1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * INET An implementation of the TCP/IP protocol suite for the LINUX
4 * operating system. INET is implemented using the BSD Socket
5 * interface as the means of communication with the user level.
6 *
7 * The User Datagram Protocol (UDP).
8 *
9 * Authors: Ross Biro
10 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
11 * Arnt Gulbrandsen, <agulbra@nvg.unit.no>
12 * Alan Cox, <alan@lxorguk.ukuu.org.uk>
13 * Hirokazu Takahashi, <taka@valinux.co.jp>
14 *
15 * Fixes:
16 * Alan Cox : verify_area() calls
17 * Alan Cox : stopped close while in use off icmp
18 * messages. Not a fix but a botch that
19 * for udp at least is 'valid'.
20 * Alan Cox : Fixed icmp handling properly
21 * Alan Cox : Correct error for oversized datagrams
22 * Alan Cox : Tidied select() semantics.
23 * Alan Cox : udp_err() fixed properly, also now
24 * select and read wake correctly on errors
25 * Alan Cox : udp_send verify_area moved to avoid mem leak
26 * Alan Cox : UDP can count its memory
27 * Alan Cox : send to an unknown connection causes
28 * an ECONNREFUSED off the icmp, but
29 * does NOT close.
30 * Alan Cox : Switched to new sk_buff handlers. No more backlog!
31 * Alan Cox : Using generic datagram code. Even smaller and the PEEK
32 * bug no longer crashes it.
33 * Fred Van Kempen : Net2e support for sk->broadcast.
34 * Alan Cox : Uses skb_free_datagram
35 * Alan Cox : Added get/set sockopt support.
36 * Alan Cox : Broadcasting without option set returns EACCES.
37 * Alan Cox : No wakeup calls. Instead we now use the callbacks.
38 * Alan Cox : Use ip_tos and ip_ttl
39 * Alan Cox : SNMP Mibs
40 * Alan Cox : MSG_DONTROUTE, and 0.0.0.0 support.
41 * Matt Dillon : UDP length checks.
42 * Alan Cox : Smarter af_inet used properly.
43 * Alan Cox : Use new kernel side addressing.
44 * Alan Cox : Incorrect return on truncated datagram receive.
45 * Arnt Gulbrandsen : New udp_send and stuff
46 * Alan Cox : Cache last socket
47 * Alan Cox : Route cache
48 * Jon Peatfield : Minor efficiency fix to sendto().
49 * Mike Shaver : RFC1122 checks.
50 * Alan Cox : Nonblocking error fix.
51 * Willy Konynenberg : Transparent proxying support.
52 * Mike McLagan : Routing by source
53 * David S. Miller : New socket lookup architecture.
54 * Last socket cache retained as it
55 * does have a high hit rate.
56 * Olaf Kirch : Don't linearise iovec on sendmsg.
57 * Andi Kleen : Some cleanups, cache destination entry
58 * for connect.
59 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
60 * Melvin Smith : Check msg_name not msg_namelen in sendto(),
61 * return ENOTCONN for unconnected sockets (POSIX)
62 * Janos Farkas : don't deliver multi/broadcasts to a different
63 * bound-to-device socket
64 * Hirokazu Takahashi : HW checksumming for outgoing UDP
65 * datagrams.
66 * Hirokazu Takahashi : sendfile() on UDP works now.
67 * Arnaldo C. Melo : convert /proc/net/udp to seq_file
68 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
69 * Alexey Kuznetsov: allow both IPv4 and IPv6 sockets to bind
70 * a single port at the same time.
71 * Derek Atkins <derek@ihtfp.com>: Add Encapulation Support
72 * James Chapman : Add L2TP encapsulation type.
73 */
74
75#define pr_fmt(fmt) "UDP: " fmt
76
77#include <linux/bpf-cgroup.h>
78#include <linux/uaccess.h>
79#include <asm/ioctls.h>
80#include <linux/memblock.h>
81#include <linux/highmem.h>
82#include <linux/types.h>
83#include <linux/fcntl.h>
84#include <linux/module.h>
85#include <linux/socket.h>
86#include <linux/sockios.h>
87#include <linux/igmp.h>
88#include <linux/inetdevice.h>
89#include <linux/in.h>
90#include <linux/errno.h>
91#include <linux/timer.h>
92#include <linux/mm.h>
93#include <linux/inet.h>
94#include <linux/netdevice.h>
95#include <linux/slab.h>
96#include <net/tcp_states.h>
97#include <linux/skbuff.h>
98#include <linux/proc_fs.h>
99#include <linux/seq_file.h>
100#include <net/net_namespace.h>
101#include <net/icmp.h>
102#include <net/inet_hashtables.h>
103#include <net/ip_tunnels.h>
104#include <net/route.h>
105#include <net/checksum.h>
106#include <net/gso.h>
107#include <net/xfrm.h>
108#include <trace/events/udp.h>
109#include <linux/static_key.h>
110#include <linux/btf_ids.h>
111#include <trace/events/skb.h>
112#include <net/busy_poll.h>
113#include "udp_impl.h"
114#include <net/sock_reuseport.h>
115#include <net/addrconf.h>
116#include <net/udp_tunnel.h>
117#include <net/gro.h>
118#if IS_ENABLED(CONFIG_IPV6)
119#include <net/ipv6_stubs.h>
120#endif
121
122struct udp_table udp_table __read_mostly;
123EXPORT_SYMBOL(udp_table);
124
125long sysctl_udp_mem[3] __read_mostly;
126EXPORT_SYMBOL(sysctl_udp_mem);
127
128atomic_long_t udp_memory_allocated ____cacheline_aligned_in_smp;
129EXPORT_SYMBOL(udp_memory_allocated);
130DEFINE_PER_CPU(int, udp_memory_per_cpu_fw_alloc);
131EXPORT_PER_CPU_SYMBOL_GPL(udp_memory_per_cpu_fw_alloc);
132
133#define MAX_UDP_PORTS 65536
134#define PORTS_PER_CHAIN (MAX_UDP_PORTS / UDP_HTABLE_SIZE_MIN_PERNET)
135
136static struct udp_table *udp_get_table_prot(struct sock *sk)
137{
138 return sk->sk_prot->h.udp_table ? : sock_net(sk)->ipv4.udp_table;
139}
140
141static int udp_lib_lport_inuse(struct net *net, __u16 num,
142 const struct udp_hslot *hslot,
143 unsigned long *bitmap,
144 struct sock *sk, unsigned int log)
145{
146 struct sock *sk2;
147 kuid_t uid = sock_i_uid(sk);
148
149 sk_for_each(sk2, &hslot->head) {
150 if (net_eq(net1: sock_net(sk: sk2), net2: net) &&
151 sk2 != sk &&
152 (bitmap || udp_sk(sk2)->udp_port_hash == num) &&
153 (!sk2->sk_reuse || !sk->sk_reuse) &&
154 (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if ||
155 sk2->sk_bound_dev_if == sk->sk_bound_dev_if) &&
156 inet_rcv_saddr_equal(sk, sk2, match_wildcard: true)) {
157 if (sk2->sk_reuseport && sk->sk_reuseport &&
158 !rcu_access_pointer(sk->sk_reuseport_cb) &&
159 uid_eq(left: uid, right: sock_i_uid(sk: sk2))) {
160 if (!bitmap)
161 return 0;
162 } else {
163 if (!bitmap)
164 return 1;
165 __set_bit(udp_sk(sk2)->udp_port_hash >> log,
166 bitmap);
167 }
168 }
169 }
170 return 0;
171}
172
173/*
174 * Note: we still hold spinlock of primary hash chain, so no other writer
175 * can insert/delete a socket with local_port == num
176 */
177static int udp_lib_lport_inuse2(struct net *net, __u16 num,
178 struct udp_hslot *hslot2,
179 struct sock *sk)
180{
181 struct sock *sk2;
182 kuid_t uid = sock_i_uid(sk);
183 int res = 0;
184
185 spin_lock(lock: &hslot2->lock);
186 udp_portaddr_for_each_entry(sk2, &hslot2->head) {
187 if (net_eq(net1: sock_net(sk: sk2), net2: net) &&
188 sk2 != sk &&
189 (udp_sk(sk2)->udp_port_hash == num) &&
190 (!sk2->sk_reuse || !sk->sk_reuse) &&
191 (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if ||
192 sk2->sk_bound_dev_if == sk->sk_bound_dev_if) &&
193 inet_rcv_saddr_equal(sk, sk2, match_wildcard: true)) {
194 if (sk2->sk_reuseport && sk->sk_reuseport &&
195 !rcu_access_pointer(sk->sk_reuseport_cb) &&
196 uid_eq(left: uid, right: sock_i_uid(sk: sk2))) {
197 res = 0;
198 } else {
199 res = 1;
200 }
201 break;
202 }
203 }
204 spin_unlock(lock: &hslot2->lock);
205 return res;
206}
207
208static int udp_reuseport_add_sock(struct sock *sk, struct udp_hslot *hslot)
209{
210 struct net *net = sock_net(sk);
211 kuid_t uid = sock_i_uid(sk);
212 struct sock *sk2;
213
214 sk_for_each(sk2, &hslot->head) {
215 if (net_eq(net1: sock_net(sk: sk2), net2: net) &&
216 sk2 != sk &&
217 sk2->sk_family == sk->sk_family &&
218 ipv6_only_sock(sk2) == ipv6_only_sock(sk) &&
219 (udp_sk(sk2)->udp_port_hash == udp_sk(sk)->udp_port_hash) &&
220 (sk2->sk_bound_dev_if == sk->sk_bound_dev_if) &&
221 sk2->sk_reuseport && uid_eq(left: uid, right: sock_i_uid(sk: sk2)) &&
222 inet_rcv_saddr_equal(sk, sk2, match_wildcard: false)) {
223 return reuseport_add_sock(sk, sk2,
224 bind_inany: inet_rcv_saddr_any(sk));
225 }
226 }
227
228 return reuseport_alloc(sk, bind_inany: inet_rcv_saddr_any(sk));
229}
230
231/**
232 * udp_lib_get_port - UDP/-Lite port lookup for IPv4 and IPv6
233 *
234 * @sk: socket struct in question
235 * @snum: port number to look up
236 * @hash2_nulladdr: AF-dependent hash value in secondary hash chains,
237 * with NULL address
238 */
239int udp_lib_get_port(struct sock *sk, unsigned short snum,
240 unsigned int hash2_nulladdr)
241{
242 struct udp_table *udptable = udp_get_table_prot(sk);
243 struct udp_hslot *hslot, *hslot2;
244 struct net *net = sock_net(sk);
245 int error = -EADDRINUSE;
246
247 if (!snum) {
248 DECLARE_BITMAP(bitmap, PORTS_PER_CHAIN);
249 unsigned short first, last;
250 int low, high, remaining;
251 unsigned int rand;
252
253 inet_sk_get_local_port_range(sk, low: &low, high: &high);
254 remaining = (high - low) + 1;
255
256 rand = get_random_u32();
257 first = reciprocal_scale(val: rand, ep_ro: remaining) + low;
258 /*
259 * force rand to be an odd multiple of UDP_HTABLE_SIZE
260 */
261 rand = (rand | 1) * (udptable->mask + 1);
262 last = first + udptable->mask + 1;
263 do {
264 hslot = udp_hashslot(table: udptable, net, num: first);
265 bitmap_zero(dst: bitmap, PORTS_PER_CHAIN);
266 spin_lock_bh(lock: &hslot->lock);
267 udp_lib_lport_inuse(net, num: snum, hslot, bitmap, sk,
268 log: udptable->log);
269
270 snum = first;
271 /*
272 * Iterate on all possible values of snum for this hash.
273 * Using steps of an odd multiple of UDP_HTABLE_SIZE
274 * give us randomization and full range coverage.
