062b3e1b6d
The NCSI driver defines a generic ncsi_channel_filter struct that can be used to store arbitrarily formatted filters, and several generic methods of accessing data stored in such a filter. However in both the driver and as defined in the NCSI specification there are only two actual filters: VLAN ID filters and MAC address filters. The splitting of the MAC filter into unicast, multicast, and mixed is also technically not necessary as these are stored in the same location in hardware. To save complexity, particularly in the set up and accessing of these generic filters, remove them in favour of two specific structs. These can be acted on directly and do not need several generic helper functions to use. This also fixes a memory error found by KASAN on ARM32 (which is not upstream yet), where response handlers accessing a filter's data field could write past allocated memory. [ 114.926512] ================================================================== [ 114.933861] BUG: KASAN: slab-out-of-bounds in ncsi_configure_channel+0x4b8/0xc58 [ 114.941304] Read of size 2 at addr 94888558 by task kworker/0:2/546 [ 114.947593] [ 114.949146] CPU: 0 PID: 546 Comm: kworker/0:2 Not tainted 4.16.0-rc6-00119-ge156398bfcad #13 ... [ 115.170233] The buggy address belongs to the object at 94888540 [ 115.170233] which belongs to the cache kmalloc-32 of size 32 [ 115.181917] The buggy address is located 24 bytes inside of [ 115.181917] 32-byte region [94888540, 94888560) [ 115.192115] The buggy address belongs to the page: [ 115.196943] page:9eeac100 count:1 mapcount:0 mapping:94888000 index:0x94888fc1 [ 115.204200] flags: 0x100(slab) [ 115.207330] raw: 00000100 94888000 94888fc1 0000003f 00000001 9eea2014 9eecaa74 96c003e0 [ 115.215444] page dumped because: kasan: bad access detected [ 115.221036] [ 115.222544] Memory state around the buggy address: [ 115.227384] 94888400: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 115.233959] 94888480: 00 00 00 fc fc fc fc fc 00 04 fc fc fc fc fc fc [ 115.240529] >94888500: 00 00 04 fc fc fc fc fc 00 00 04 fc fc fc fc fc [ 115.247077] ^ [ 115.252523] 94888580: 00 04 fc fc fc fc fc fc 06 fc fc fc fc fc fc fc [ 115.259093] 94888600: 00 00 06 fc fc fc fc fc 00 00 04 fc fc fc fc fc [ 115.265639] ================================================================== Reported-by: Joel Stanley <joel@jms.id.au> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com> Signed-off-by: David S. Miller <davem@davemloft.net>
421 lines
9.6 KiB
C
421 lines
9.6 KiB
C
/*
|
|
* Copyright Samuel Mendoza-Jonas, IBM Corporation 2018.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/if_arp.h>
