 0;
3797 }
3798 case PACKET_FANOUT:
3799 {
3800 int val;
3801
3802 if (optlen != sizeof(val))
3803 return -EINVAL;
3804 if (copy_from_user(&val, optval, sizeof(val)))
3805 return -EFAULT;
3806
3807 return fanout_add(sk, val & 0xffff, val >> 16);
3808 }
3809 case PACKET_FANOUT_DATA:
3810 {
3811 if (!po->fanout)
3812 return -EINVAL;
3813
3814 return fanout_set_data(po, optval, optlen);
3815 }
3816 case PACKET_TX_HAS_OFF:
3817 {
3818 unsigned int val;
3819
3820 if (optlen != sizeof(val))
3821 return -EINVAL;
3822 if (po->rx_ring.pg_vec || po->tx_ring.pg_vec)
3823 return -EBUSY;
3824 if (copy_from_user(&val, optval, sizeof(val)))
3825 return -EFAULT;
3826 po->tp_tx_has_off = !!val;
3827 return 0;
3828 }
3829 case PACKET_QDISC_BYPASS:
3830 {
3831 int val;
3832
3833 if (optlen != sizeof(val))
3834 return -EINVAL;
3835 if (copy_from_user(&val, optval, sizeof(val)))
3836 return -EFAULT;
3837
3838 po->xmit = val ? packet_direct_xmit : dev_queue_xmit;
3839 return 0;
3840 }
3841 default:
3842 return -ENOPROTOOPT;
3843 }
3844 }
3845
3846 static int packet_getsockopt(struct socket *sock, int level, int optname,
3847 char __user *optval, int __user *optlen)
3848 {
3849 int len;
3850 int val, lv = sizeof(val);
3851 struct sock *sk = sock->sk;
3852 struct packet_sock *po = pkt_sk(sk);
3853 void *data = &val;
3854 union tpacket_stats_u st;
3855 struct tpacket_rollover_stats rstats;
3856 struct packet_rollover *rollover;
3857
3858 if (level != SOL_PACKET)
3859 return -ENOPROTOOPT;
3860
3861 if (get_user(len, optlen))
3862 return -EFAULT;
3863
3864 if (len < 0)
3865 return -EINVAL;
3866
3867 switch (optname) {
3868 case PACKET_STATISTICS:
3869 spin_lock_bh(&sk->sk_receive_queue.lock);
3870 memcpy(&st, &po->stats, sizeof(st));
3871 memset(&po->stats, 0, sizeof(po->stats));
3872 spin_unlock_bh(&sk->sk_receive_queue.lock);
3873
3874 if (po->tp_version == TPACKET_V3) {
3875 lv = sizeof(struct tpacket_stats_v3);
3876 st.stats3.tp_packets += st.stats3.tp_drops;
3877 data = &st.stats3;
3878 } else {
3879 lv = sizeof(struct tpacket_stats);
3880 st.stats1.tp_packets += st.stats1.tp_drops;
3881 data = &st.stats1;
3882 }
3883
3884 break;
3885 case PACKET_AUXDATA:
3886 val = po->auxdata;
3887 break;
3888 case PACKET_ORIGDEV:
3889 val = po->origdev;
3890 break;
3891 case PACKET_VNET_HDR:
3892 val = po->has_vnet_hdr;
3893 break;
3894 case PACKET_VERSION:
3895 val = po->tp_version;
3896 break;
3897 case PACKET_HDRLEN:
3898 if (len > sizeof(int))
3899 len = sizeof(int);
3900 if (len < sizeof(int))
3901 return -EINVAL;
3902 if (copy_from_user(&val, optval, len))
3903 return -EFAULT;
3904 switch (val) {
3905 case TPACKET_V1:
3906 val = sizeof(struct tpacket_hdr);
3907 break;
3908 case TPACKET_V2:
3909 val = sizeof(struct tpacket2_hdr);
3910 break;
3911 case TPACKET_V3:
3912 val = sizeof(struct tpacket3_hdr);
3913 break;
3914 default:
3915 return -EINVAL;
3916 }
3917 break;
3918 case PACKET_RESERVE:
3919 val = po->tp_reserve;
3920 break;
3921 case PACKET_LOSS:
3922 val = po->tp_loss;
3923 break;
3924 case PACKET_TIMESTAMP:
3925 val = po->tp_tstamp;
3926 break;
3927 case PACKET_FANOUT:
3928 val = (po->fanout ?