275 */
276 do {
277 if (low <= snum && snum <= high &&
278 !test_bit(snum >> udptable->log, bitmap) &&
279 !inet_is_local_reserved_port(net, port: snum))
280 goto found;
281 snum += rand;
282 } while (snum != first);
283 spin_unlock_bh(lock: &hslot->lock);
284 cond_resched();
285 } while (++first != last);
286 goto fail;
287 } else {
288 hslot = udp_hashslot(table: udptable, net, num: snum);
289 spin_lock_bh(lock: &hslot->lock);
290 if (hslot->count > 10) {
291 int exist;
292 unsigned int slot2 = udp_sk(sk)->udp_portaddr_hash ^ snum;
293
294 slot2 &= udptable->mask;
295 hash2_nulladdr &= udptable->mask;
296
297 hslot2 = udp_hashslot2(table: udptable, hash: slot2);
298 if (hslot->count < hslot2->count)
299 goto scan_primary_hash;
300
301 exist = udp_lib_lport_inuse2(net, num: snum, hslot2, sk);
302 if (!exist && (hash2_nulladdr != slot2)) {
303 hslot2 = udp_hashslot2(table: udptable, hash: hash2_nulladdr);
304 exist = udp_lib_lport_inuse2(net, num: snum, hslot2,
305 sk);
306 }
307 if (exist)
308 goto fail_unlock;
309 else
310 goto found;
311 }
312scan_primary_hash:
313 if (udp_lib_lport_inuse(net, num: snum, hslot, NULL, sk, log: 0))
314 goto fail_unlock;
315 }
316found:
317 inet_sk(sk)->inet_num = snum;
318 udp_sk(sk)->udp_port_hash = snum;
319 udp_sk(sk)->udp_portaddr_hash ^= snum;
320 if (sk_unhashed(sk)) {
321 if (sk->sk_reuseport &&
322 udp_reuseport_add_sock(sk, hslot)) {
323 inet_sk(sk)->inet_num = 0;
324 udp_sk(sk)->udp_port_hash = 0;
325 udp_sk(sk)->udp_portaddr_hash ^= snum;
326 goto fail_unlock;
327 }
328
329 sk_add_node_rcu(sk, list: &hslot->head);
330 hslot->count++;
331 sock_prot_inuse_add(net: sock_net(sk), prot: sk->sk_prot, val: 1);
332
333 hslot2 = udp_hashslot2(table: udptable, udp_sk(sk)->udp_portaddr_hash);
334 spin_lock(lock: &hslot2->lock);
335 if (IS_ENABLED(CONFIG_IPV6) && sk->sk_reuseport &&
336 sk->sk_family == AF_INET6)
337 hlist_add_tail_rcu(n: &udp_sk(sk)->udp_portaddr_node,
338 h: &hslot2->head);
339 else
340 hlist_add_head_rcu(n: &udp_sk(sk)->udp_portaddr_node,
341 h: &hslot2->head);
342 hslot2->count++;
343 spin_unlock(lock: &hslot2->lock);
344 }
345 sock_set_flag(sk, flag: SOCK_RCU_FREE);
346 error = 0;
347fail_unlock:
348 spin_unlock_bh(lock: &hslot->lock);
349fail:
350 return error;
351}
352EXPORT_SYMBOL(udp_lib_get_port);
353
354int udp_v4_get_port(struct sock *sk, unsigned short snum)
355{
356 unsigned int hash2_nulladdr =
357 ipv4_portaddr_hash(net: sock_net(sk), htonl(INADDR_ANY), port: snum);
358 unsigned int hash2_partial =
359 ipv4_portaddr_hash(net: sock_net(sk), inet_sk(sk)->inet_rcv_saddr, port: 0);
360
361 /* precompute partial secondary hash */
362 udp_sk(sk)->udp_portaddr_hash = hash2_partial;
363 return udp_lib_get_port(sk, snum, hash2_nulladdr);
364}
365
366static int compute_score(struct sock *sk, struct net *net,
367 __be32 saddr, __be16 sport,
368 __be32 daddr, unsigned short hnum,
369 int dif, int sdif)
370{
371 int score;
372 struct inet_sock *inet;
373 bool dev_match;
374
375 if (!net_eq(net1: sock_net(sk), net2: net) ||
376 udp_sk(sk)->udp_port_hash != hnum ||
377 ipv6_only_sock(sk))
378 return -1;
379
380 if (sk->sk_rcv_saddr != daddr)
381 return -1;
382
383 score = (sk->sk_family == PF_INET) ? 2 : 1;
384
385 inet = inet_sk(sk);
386 if (inet->inet_daddr) {
387 if (inet->inet_daddr != saddr)
388 return -1;
389 score += 4;
390 }
391
392 if (inet->inet_dport) {
393 if (inet->inet_dport != sport)
394 return -1;
395 score += 4;
396 }
397
398 dev_match = udp_sk_bound_dev_eq(net, bound_dev_if: sk->sk_bound_dev_if,
399 dif, sdif);
400 if (!dev_match)
401 return -1;
402 if (sk->sk_bound_dev_if)
403 score += 4;
404
405 if (READ_ONCE(sk->sk_incoming_cpu) == raw_smp_processor_id())
406 score++;
407 return score;
408}
409
410INDIRECT_CALLABLE_SCOPE
411u32 udp_ehashfn(const struct net *net, const __be32 laddr, const __u16 lport,
412 const __be32 faddr, const __be16 fport)
413{
414 net_get_random_once(&udp_ehash_secret, sizeof(udp_ehash_secret));
415
416 return __inet_ehashfn(laddr, lport, faddr, fport,
417 udp_ehash_secret + net_hash_mix(net));
418}
419
420/* called with rcu_read_lock() */
421static struct sock *udp4_lib_lookup2(struct net *net,
422 __be32 saddr, __be16 sport,
423 __be32 daddr, unsigned int hnum,
424 int dif, int sdif,
425 struct udp_hslot *hslot2,
426 struct sk_buff *skb)
427{
428 struct sock *sk, *result;
429 int score, badness;
430
431 result = NULL;
432 badness = 0;
433 udp_portaddr_for_each_entry_rcu(sk, &hslot2->head) {
434 score = compute_score(sk, net, saddr, sport,
435 daddr, hnum, dif, sdif);
436 if (score > badness) {
437 badness = score;
438
439 if (sk->sk_state == TCP_ESTABLISHED) {
440 result = sk;
441 continue;
442 }
443
444 result = inet_lookup_reuseport(net, sk, skb, doff: sizeof(struct udphdr),
445 saddr, sport, daddr, hnum, ehashfn: udp_ehashfn);
446 if (!result) {
447 result = sk;
448 continue;
449 }
450
451 /* Fall back to scoring if group has connections */
452 if (!reuseport_has_conns(sk))
453 return result;
454
455 /* Reuseport logic returned an error, keep original score. */
456 if (IS_ERR(ptr: result))
457 continue;
458
459 badness = compute_score(sk: result, net, saddr, sport,
460 daddr, hnum, dif, sdif);
461
462 }
463 }
464 return result;
465}
466
467/* UDP is nearly always wildcards out the wazoo, it makes no sense to try
468 * harder than this. -DaveM
469 */
470struct sock *__udp4_lib_lookup(struct net *net, __be32 saddr,
471 __be16 sport, __be32 daddr, __be16 dport, int dif,
472 int sdif, struct udp_table *udptable, struct sk_buff *skb)
473{
474 unsigned short hnum = ntohs(dport);
475 unsigned int hash2, slot2;
476 struct udp_hslot *hslot2;
477 struct sock *result, *sk;
478
479 hash2 = ipv4_portaddr_hash(net, saddr: daddr, port: hnum);
480 slot2 = hash2 & udptable->mask;
481 hslot2 = &udptable->hash2[slot2];
482
483 /* Lookup connected or non-wildcard socket */
484 result = udp4_lib_lookup2(net, saddr, sport,
485 daddr, hnum, dif, sdif,
486 hslot2, skb);
487 if (!IS_ERR_OR_NULL(ptr: result) && result->sk_state == TCP_ESTABLISHED)
488 goto done;
489
490 /* Lookup redirect from BPF */
491 if (static_branch_unlikely(&bpf_sk_lookup_enabled) &&
492 udptable == net->ipv4.udp_table) {
493 sk = inet_lookup_run_sk_lookup(net, IPPROTO_UDP, skb, doff: sizeof(struct udphdr),
494 saddr, sport, daddr, hnum, dif,
495 ehashfn: udp_ehashfn);
496 if (sk) {
497 result = sk;
498 goto done;
499 }
500 }
501
502 /* Got non-wildcard socket or error on first lookup */
503 if (result)
504 goto done;
505
506 /* Lookup wildcard sockets */
507 hash2 = ipv4_portaddr_hash(net, htonl(INADDR_ANY), port: hnum);
508 slot2 = hash2 & udptable->mask;
509 hslot2 = &udptable->hash2[slot2];
510
511 result = udp4_lib_lookup2(net, saddr, sport,
512 htonl(INADDR_ANY), hnum, dif, sdif,
513 hslot2, skb);
514done:
515 if (IS_ERR(ptr: result))
516 return NULL;
517 return result;
518}
519EXPORT_SYMBOL_GPL(__udp4_lib_lookup);
520
521static inline struct sock *__udp4_lib_lookup_skb(struct sk_buff *skb,
522 __be16 sport, __be16 dport,
523 struct udp_table *udptable)
524{
525 const struct iphdr *iph = ip_hdr(skb);
526
527 return __udp4_lib_lookup(dev_net(dev: skb->dev), iph->saddr, sport,
528 iph->daddr, dport, inet_iif(skb),
529 inet_sdif(skb), udptable, skb);
530}
531
532struct sock *udp4_lib_lookup_skb(const struct sk_buff *skb,
533 __be16 sport, __be16 dport)
534{
535 const struct iphdr *iph = ip_hdr(skb);
536 struct net *net = dev_net(dev: skb->dev);
537 int iif, sdif;
538
539 inet_get_iif_sdif(skb, iif: &iif, sdif: &sdif);
540
541 return __udp4_lib_lookup(net, iph->saddr, sport,
542 iph->daddr, dport, iif,
543 sdif, net->ipv4.udp_table, NULL);
544}
545
546/* Must be called under rcu_read_lock().
547 * Does increment socket refcount.
548 */
549#if IS_ENABLED(CONFIG_NF_TPROXY_IPV4) || IS_ENABLED(CONFIG_NF_SOCKET_IPV4)
550struct sock *udp4_lib_lookup(struct net *net, __be32 saddr, __be16 sport,
551 __be32 daddr, __be16 dport, int dif)
552{
553 struct sock *sk;
554
555 sk = __udp4_lib_lookup(net, saddr, sport, daddr, dport,
556 dif, 0, net->ipv4.udp_table, NULL);
557 if (sk && !refcount_inc_not_zero(r: &sk->sk_refcnt))
558 sk = NULL;
559 return sk;
560}
561EXPORT_SYMBOL_GPL(udp4_lib_lookup);
562#endif
563
564static inline bool __udp_is_mcast_sock(struct net *net, const struct sock *sk,
565 __be16 loc_port, __be32 loc_addr,
566 __be16 rmt_port, __be32 rmt_addr,
567 int dif, int sdif, unsigned short hnum)
568{
569 const struct inet_sock *inet = inet_sk(sk);
570
571 if (!net_eq(net1: sock_net(sk), net2: net) ||
572 udp_sk(sk)->udp_port_hash != hnum ||
573 (inet->inet_daddr && inet->inet_daddr != rmt_addr) ||
574 (inet->inet_dport != rmt_port && inet->inet_dport) ||
575 (inet->inet_rcv_saddr && inet->inet_rcv_saddr != loc_addr) ||
576 ipv6_only_sock(sk) ||
577 !udp_sk_bound_dev_eq(net, bound_dev_if: sk->sk_bound_dev_if, dif, sdif))
578 return false;
579 if (!ip_mc_sf_allow(sk, local: loc_addr, rmt: rmt_addr, dif, sdif))
580 return false;
581 return true;
582}
583
584DEFINE_STATIC_KEY_FALSE(udp_encap_needed_key);
585EXPORT_SYMBOL(udp_encap_needed_key);
586
587#if IS_ENABLED(CONFIG_IPV6)
588DEFINE_STATIC_KEY_FALSE(udpv6_encap_needed_key);
589EXPORT_SYMBOL(udpv6_encap_needed_key);
590#endif
591
592void udp_encap_enable(void)
593{
594 static_branch_inc(&udp_encap_needed_key);
595}
596EXPORT_SYMBOL(udp_encap_enable);
597
598void udp_encap_disable(void)
599{
600 static_branch_dec(&udp_encap_needed_key);
601}
602EXPORT_SYMBOL(udp_encap_disable);
603
604/* Handler for tunnels with arbitrary destination ports: no socket lookup, go
605 * through error handlers in encapsulations looking for a match.
606 */
607static int __udp4_lib_err_encap_no_sk(struct sk_buff *skb, u32 info)
608{
609 int i;
610
611 for (i = 0; i < MAX_IPTUN_ENCAP_OPS; i++) {
612 int (*handler)(struct sk_buff *skb, u32 info);
613 const struct ip_tunnel_encap_ops *encap;
614
615 encap = rcu_dereference(iptun_encaps[i]);
616 if (!encap)
617 continue;
618 handler = encap->err_handler;
619 if (handler && !handler(skb, info))
620 return 0;
621 }
622
623 return -ENOENT;
624}
625
626/* Try to match ICMP errors to UDP tunnels by looking up a socket without
627 * reversing source and destination port: this will match tunnels that force the
628 * same destination port on both endpoints (e.g. VXLAN, GENEVE). Note that
629 * lwtunnels might actually break this assumption by being configured with
630 * different destination ports on endpoints, in this case we won't be able to
631 * trace ICMP messages back to them.
632 *
633 * If this doesn't match any socket, probe tunnels with arbitrary destination
634 * ports (e.g. FoU, GUE): there, the receiving socket is useless, as the port
635 * we've sent packets to won't necessarily match the local destination port.
636 *
637 * Then ask the tunnel implementation to match the error against a valid
638 * association.
639 *
640 * Return an error if we can't find a match, the socket if we need further
641 * processing, zero otherwise.
642 */
643static struct sock *__udp4_lib_err_encap(struct net *net,
644 const struct iphdr *iph,
645 struct udphdr *uh,
646 struct udp_table *udptable,
647 struct sock *sk,
648 struct sk_buff *skb, u32 info)
649{
650 int (*lookup)(struct sock *sk, struct sk_buff *skb);
651 int network_offset, transport_offset;
652 struct udp_sock *up;
653
654 network_offset = skb_network_offset(skb);
655 transport_offset = skb_transport_offset(skb);
656
657 /* Network header needs to point to the outer IPv4 header inside ICMP */
658 skb_reset_network_header(skb);
659
660 /* Transport header needs to point to the UDP header */
661 skb_set_transport_header(skb, offset: iph->ihl << 2);
662
663 if (sk) {
664 up = udp_sk(sk);
665
666 lookup = READ_ONCE(up->encap_err_lookup);
667 if (lookup && lookup(sk, skb))
668 sk = NULL;
669
670 goto out;
671 }
672
673 sk = __udp4_lib_lookup(net, iph->daddr, uh->source,
674 iph->saddr, uh->dest, skb->dev->ifindex, 0,
675 udptable, NULL);
676 if (sk) {
677 up = udp_sk(sk);
678
679 lookup = READ_ONCE(up->encap_err_lookup);
680 if (!lookup || lookup(sk, skb))
681 sk = NULL;
682 }
683
684out:
685 if (!sk)
686 sk = ERR_PTR(error: __udp4_lib_err_encap_no_sk(skb, info));
687
688 skb_set_transport_header(skb, offset: transport_offset);
689 skb_set_network_header(skb, offset: network_offset);
690
691 return sk;
692}
693
694/*
695 * This routine is called by the ICMP module when it gets some
696 * sort of error condition. If err < 0 then the socket should
697 * be closed and the error returned to the user. If err > 0
698 * it's just the icmp type << 8 | icmp code.
