mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-11-30 13:36:45 +07:00
dbe9a4173e
Passing uids and gids on NETLINK_CB from a process in one user namespace to a process in another user namespace can result in the wrong uid or gid being presented to userspace. Avoid that problem by passing kuids and kgids instead. - define struct scm_creds for use in scm_cookie and netlink_skb_parms that holds uid and gid information in kuid_t and kgid_t. - Modify scm_set_cred to fill out scm_creds by heand instead of using cred_to_ucred to fill out struct ucred. This conversion ensures userspace does not get incorrect uid or gid values to look at. - Modify scm_recv to convert from struct scm_creds to struct ucred before copying credential values to userspace. - Modify __scm_send to populate struct scm_creds on in the scm_cookie, instead of just copying struct ucred from userspace. - Modify netlink_sendmsg to copy scm_creds instead of struct ucred into the NETLINK_CB. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
271 lines
8.6 KiB
C
271 lines
8.6 KiB
C
#ifndef __LINUX_NETLINK_H
|
|
#define __LINUX_NETLINK_H
|
|
|
|
#include <linux/socket.h> /* for __kernel_sa_family_t */
|
|
#include <linux/types.h>
|
|
|
|
#define NETLINK_ROUTE 0 /* Routing/device hook */
|
|
#define NETLINK_UNUSED 1 /* Unused number */
|
|
#define NETLINK_USERSOCK 2 /* Reserved for user mode socket protocols */
|
|
#define NETLINK_FIREWALL 3 /* Unused number, formerly ip_queue */
|
|
#define NETLINK_SOCK_DIAG 4 /* socket monitoring */
|
|
#define NETLINK_NFLOG 5 /* netfilter/iptables ULOG */
|
|
#define NETLINK_XFRM 6 /* ipsec */
|
|
#define NETLINK_SELINUX 7 /* SELinux event notifications */
|
|
#define NETLINK_ISCSI 8 /* Open-iSCSI */
|
|
#define NETLINK_AUDIT 9 /* auditing */
|
|
#define NETLINK_FIB_LOOKUP 10
|
|
#define NETLINK_CONNECTOR 11
|
|
#define NETLINK_NETFILTER 12 /* netfilter subsystem */
|
|
#define NETLINK_IP6_FW 13
|
|
#define NETLINK_DNRTMSG 14 /* DECnet routing messages */
|
|
#define NETLINK_KOBJECT_UEVENT 15 /* Kernel messages to userspace */
|
|
#define NETLINK_GENERIC 16
|
|
/* leave room for NETLINK_DM (DM Events) */
|
|
#define NETLINK_SCSITRANSPORT 18 /* SCSI Transports */
|
|
#define NETLINK_ECRYPTFS 19
|
|
#define NETLINK_RDMA 20
|
|
#define NETLINK_CRYPTO 21 /* Crypto layer */
|
|
|
|
#define NETLINK_INET_DIAG NETLINK_SOCK_DIAG
|
|
|
|
#define MAX_LINKS 32
|
|
|
|
struct sockaddr_nl {
|
|
__kernel_sa_family_t nl_family; /* AF_NETLINK */
|
|
unsigned short nl_pad; /* zero */
|
|
__u32 nl_pid; /* port ID */
|
|
__u32 nl_groups; /* multicast groups mask */
|
|
};
|
|
|
|
struct nlmsghdr {
|
|
__u32 nlmsg_len; /* Length of message including header */
|
|
__u16 nlmsg_type; /* Message content */
|
|
__u16 nlmsg_flags; /* Additional flags */
|
|
__u32 nlmsg_seq; /* Sequence number */
|
|
__u32 nlmsg_pid; /* Sending process port ID */
|
|
};
|
|
|
|
/* Flags values */
|
|
|
|
#define NLM_F_REQUEST 1 /* It is request message. */
|
|
#define NLM_F_MULTI 2 /* Multipart message, terminated by NLMSG_DONE */
|
|