3929 ((u32)po->fanout->id |
3930 ((u32)po->fanout->type << 16) |
3931 ((u32)po->fanout->flags << 24)) :
3932 0);
3933 break;
3934 case PACKET_ROLLOVER_STATS:
3935 rcu_read_lock();
3936 rollover = rcu_dereference(po->rollover);
3937 if (rollover) {
3938 rstats.tp_all = atomic_long_read(&rollover->num);
3939 rstats.tp_huge = atomic_long_read(&rollover->num_huge);
3940 rstats.tp_failed = atomic_long_read(&rollover->num_failed);
3941 data = &rstats;
3942 lv = sizeof(rstats);
3943 }
3944 rcu_read_unlock();
3945 if (!rollover)
3946 return -EINVAL;
3947 break;
3948 case PACKET_TX_HAS_OFF:
3949 val = po->tp_tx_has_off;
3950 break;
3951 case PACKET_QDISC_BYPASS:
3952 val = packet_use_direct_xmit(po);
3953 break;
3954 default:
3955 return -ENOPROTOOPT;
3956 }
3957
3958 if (len > lv)
3959 len = lv;
3960 if (put_user(len, optlen))
3961 return -EFAULT;
3962 if (copy_to_user(optval, data, len))
3963 return -EFAULT;
3964 return 0;
3965 }
3966
3967
3968 #ifdef CONFIG_COMPAT
3969 static int compat_packet_setsockopt(struct socket *sock, int level, int optname,
3970 char __user *optval, unsigned int optlen)
3971 {
3972 struct packet_sock *po = pkt_sk(sock->sk);
3973
3974 if (level != SOL_PACKET)
3975 return -ENOPROTOOPT;
3976
3977 if (optname == PACKET_FANOUT_DATA &&
3978 po->fanout && po->fanout->type == PACKET_FANOUT_CBPF) {
3979 optval = (char __user *)get_compat_bpf_fprog(optval);
3980 if (!optval)
3981 return -EFAULT;
3982 optlen = sizeof(struct sock_fprog);
3983 }
3984
3985 return packet_setsockopt(sock, level, optname, optval, optlen);
3986 }
3987 #endif
3988
3989 static int packet_notifier(struct notifier_block *this,
3990 unsigned long msg, void *ptr)
3991 {
3992 struct sock *sk;
3993 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
3994 struct net *net = dev_net(dev);
3995
3996 rcu_read_lock();
3997 sk_for_each_rcu(sk, &net->packet.sklist) {
3998 struct packet_sock *po = pkt_sk(sk);
3999
4000 switch (msg) {
4001 case NETDEV_UNREGISTER:
4002 if (po->mclist)
4003 packet_dev_mclist_delete(dev, &po->mclist);
4004 /* fallthrough */
4005
4006 case NETDEV_DOWN:
4007 if (dev->ifindex == po->ifindex) {
4008 spin_lock(&po->bind_lock);
4009 if (po->running) {
4010 __unregister_prot_hook(sk, false);
4011 sk->sk_err = ENETDOWN;
4012 if (!sock_flag(sk, SOCK_DEAD))
4013 sk->sk_error_report(sk);
4014 }
4015 if (msg == NETDEV_UNREGISTER) {
4016 packet_cached_dev_reset(po);
4017 po->ifindex = -1;
4018 if (po->prot_hook.dev)
4019 dev_put(po->prot_hook.dev);
4020 po->prot_hook.dev = NULL;
4021 }