699 * Header points to the ip header of the error packet. We move
700 * on past this. Then (as it used to claim before adjustment)
701 * header points to the first 8 bytes of the udp header. We need
702 * to find the appropriate port.
703 */
704
705int __udp4_lib_err(struct sk_buff *skb, u32 info, struct udp_table *udptable)
706{
707 struct inet_sock *inet;
708 const struct iphdr *iph = (const struct iphdr *)skb->data;
709 struct udphdr *uh = (struct udphdr *)(skb->data+(iph->ihl<<2));
710 const int type = icmp_hdr(skb)->type;
711 const int code = icmp_hdr(skb)->code;
712 bool tunnel = false;
713 struct sock *sk;
714 int harderr;
715 int err;
716 struct net *net = dev_net(dev: skb->dev);
717
718 sk = __udp4_lib_lookup(net, iph->daddr, uh->dest,
719 iph->saddr, uh->source, skb->dev->ifindex,
720 inet_sdif(skb), udptable, NULL);
721
722 if (!sk || READ_ONCE(udp_sk(sk)->encap_type)) {
723 /* No socket for error: try tunnels before discarding */
724 if (static_branch_unlikely(&udp_encap_needed_key)) {
725 sk = __udp4_lib_err_encap(net, iph, uh, udptable, sk, skb,
726 info);
727 if (!sk)
728 return 0;
729 } else
730 sk = ERR_PTR(error: -ENOENT);
731
732 if (IS_ERR(ptr: sk)) {
733 __ICMP_INC_STATS(net, ICMP_MIB_INERRORS);
734 return PTR_ERR(ptr: sk);
735 }
736
737 tunnel = true;
738 }
739
740 err = 0;
741 harderr = 0;
742 inet = inet_sk(sk);
743
744 switch (type) {
745 default:
746 case ICMP_TIME_EXCEEDED:
747 err = EHOSTUNREACH;
748 break;
749 case ICMP_SOURCE_QUENCH:
750 goto out;
751 case ICMP_PARAMETERPROB:
752 err = EPROTO;
753 harderr = 1;
754 break;
755 case ICMP_DEST_UNREACH:
756 if (code == ICMP_FRAG_NEEDED) { /* Path MTU discovery */
757 ipv4_sk_update_pmtu(skb, sk, mtu: info);
758 if (READ_ONCE(inet->pmtudisc) != IP_PMTUDISC_DONT) {
759 err = EMSGSIZE;
760 harderr = 1;
761 break;
762 }
763 goto out;
764 }
765 err = EHOSTUNREACH;
766 if (code <= NR_ICMP_UNREACH) {
767 harderr = icmp_err_convert[code].fatal;
768 err = icmp_err_convert[code].errno;
769 }
770 break;
771 case ICMP_REDIRECT:
772 ipv4_sk_redirect(skb, sk);
773 goto out;
774 }
775
776 /*
777 * RFC1122: OK. Passes ICMP errors back to application, as per
778 * 4.1.3.3.
779 */
780 if (tunnel) {
781 /* ...not for tunnels though: we don't have a sending socket */
782 if (udp_sk(sk)->encap_err_rcv)
783 udp_sk(sk)->encap_err_rcv(sk, skb, err, uh->dest, info,
784 (u8 *)(uh+1));
785 goto out;
786 }
787 if (!inet_test_bit(RECVERR, sk)) {
788 if (!harderr || sk->sk_state != TCP_ESTABLISHED)
789 goto out;
790 } else
791 ip_icmp_error(sk, skb, err, port: uh->dest, info, payload: (u8 *)(uh+1));
792
793 sk->sk_err = err;
794 sk_error_report(sk);
795out:
796 return 0;
797}
798
799int udp_err(struct sk_buff *skb, u32 info)
800{
801 return __udp4_lib_err(skb, info, udptable: dev_net(dev: skb->dev)->ipv4.udp_table);
802}
803
804/*
805 * Throw away all pending data and cancel the corking. Socket is locked.
806 */
807void udp_flush_pending_frames(struct sock *sk)
808{
809 struct udp_sock *up = udp_sk(sk);
810
811 if (up->pending) {
812 up->len = 0;
813 WRITE_ONCE(up->pending, 0);
814 ip_flush_pending_frames(sk);
815 }
816}
817EXPORT_SYMBOL(udp_flush_pending_frames);
818
819/**
820 * udp4_hwcsum - handle outgoing HW checksumming
821 * @skb: sk_buff containing the filled-in UDP header
822 * (checksum field must be zeroed out)
823 * @src: source IP address
824 * @dst: destination IP address
825 */
826void udp4_hwcsum(struct sk_buff *skb, __be32 src, __be32 dst)
827{
828 struct udphdr *uh = udp_hdr(skb);
829 int offset = skb_transport_offset(skb);
830 int len = skb->len - offset;
831 int hlen = len;
832 __wsum csum = 0;
833
834 if (!skb_has_frag_list(skb)) {
835 /*
836 * Only one fragment on the socket.
837 */
838 skb->csum_start = skb_transport_header(skb) - skb->head;
839 skb->csum_offset = offsetof(struct udphdr, check);
840 uh->check = ~csum_tcpudp_magic(saddr: src, daddr: dst, len,
841 IPPROTO_UDP, sum: 0);
842 } else {
843 struct sk_buff *frags;
844
845 /*
846 * HW-checksum won't work as there are two or more
847 * fragments on the socket so that all csums of sk_buffs
848 * should be together
849 */
850 skb_walk_frags(skb, frags) {
851 csum = csum_add(csum, addend: frags->csum);
852 hlen -= frags->len;
853 }
854
855 csum = skb_checksum(skb, offset, len: hlen, csum);
856 skb->ip_summed = CHECKSUM_NONE;
857
858 uh->check = csum_tcpudp_magic(saddr: src, daddr: dst, len, IPPROTO_UDP, sum: csum);
859 if (uh->check == 0)
860 uh->check = CSUM_MANGLED_0;
861 }
862}
863EXPORT_SYMBOL_GPL(udp4_hwcsum);
864
865/* Function to set UDP checksum for an IPv4 UDP packet. This is intended
866 * for the simple case like when setting the checksum for a UDP tunnel.
867 */
868void udp_set_csum(bool nocheck, struct sk_buff *skb,
869 __be32 saddr, __be32 daddr, int len)
870{
871 struct udphdr *uh = udp_hdr(skb);
872
873 if (nocheck) {
874 uh->check = 0;
875 } else if (skb_is_gso(skb)) {
876 uh->check = ~udp_v4_check(len, saddr, daddr, base: 0);
877 } else if (skb->ip_summed == CHECKSUM_PARTIAL) {
878 uh->check = 0;
879 uh->check = udp_v4_check(len, saddr, daddr, base: lco_csum(skb));
880 if (uh->check == 0)
881 uh->check = CSUM_MANGLED_0;
882 } else {
883 skb->ip_summed = CHECKSUM_PARTIAL;
884 skb->csum_start = skb_transport_header(skb) - skb->head;
885 skb->csum_offset = offsetof(struct udphdr, check);
886 uh->check = ~udp_v4_check(len, saddr, daddr, base: 0);
887 }
888}
889EXPORT_SYMBOL(udp_set_csum);
890
891static int udp_send_skb(struct sk_buff *skb, struct flowi4 *fl4,
892 struct inet_cork *cork)
893{
894 struct sock *sk = skb->sk;
895 struct inet_sock *inet = inet_sk(sk);
896 struct udphdr *uh;
897 int err;
898 int is_udplite = IS_UDPLITE(sk);
899 int offset = skb_transport_offset(skb);
900 int len = skb->len - offset;
901 int datalen = len - sizeof(*uh);
902 __wsum csum = 0;
903
904 /*
905 * Create a UDP header
906 */
907 uh = udp_hdr(skb);
908 uh->source = inet->inet_sport;
909 uh->dest = fl4->fl4_dport;
910 uh->len = htons(len);
911 uh->check = 0;
912
913 if (cork->gso_size) {
914 const int hlen = skb_network_header_len(skb) +
915 sizeof(struct udphdr);
916
917 if (hlen + cork->gso_size > cork->fragsize) {
918 kfree_skb(skb);
919 return -EINVAL;
920 }
921 if (datalen > cork->gso_size * UDP_MAX_SEGMENTS) {
922 kfree_skb(skb);
923 return -EINVAL;
924 }
925 if (sk->sk_no_check_tx) {
926 kfree_skb(skb);
927 return -EINVAL;
928 }
929 if (skb->ip_summed != CHECKSUM_PARTIAL || is_udplite ||
930 dst_xfrm(dst: skb_dst(skb))) {
931 kfree_skb(skb);
932 return -EIO;
933 }
934
935 if (datalen > cork->gso_size) {
936 skb_shinfo(skb)->gso_size = cork->gso_size;
937 skb_shinfo(skb)->gso_type = SKB_GSO_UDP_L4;
938 skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(datalen,
939 cork->gso_size);
940 }
941 goto csum_partial;
942 }
943
944 if (is_udplite) /* UDP-Lite */
945 csum = udplite_csum(skb);
946
947 else if (sk->sk_no_check_tx) { /* UDP csum off */
948
949 skb->ip_summed = CHECKSUM_NONE;
950 goto send;
951
952 } else if (skb->ip_summed == CHECKSUM_PARTIAL) { /* UDP hardware csum */
953csum_partial:
954
955 udp4_hwcsum(skb, fl4->saddr, fl4->daddr);
956 goto send;
957
958 } else
959 csum = udp_csum(skb);
960
961 /* add protocol-dependent pseudo-header */
962 uh->check = csum_tcpudp_magic(saddr: fl4->saddr, daddr: fl4->daddr, len,
963 proto: sk->sk_protocol, sum: csum);
964 if (uh->check == 0)
965 uh->check = CSUM_MANGLED_0;
966
967send:
968 err = ip_send_skb(net: sock_net(sk), skb);
969 if (err) {
970 if (err == -ENOBUFS &&
971 !inet_test_bit(RECVERR, sk)) {
972 UDP_INC_STATS(sock_net(sk),
973 UDP_MIB_SNDBUFERRORS, is_udplite);
974 err = 0;
975 }
976 } else
977 UDP_INC_STATS(sock_net(sk),
978 UDP_MIB_OUTDATAGRAMS, is_udplite);
979 return err;
980}
981
982/*
983 * Push out all pending data as one UDP datagram. Socket is locked.
984 */
985int udp_push_pending_frames(struct sock *sk)
986{
987 struct udp_sock *up = udp_sk(sk);
988 struct inet_sock *inet = inet_sk(sk);
989 struct flowi4 *fl4 = &inet->cork.fl.u.ip4;
990 struct sk_buff *skb;
991 int err = 0;
992
993 skb = ip_finish_skb(sk, fl4);
994 if (!skb)
995 goto out;
996
997 err = udp_send_skb(skb, fl4, cork: &inet->cork.base);
998
999out:
1000 up->len = 0;
1001 WRITE_ONCE(up->pending, 0);
1002 return err;
1003}
1004EXPORT_SYMBOL(udp_push_pending_frames);
1005
1006static int __udp_cmsg_send(struct cmsghdr *cmsg, u16 *gso_size)
1007{
1008 switch (cmsg->cmsg_type) {
1009 case UDP_SEGMENT:
1010 if (cmsg->cmsg_len != CMSG_LEN(sizeof(__u16)))
1011 return -EINVAL;
1012 *gso_size = *(__u16 *)CMSG_DATA(cmsg);
1013 return 0;
1014 default:
1015 return -EINVAL;
1016 }
1017}
1018
1019int udp_cmsg_send(struct sock *sk, struct msghdr *msg, u16 *gso_size)
1020{
1021 struct cmsghdr *cmsg;
1022 bool need_ip = false;
1023 int err;
1024
1025 for_each_cmsghdr(cmsg, msg) {
1026 if (!CMSG_OK(msg, cmsg))
1027 return -EINVAL;
1028
1029 if (cmsg->cmsg_level != SOL_UDP) {
1030 need_ip = true;
1031 continue;
1032 }
1033
1034 err = __udp_cmsg_send(cmsg, gso_size);
1035 if (err)
1036 return err;
1037 }
1038
1039 return need_ip;
1040}
1041EXPORT_SYMBOL_GPL(udp_cmsg_send);
1042
1043int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
1044{
1045 struct inet_sock *inet = inet_sk(sk);
1046 struct udp_sock *up = udp_sk(sk);
1047 DECLARE_SOCKADDR(struct sockaddr_in *, usin, msg->msg_name);
1048 struct flowi4 fl4_stack;
1049 struct flowi4 *fl4;
1050 int ulen = len;
1051 struct ipcm_cookie ipc;
1052 struct rtable *rt = NULL;
1053 int free = 0;
1054 int connected = 0;
1055 __be32 daddr, faddr, saddr;
1056 u8 tos, scope;
1057 __be16 dport;
1058 int err, is_udplite = IS_UDPLITE(sk);
1059 int corkreq = udp_test_bit(CORK, sk) || msg->msg_flags & MSG_MORE;
1060 int (*getfrag)(void *, char *, int, int, int, struct sk_buff *);
1061 struct sk_buff *skb;
1062 struct ip_options_data opt_copy;
1063 int uc_index;
1064
1065 if (len > 0xFFFF)
1066 return -EMSGSIZE;
1067
1068 /*
1069 * Check the flags.
1070 */
1071
1072 if (msg->msg_flags & MSG_OOB) /* Mirror BSD error message compatibility */
1073 return -EOPNOTSUPP;
1074
1075 getfrag = is_udplite ? udplite_getfrag : ip_generic_getfrag;
1076
1077 fl4 = &inet->cork.fl.u.ip4;
1078 if (READ_ONCE(up->pending)) {
1079 /*
1080 * There are pending frames.