|
|
#include <linux/rtnetlink.h>
|
|
#include <linux/etherdevice.h>
|
|
#include <linux/module.h>
|
|
#include <net/genetlink.h>
|
|
#include <net/ncsi.h>
|
|
#include <linux/skbuff.h>
|
|
#include <net/sock.h>
|
|
#include <uapi/linux/ncsi.h>
|
|
|
|
#include "internal.h"
|
|
#include "ncsi-netlink.h"
|
|
|
|
static struct genl_family ncsi_genl_family;
|
|
|
|
static const struct nla_policy ncsi_genl_policy[NCSI_ATTR_MAX + 1] = {
|
|
[NCSI_ATTR_IFINDEX] = { .type = NLA_U32 },
|
|
[NCSI_ATTR_PACKAGE_LIST] = { .type = NLA_NESTED },
|
|
[NCSI_ATTR_PACKAGE_ID] = { .type = NLA_U32 },
|
|
[NCSI_ATTR_CHANNEL_ID] = { .type = NLA_U32 },
|
|
};
|
|
|
|
static struct ncsi_dev_priv *ndp_from_ifindex(struct net *net, u32 ifindex)
|
|
{
|
|
struct ncsi_dev_priv *ndp;
|
|
struct net_device *dev;
|
|
struct ncsi_dev *nd;
|
|
struct ncsi_dev;
|
|
|
|
if (!net)
|
|
return NULL;
|
|
|
|
dev = dev_get_by_index(net, ifindex);
|
|
if (!dev) {
|
|
pr_err("NCSI netlink: No device for ifindex %u\n", ifindex);
|
|
return NULL;
|
|
}
|
|
|
|
nd = ncsi_find_dev(dev);
|
|
ndp = nd ? TO_NCSI_DEV_PRIV(nd) : NULL;
|
|
|
|
dev_put(dev);
|
|
return ndp;
|
|
}
|
|
|
|
static int ncsi_write_channel_info(struct sk_buff *skb,
|
|
struct ncsi_dev_priv *ndp,
|
|
struct ncsi_channel *nc)
|
|
{
|
|
struct ncsi_channel_vlan_filter *ncf;
|
|
struct ncsi_channel_mode *m;
|
|
struct nlattr *vid_nest;
|
|
int i;
|
|
|
|
nla_put_u32(skb, NCSI_CHANNEL_ATTR_ID, nc->id);
|
|
m = &nc->modes[NCSI_MODE_LINK];
|
|
nla_put_u32(skb, NCSI_CHANNEL_ATTR_LINK_STATE, m->data[2]);
|
|
if (nc->state == NCSI_CHANNEL_ACTIVE)
|
|
nla_put_flag(skb, NCSI_CHANNEL_ATTR_ACTIVE);
|
|
if (ndp->force_channel == nc)
|
|
nla_put_flag(skb, NCSI_CHANNEL_ATTR_FORCED);
|
|
|
|
nla_put_u32(skb, NCSI_CHANNEL_ATTR_VERSION_MAJOR, nc->version.version);
|
|
nla_put_u32(skb, NCSI_CHANNEL_ATTR_VERSION_MINOR, nc->version.alpha2);
|
|
nla_put_string(skb, NCSI_CHANNEL_ATTR_VERSION_STR, nc->version.fw_name);
|
|
|
|
vid_nest = nla_nest_start(skb, NCSI_CHANNEL_ATTR_VLAN_LIST);
|
|
if (!vid_nest)
|
|
return -ENOMEM;
|
|
ncf = &nc->vlan_filter;
|
|
i = -1;
|
|
while ((i = find_next_bit((void *)&ncf->bitmap, ncf->n_vids,
|
|
i + 1)) < ncf->n_vids) {
|
|
if (ncf->vids[i])
|
|
nla_put_u16(skb, NCSI_CHANNEL_ATTR_VLAN_ID,
|
|
ncf->vids[i]);
|
|
}
|
|
nla_nest_end(skb, vid_nest);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int ncsi_write_package_info(struct sk_buff *skb,
|
|
struct ncsi_dev_priv *ndp, unsigned int id)
|
|
{
|
|
struct nlattr *pnest, *cnest, *nest;
|
|
struct ncsi_package *np;
|
|
struct ncsi_channel *nc;
|
|
bool found;
|
|
int rc;
|