4022 spin_unlock(&po->bind_lock);
4023 }
4024 break;
4025 case NETDEV_UP:
4026 if (dev->ifindex == po->ifindex) {
4027 spin_lock(&po->bind_lock);
4028 if (po->num)
4029 register_prot_hook(sk);
4030 spin_unlock(&po->bind_lock);
4031 }
4032 break;
4033 }
4034 }
4035 rcu_read_unlock();
4036 return NOTIFY_DONE;
4037 }
4038
4039
4040 static int packet_ioctl(struct socket *sock, unsigned int cmd,
4041 unsigned long arg)
4042 {
4043 struct sock *sk = sock->sk;
4044
4045 switch (cmd) {
4046 case SIOCOUTQ:
4047 {
4048 int amount = sk_wmem_alloc_get(sk);
4049
4050 return put_user(amount, (int __user *)arg);
4051 }
4052 case SIOCINQ:
4053 {
4054 struct sk_buff *skb;
4055 int amount = 0;
4056
4057 spin_lock_bh(&sk->sk_receive_queue.lock);
4058 skb = skb_peek(&sk->sk_receive_queue);
4059 if (skb)
4060 amount = skb->len;
4061 spin_unlock_bh(&sk->sk_receive_queue.lock);
4062 return put_user(amount, (int __user *)arg);
4063 }
4064 case SIOCGSTAMP:
4065 return sock_get_timestamp(sk, (struct timeval __user *)arg);
4066 case SIOCGSTAMPNS:
4067 return sock_get_timestampns(sk, (struct timespec __user *)arg);
4068
4069 #ifdef CONFIG_INET
4070 case SIOCADDRT:
4071 case SIOCDELRT:
4072 case SIOCDARP:
4073 case SIOCGARP:
4074 case SIOCSARP:
4075 case SIOCGIFADDR:
4076 case SIOCSIFADDR:
4077 case SIOCGIFBRDADDR:
4078 case SIOCSIFBRDADDR:
4079 case SIOCGIFNETMASK:
4080 case SIOCSIFNETMASK:
4081 case SIOCGIFDSTADDR:
4082 case SIOCSIFDSTADDR:
4083 case SIOCSIFFLAGS:
4084 return inet_dgram_ops.ioctl(sock, cmd, arg);
4085 #endif
4086
4087 default:
4088 return -ENOIOCTLCMD;
4089 }
4090 return 0;
4091 }
4092
4093 static unsigned int packet_poll(struct file *file, struct socket *sock,
4094 poll_table *wait)
4095 {
4096 struct sock *sk = sock->sk;
4097 struct packet_sock *po = pkt_sk(sk);
4098 unsigned int mask = datagram_poll(file, sock, wait);
4099
4100 spin_lock_bh(&sk->sk_receive_queue.lock);
4101 if (po->rx_ring.pg_vec) {
4102 if (!packet_previous_rx_frame(po, &po->rx_ring,
4103 TP_STATUS_KERNEL))
4104 mask |= POLLIN | POLLRDNORM;
4105 }
4106 if (po->pressure && __packet_rcv_has_room(po, NULL) == ROOM_NORMAL)
4107 po->pressure = 0;
4108 spin_unlock_bh(&sk->sk_receive_queue.lock);
4109 spin_lock_bh(&sk->sk_write_queue.lock);
4110 if (po->tx_ring.pg_vec) {
4111 if (packet_current_frame(po, &po->tx_ring, TP_STATUS_AVAILABLE))
4112 mask |= POLLOUT | POLLWRNORM;
4113 }
4114 spin_unlock_bh(&sk->sk_write_queue.lock);
4115 return mask;
4116 }
4117
4118
4119 /* Dirty? Well, I still did not learn better way to account
4120 * for user mmaps.