1081 * The socket lock must be held while it's corked.
1082 */
1083 lock_sock(sk);
1084 if (likely(up->pending)) {
1085 if (unlikely(up->pending != AF_INET)) {
1086 release_sock(sk);
1087 return -EINVAL;
1088 }
1089 goto do_append_data;
1090 }
1091 release_sock(sk);
1092 }
1093 ulen += sizeof(struct udphdr);
1094
1095 /*
1096 * Get and verify the address.
1097 */
1098 if (usin) {
1099 if (msg->msg_namelen < sizeof(*usin))
1100 return -EINVAL;
1101 if (usin->sin_family != AF_INET) {
1102 if (usin->sin_family != AF_UNSPEC)
1103 return -EAFNOSUPPORT;
1104 }
1105
1106 daddr = usin->sin_addr.s_addr;
1107 dport = usin->sin_port;
1108 if (dport == 0)
1109 return -EINVAL;
1110 } else {
1111 if (sk->sk_state != TCP_ESTABLISHED)
1112 return -EDESTADDRREQ;
1113 daddr = inet->inet_daddr;
1114 dport = inet->inet_dport;
1115 /* Open fast path for connected socket.
1116 Route will not be used, if at least one option is set.
1117 */
1118 connected = 1;
1119 }
1120
1121 ipcm_init_sk(ipcm: &ipc, inet);
1122 ipc.gso_size = READ_ONCE(up->gso_size);
1123
1124 if (msg->msg_controllen) {
1125 err = udp_cmsg_send(sk, msg, &ipc.gso_size);
1126 if (err > 0)
1127 err = ip_cmsg_send(sk, msg, ipc: &ipc,
1128 allow_ipv6: sk->sk_family == AF_INET6);
1129 if (unlikely(err < 0)) {
1130 kfree(objp: ipc.opt);
1131 return err;
1132 }
1133 if (ipc.opt)
1134 free = 1;
1135 connected = 0;
1136 }
1137 if (!ipc.opt) {
1138 struct ip_options_rcu *inet_opt;
1139
1140 rcu_read_lock();
1141 inet_opt = rcu_dereference(inet->inet_opt);
1142 if (inet_opt) {
1143 memcpy(&opt_copy, inet_opt,
1144 sizeof(*inet_opt) + inet_opt->opt.optlen);
1145 ipc.opt = &opt_copy.opt;
1146 }
1147 rcu_read_unlock();
1148 }
1149
1150 if (cgroup_bpf_enabled(CGROUP_UDP4_SENDMSG) && !connected) {
1151 err = BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk,
1152 (struct sockaddr *)usin,
1153 &msg->msg_namelen,
1154 &ipc.addr);
1155 if (err)
1156 goto out_free;
1157 if (usin) {
1158 if (usin->sin_port == 0) {
1159 /* BPF program set invalid port. Reject it. */
1160 err = -EINVAL;
1161 goto out_free;
1162 }
1163 daddr = usin->sin_addr.s_addr;
1164 dport = usin->sin_port;
1165 }
1166 }
1167
1168 saddr = ipc.addr;
1169 ipc.addr = faddr = daddr;
1170
1171 if (ipc.opt && ipc.opt->opt.srr) {
1172 if (!daddr) {
1173 err = -EINVAL;
1174 goto out_free;
1175 }
1176 faddr = ipc.opt->opt.faddr;
1177 connected = 0;
1178 }
1179 tos = get_rttos(ipc: &ipc, inet);
1180 scope = ip_sendmsg_scope(inet, ipc: &ipc, msg);
1181 if (scope == RT_SCOPE_LINK)
1182 connected = 0;
1183
1184 uc_index = READ_ONCE(inet->uc_index);
1185 if (ipv4_is_multicast(addr: daddr)) {
1186 if (!ipc.oif || netif_index_is_l3_master(net: sock_net(sk), ifindex: ipc.oif))
1187 ipc.oif = READ_ONCE(inet->mc_index);
1188 if (!saddr)
1189 saddr = READ_ONCE(inet->mc_addr);
1190 connected = 0;
1191 } else if (!ipc.oif) {
1192 ipc.oif = uc_index;
1193 } else if (ipv4_is_lbcast(addr: daddr) && uc_index) {
1194 /* oif is set, packet is to local broadcast and
1195 * uc_index is set. oif is most likely set
1196 * by sk_bound_dev_if. If uc_index != oif check if the
1197 * oif is an L3 master and uc_index is an L3 slave.
1198 * If so, we want to allow the send using the uc_index.
1199 */
1200 if (ipc.oif != uc_index &&
1201 ipc.oif == l3mdev_master_ifindex_by_index(net: sock_net(sk),
1202 ifindex: uc_index)) {
1203 ipc.oif = uc_index;
1204 }
1205 }
1206
1207 if (connected)
1208 rt = (struct rtable *)sk_dst_check(sk, cookie: 0);
1209
1210 if (!rt) {
1211 struct net *net = sock_net(sk);
1212 __u8 flow_flags = inet_sk_flowi_flags(sk);
1213
1214 fl4 = &fl4_stack;
1215
1216 flowi4_init_output(fl4, oif: ipc.oif, mark: ipc.sockc.mark, tos, scope,
1217 proto: sk->sk_protocol, flags: flow_flags, daddr: faddr, saddr,
1218 dport, sport: inet->inet_sport, uid: sk->sk_uid);
1219
1220 security_sk_classify_flow(sk, flic: flowi4_to_flowi_common(fl4));
1221 rt = ip_route_output_flow(net, flp: fl4, sk);
1222 if (IS_ERR(ptr: rt)) {
1223 err = PTR_ERR(ptr: rt);
1224 rt = NULL;
1225 if (err == -ENETUNREACH)
1226 IP_INC_STATS(net, IPSTATS_MIB_OUTNOROUTES);
1227 goto out;
1228 }
1229
1230 err = -EACCES;
1231 if ((rt->rt_flags & RTCF_BROADCAST) &&
1232 !sock_flag(sk, flag: SOCK_BROADCAST))
1233 goto out;
1234 if (connected)
1235 sk_dst_set(sk, dst: dst_clone(dst: &rt->dst));
1236 }
1237
1238 if (msg->msg_flags&MSG_CONFIRM)
1239 goto do_confirm;
1240back_from_confirm:
1241
1242 saddr = fl4->saddr;
1243 if (!ipc.addr)
1244 daddr = ipc.addr = fl4->daddr;
1245
1246 /* Lockless fast path for the non-corking case. */
1247 if (!corkreq) {
1248 struct inet_cork cork;
1249
1250 skb = ip_make_skb(sk, fl4, getfrag, from: msg, length: ulen,
1251 transhdrlen: sizeof(struct udphdr), ipc: &ipc, rtp: &rt,
1252 cork: &cork, flags: msg->msg_flags);
1253 err = PTR_ERR(ptr: skb);
1254 if (!IS_ERR_OR_NULL(ptr: skb))
1255 err = udp_send_skb(skb, fl4, cork: &cork);
1256 goto out;
1257 }
1258
1259 lock_sock(sk);
1260 if (unlikely(up->pending)) {
1261 /* The socket is already corked while preparing it. */
1262 /* ... which is an evident application bug. --ANK */
1263 release_sock(sk);
1264
1265 net_dbg_ratelimited("socket already corked\n");
1266 err = -EINVAL;
1267 goto out;
1268 }
1269 /*
1270 * Now cork the socket to pend data.
1271 */
1272 fl4 = &inet->cork.fl.u.ip4;
1273 fl4->daddr = daddr;
1274 fl4->saddr = saddr;
1275 fl4->fl4_dport = dport;
1276 fl4->fl4_sport = inet->inet_sport;
1277 WRITE_ONCE(up->pending, AF_INET);
1278
1279do_append_data:
1280 up->len += ulen;
1281 err = ip_append_data(sk, fl4, getfrag, from: msg, len: ulen,
1282 protolen: sizeof(struct udphdr), ipc: &ipc, rt: &rt,
1283 flags: corkreq ? msg->msg_flags|MSG_MORE : msg->msg_flags);
1284 if (err)
1285 udp_flush_pending_frames(sk);
1286 else if (!corkreq)
1287 err = udp_push_pending_frames(sk);
1288 else if (unlikely(skb_queue_empty(&sk->sk_write_queue)))
1289 WRITE_ONCE(up->pending, 0);
1290 release_sock(sk);
1291
1292out:
1293 ip_rt_put(rt);
1294out_free:
1295 if (free)
1296 kfree(objp: ipc.opt);
1297 if (!err)
1298 return len;
1299 /*
1300 * ENOBUFS = no kernel mem, SOCK_NOSPACE = no sndbuf space. Reporting
1301 * ENOBUFS might not be good (it's not tunable per se), but otherwise
1302 * we don't have a good statistic (IpOutDiscards but it can be too many
1303 * things). We could add another new stat but at least for now that
1304 * seems like overkill.
1305 */
1306 if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) {
1307 UDP_INC_STATS(sock_net(sk),
1308 UDP_MIB_SNDBUFERRORS, is_udplite);
1309 }
1310 return err;
1311
1312do_confirm:
1313 if (msg->msg_flags & MSG_PROBE)
1314 dst_confirm_neigh(dst: &rt->dst, daddr: &fl4->daddr);
1315 if (!(msg->msg_flags&MSG_PROBE) || len)
1316 goto back_from_confirm;
1317 err = 0;
1318 goto out;
1319}
1320EXPORT_SYMBOL(udp_sendmsg);
1321
1322void udp_splice_eof(struct socket *sock)
1323{
1324 struct sock *sk = sock->sk;
1325 struct udp_sock *up = udp_sk(sk);
1326
1327 if (!READ_ONCE(up->pending) || udp_test_bit(CORK, sk))
1328 return;
1329
1330 lock_sock(sk);
1331 if (up->pending && !udp_test_bit(CORK, sk))
1332 udp_push_pending_frames(sk);
1333 release_sock(sk);
1334}
1335EXPORT_SYMBOL_GPL(udp_splice_eof);
1336
1337#define UDP_SKB_IS_STATELESS 0x80000000
1338
1339/* all head states (dst, sk, nf conntrack) except skb extensions are
1340 * cleared by udp_rcv().
1341 *
1342 * We need to preserve secpath, if present, to eventually process
1343 * IP_CMSG_PASSSEC at recvmsg() time.
1344 *
1345 * Other extensions can be cleared.
1346 */
1347static bool udp_try_make_stateless(struct sk_buff *skb)
1348{
1349 if (!skb_has_extensions(skb))
1350 return true;
1351
1352 if (!secpath_exists(skb)) {
1353 skb_ext_reset(skb);
1354 return true;
1355 }
1356
1357 return false;
1358}
1359
1360static void udp_set_dev_scratch(struct sk_buff *skb)
1361{
1362 struct udp_dev_scratch *scratch = udp_skb_scratch(skb);
1363
1364 BUILD_BUG_ON(sizeof(struct udp_dev_scratch) > sizeof(long));
1365 scratch->_tsize_state = skb->truesize;
1366#if BITS_PER_LONG == 64
1367 scratch->len = skb->len;
1368 scratch->csum_unnecessary = !!skb_csum_unnecessary(skb);
1369 scratch->is_linear = !skb_is_nonlinear(skb);
1370#endif
1371 if (udp_try_make_stateless(skb))
1372 scratch->_tsize_state |= UDP_SKB_IS_STATELESS;
1373}
1374
1375static void udp_skb_csum_unnecessary_set(struct sk_buff *skb)
1376{
1377 /* We come here after udp_lib_checksum_complete() returned 0.
1378 * This means that __skb_checksum_complete() might have
1379 * set skb->csum_valid to 1.
1380 * On 64bit platforms, we can set csum_unnecessary
1381 * to true, but only if the skb is not shared.
1382 */
1383#if BITS_PER_LONG == 64
1384 if (!skb_shared(skb))
1385 udp_skb_scratch(skb)->csum_unnecessary = true;
1386#endif
1387}
1388
1389static int udp_skb_truesize(struct sk_buff *skb)
1390{
1391 return udp_skb_scratch(skb)->_tsize_state & ~UDP_SKB_IS_STATELESS;
1392}
1393
1394static bool udp_skb_has_head_state(struct sk_buff *skb)
1395{
1396 return !(udp_skb_scratch(skb)->_tsize_state & UDP_SKB_IS_STATELESS);
1397}
1398
1399/* fully reclaim rmem/fwd memory allocated for skb */
1400static void udp_rmem_release(struct sock *sk, int size, int partial,
1401 bool rx_queue_lock_held)
1402{
1403 struct udp_sock *up = udp_sk(sk);
1404 struct sk_buff_head *sk_queue;
1405 int amt;
1406
1407 if (likely(partial)) {
1408 up->forward_deficit += size;
1409 size = up->forward_deficit;
1410 if (size < READ_ONCE(up->forward_threshold) &&
1411 !skb_queue_empty(list: &up->reader_queue))
1412 return;
1413 } else {
1414 size += up->forward_deficit;
1415 }
1416 up->forward_deficit = 0;
1417
1418 /* acquire the sk_receive_queue for fwd allocated memory scheduling,
1419 * if the called don't held it already
1420 */
1421 sk_queue = &sk->sk_receive_queue;
1422 if (!rx_queue_lock_held)
1423 spin_lock(lock: &sk_queue->lock);
1424
1425
1426 sk_forward_alloc_add(sk, val: size);
1427 amt = (sk->sk_forward_alloc - partial) & ~(PAGE_SIZE - 1);
1428 sk_forward_alloc_add(sk, val: -amt);
1429
1430 if (amt)
1431 __sk_mem_reduce_allocated(sk, amount: amt >> PAGE_SHIFT);
1432
1433 atomic_sub(i: size, v: &sk->sk_rmem_alloc);
1434
1435 /* this can save us from acquiring the rx queue lock on next receive */
1436 skb_queue_splice_tail_init(list: sk_queue, head: &up->reader_queue);
1437
1438 if (!rx_queue_lock_held)
1439 spin_unlock(lock: &sk_queue->lock);
1440}
1441
1442/* Note: called with reader_queue.lock held.