|
|
|
if (id > ndp->package_num) {
|
|
netdev_info(ndp->ndev.dev, "NCSI: No package with id %u\n", id);
|
|
return -ENODEV;
|
|
}
|
|
|
|
found = false;
|
|
NCSI_FOR_EACH_PACKAGE(ndp, np) {
|
|
if (np->id != id)
|
|
continue;
|
|
pnest = nla_nest_start(skb, NCSI_PKG_ATTR);
|
|
if (!pnest)
|
|
return -ENOMEM;
|
|
nla_put_u32(skb, NCSI_PKG_ATTR_ID, np->id);
|
|
if (ndp->force_package == np)
|
|
nla_put_flag(skb, NCSI_PKG_ATTR_FORCED);
|
|
cnest = nla_nest_start(skb, NCSI_PKG_ATTR_CHANNEL_LIST);
|
|
if (!cnest) {
|
|
nla_nest_cancel(skb, pnest);
|
|
return -ENOMEM;
|
|
}
|
|
NCSI_FOR_EACH_CHANNEL(np, nc) {
|
|
nest = nla_nest_start(skb, NCSI_CHANNEL_ATTR);
|
|
if (!nest) {
|
|
nla_nest_cancel(skb, cnest);
|
|
nla_nest_cancel(skb, pnest);
|
|
return -ENOMEM;
|
|
}
|
|
rc = ncsi_write_channel_info(skb, ndp, nc);
|
|
if (rc) {
|
|
nla_nest_cancel(skb, nest);
|
|
nla_nest_cancel(skb, cnest);
|
|
nla_nest_cancel(skb, pnest);
|
|
return rc;
|
|
}
|
|
nla_nest_end(skb, nest);
|
|
}
|
|
nla_nest_end(skb, cnest);
|
|
nla_nest_end(skb, pnest);
|
|
found = true;
|
|
}
|
|
|
|
if (!found)
|
|
return -ENODEV;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int ncsi_pkg_info_nl(struct sk_buff *msg, struct genl_info *info)
|
|
{
|
|
struct ncsi_dev_priv *ndp;
|
|
unsigned int package_id;
|
|
struct sk_buff *skb;
|
|
struct nlattr *attr;
|
|
void *hdr;
|
|
int rc;
|
|
|
|
if (!info || !info->attrs)
|
|
return -EINVAL;
|
|
|
|
if (!info->attrs[NCSI_ATTR_IFINDEX])
|
|
return -EINVAL;
|
|
|
|
if (!info->attrs[NCSI_ATTR_PACKAGE_ID])
|
|
return -EINVAL;
|
|
|
|
ndp = ndp_from_ifindex(genl_info_net(info),
|
|
nla_get_u32(info->attrs[NCSI_ATTR_IFINDEX]));
|
|
if (!ndp)
|
|
return -ENODEV;
|
|
|
|
skb = genlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
|
|
if (!skb)
|
|
return -ENOMEM;
|
|
|
|
hdr = genlmsg_put(skb, info->snd_portid, info->snd_seq,
|
|
&ncsi_genl_family, 0, NCSI_CMD_PKG_INFO);
|
|
if (!hdr) {
|
|
kfree_skb(skb);
|
|
return -EMSGSIZE;
|
|
}
|
|
|
|
package_id = nla_get_u32(info->attrs[NCSI_ATTR_PACKAGE_ID]);
|
|
|
|
attr = nla_nest_start(skb, NCSI_ATTR_PACKAGE_LIST);
|
|
if (!attr) {
|
|
kfree_skb(skb);
|
|
return -EMSGSIZE;
|
|
}
|
|
rc = ncsi_write_package_info(skb, ndp, package_id);
|
|
|
|
if (rc) {
|
|
nla_nest_cancel(skb, attr);
|
|
goto err;
|
|
}
|
|
|
|
nla_nest_end(skb, attr);
|
|
|
|
genlmsg_end(skb, hdr);
|
|
return genlmsg_reply(skb, info);
|
|
|
|
err:
|
|
genlmsg_cancel(skb, hdr);
|
|
kfree_skb(skb);
|
|
return rc;
|
|
}
|
|
|
|
static int ncsi_pkg_info_all_nl(struct sk_buff *skb,
|
|
struct netlink_callback *cb)
|
|
{
|
|
struct nlattr *attrs[NCSI_ATTR_MAX];
|
|