#define NLM_F_ACK 4 /* Reply with ack, with zero or error code */
|
|
#define NLM_F_ECHO 8 /* Echo this request */
|
|
#define NLM_F_DUMP_INTR 16 /* Dump was inconsistent due to sequence change */
|
|
|
|
/* Modifiers to GET request */
|
|
#define NLM_F_ROOT 0x100 /* specify tree root */
|
|
#define NLM_F_MATCH 0x200 /* return all matching */
|
|
#define NLM_F_ATOMIC 0x400 /* atomic GET */
|
|
#define NLM_F_DUMP (NLM_F_ROOT|NLM_F_MATCH)
|
|
|
|
/* Modifiers to NEW request */
|
|
#define NLM_F_REPLACE 0x100 /* Override existing */
|
|
#define NLM_F_EXCL 0x200 /* Do not touch, if it exists */
|
|
#define NLM_F_CREATE 0x400 /* Create, if it does not exist */
|
|
#define NLM_F_APPEND 0x800 /* Add to end of list */
|
|
|
|
/*
|
|
4.4BSD ADD NLM_F_CREATE|NLM_F_EXCL
|
|
4.4BSD CHANGE NLM_F_REPLACE
|
|
|
|
True CHANGE NLM_F_CREATE|NLM_F_REPLACE
|
|
Append NLM_F_CREATE
|
|
Check NLM_F_EXCL
|
|
*/
|
|
|
|
#define NLMSG_ALIGNTO 4U
|
|
#define NLMSG_ALIGN(len) ( ((len)+NLMSG_ALIGNTO-1) & ~(NLMSG_ALIGNTO-1) )
|
|
#define NLMSG_HDRLEN ((int) NLMSG_ALIGN(sizeof(struct nlmsghdr)))
|
|
#define NLMSG_LENGTH(len) ((len)+NLMSG_ALIGN(NLMSG_HDRLEN))
|
|
#define NLMSG_SPACE(len) NLMSG_ALIGN(NLMSG_LENGTH(len))
|
|
#define NLMSG_DATA(nlh) ((void*)(((char*)nlh) + NLMSG_LENGTH(0)))
|
|
#define NLMSG_NEXT(nlh,len) ((len) -= NLMSG_ALIGN((nlh)->nlmsg_len), \
|
|
(struct nlmsghdr*)(((char*)(nlh)) + NLMSG_ALIGN((nlh)->nlmsg_len)))
|
|
#define NLMSG_OK(nlh,len) ((len) >= (int)sizeof(struct nlmsghdr) && \
|
|
(nlh)->nlmsg_len >= sizeof(struct nlmsghdr) && \
|
|
(nlh)->nlmsg_len <= (len))
|
|
#define NLMSG_PAYLOAD(nlh,len) ((nlh)->nlmsg_len - NLMSG_SPACE((len)))
|
|
|
|
#define NLMSG_NOOP 0x1 /* Nothing. */
|
|
#define NLMSG_ERROR 0x2 /* Error */
|
|
#define NLMSG_DONE 0x3 /* End of a dump */
|
|
#define NLMSG_OVERRUN 0x4 /* Data lost */
|
|
|
|
#define NLMSG_MIN_TYPE 0x10 /* < 0x10: reserved control messages */
|
|
|
|
struct nlmsgerr {
|
|
int error;
|
|
struct nlmsghdr msg;
|
|
};
|
|
|
|
#define NETLINK_ADD_MEMBERSHIP 1
|
|
#define NETLINK_DROP_MEMBERSHIP 2
|
|
#define NETLINK_PKTINFO 3
|
|
#define NETLINK_BROADCAST_ERROR 4
|
|
#define NETLINK_NO_ENOBUFS 5
|
|
|
|
struct nl_pktinfo {
|
|
__u32 group;
|
|
};
|
|
|
|
#define NET_MAJOR 36 /* Major 36 is reserved for networking */
|
|
|
|
enum {
|
|
NETLINK_UNCONNECTED = 0,
|
|
NETLINK_CONNECTED,
|
|
};
|
|
|
|
/*
|
|
* <------- NLA_HDRLEN ------> <-- NLA_ALIGN(payload)-->
|
|
* +---------------------+- - -+- - - - - - - - - -+- - -+
|
|
* | Header | Pad | Payload | Pad |
|
|
* | (struct nlattr) | ing | | ing |
|
|
* +---------------------+- - -+- - - - - - - - - -+- - -+
|
|
* <-------------- nlattr->nla_len -------------->
|
|
*/
|
|
|
|
struct nlattr {
|
|
__u16 nla_len;
|
|
__u16 nla_type;
|
|
};
|
|
|
|
/*
|
|
* nla_type (16 bits)
|
|
* +---+---+-------------------------------+
|
|
* | N | O | Attribute Type |
|
|
* +---+---+-------------------------------+
|
|
* N := Carries nested attributes
|
|
* O := Payload stored in network byte order
|
|
*
|
|
* Note: The N and O flag are mutually exclusive.