1443 * Instead of using skb->truesize here, find a copy of it in skb->dev_scratch
1444 * This avoids a cache line miss while receive_queue lock is held.
1445 * Look at __udp_enqueue_schedule_skb() to find where this copy is done.
1446 */
1447void udp_skb_destructor(struct sock *sk, struct sk_buff *skb)
1448{
1449 prefetch(&skb->data);
1450 udp_rmem_release(sk, size: udp_skb_truesize(skb), partial: 1, rx_queue_lock_held: false);
1451}
1452EXPORT_SYMBOL(udp_skb_destructor);
1453
1454/* as above, but the caller held the rx queue lock, too */
1455static void udp_skb_dtor_locked(struct sock *sk, struct sk_buff *skb)
1456{
1457 prefetch(&skb->data);
1458 udp_rmem_release(sk, size: udp_skb_truesize(skb), partial: 1, rx_queue_lock_held: true);
1459}
1460
1461/* Idea of busylocks is to let producers grab an extra spinlock
1462 * to relieve pressure on the receive_queue spinlock shared by consumer.
1463 * Under flood, this means that only one producer can be in line
1464 * trying to acquire the receive_queue spinlock.
1465 * These busylock can be allocated on a per cpu manner, instead of a
1466 * per socket one (that would consume a cache line per socket)
1467 */
1468static int udp_busylocks_log __read_mostly;
1469static spinlock_t *udp_busylocks __read_mostly;
1470
1471static spinlock_t *busylock_acquire(void *ptr)
1472{
1473 spinlock_t *busy;
1474
1475 busy = udp_busylocks + hash_ptr(ptr, bits: udp_busylocks_log);
1476 spin_lock(lock: busy);
1477 return busy;
1478}
1479
1480static void busylock_release(spinlock_t *busy)
1481{
1482 if (busy)
1483 spin_unlock(lock: busy);
1484}
1485
1486static int udp_rmem_schedule(struct sock *sk, int size)
1487{
1488 int delta;
1489
1490 delta = size - sk->sk_forward_alloc;
1491 if (delta > 0 && !__sk_mem_schedule(sk, size: delta, SK_MEM_RECV))
1492 return -ENOBUFS;
1493
1494 return 0;
1495}
1496
1497int __udp_enqueue_schedule_skb(struct sock *sk, struct sk_buff *skb)
1498{
1499 struct sk_buff_head *list = &sk->sk_receive_queue;
1500 int rmem, err = -ENOMEM;
1501 spinlock_t *busy = NULL;
1502 int size;
1503
1504 /* try to avoid the costly atomic add/sub pair when the receive
1505 * queue is full; always allow at least a packet
1506 */
1507 rmem = atomic_read(v: &sk->sk_rmem_alloc);
1508 if (rmem > sk->sk_rcvbuf)
1509 goto drop;
1510
1511 /* Under mem pressure, it might be helpful to help udp_recvmsg()
1512 * having linear skbs :
1513 * - Reduce memory overhead and thus increase receive queue capacity
1514 * - Less cache line misses at copyout() time
1515 * - Less work at consume_skb() (less alien page frag freeing)
1516 */
1517 if (rmem > (sk->sk_rcvbuf >> 1)) {
1518 skb_condense(skb);
1519
1520 busy = busylock_acquire(ptr: sk);
1521 }
1522 size = skb->truesize;
1523 udp_set_dev_scratch(skb);
1524
1525 /* we drop only if the receive buf is full and the receive
1526 * queue contains some other skb
1527 */
1528 rmem = atomic_add_return(i: size, v: &sk->sk_rmem_alloc);
1529 if (rmem > (size + (unsigned int)sk->sk_rcvbuf))
1530 goto uncharge_drop;
1531
1532 spin_lock(lock: &list->lock);
1533 err = udp_rmem_schedule(sk, size);
1534 if (err) {
1535 spin_unlock(lock: &list->lock);
1536 goto uncharge_drop;
1537 }
1538
1539 sk_forward_alloc_add(sk, val: -size);
1540
1541 /* no need to setup a destructor, we will explicitly release the
1542 * forward allocated memory on dequeue
1543 */
1544 sock_skb_set_dropcount(sk, skb);
1545
1546 __skb_queue_tail(list, newsk: skb);
1547 spin_unlock(lock: &list->lock);
1548
1549 if (!sock_flag(sk, flag: SOCK_DEAD))
1550 INDIRECT_CALL_1(sk->sk_data_ready, sock_def_readable, sk);
1551
1552 busylock_release(busy);
1553 return 0;
1554
1555uncharge_drop:
1556 atomic_sub(i: skb->truesize, v: &sk->sk_rmem_alloc);
1557
1558drop:
1559 atomic_inc(v: &sk->sk_drops);
1560 busylock_release(busy);
1561 return err;
1562}
1563EXPORT_SYMBOL_GPL(__udp_enqueue_schedule_skb);
1564
1565void udp_destruct_common(struct sock *sk)
1566{
1567 /* reclaim completely the forward allocated memory */
1568 struct udp_sock *up = udp_sk(sk);
1569 unsigned int total = 0;
1570 struct sk_buff *skb;
1571
1572 skb_queue_splice_tail_init(list: &sk->sk_receive_queue, head: &up->reader_queue);
1573 while ((skb = __skb_dequeue(list: &up->reader_queue)) != NULL) {
1574 total += skb->truesize;
1575 kfree_skb(skb);
1576 }
1577 udp_rmem_release(sk, size: total, partial: 0, rx_queue_lock_held: true);
1578}
1579EXPORT_SYMBOL_GPL(udp_destruct_common);
1580
1581static void udp_destruct_sock(struct sock *sk)
1582{
1583 udp_destruct_common(sk);
1584 inet_sock_destruct(sk);
1585}
1586
1587int udp_init_sock(struct sock *sk)
1588{
1589 udp_lib_init_sock(sk);
1590 sk->sk_destruct = udp_destruct_sock;
1591 set_bit(SOCK_SUPPORT_ZC, addr: &sk->sk_socket->flags);
1592 return 0;
1593}
1594
1595void skb_consume_udp(struct sock *sk, struct sk_buff *skb, int len)
1596{
1597 if (unlikely(READ_ONCE(udp_sk(sk)->peeking_with_offset)))
1598 sk_peek_offset_bwd(sk, val: len);
1599
1600 if (!skb_unref(skb))
1601 return;
1602
1603 /* In the more common cases we cleared the head states previously,
1604 * see __udp_queue_rcv_skb().
1605 */
1606 if (unlikely(udp_skb_has_head_state(skb)))
1607 skb_release_head_state(skb);
1608 __consume_stateless_skb(skb);
1609}
1610EXPORT_SYMBOL_GPL(skb_consume_udp);
1611
1612static struct sk_buff *__first_packet_length(struct sock *sk,
1613 struct sk_buff_head *rcvq,
1614 int *total)
1615{
1616 struct sk_buff *skb;
1617
1618 while ((skb = skb_peek(list_: rcvq)) != NULL) {
1619 if (udp_lib_checksum_complete(skb)) {
1620 __UDP_INC_STATS(sock_net(sk), UDP_MIB_CSUMERRORS,
1621 IS_UDPLITE(sk));
1622 __UDP_INC_STATS(sock_net(sk), UDP_MIB_INERRORS,
1623 IS_UDPLITE(sk));
1624 atomic_inc(v: &sk->sk_drops);
1625 __skb_unlink(skb, list: rcvq);
1626 *total += skb->truesize;
1627 kfree_skb(skb);
1628 } else {
1629 udp_skb_csum_unnecessary_set(skb);
1630 break;
1631 }
1632 }
1633 return skb;
1634}
1635
1636/**
1637 * first_packet_length - return length of first packet in receive queue
1638 * @sk: socket
1639 *
1640 * Drops all bad checksum frames, until a valid one is found.
1641 * Returns the length of found skb, or -1 if none is found.
1642 */
1643static int first_packet_length(struct sock *sk)
1644{
1645 struct sk_buff_head *rcvq = &udp_sk(sk)->reader_queue;
1646 struct sk_buff_head *sk_queue = &sk->sk_receive_queue;
1647 struct sk_buff *skb;
1648 int total = 0;
1649 int res;
1650
1651 spin_lock_bh(lock: &rcvq->lock);
1652 skb = __first_packet_length(sk, rcvq, total: &total);
1653 if (!skb && !skb_queue_empty_lockless(list: sk_queue)) {
1654 spin_lock(lock: &sk_queue->lock);
1655 skb_queue_splice_tail_init(list: sk_queue, head: rcvq);
1656 spin_unlock(lock: &sk_queue->lock);
1657
1658 skb = __first_packet_length(sk, rcvq, total: &total);
1659 }
1660 res = skb ? skb->len : -1;
1661 if (total)
1662 udp_rmem_release(sk, size: total, partial: 1, rx_queue_lock_held: false);
1663 spin_unlock_bh(lock: &rcvq->lock);
1664 return res;
1665}
1666
1667/*
1668 * IOCTL requests applicable to the UDP protocol
1669 */
1670
1671int udp_ioctl(struct sock *sk, int cmd, int *karg)
1672{
1673 switch (cmd) {
1674 case SIOCOUTQ:
1675 {
1676 *karg = sk_wmem_alloc_get(sk);
1677 return 0;
1678 }
1679
1680 case SIOCINQ:
1681 {
1682 *karg = max_t(int, 0, first_packet_length(sk));
1683 return 0;
1684 }
1685
1686 default:
1687 return -ENOIOCTLCMD;
1688 }
1689
1690 return 0;
1691}
1692EXPORT_SYMBOL(udp_ioctl);
1693
1694struct sk_buff *__skb_recv_udp(struct sock *sk, unsigned int flags,
1695 int *off, int *err)
1696{
1697 struct sk_buff_head *sk_queue = &sk->sk_receive_queue;
1698 struct sk_buff_head *queue;
1699 struct sk_buff *last;
1700 long timeo;
1701 int error;
1702
1703 queue = &udp_sk(sk)->reader_queue;
1704 timeo = sock_rcvtimeo(sk, noblock: flags & MSG_DONTWAIT);
1705 do {
1706 struct sk_buff *skb;
1707
1708 error = sock_error(sk);
1709 if (error)
1710 break;
1711
1712 error = -EAGAIN;
1713 do {
1714 spin_lock_bh(lock: &queue->lock);
1715 skb = __skb_try_recv_from_queue(sk, queue, flags, off,
1716 err, last: &last);
1717 if (skb) {
1718 if (!(flags & MSG_PEEK))
1719 udp_skb_destructor(sk, skb);
1720 spin_unlock_bh(lock: &queue->lock);
1721 return skb;
1722 }
1723
1724 if (skb_queue_empty_lockless(list: sk_queue)) {
1725 spin_unlock_bh(lock: &queue->lock);
1726 goto busy_check;
1727 }
1728
1729 /* refill the reader queue and walk it again
1730 * keep both queues locked to avoid re-acquiring
1731 * the sk_receive_queue lock if fwd memory scheduling
1732 * is needed.
1733 */
1734 spin_lock(lock: &sk_queue->lock);
1735 skb_queue_splice_tail_init(list: sk_queue, head: queue);
1736
1737 skb = __skb_try_recv_from_queue(sk, queue, flags, off,
1738 err, last: &last);
1739 if (skb && !(flags & MSG_PEEK))
1740 udp_skb_dtor_locked(sk, skb);
1741 spin_unlock(lock: &sk_queue->lock);
1742 spin_unlock_bh(lock: &queue->lock);
1743 if (skb)
1744 return skb;
1745
1746busy_check:
1747 if (!sk_can_busy_loop(sk))
1748 break;
1749
1750 sk_busy_loop(sk, nonblock: flags & MSG_DONTWAIT);
1751 } while (!skb_queue_empty_lockless(list: sk_queue));
1752
1753 /* sk_queue is empty, reader_queue may contain peeked packets */
1754 } while (timeo &&
1755 !__skb_wait_for_more_packets(sk, queue: &sk->sk_receive_queue,
1756 err: &error, timeo_p: &timeo,
1757 skb: (struct sk_buff *)sk_queue));
1758
1759 *err = error;
1760 return NULL;
1761}
1762EXPORT_SYMBOL(__skb_recv_udp);
1763
1764int udp_read_skb(struct sock *sk, skb_read_actor_t recv_actor)
1765{
1766 struct sk_buff *skb;
1767 int err;
1768
1769try_again:
1770 skb = skb_recv_udp(sk, MSG_DONTWAIT, err: &err);
1771 if (!skb)
1772 return err;
1773
1774 if (udp_lib_checksum_complete(skb)) {
1775 int is_udplite = IS_UDPLITE(sk);
1776 struct net *net = sock_net(sk);
1777
1778 __UDP_INC_STATS(net, UDP_MIB_CSUMERRORS, is_udplite);
1779 __UDP_INC_STATS(net, UDP_MIB_INERRORS, is_udplite);
1780 atomic_inc(v: &sk->sk_drops);
1781 kfree_skb(skb);
1782 goto try_again;
1783 }
1784
1785 WARN_ON_ONCE(!skb_set_owner_sk_safe(skb, sk));
1786 return recv_actor(sk, skb);
1787}
1788EXPORT_SYMBOL(udp_read_skb);
1789
1790/*
1791 * This should be easy, if there is something there we
1792 * return it, otherwise we block.