struct ncsi_package *np, *package;
|
|
struct ncsi_dev_priv *ndp;
|
|
unsigned int package_id;
|
|
struct nlattr *attr;
|
|
void *hdr;
|
|
int rc;
|
|
|
|
rc = genlmsg_parse(cb->nlh, &ncsi_genl_family, attrs, NCSI_ATTR_MAX,
|
|
ncsi_genl_policy, NULL);
|
|
if (rc)
|
|
return rc;
|
|
|
|
if (!attrs[NCSI_ATTR_IFINDEX])
|
|
return -EINVAL;
|
|
|
|
ndp = ndp_from_ifindex(get_net(sock_net(skb->sk)),
|
|
nla_get_u32(attrs[NCSI_ATTR_IFINDEX]));
|
|
|
|
if (!ndp)
|
|
return -ENODEV;
|
|
|
|
package_id = cb->args[0];
|
|
package = NULL;
|
|
NCSI_FOR_EACH_PACKAGE(ndp, np)
|
|
if (np->id == package_id)
|
|
package = np;
|
|
|
|
if (!package)
|
|
return 0; /* done */
|
|
|
|
hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq,
|
|
&ncsi_genl_family, 0, NCSI_CMD_PKG_INFO);
|
|
if (!hdr) {
|
|
rc = -EMSGSIZE;
|
|
goto err;
|
|
}
|
|
|
|
attr = nla_nest_start(skb, NCSI_ATTR_PACKAGE_LIST);
|
|
rc = ncsi_write_package_info(skb, ndp, package->id);
|
|
if (rc) {
|
|
nla_nest_cancel(skb, attr);
|
|
goto err;
|
|
}
|
|
|
|
nla_nest_end(skb, attr);
|
|
genlmsg_end(skb, hdr);
|
|
|
|
cb->args[0] = package_id + 1;
|
|
|
|
return skb->len;
|
|
err:
|
|
genlmsg_cancel(skb, hdr);
|
|
return rc;
|
|
}
|
|
|
|
static int ncsi_set_interface_nl(struct sk_buff *msg, struct genl_info *info)
|
|
{
|
|
struct ncsi_package *np, *package;
|
|
struct ncsi_channel *nc, *channel;
|
|
u32 package_id, channel_id;
|
|
struct ncsi_dev_priv *ndp;
|
|
unsigned long flags;
|
|
|
|
if (!info || !info->attrs)
|
|
return -EINVAL;
|
|
|
|
if (!info->attrs[NCSI_ATTR_IFINDEX])
|
|
return -EINVAL;
|
|
|
|
if (!info->attrs[NCSI_ATTR_PACKAGE_ID])
|
|
return -EINVAL;
|
|
|
|
ndp = ndp_from_ifindex(get_net(sock_net(msg->sk)),
|
|
nla_get_u32(info->attrs[NCSI_ATTR_IFINDEX]));
|
|
if (!ndp)
|
|
return -ENODEV;
|
|
|
|
package_id = nla_get_u32(info->attrs[NCSI_ATTR_PACKAGE_ID]);
|
|
package = NULL;
|
|
|
|
spin_lock_irqsave(&ndp->lock, flags);
|
|
|
|
NCSI_FOR_EACH_PACKAGE(ndp, np)
|
|
if (np->id == package_id)
|
|
package = np;
|
|
if (!package) {
|
|
/* The user has set a package that does not exist */
|
|
spin_unlock_irqrestore(&ndp->lock, flags);
|
|
return -ERANGE;
|
|
}
|
|
|
|
channel = NULL;
|
|
if (!info->attrs[NCSI_ATTR_CHANNEL_ID]) {
|
|
/* Allow any channel */
|
|
channel_id = NCSI_RESERVED_CHANNEL;
|
|
} else {
|
|
channel_id = nla_get_u32(info->attrs[NCSI_ATTR_CHANNEL_ID]);
|
|
NCSI_FOR_EACH_CHANNEL(package, nc)
|
|
if (nc->id == channel_id)
|
|
channel = nc;
|
|
}
|
|
|
|
if (channel_id != NCSI_RESERVED_CHANNEL && !channel) {
|
|
/* The user has set a channel that does not exist on this
|
|
* package
|
|
*/
|
|