4121 */
4122
4123 static void packet_mm_open(struct vm_area_struct *vma)
4124 {
4125 struct file *file = vma->vm_file;
4126 struct socket *sock = file->private_data;
4127 struct sock *sk = sock->sk;
4128
4129 if (sk)
4130 atomic_inc(&pkt_sk(sk)->mapped);
4131 }
4132
4133 static void packet_mm_close(struct vm_area_struct *vma)
4134 {
4135 struct file *file = vma->vm_file;
4136 struct socket *sock = file->private_data;
4137 struct sock *sk = sock->sk;
4138
4139 if (sk)
4140 atomic_dec(&pkt_sk(sk)->mapped);
4141 }
4142
4143 static const struct vm_operations_struct packet_mmap_ops = {
4144 .open = packet_mm_open,
4145 .close = packet_mm_close,
4146 };
4147
4148 static void free_pg_vec(struct pgv *pg_vec, unsigned int order,
4149 unsigned int len)
4150 {
4151 int i;
4152
4153 for (i = 0; i < len; i++) {
4154 if (likely(pg_vec[i].buffer)) {
4155 if (is_vmalloc_addr(pg_vec[i].buffer))
4156 vfree(pg_vec[i].buffer);
4157 else
4158 free_pages((unsigned long)pg_vec[i].buffer,
4159 order);
4160 pg_vec[i].buffer = NULL;
4161 }
4162 }
4163 kfree(pg_vec);
4164 }
4165
4166 static char *alloc_one_pg_vec_page(unsigned long order)
4167 {
4168 char *buffer;
4169 gfp_t gfp_flags = GFP_KERNEL | __GFP_COMP |
4170 __GFP_ZERO | __GFP_NOWARN | __GFP_NORETRY;
4171
4172 buffer = (char *) __get_free_pages(gfp_flags, order);
4173 if (buffer)
4174 return buffer;
4175
4176 /* __get_free_pages failed, fall back to vmalloc */
4177 buffer = vzalloc((1 << order) * PAGE_SIZE);
4178 if (buffer)
4179 return buffer;
4180
4181 /* vmalloc failed, lets dig into swap here */
4182 gfp_flags &= ~__GFP_NORETRY;
4183 buffer = (char *) __get_free_pages(gfp_flags, order);
4184 if (buffer)
4185 return buffer;
4186
4187 /* complete and utter failure */
4188 return NULL;
4189 }
4190
4191 static struct pgv *alloc_pg_vec(struct tpacket_req *req, int order)
4192 {
4193 unsigned int block_nr = req->tp_block_nr;
4194 struct pgv *pg_vec;
4195 int i;
4196
4197 pg_vec = kcalloc(block_nr, sizeof(struct pgv), GFP_KERNEL);
4198 if (unlikely(!pg_vec))
4199 goto out;
4200
4201 for (i = 0; i < block_nr; i++) {
4202 pg_vec[i].buffer = alloc_one_pg_vec_page(order);
4203 if (unlikely(!pg_vec[i].buffer))
4204 goto out_free_pgvec;
4205 }
4206
4207 out:
4208 return pg_vec;
4209
4210 out_free_pgvec:
4211 free_pg_vec(pg_vec, order, block_nr);
4212 pg_vec = NULL;
4213 goto out;
4214 }
4215
4216 static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
4217 int closing, int tx_ring)
4218 {
4219 struct pgv *pg_vec = NULL;
4220 struct packet_sock *po = pkt_sk(sk);
4221 int was_running, order = 0;
4222 struct packet_ring_buffer *rb;
4223 struct sk_buff_head *rb_queue;
4224 __be16 num;
4225 int err = -EINVAL;
4226 /* Added to avoid minimal code churn */
4227 struct tpacket_req *req = &req_u->req;
4228
4229 lock_sock(sk);
4230
4231 rb = tx_ring ? &po->tx_ring : &po->rx_ring;