1793 */
1794
1795int udp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int flags,
1796 int *addr_len)
1797{
1798 struct inet_sock *inet = inet_sk(sk);
1799 DECLARE_SOCKADDR(struct sockaddr_in *, sin, msg->msg_name);
1800 struct sk_buff *skb;
1801 unsigned int ulen, copied;
1802 int off, err, peeking = flags & MSG_PEEK;
1803 int is_udplite = IS_UDPLITE(sk);
1804 bool checksum_valid = false;
1805
1806 if (flags & MSG_ERRQUEUE)
1807 return ip_recv_error(sk, msg, len, addr_len);
1808
1809try_again:
1810 off = sk_peek_offset(sk, flags);
1811 skb = __skb_recv_udp(sk, flags, &off, &err);
1812 if (!skb)
1813 return err;
1814
1815 ulen = udp_skb_len(skb);
1816 copied = len;
1817 if (copied > ulen - off)
1818 copied = ulen - off;
1819 else if (copied < ulen)
1820 msg->msg_flags |= MSG_TRUNC;
1821
1822 /*
1823 * If checksum is needed at all, try to do it while copying the
1824 * data. If the data is truncated, or if we only want a partial
1825 * coverage checksum (UDP-Lite), do it before the copy.
1826 */
1827
1828 if (copied < ulen || peeking ||
1829 (is_udplite && UDP_SKB_CB(skb)->partial_cov)) {
1830 checksum_valid = udp_skb_csum_unnecessary(skb) ||
1831 !__udp_lib_checksum_complete(skb);
1832 if (!checksum_valid)
1833 goto csum_copy_err;
1834 }
1835
1836 if (checksum_valid || udp_skb_csum_unnecessary(skb)) {
1837 if (udp_skb_is_linear(skb))
1838 err = copy_linear_skb(skb, len: copied, off, to: &msg->msg_iter);
1839 else
1840 err = skb_copy_datagram_msg(from: skb, offset: off, msg, size: copied);
1841 } else {
1842 err = skb_copy_and_csum_datagram_msg(skb, hlen: off, msg);
1843
1844 if (err == -EINVAL)
1845 goto csum_copy_err;
1846 }
1847
1848 if (unlikely(err)) {
1849 if (!peeking) {
1850 atomic_inc(v: &sk->sk_drops);
1851 UDP_INC_STATS(sock_net(sk),
1852 UDP_MIB_INERRORS, is_udplite);
1853 }
1854 kfree_skb(skb);
1855 return err;
1856 }
1857
1858 if (!peeking)
1859 UDP_INC_STATS(sock_net(sk),
1860 UDP_MIB_INDATAGRAMS, is_udplite);
1861
1862 sock_recv_cmsgs(msg, sk, skb);
1863
1864 /* Copy the address. */
1865 if (sin) {
1866 sin->sin_family = AF_INET;
1867 sin->sin_port = udp_hdr(skb)->source;
1868 sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
1869 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
1870 *addr_len = sizeof(*sin);
1871
1872 BPF_CGROUP_RUN_PROG_UDP4_RECVMSG_LOCK(sk,
1873 (struct sockaddr *)sin,
1874 addr_len);
1875 }
1876
1877 if (udp_test_bit(GRO_ENABLED, sk))
1878 udp_cmsg_recv(msg, sk, skb);
1879
1880 if (inet_cmsg_flags(inet))
1881 ip_cmsg_recv_offset(msg, sk, skb, tlen: sizeof(struct udphdr), offset: off);
1882
1883 err = copied;
1884 if (flags & MSG_TRUNC)
1885 err = ulen;
1886
1887 skb_consume_udp(sk, skb, peeking ? -err : err);
1888 return err;
1889
1890csum_copy_err:
1891 if (!__sk_queue_drop_skb(sk, sk_queue: &udp_sk(sk)->reader_queue, skb, flags,
1892 destructor: udp_skb_destructor)) {
1893 UDP_INC_STATS(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite);
1894 UDP_INC_STATS(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
1895 }
1896 kfree_skb(skb);
1897
1898 /* starting over for a new packet, but check if we need to yield */
1899 cond_resched();
1900 msg->msg_flags &= ~MSG_TRUNC;
1901 goto try_again;
1902}
1903
1904int udp_pre_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
1905{
1906 /* This check is replicated from __ip4_datagram_connect() and
1907 * intended to prevent BPF program called below from accessing bytes
1908 * that are out of the bound specified by user in addr_len.
1909 */
1910 if (addr_len < sizeof(struct sockaddr_in))
1911 return -EINVAL;
1912
1913 return BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr, &addr_len);
1914}
1915EXPORT_SYMBOL(udp_pre_connect);
1916
1917int __udp_disconnect(struct sock *sk, int flags)
1918{
1919 struct inet_sock *inet = inet_sk(sk);
1920 /*
1921 * 1003.1g - break association.
1922 */
1923
1924 sk->sk_state = TCP_CLOSE;
1925 inet->inet_daddr = 0;
1926 inet->inet_dport = 0;
1927 sock_rps_reset_rxhash(sk);
1928 sk->sk_bound_dev_if = 0;
1929 if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK)) {
1930 inet_reset_saddr(sk);
1931 if (sk->sk_prot->rehash &&
1932 (sk->sk_userlocks & SOCK_BINDPORT_LOCK))
1933 sk->sk_prot->rehash(sk);
1934 }
1935
1936 if (!(sk->sk_userlocks & SOCK_BINDPORT_LOCK)) {
1937 sk->sk_prot->unhash(sk);
1938 inet->inet_sport = 0;
1939 }
1940 sk_dst_reset(sk);
1941 return 0;
1942}
1943EXPORT_SYMBOL(__udp_disconnect);
1944
1945int udp_disconnect(struct sock *sk, int flags)
1946{
1947 lock_sock(sk);
1948 __udp_disconnect(sk, flags);
1949 release_sock(sk);
1950 return 0;
1951}
1952EXPORT_SYMBOL(udp_disconnect);
1953
1954void udp_lib_unhash(struct sock *sk)
1955{
1956 if (sk_hashed(sk)) {
1957 struct udp_table *udptable = udp_get_table_prot(sk);
1958 struct udp_hslot *hslot, *hslot2;
1959
1960 hslot = udp_hashslot(table: udptable, net: sock_net(sk),
1961 udp_sk(sk)->udp_port_hash);
1962 hslot2 = udp_hashslot2(table: udptable, udp_sk(sk)->udp_portaddr_hash);
1963
1964 spin_lock_bh(lock: &hslot->lock);
1965 if (rcu_access_pointer(sk->sk_reuseport_cb))
1966 reuseport_detach_sock(sk);
1967 if (sk_del_node_init_rcu(sk)) {
1968 hslot->count--;
1969 inet_sk(sk)->inet_num = 0;
1970 sock_prot_inuse_add(net: sock_net(sk), prot: sk->sk_prot, val: -1);
1971
1972 spin_lock(lock: &hslot2->lock);
1973 hlist_del_init_rcu(n: &udp_sk(sk)->udp_portaddr_node);
1974 hslot2->count--;
1975 spin_unlock(lock: &hslot2->lock);
1976 }
1977 spin_unlock_bh(lock: &hslot->lock);
1978 }
1979}
1980EXPORT_SYMBOL(udp_lib_unhash);
1981
1982/*
1983 * inet_rcv_saddr was changed, we must rehash secondary hash
1984 */
1985void udp_lib_rehash(struct sock *sk, u16 newhash)
1986{
1987 if (sk_hashed(sk)) {
1988 struct udp_table *udptable = udp_get_table_prot(sk);
1989 struct udp_hslot *hslot, *hslot2, *nhslot2;
1990
1991 hslot2 = udp_hashslot2(table: udptable, udp_sk(sk)->udp_portaddr_hash);
1992 nhslot2 = udp_hashslot2(table: udptable, hash: newhash);
1993 udp_sk(sk)->udp_portaddr_hash = newhash;
1994
1995 if (hslot2 != nhslot2 ||
1996 rcu_access_pointer(sk->sk_reuseport_cb)) {
1997 hslot = udp_hashslot(table: udptable, net: sock_net(sk),
1998 udp_sk(sk)->udp_port_hash);
1999 /* we must lock primary chain too */
2000 spin_lock_bh(lock: &hslot->lock);
2001 if (rcu_access_pointer(sk->sk_reuseport_cb))
2002 reuseport_detach_sock(sk);
2003
2004 if (hslot2 != nhslot2) {
2005 spin_lock(lock: &hslot2->lock);
2006 hlist_del_init_rcu(n: &udp_sk(sk)->udp_portaddr_node);
2007 hslot2->count--;
2008 spin_unlock(lock: &hslot2->lock);
2009
2010 spin_lock(lock: &nhslot2->lock);
2011 hlist_add_head_rcu(n: &udp_sk(sk)->udp_portaddr_node,
2012 h: &nhslot2->head);
2013 nhslot2->count++;
2014 spin_unlock(lock: &nhslot2->lock);
2015 }
2016
2017 spin_unlock_bh(lock: &hslot->lock);
2018 }
2019 }
2020}
2021EXPORT_SYMBOL(udp_lib_rehash);
2022
2023void udp_v4_rehash(struct sock *sk)
2024{
2025 u16 new_hash = ipv4_portaddr_hash(net: sock_net(sk),
2026 inet_sk(sk)->inet_rcv_saddr,
2027 inet_sk(sk)->inet_num);
2028 udp_lib_rehash(sk, new_hash);
2029}
2030
2031static int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
2032{
2033 int rc;
2034
2035 if (inet_sk(sk)->inet_daddr) {
2036 sock_rps_save_rxhash(sk, skb);
2037 sk_mark_napi_id(sk, skb);
2038 sk_incoming_cpu_update(sk);
2039 } else {
2040 sk_mark_napi_id_once(sk, skb);
2041 }
2042
2043 rc = __udp_enqueue_schedule_skb(sk, skb);
2044 if (rc < 0) {
2045 int is_udplite = IS_UDPLITE(sk);
2046 int drop_reason;
2047
2048 /* Note that an ENOMEM error is charged twice */
2049 if (rc == -ENOMEM) {
2050 UDP_INC_STATS(sock_net(sk), UDP_MIB_RCVBUFERRORS,
2051 is_udplite);
2052 drop_reason = SKB_DROP_REASON_SOCKET_RCVBUFF;
2053 } else {
2054 UDP_INC_STATS(sock_net(sk), UDP_MIB_MEMERRORS,
2055 is_udplite);
2056 drop_reason = SKB_DROP_REASON_PROTO_MEM;
2057 }
2058 UDP_INC_STATS(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
2059 kfree_skb_reason(skb, reason: drop_reason);
2060 trace_udp_fail_queue_rcv_skb(rc, sk);
2061 return -1;
2062 }
2063
2064 return 0;
2065}
2066
2067/* returns:
2068 * -1: error
2069 * 0: success
2070 * >0: "udp encap" protocol resubmission
2071 *
2072 * Note that in the success and error cases, the skb is assumed to
2073 * have either been requeued or freed.
2074 */
2075static int udp_queue_rcv_one_skb(struct sock *sk, struct sk_buff *skb)
2076{
2077 int drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;
2078 struct udp_sock *up = udp_sk(sk);
2079 int is_udplite = IS_UDPLITE(sk);
2080
2081 /*
2082 * Charge it to the socket, dropping if the queue is full.
2083 */
2084 if (!xfrm4_policy_check(sk, dir: XFRM_POLICY_IN, skb)) {
2085 drop_reason = SKB_DROP_REASON_XFRM_POLICY;
2086 goto drop;
2087 }
2088 nf_reset_ct(skb);
2089
2090 if (static_branch_unlikely(&udp_encap_needed_key) &&
2091 READ_ONCE(up->encap_type)) {
2092 int (*encap_rcv)(struct sock *sk, struct sk_buff *skb);
2093
2094 /*
2095 * This is an encapsulation socket so pass the skb to
2096 * the socket's udp_encap_rcv() hook. Otherwise, just
2097 * fall through and pass this up the UDP socket.
2098 * up->encap_rcv() returns the following value:
2099 * =0 if skb was successfully passed to the encap
2100 * handler or was discarded by it.
2101 * >0 if skb should be passed on to UDP.
2102 * <0 if skb should be resubmitted as proto -N
2103 */
2104
2105 /* if we're overly short, let UDP handle it */
2106 encap_rcv = READ_ONCE(up->encap_rcv);
2107 if (encap_rcv) {
2108 int ret;
2109
2110 /* Verify checksum before giving to encap */
2111 if (udp_lib_checksum_complete(skb))
2112 goto csum_error;
2113
2114 ret = encap_rcv(sk, skb);
2115 if (ret <= 0) {
2116 __UDP_INC_STATS(sock_net(sk),
2117 UDP_MIB_INDATAGRAMS,
2118 is_udplite);
2119 return -ret;
2120 }
2121 }
2122
2123 /* FALLTHROUGH -- it's a UDP Packet */
2124 }
2125
2126 /*
2127 * UDP-Lite specific tests, ignored on UDP sockets
2128 */
2129 if (udp_test_bit(UDPLITE_RECV_CC, sk) && UDP_SKB_CB(skb)->partial_cov) {
2130 u16 pcrlen = READ_ONCE(up->pcrlen);
2131
2132 /*
2133 * MIB statistics other than incrementing the error count are
2134 * disabled for the following two types of errors: these depend
2135 * on the application settings, not on the functioning of the
2136 * protocol stack as such.
2137 *
2138 * RFC 3828 here recommends (sec 3.3): "There should also be a
2139 * way ... to ... at least let the receiving application block
2140 * delivery of packets with coverage values less than a value
2141 * provided by the application."
2142 */
2143 if (pcrlen == 0) { /* full coverage was set */
2144 net_dbg_ratelimited("UDPLite: partial coverage %d while full coverage %d requested\n",
2145 UDP_SKB_CB(skb)->cscov, skb->len);
2146 goto drop;
2147 }
2148 /* The next case involves violating the min. coverage requested
2149 * by the receiver. This is subtle: if receiver wants x and x is
2150 * greater than the buffersize/MTU then receiver will complain
2151 * that it wants x while sender emits packets of smaller size y.