|
|
*/
|
|
#define NLA_F_NESTED (1 << 15)
|
|
#define NLA_F_NET_BYTEORDER (1 << 14)
|
|
#define NLA_TYPE_MASK ~(NLA_F_NESTED | NLA_F_NET_BYTEORDER)
|
|
|
|
#define NLA_ALIGNTO 4
|
|
#define NLA_ALIGN(len) (((len) + NLA_ALIGNTO - 1) & ~(NLA_ALIGNTO - 1))
|
|
#define NLA_HDRLEN ((int) NLA_ALIGN(sizeof(struct nlattr)))
|
|
|
|
#ifdef __KERNEL__
|
|
|
|
#include <linux/capability.h>
|
|
#include <linux/skbuff.h>
|
|
#include <net/scm.h>
|
|
|
|
struct net;
|
|
|
|
static inline struct nlmsghdr *nlmsg_hdr(const struct sk_buff *skb)
|
|
{
|
|
return (struct nlmsghdr *)skb->data;
|
|
}
|
|
|
|
struct netlink_skb_parms {
|
|
struct scm_creds creds; /* Skb credentials */
|
|
__u32 pid;
|
|
__u32 dst_group;
|
|
struct sock *ssk;
|
|
};
|
|
|
|
#define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb))
|
|
#define NETLINK_CREDS(skb) (&NETLINK_CB((skb)).creds)
|
|
|
|
|
|
extern void netlink_table_grab(void);
|
|
extern void netlink_table_ungrab(void);
|
|
|
|
/* optional Netlink kernel configuration parameters */
|
|
struct netlink_kernel_cfg {
|
|
unsigned int groups;
|
|
void (*input)(struct sk_buff *skb);
|
|
struct mutex *cb_mutex;
|
|
void (*bind)(int group);
|
|
};
|
|
|
|
extern struct sock *netlink_kernel_create(struct net *net, int unit,
|
|
struct module *module,
|
|
struct netlink_kernel_cfg *cfg);
|
|
extern void netlink_kernel_release(struct sock *sk);
|
|
extern int __netlink_change_ngroups(struct sock *sk, unsigned int groups);
|
|
extern int netlink_change_ngroups(struct sock *sk, unsigned int groups);
|
|
extern void __netlink_clear_multicast_users(struct sock *sk, unsigned int group);
|
|
extern void netlink_clear_multicast_users(struct sock *sk, unsigned int group);
|
|
extern void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err);
|
|
extern int netlink_has_listeners(struct sock *sk, unsigned int group);
|
|
extern int netlink_unicast(struct sock *ssk, struct sk_buff *skb, __u32 pid, int nonblock);
|
|
extern int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, __u32 pid,
|
|
__u32 group, gfp_t allocation);
|
|
extern int netlink_broadcast_filtered(struct sock *ssk, struct sk_buff *skb,
|
|
__u32 pid, __u32 group, gfp_t allocation,
|
|
int (*filter)(struct sock *dsk, struct sk_buff *skb, void *data),
|
|
void *filter_data);
|
|
extern int netlink_set_err(struct sock *ssk, __u32 pid, __u32 group, int code);
|
|
extern int netlink_register_notifier(struct notifier_block *nb);
|
|
extern int netlink_unregister_notifier(struct notifier_block *nb);
|
|
|
|
/* finegrained unicast helpers: */
|
|
struct sock *netlink_getsockbyfilp(struct file *filp);
|
|
int netlink_attachskb(struct sock *sk, struct sk_buff *skb,
|
|
long *timeo, struct sock *ssk);
|
|
void netlink_detachskb(struct sock *sk, struct sk_buff *skb);
|
|
int netlink_sendskb(struct sock *sk, struct sk_buff *skb);
|
|
|
|
/*
|
|
* skb should fit one page. This choice is good for headerless malloc.
|
|
* But we should limit to 8K so that userspace does not have to
|
|
* use enormous buffer sizes on recvmsg() calls just to avoid
|
|
* MSG_TRUNC when PAGE_SIZE is very large.
|
|
*/
|
|
#if PAGE_SIZE < 8192UL
|
|
#define NLMSG_GOODSIZE SKB_WITH_OVERHEAD(PAGE_SIZE)
|
|
#else
|
|
#define NLMSG_GOODSIZE SKB_WITH_OVERHEAD(8192UL)
|
|
#endif
|
|
|
|
#define NLMSG_DEFAULT_SIZE (NLMSG_GOODSIZE - NLMSG_HDRLEN)
|
|
|
|
|
|
struct netlink_callback {
|
|
struct sk_buff *skb;
|
|
const struct nlmsghdr *nlh;
|
|
int (*dump)(struct sk_buff * skb,
|
|
struct netlink_callback *cb);
|
|
int (*done)(struct netlink_callback *cb);
|
|
void *data;
|
|
u16 family;
|
|
u16 min_dump_alloc;
|
|
unsigned int prev_seq, seq;
|
|
long args[6];
|
|
};
|
|
|
|
struct netlink_notify {
|
|
struct net *net;
|
|
int pid;
|
|
int protocol;
|
|
};
|
|
|
|
struct nlmsghdr *
|
|
__nlmsg_put(struct sk_buff *skb, u32 pid, u32 seq, int type, int len, int flags);
|
|
|
|
struct netlink_dump_control {
|
|
int (*dump)(struct sk_buff *skb, struct netlink_callback *);
|
|
int (*done)(struct netlink_callback*);
|
|
void *data;
|
|
u16 min_dump_alloc;
|
|
};
|
|
|
|
extern int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
|
|
const struct nlmsghdr *nlh,
|
|
struct netlink_dump_control *control);
|
|
|
|
|
|
#define NL_NONROOT_RECV 0x1
|
|
#define NL_NONROOT_SEND 0x2
|
|
extern void netlink_set_nonroot(int protocol, unsigned flag);
|
|
|
|
#endif /* __KERNEL__ */
|
|
|
|
#endif /* __LINUX_NETLINK_H */
|