4232 rb_queue = tx_ring ? &sk->sk_write_queue : &sk->sk_receive_queue;
4233
4234 err = -EBUSY;
4235 if (!closing) {
4236 if (atomic_read(&po->mapped))
4237 goto out;
4238 if (packet_read_pending(rb))
4239 goto out;
4240 }
4241
4242 if (req->tp_block_nr) {
4243 /* Sanity tests and some calculations */
4244 err = -EBUSY;
4245 if (unlikely(rb->pg_vec))
4246 goto out;
4247
4248 switch (po->tp_version) {
4249 case TPACKET_V1:
4250 po->tp_hdrlen = TPACKET_HDRLEN;
4251 break;
4252 case TPACKET_V2:
4253 po->tp_hdrlen = TPACKET2_HDRLEN;
4254 break;
4255 case TPACKET_V3:
4256 po->tp_hdrlen = TPACKET3_HDRLEN;
4257 break;
4258 }
4259
4260 err = -EINVAL;
4261 if (unlikely((int)req->tp_block_size <= 0))
4262 goto out;
4263 if (unlikely(!PAGE_ALIGNED(req->tp_block_size)))
4264 goto out;
4265 if (po->tp_version >= TPACKET_V3 &&
4266 req->tp_block_size <=
4267 BLK_PLUS_PRIV((u64)req_u->req3.tp_sizeof_priv))
4268 goto out;
4269 if (unlikely(req->tp_frame_size < po->tp_hdrlen +
4270 po->tp_reserve))
4271 goto out;
4272 if (unlikely(req->tp_frame_size & (TPACKET_ALIGNMENT - 1)))
4273 goto out;
4274
4275 rb->frames_per_block = req->tp_block_size / req->tp_frame_size;
4276 if (unlikely(rb->frames_per_block == 0))
4277 goto out;
4278 if (unlikely(req->tp_block_size > UINT_MAX / req->tp_block_nr))
4279 goto out;
4280 if (unlikely((rb->frames_per_block * req->tp_block_nr) !=
4281 req->tp_frame_nr))
4282 goto out;
4283
4284 err = -ENOMEM;
4285 order = get_order(req->tp_block_size);
4286 pg_vec = alloc_pg_vec(req, order);
4287 if (unlikely(!pg_vec))
4288 goto out;
4289 switch (po->tp_version) {
4290 case TPACKET_V3:
4291 /* Block transmit is not supported yet */
4292 if (!tx_ring) {
4293 init_prb_bdqc(po, rb, pg_vec, req_u);
4294 } else {
4295 struct tpacket_req3 *req3 = &req_u->req3;
4296
4297 if (req3->tp_retire_blk_tov ||
4298 req3->tp_sizeof_priv ||
4299 req3->tp_feature_req_word) {
4300 err = -EINVAL;
4301 goto out;
4302 }
4303 }
4304 break;
4305 default:
4306 break;
4307 }
4308 }
4309 /* Done */
4310 else {
4311 err = -EINVAL;
4312 if (unlikely(req->tp_frame_nr))
4313 goto out;
4314 }
4315
4316
4317 /* Detach socket from network */
4318 spin_lock(&po->bind_lock);
4319 was_running = po->running;
4320 num = po->num;
4321 if (was_running) {
4322 po->num = 0;
4323 __unregister_prot_hook(sk, false);
4324 }
4325 spin_unlock(&po->bind_lock);
4326
4327 synchronize_net();
4328
4329 err = -EBUSY;
4330 mutex_lock(&po->pg_vec_lock);
4331 if (closing || atomic_read(&po->mapped) == 0) {
4332 err = 0;
4333 spin_lock_bh(&rb_queue->lock);
4334 swap(rb->pg_vec, pg_vec);
4335 rb->frame_max = (req->tp_frame_nr - 1);
4336 rb->head = 0;
4337 rb->frame_size = req->tp_frame_size;
4338 spin_unlock_bh(&rb_queue->lock);
4339
4340 swap(rb->pg_vec_order, order);
4341 swap(rb->pg_vec_len, req->tp_block_nr);
4342
4343 rb->pg_vec_pages = req->tp_block_size/PAGE_SIZE;
4344 po->prot_hook.func = (po->rx_ring.pg_vec) ?