2152 * Therefore the above ...()->partial_cov statement is essential.
2153 */
2154 if (UDP_SKB_CB(skb)->cscov < pcrlen) {
2155 net_dbg_ratelimited("UDPLite: coverage %d too small, need min %d\n",
2156 UDP_SKB_CB(skb)->cscov, pcrlen);
2157 goto drop;
2158 }
2159 }
2160
2161 prefetch(&sk->sk_rmem_alloc);
2162 if (rcu_access_pointer(sk->sk_filter) &&
2163 udp_lib_checksum_complete(skb))
2164 goto csum_error;
2165
2166 if (sk_filter_trim_cap(sk, skb, cap: sizeof(struct udphdr))) {
2167 drop_reason = SKB_DROP_REASON_SOCKET_FILTER;
2168 goto drop;
2169 }
2170
2171 udp_csum_pull_header(skb);
2172
2173 ipv4_pktinfo_prepare(sk, skb, drop_dst: true);
2174 return __udp_queue_rcv_skb(sk, skb);
2175
2176csum_error:
2177 drop_reason = SKB_DROP_REASON_UDP_CSUM;
2178 __UDP_INC_STATS(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite);
2179drop:
2180 __UDP_INC_STATS(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
2181 atomic_inc(v: &sk->sk_drops);
2182 kfree_skb_reason(skb, reason: drop_reason);
2183 return -1;
2184}
2185
2186static int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
2187{
2188 struct sk_buff *next, *segs;
2189 int ret;
2190
2191 if (likely(!udp_unexpected_gso(sk, skb)))
2192 return udp_queue_rcv_one_skb(sk, skb);
2193
2194 BUILD_BUG_ON(sizeof(struct udp_skb_cb) > SKB_GSO_CB_OFFSET);
2195 __skb_push(skb, len: -skb_mac_offset(skb));
2196 segs = udp_rcv_segment(sk, skb, ipv4: true);
2197 skb_list_walk_safe(segs, skb, next) {
2198 __skb_pull(skb, len: skb_transport_offset(skb));
2199
2200 udp_post_segment_fix_csum(skb);
2201 ret = udp_queue_rcv_one_skb(sk, skb);
2202 if (ret > 0)
2203 ip_protocol_deliver_rcu(net: dev_net(dev: skb->dev), skb, proto: ret);
2204 }
2205 return 0;
2206}
2207
2208/* For TCP sockets, sk_rx_dst is protected by socket lock
2209 * For UDP, we use xchg() to guard against concurrent changes.
2210 */
2211bool udp_sk_rx_dst_set(struct sock *sk, struct dst_entry *dst)
2212{
2213 struct dst_entry *old;
2214
2215 if (dst_hold_safe(dst)) {
2216 old = xchg((__force struct dst_entry **)&sk->sk_rx_dst, dst);
2217 dst_release(dst: old);
2218 return old != dst;
2219 }
2220 return false;
2221}
2222EXPORT_SYMBOL(udp_sk_rx_dst_set);
2223
2224/*
2225 * Multicasts and broadcasts go to each listener.
2226 *
2227 * Note: called only from the BH handler context.
2228 */
2229static int __udp4_lib_mcast_deliver(struct net *net, struct sk_buff *skb,
2230 struct udphdr *uh,
2231 __be32 saddr, __be32 daddr,
2232 struct udp_table *udptable,
2233 int proto)
2234{
2235 struct sock *sk, *first = NULL;
2236 unsigned short hnum = ntohs(uh->dest);
2237 struct udp_hslot *hslot = udp_hashslot(table: udptable, net, num: hnum);
2238 unsigned int hash2 = 0, hash2_any = 0, use_hash2 = (hslot->count > 10);
2239 unsigned int offset = offsetof(typeof(*sk), sk_node);
2240 int dif = skb->dev->ifindex;
2241 int sdif = inet_sdif(skb);
2242 struct hlist_node *node;
2243 struct sk_buff *nskb;
2244
2245 if (use_hash2) {
2246 hash2_any = ipv4_portaddr_hash(net, htonl(INADDR_ANY), port: hnum) &
2247 udptable->mask;
2248 hash2 = ipv4_portaddr_hash(net, saddr: daddr, port: hnum) & udptable->mask;
2249start_lookup:
2250 hslot = &udptable->hash2[hash2];
2251 offset = offsetof(typeof(*sk), __sk_common.skc_portaddr_node);
2252 }
2253
2254 sk_for_each_entry_offset_rcu(sk, node, &hslot->head, offset) {
2255 if (!__udp_is_mcast_sock(net, sk, loc_port: uh->dest, loc_addr: daddr,
2256 rmt_port: uh->source, rmt_addr: saddr, dif, sdif, hnum))
2257 continue;
2258
2259 if (!first) {
2260 first = sk;
2261 continue;
2262 }
2263 nskb = skb_clone(skb, GFP_ATOMIC);
2264
2265 if (unlikely(!nskb)) {
2266 atomic_inc(v: &sk->sk_drops);
2267 __UDP_INC_STATS(net, UDP_MIB_RCVBUFERRORS,
2268 IS_UDPLITE(sk));
2269 __UDP_INC_STATS(net, UDP_MIB_INERRORS,
2270 IS_UDPLITE(sk));
2271 continue;
2272 }
2273 if (udp_queue_rcv_skb(sk, skb: nskb) > 0)
2274 consume_skb(skb: nskb);
2275 }
2276
2277 /* Also lookup *:port if we are using hash2 and haven't done so yet. */
2278 if (use_hash2 && hash2 != hash2_any) {
2279 hash2 = hash2_any;
2280 goto start_lookup;
2281 }
2282
2283 if (first) {
2284 if (udp_queue_rcv_skb(sk: first, skb) > 0)
2285 consume_skb(skb);
2286 } else {
2287 kfree_skb(skb);
2288 __UDP_INC_STATS(net, UDP_MIB_IGNOREDMULTI,
2289 proto == IPPROTO_UDPLITE);
2290 }
2291 return 0;
2292}
2293
2294/* Initialize UDP checksum. If exited with zero value (success),
2295 * CHECKSUM_UNNECESSARY means, that no more checks are required.
2296 * Otherwise, csum completion requires checksumming packet body,
2297 * including udp header and folding it to skb->csum.
2298 */
2299static inline int udp4_csum_init(struct sk_buff *skb, struct udphdr *uh,
2300 int proto)
2301{
2302 int err;
2303
2304 UDP_SKB_CB(skb)->partial_cov = 0;
2305 UDP_SKB_CB(skb)->cscov = skb->len;
2306
2307 if (proto == IPPROTO_UDPLITE) {
2308 err = udplite_checksum_init(skb, uh);
2309 if (err)
2310 return err;
2311
2312 if (UDP_SKB_CB(skb)->partial_cov) {
2313 skb->csum = inet_compute_pseudo(skb, proto);
2314 return 0;
2315 }
2316 }
2317
2318 /* Note, we are only interested in != 0 or == 0, thus the
2319 * force to int.
2320 */
2321 err = (__force int)skb_checksum_init_zero_check(skb, proto, uh->check,
2322 inet_compute_pseudo);
2323 if (err)
2324 return err;
2325
2326 if (skb->ip_summed == CHECKSUM_COMPLETE && !skb->csum_valid) {
2327 /* If SW calculated the value, we know it's bad */
2328 if (skb->csum_complete_sw)
2329 return 1;
2330
2331 /* HW says the value is bad. Let's validate that.
2332 * skb->csum is no longer the full packet checksum,
2333 * so don't treat it as such.
2334 */
2335 skb_checksum_complete_unset(skb);
2336 }
2337
2338 return 0;
2339}
2340
2341/* wrapper for udp_queue_rcv_skb tacking care of csum conversion and
2342 * return code conversion for ip layer consumption
2343 */
2344static int udp_unicast_rcv_skb(struct sock *sk, struct sk_buff *skb,
2345 struct udphdr *uh)
2346{
2347 int ret;
2348
2349 if (inet_get_convert_csum(sk) && uh->check && !IS_UDPLITE(sk))
2350 skb_checksum_try_convert(skb, IPPROTO_UDP, inet_compute_pseudo);
2351
2352 ret = udp_queue_rcv_skb(sk, skb);
2353
2354 /* a return value > 0 means to resubmit the input, but
2355 * it wants the return to be -protocol, or 0
2356 */
2357 if (ret > 0)
2358 return -ret;
2359 return 0;
2360}
2361
2362/*
2363 * All we need to do is get the socket, and then do a checksum.
2364 */
2365
2366int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
2367 int proto)
2368{
2369 struct sock *sk;
2370 struct udphdr *uh;
2371 unsigned short ulen;
2372 struct rtable *rt = skb_rtable(skb);
2373 __be32 saddr, daddr;
2374 struct net *net = dev_net(dev: skb->dev);
2375 bool refcounted;
2376 int drop_reason;
2377
2378 drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;
2379
2380 /*
2381 * Validate the packet.
2382 */
2383 if (!pskb_may_pull(skb, len: sizeof(struct udphdr)))
2384 goto drop; /* No space for header. */
2385
2386 uh = udp_hdr(skb);
2387 ulen = ntohs(uh->len);
2388 saddr = ip_hdr(skb)->saddr;
2389 daddr = ip_hdr(skb)->daddr;
2390
2391 if (ulen > skb->len)
2392 goto short_packet;
2393
2394 if (proto == IPPROTO_UDP) {
2395 /* UDP validates ulen. */
2396 if (ulen < sizeof(*uh) || pskb_trim_rcsum(skb, len: ulen))
2397 goto short_packet;
2398 uh = udp_hdr(skb);
2399 }
2400
2401 if (udp4_csum_init(skb, uh, proto))
2402 goto csum_error;
2403
2404 sk = inet_steal_sock(net, skb, doff: sizeof(struct udphdr), saddr, sport: uh->source, daddr, dport: uh->dest,
2405 refcounted: &refcounted, ehashfn: udp_ehashfn);
2406 if (IS_ERR(ptr: sk))
2407 goto no_sk;
2408
2409 if (sk) {
2410 struct dst_entry *dst = skb_dst(skb);
2411 int ret;
2412
2413 if (unlikely(rcu_dereference(sk->sk_rx_dst) != dst))
2414 udp_sk_rx_dst_set(sk, dst);
2415
2416 ret = udp_unicast_rcv_skb(sk, skb, uh);
2417 if (refcounted)
2418 sock_put(sk);
2419 return ret;
2420 }
2421
2422 if (rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST))
2423 return __udp4_lib_mcast_deliver(net, skb, uh,
2424 saddr, daddr, udptable, proto);
2425
2426 sk = __udp4_lib_lookup_skb(skb, sport: uh->source, dport: uh->dest, udptable);
2427 if (sk)
2428 return udp_unicast_rcv_skb(sk, skb, uh);
2429no_sk:
2430 if (!xfrm4_policy_check(NULL, dir: XFRM_POLICY_IN, skb))
2431 goto drop;
2432 nf_reset_ct(skb);
2433
2434 /* No socket. Drop packet silently, if checksum is wrong */
2435 if (udp_lib_checksum_complete(skb))
2436 goto csum_error;
2437
2438 drop_reason = SKB_DROP_REASON_NO_SOCKET;
2439 __UDP_INC_STATS(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
2440 icmp_send(skb_in: skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, info: 0);
2441
2442 /*
2443 * Hmm. We got an UDP packet to a port to which we
2444 * don't wanna listen. Ignore it.
2445 */
2446 kfree_skb_reason(skb, reason: drop_reason);
2447 return 0;
2448
2449short_packet:
2450 drop_reason = SKB_DROP_REASON_PKT_TOO_SMALL;
2451 net_dbg_ratelimited("UDP%s: short packet: From %pI4:%u %d/%d to %pI4:%u\n",
2452 proto == IPPROTO_UDPLITE ? "Lite" : "",
2453 &saddr, ntohs(uh->source),
2454 ulen, skb->len,
2455 &daddr, ntohs(uh->dest));
2456 goto drop;
2457
2458csum_error:
2459 /*
2460 * RFC1122: OK. Discards the bad packet silently (as far as
2461 * the network is concerned, anyway) as per 4.1.3.4 (MUST).
2462 */
2463 drop_reason = SKB_DROP_REASON_UDP_CSUM;
2464 net_dbg_ratelimited("UDP%s: bad checksum. From %pI4:%u to %pI4:%u ulen %d\n",
2465 proto == IPPROTO_UDPLITE ? "Lite" : "",
2466 &saddr, ntohs(uh->source), &daddr, ntohs(uh->dest),
2467 ulen);
2468 __UDP_INC_STATS(net, UDP_MIB_CSUMERRORS, proto == IPPROTO_UDPLITE);
2469drop:
2470 __UDP_INC_STATS(net, UDP_MIB_INERRORS, proto == IPPROTO_UDPLITE);
2471 kfree_skb_reason(skb, reason: drop_reason);
2472 return 0;
2473}
2474
2475/* We can only early demux multicast if there is a single matching socket.
2476 * If more than one socket found returns NULL
2477 */
2478static struct sock *__udp4_lib_mcast_demux_lookup(struct net *net,
2479 __be16 loc_port, __be32 loc_addr,
2480 __be16 rmt_port, __be32 rmt_addr,
2481 int dif, int sdif)
2482{
2483 struct udp_table *udptable = net->ipv4.udp_table;
2484 unsigned short hnum = ntohs(loc_port);
2485 struct sock *sk, *result;
2486 struct udp_hslot *hslot;
2487 unsigned int slot;
2488
2489 slot = udp_hashfn(net, num: hnum, mask: udptable->mask);
2490 hslot = &udptable->hash[slot];
2491
2492 /* Do not bother scanning a too big list */
2493 if (hslot->count > 10)
2494 return NULL;
2495
2496 result = NULL;
2497 sk_for_each_rcu(sk, &hslot->head) {
2498 if (__udp_is_mcast_sock(net, sk, loc_port, loc_addr,
2499 rmt_port, rmt_addr, dif, sdif, hnum)) {
2500 if (result)
2501 return NULL;
2502 result = sk;
2503 }
2504 }
2505
2506 return result;
2507}
2508
2509/* For unicast we should only early demux connected sockets or we can
2510 * break forwarding setups. The chains here can be long so only check
2511 * if the first socket is an exact match and if not move on.