spin_unlock_irqrestore(&ndp->lock, flags);
|
|
netdev_info(ndp->ndev.dev, "NCSI: Channel %u does not exist!\n",
|
|
channel_id);
|
|
return -ERANGE;
|
|
}
|
|
|
|
ndp->force_package = package;
|
|
ndp->force_channel = channel;
|
|
spin_unlock_irqrestore(&ndp->lock, flags);
|
|
|
|
netdev_info(ndp->ndev.dev, "Set package 0x%x, channel 0x%x%s as preferred\n",
|
|
package_id, channel_id,
|
|
channel_id == NCSI_RESERVED_CHANNEL ? " (any)" : "");
|
|
|
|
/* Bounce the NCSI channel to set changes */
|
|
ncsi_stop_dev(&ndp->ndev);
|
|
ncsi_start_dev(&ndp->ndev);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int ncsi_clear_interface_nl(struct sk_buff *msg, struct genl_info *info)
|
|
{
|
|
struct ncsi_dev_priv *ndp;
|
|
unsigned long flags;
|
|
|
|
if (!info || !info->attrs)
|
|
return -EINVAL;
|
|
|
|
if (!info->attrs[NCSI_ATTR_IFINDEX])
|
|
return -EINVAL;
|
|
|
|
ndp = ndp_from_ifindex(get_net(sock_net(msg->sk)),
|
|
nla_get_u32(info->attrs[NCSI_ATTR_IFINDEX]));
|
|
if (!ndp)
|
|
return -ENODEV;
|
|
|
|
/* Clear any override */
|
|
spin_lock_irqsave(&ndp->lock, flags);
|
|
ndp->force_package = NULL;
|
|
ndp->force_channel = NULL;
|
|
spin_unlock_irqrestore(&ndp->lock, flags);
|
|
netdev_info(ndp->ndev.dev, "NCSI: Cleared preferred package/channel\n");
|
|
|
|
/* Bounce the NCSI channel to set changes */
|
|
ncsi_stop_dev(&ndp->ndev);
|
|
ncsi_start_dev(&ndp->ndev);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static const struct genl_ops ncsi_ops[] = {
|
|
{
|
|
.cmd = NCSI_CMD_PKG_INFO,
|
|
.policy = ncsi_genl_policy,
|
|
.doit = ncsi_pkg_info_nl,
|
|
.dumpit = ncsi_pkg_info_all_nl,
|
|
.flags = 0,
|
|
},
|
|
{
|
|
.cmd = NCSI_CMD_SET_INTERFACE,
|
|
.policy = ncsi_genl_policy,
|
|
.doit = ncsi_set_interface_nl,
|
|
.flags = GENL_ADMIN_PERM,
|
|
},
|
|
{
|
|
.cmd = NCSI_CMD_CLEAR_INTERFACE,
|
|
.policy = ncsi_genl_policy,
|
|
.doit = ncsi_clear_interface_nl,
|
|
.flags = GENL_ADMIN_PERM,
|
|
},
|
|
};
|
|
|
|
static struct genl_family ncsi_genl_family __ro_after_init = {
|
|
.name = "NCSI",
|
|
.version = 0,
|
|
.maxattr = NCSI_ATTR_MAX,
|
|
.module = THIS_MODULE,
|
|
.ops = ncsi_ops,
|
|
.n_ops = ARRAY_SIZE(ncsi_ops),
|
|
};
|
|
|
|
int ncsi_init_netlink(struct net_device *dev)
|
|
{
|
|
int rc;
|
|
|
|
rc = genl_register_family(&ncsi_genl_family);
|
|
if (rc)
|
|
netdev_err(dev, "ncsi: failed to register netlink family\n");
|
|
|
|
return rc;
|
|
}
|
|
|
|
int ncsi_unregister_netlink(struct net_device *dev)
|
|
{
|
|
int rc;
|
|
|
|
rc = genl_unregister_family(&ncsi_genl_family);
|
|
if (rc)
|
|
netdev_err(dev, "ncsi: failed to unregister netlink family\n");
|
|
|
|
return rc;
|
|
}
|