4345 tpacket_rcv : packet_rcv;
4346 skb_queue_purge(rb_queue);
4347 if (atomic_read(&po->mapped))
4348 pr_err("packet_mmap: vma is busy: %d\n",
4349 atomic_read(&po->mapped));
4350 }
4351 mutex_unlock(&po->pg_vec_lock);
4352
4353 spin_lock(&po->bind_lock);
4354 if (was_running) {
4355 po->num = num;
4356 register_prot_hook(sk);
4357 }
4358 spin_unlock(&po->bind_lock);
4359 if (pg_vec && (po->tp_version > TPACKET_V2)) {
4360 /* Because we don't support block-based V3 on tx-ring */
4361 if (!tx_ring)
4362 prb_shutdown_retire_blk_timer(po, rb_queue);
4363 }
4364
4365 if (pg_vec)
4366 free_pg_vec(pg_vec, order, req->tp_block_nr);
4367 out:
4368 release_sock(sk);
4369 return err;
4370 }
4371
4372 static int packet_mmap(struct file *file, struct socket *sock,
4373 struct vm_area_struct *vma)
4374 {
4375 struct sock *sk = sock->sk;
4376 struct packet_sock *po = pkt_sk(sk);
4377 unsigned long size, expected_size;
4378 struct packet_ring_buffer *rb;
4379 unsigned long start;
4380 int err = -EINVAL;
4381 int i;
4382
4383 if (vma->vm_pgoff)
4384 return -EINVAL;
4385
4386 mutex_lock(&po->pg_vec_lock);
4387
4388 expected_size = 0;
4389 for (rb = &po->rx_ring; rb <= &po->tx_ring; rb++) {
4390 if (rb->pg_vec) {
4391 expected_size += rb->pg_vec_len
4392 * rb->pg_vec_pages
4393 * PAGE_SIZE;
4394 }
4395 }
4396
4397 if (expected_size == 0)
4398 goto out;
4399
4400 size = vma->vm_end - vma->vm_start;
4401 if (size != expected_size)
4402 goto out;
4403
4404 start = vma->vm_start;
4405 for (rb = &po->rx_ring; rb <= &po->tx_ring; rb++) {
4406 if (rb->pg_vec == NULL)
4407 continue;
4408
4409 for (i = 0; i < rb->pg_vec_len; i++) {
4410 struct page *page;
4411 void *kaddr = rb->pg_vec[i].buffer;
4412 int pg_num;
4413
4414 for (pg_num = 0; pg_num < rb->pg_vec_pages; pg_num++) {
4415 page = pgv_to_page(kaddr);
4416 err = vm_insert_page(vma, start, page);
4417 if (unlikely(err))
4418 goto out;
4419 start += PAGE_SIZE;
4420 kaddr += PAGE_SIZE;
4421 }
4422 }
4423 }
4424
4425 atomic_inc(&po->mapped);
4426 vma->vm_ops = &packet_mmap_ops;
4427 err = 0;
4428
4429 out:
4430 mutex_unlock(&po->pg_vec_lock);
4431 return err;
4432 }
4433
4434 static const struct proto_ops packet_ops_spkt = {
4435 .family = PF_PACKET,
4436 .owner = THIS_MODULE,
4437 .release = packet_release,
4438 .bind = packet_bind_spkt,
4439 .connect = sock_no_connect,
4440 .socketpair = sock_no_socketpair,
4441 .accept = sock_no_accept,
4442 .getname = packet_getname_spkt,
4443 .poll = datagram_poll,
4444 .ioctl = packet_ioctl,
4445 .listen = sock_no_listen,
4446 .shutdown = sock_no_shutdown,
4447 .setsockopt = sock_no_setsockopt,
4448 .getsockopt = sock_no_getsockopt,
4449 .sendmsg = packet_sendmsg_spkt,
4450 .recvmsg = packet_recvmsg,
4451 .mmap = sock_no_mmap,
4452 .sendpage = sock_no_sendpage,
4453 };
4454
4455 static const struct proto_ops packet_ops = {
4456 .family = PF_PACKET,
4457 .owner = THIS_MODULE,
4458 .release = packet_release,
4459 .bind = packet_bind,
4460 .connect = sock_no_connect,
4461 .socketpair = sock_no_socketpair,
4462 .accept = sock_no_accept,
4463 .getname = packet_getname,
4464 .poll = packet_poll,
4465 .ioctl = packet_ioctl,
4466 .listen = sock_no_listen,
4467 .shutdown = sock_no_shutdown,
4468 .setsockopt = packet_setsockopt,
4469 .getsockopt = packet_getsockopt,
4470 #ifdef CONFIG_COMPAT
4471 .compat_setsockopt = compat_packet_setsockopt,
4472 #endif
4473 .sendmsg = packet_sendmsg,
4474 .recvmsg = packet_recvmsg,
4475 .mmap = packet_mmap,
4476 .sendpage = sock_no_sendpage,
4477 };
4478
4479 static const struct net_proto_family packet_family_ops = {
4480 .family = PF_PACKET,
4481 .create = packet_create,
4482 .owner = THIS_MODULE,
4483 };
4484
4485 static struct notifier_block packet_netdev_notifier = {
4486 .notifier_call = packet_notifier,
4487 };
4488
4489 #ifdef CONFIG_PROC_FS
4490
4491 static void *packet_seq_start(struct seq_file *seq, loff_t *pos)
4492 __acquires(RCU)
4493 {
4494 struct net *net = seq_file_net(seq);
4495
4496 rcu_read_lock();
4497 return seq_hlist_start_head_rcu(&net->packet.sklist, *pos);
4498 }
4499
4500 static void *packet_seq_next(struct seq_file *seq, void *v, loff_t *pos)
4501 {
4502 struct net *net = seq_file_net(seq);
4503 return seq_hlist_next_rcu(v, &net->packet.sklist, pos);
4504 }
4505
4506 static void packet_seq_stop(struct seq_file *seq, void *v)
4507 __releases(RCU)
4508 {
4509 rcu_read_unlock();
4510 }
4511
4512 static int packet_seq_show(struct seq_file *seq, void *v)
4513 {
4514 if (v == SEQ_START_TOKEN)
4515 seq_puts(seq, "sk RefCnt Type Proto Iface R Rmem User Inode\n");
4516 else {
4517 struct sock *s = sk_entry(v);
4518 const struct packet_sock *po = pkt_sk(s);
4519
4520 seq_printf(seq,
4521 "%pK %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n",
4522 s,
4523 refcount_read(&s->sk_refcnt),
4524 s->sk_type,
4525 ntohs(po->num),
4526 po->ifindex,
4527 po->running,
4528 atomic_read(&s->sk_rmem_alloc),
4529 from_kuid_munged(seq_user_ns(seq), sock_i_uid(s)),
4530 sock_i_ino(s));
4531 }
4532
4533 return 0;
4534 }
4535
4536 static const struct seq_operations packet_seq_ops = {
4537 .start = packet_seq_start,
4538 .next = packet_seq_next,
4539 .stop = packet_seq_stop,
4540 .show = packet_seq_show,
4541 };
4542
4543 static int packet_seq_open(struct inode *inode, struct file *file)
4544 {
4545 return seq_open_net(inode, file, &packet_seq_ops,
4546 sizeof(struct seq_net_private));
4547 }
4548
4549 static const struct file_operations packet_seq_fops = {
4550 .owner = THIS_MODULE,
4551 .open = packet_seq_open,
4552 .read = seq_read,
4553 .llseek = seq_lseek,
4554 .release = seq_release_net,
4555 };
4556
4557 #endif
4558
4559 static int __net_init packet_net_init(struct net *net)
4560 {
4561 mutex_init(&net->packet.sklist_lock);
4562 INIT_HLIST_HEAD(&net->packet.sklist);
4563
4564 if (!proc_create("packet", 0, net->proc_net, &packet_seq_fops))
4565 return -ENOMEM;
4566
4567 return 0;
4568 }
4569
4570 static void __net_exit packet_net_exit(struct net *net)
4571 {
4572 remove_proc_entry("packet", net->proc_net);
4573 }
4574
4575 static struct pernet_operations packet_net_ops = {
4576 .init = packet_net_init,
4577 .exit = packet_net_exit,
4578 };
4579
4580
4581 static void __exit packet_exit(void)
4582 {
4583 unregister_netdevice_notifier(&packet_netdev_notifier);
4584 unregister_pernet_subsys(&packet_net_ops);
4585 sock_unregister(PF_PACKET);
4586 proto_unregister(&packet_proto);
4587 }
4588
4589 static int __init packet_init(void)
4590 {
4591 int rc = proto_register(&packet_proto, 0);
4592
4593 if (rc != 0)
4594 goto out;
4595
4596 sock_register(&packet_family_ops);
4597 register_pernet_subsys(&packet_net_ops);
4598 register_netdevice_notifier(&packet_netdev_notifier);
4599 out:
4600 return rc;
4601 }
4602
4603 module_init(packet_init);
4604 module_exit(packet_exit);
4605 MODULE_LICENSE("GPL");
4606 MODULE_ALIAS_NETPROTO(PF_PACKET);
Linux with added FPC-III support