2512 */
2513static struct sock *__udp4_lib_demux_lookup(struct net *net,
2514 __be16 loc_port, __be32 loc_addr,
2515 __be16 rmt_port, __be32 rmt_addr,
2516 int dif, int sdif)
2517{
2518 struct udp_table *udptable = net->ipv4.udp_table;
2519 INET_ADDR_COOKIE(acookie, rmt_addr, loc_addr);
2520 unsigned short hnum = ntohs(loc_port);
2521 unsigned int hash2, slot2;
2522 struct udp_hslot *hslot2;
2523 __portpair ports;
2524 struct sock *sk;
2525
2526 hash2 = ipv4_portaddr_hash(net, saddr: loc_addr, port: hnum);
2527 slot2 = hash2 & udptable->mask;
2528 hslot2 = &udptable->hash2[slot2];
2529 ports = INET_COMBINED_PORTS(rmt_port, hnum);
2530
2531 udp_portaddr_for_each_entry_rcu(sk, &hslot2->head) {
2532 if (inet_match(net, sk, cookie: acookie, ports, dif, sdif))
2533 return sk;
2534 /* Only check first socket in chain */
2535 break;
2536 }
2537 return NULL;
2538}
2539
2540int udp_v4_early_demux(struct sk_buff *skb)
2541{
2542 struct net *net = dev_net(dev: skb->dev);
2543 struct in_device *in_dev = NULL;
2544 const struct iphdr *iph;
2545 const struct udphdr *uh;
2546 struct sock *sk = NULL;
2547 struct dst_entry *dst;
2548 int dif = skb->dev->ifindex;
2549 int sdif = inet_sdif(skb);
2550 int ours;
2551
2552 /* validate the packet */
2553 if (!pskb_may_pull(skb, len: skb_transport_offset(skb) + sizeof(struct udphdr)))
2554 return 0;
2555
2556 iph = ip_hdr(skb);
2557 uh = udp_hdr(skb);
2558
2559 if (skb->pkt_type == PACKET_MULTICAST) {
2560 in_dev = __in_dev_get_rcu(dev: skb->dev);
2561
2562 if (!in_dev)
2563 return 0;
2564
2565 ours = ip_check_mc_rcu(dev: in_dev, mc_addr: iph->daddr, src_addr: iph->saddr,
2566 proto: iph->protocol);
2567 if (!ours)
2568 return 0;
2569
2570 sk = __udp4_lib_mcast_demux_lookup(net, loc_port: uh->dest, loc_addr: iph->daddr,
2571 rmt_port: uh->source, rmt_addr: iph->saddr,
2572 dif, sdif);
2573 } else if (skb->pkt_type == PACKET_HOST) {
2574 sk = __udp4_lib_demux_lookup(net, loc_port: uh->dest, loc_addr: iph->daddr,
2575 rmt_port: uh->source, rmt_addr: iph->saddr, dif, sdif);
2576 }
2577
2578 if (!sk)
2579 return 0;
2580
2581 skb->sk = sk;
2582 DEBUG_NET_WARN_ON_ONCE(sk_is_refcounted(sk));
2583 skb->destructor = sock_pfree;
2584 dst = rcu_dereference(sk->sk_rx_dst);
2585
2586 if (dst)
2587 dst = dst_check(dst, cookie: 0);
2588 if (dst) {
2589 u32 itag = 0;
2590
2591 /* set noref for now.
2592 * any place which wants to hold dst has to call
2593 * dst_hold_safe()
2594 */
2595 skb_dst_set_noref(skb, dst);
2596
2597 /* for unconnected multicast sockets we need to validate
2598 * the source on each packet
2599 */
2600 if (!inet_sk(sk)->inet_daddr && in_dev)
2601 return ip_mc_validate_source(skb, daddr: iph->daddr,
2602 saddr: iph->saddr,
2603 tos: iph->tos & IPTOS_RT_MASK,
2604 dev: skb->dev, in_dev, itag: &itag);
2605 }
2606 return 0;
2607}
2608
2609int udp_rcv(struct sk_buff *skb)
2610{
2611 return __udp4_lib_rcv(skb, udptable: dev_net(dev: skb->dev)->ipv4.udp_table, IPPROTO_UDP);
2612}
2613
2614void udp_destroy_sock(struct sock *sk)
2615{
2616 struct udp_sock *up = udp_sk(sk);
2617 bool slow = lock_sock_fast(sk);
2618
2619 /* protects from races with udp_abort() */
2620 sock_set_flag(sk, flag: SOCK_DEAD);
2621 udp_flush_pending_frames(sk);
2622 unlock_sock_fast(sk, slow);
2623 if (static_branch_unlikely(&udp_encap_needed_key)) {
2624 if (up->encap_type) {
2625 void (*encap_destroy)(struct sock *sk);
2626 encap_destroy = READ_ONCE(up->encap_destroy);
2627 if (encap_destroy)
2628 encap_destroy(sk);
2629 }
2630 if (udp_test_bit(ENCAP_ENABLED, sk))
2631 static_branch_dec(&udp_encap_needed_key);
2632 }
2633}
2634
2635static void set_xfrm_gro_udp_encap_rcv(__u16 encap_type, unsigned short family,
2636 struct sock *sk)
2637{
2638#ifdef CONFIG_XFRM
2639 if (udp_test_bit(GRO_ENABLED, sk) && encap_type == UDP_ENCAP_ESPINUDP) {
2640 if (family == AF_INET)
2641 WRITE_ONCE(udp_sk(sk)->gro_receive, xfrm4_gro_udp_encap_rcv);
2642 else if (IS_ENABLED(CONFIG_IPV6) && family == AF_INET6)
2643 WRITE_ONCE(udp_sk(sk)->gro_receive, ipv6_stub->xfrm6_gro_udp_encap_rcv);
2644 }
2645#endif
2646}
2647
2648/*
2649 * Socket option code for UDP
2650 */
2651int udp_lib_setsockopt(struct sock *sk, int level, int optname,
2652 sockptr_t optval, unsigned int optlen,
2653 int (*push_pending_frames)(struct sock *))
2654{
2655 struct udp_sock *up = udp_sk(sk);
2656 int val, valbool;
2657 int err = 0;
2658 int is_udplite = IS_UDPLITE(sk);
2659
2660 if (level == SOL_SOCKET) {
2661 err = sk_setsockopt(sk, level, optname, optval, optlen);
2662
2663 if (optname == SO_RCVBUF || optname == SO_RCVBUFFORCE) {
2664 sockopt_lock_sock(sk);
2665 /* paired with READ_ONCE in udp_rmem_release() */
2666 WRITE_ONCE(up->forward_threshold, sk->sk_rcvbuf >> 2);
2667 sockopt_release_sock(sk);
2668 }
2669 return err;
2670 }
2671
2672 if (optlen < sizeof(int))
2673 return -EINVAL;
2674
2675 if (copy_from_sockptr(dst: &val, src: optval, size: sizeof(val)))
2676 return -EFAULT;
2677
2678 valbool = val ? 1 : 0;
2679
2680 switch (optname) {
2681 case UDP_CORK:
2682 if (val != 0) {
2683 udp_set_bit(CORK, sk);
2684 } else {
2685 udp_clear_bit(CORK, sk);
2686 lock_sock(sk);
2687 push_pending_frames(sk);
2688 release_sock(sk);
2689 }
2690 break;
2691
2692 case UDP_ENCAP:
2693 switch (val) {
2694 case 0:
2695#ifdef CONFIG_XFRM
2696 case UDP_ENCAP_ESPINUDP:
2697 set_xfrm_gro_udp_encap_rcv(encap_type: val, family: sk->sk_family, sk);
2698 fallthrough;
2699 case UDP_ENCAP_ESPINUDP_NON_IKE:
2700#if IS_ENABLED(CONFIG_IPV6)
2701 if (sk->sk_family == AF_INET6)
2702 WRITE_ONCE(up->encap_rcv,
2703 ipv6_stub->xfrm6_udp_encap_rcv);
2704 else
2705#endif
2706 WRITE_ONCE(up->encap_rcv,
2707 xfrm4_udp_encap_rcv);
2708#endif
2709 fallthrough;
2710 case UDP_ENCAP_L2TPINUDP:
2711 WRITE_ONCE(up->encap_type, val);
2712 udp_tunnel_encap_enable(sk);
2713 break;
2714 default:
2715 err = -ENOPROTOOPT;
2716 break;
2717 }
2718 break;
2719
2720 case UDP_NO_CHECK6_TX:
2721 udp_set_no_check6_tx(sk, val: valbool);
2722 break;
2723
2724 case UDP_NO_CHECK6_RX:
2725 udp_set_no_check6_rx(sk, val: valbool);
2726 break;
2727
2728 case UDP_SEGMENT:
2729 if (val < 0 || val > USHRT_MAX)
2730 return -EINVAL;
2731 WRITE_ONCE(up->gso_size, val);
2732 break;
2733
2734 case UDP_GRO:
2735
2736 /* when enabling GRO, accept the related GSO packet type */
2737 if (valbool)
2738 udp_tunnel_encap_enable(sk);
2739 udp_assign_bit(GRO_ENABLED, sk, valbool);
2740 udp_assign_bit(ACCEPT_L4, sk, valbool);
2741 set_xfrm_gro_udp_encap_rcv(encap_type: up->encap_type, family: sk->sk_family, sk);
2742 break;
2743
2744 /*
2745 * UDP-Lite's partial checksum coverage (RFC 3828).
2746 */
2747 /* The sender sets actual checksum coverage length via this option.
2748 * The case coverage > packet length is handled by send module. */
2749 case UDPLITE_SEND_CSCOV:
2750 if (!is_udplite) /* Disable the option on UDP sockets */
2751 return -ENOPROTOOPT;
2752 if (val != 0 && val < 8) /* Illegal coverage: use default (8) */
2753 val = 8;
2754 else if (val > USHRT_MAX)
2755 val = USHRT_MAX;
2756 WRITE_ONCE(up->pcslen, val);
2757 udp_set_bit(UDPLITE_SEND_CC, sk);
2758 break;
2759
2760 /* The receiver specifies a minimum checksum coverage value. To make
2761 * sense, this should be set to at least 8 (as done below). If zero is
2762 * used, this again means full checksum coverage. */
2763 case UDPLITE_RECV_CSCOV:
2764 if (!is_udplite) /* Disable the option on UDP sockets */
2765 return -ENOPROTOOPT;
2766 if (val != 0 && val < 8) /* Avoid silly minimal values. */
2767 val = 8;
2768 else if (val > USHRT_MAX)
2769 val = USHRT_MAX;
2770 WRITE_ONCE(up->pcrlen, val);
2771 udp_set_bit(UDPLITE_RECV_CC, sk);
2772 break;
2773
2774 default:
2775 err = -ENOPROTOOPT;
2776 break;
2777 }
2778
2779 return err;
2780}
2781EXPORT_SYMBOL(udp_lib_setsockopt);
2782
2783int udp_setsockopt(struct sock *sk, int level, int optname, sockptr_t optval,
2784 unsigned int optlen)
2785{
2786 if (level == SOL_UDP || level == SOL_UDPLITE || level == SOL_SOCKET)
2787 return udp_lib_setsockopt(sk, level, optname,
2788 optval, optlen,
2789 udp_push_pending_frames);
2790 return ip_setsockopt(sk, level, optname, optval, optlen);
2791}
2792
2793int udp_lib_getsockopt(struct sock *sk, int level, int optname,
2794 char __user *optval, int __user *optlen)
2795{
2796 struct udp_sock *up = udp_sk(sk);
2797 int val, len;
2798
2799 if (get_user(len, optlen))
2800 return -EFAULT;
2801
2802 if (len < 0)
2803 return -EINVAL;
2804
2805 len = min_t(unsigned int, len, sizeof(int));
2806
2807 switch (optname) {
2808 case UDP_CORK:
2809 val = udp_test_bit(CORK, sk);
2810 break;
2811
2812 case UDP_ENCAP:
2813 val = READ_ONCE(up->encap_type);
2814 break;
2815
2816 case UDP_NO_CHECK6_TX:
2817 val = udp_get_no_check6_tx(sk);
2818 break;
2819
2820 case UDP_NO_CHECK6_RX:
2821 val = udp_get_no_check6_rx(sk);
2822 break;
2823
2824 case UDP_SEGMENT:
2825 val = READ_ONCE(up->gso_size);
2826 break;
2827
2828 case UDP_GRO:
2829 val = udp_test_bit(GRO_ENABLED, sk);
2830 break;
2831
2832 /* The following two cannot be changed on UDP sockets, the return is
2833 * always 0 (which corresponds to the full checksum coverage of UDP). */
2834 case UDPLITE_SEND_CSCOV:
2835 val = READ_ONCE(up->pcslen);
2836 break;
2837
2838 case UDPLITE_RECV_CSCOV:
2839 val = READ_ONCE(up->pcrlen);
2840 break;
2841
2842 default:
2843 return -ENOPROTOOPT;
2844 }
2845
2846 if (put_user(len, optlen))
2847 return -EFAULT;
2848 if (copy_to_user(to: optval, from: &val, n: len))
2849 return -EFAULT;
2850 return 0;
2851}
2852EXPORT_SYMBOL(udp_lib_getsockopt);
2853
2854int udp_getsockopt(struct sock *sk, int level, int optname,
2855 char __user *optval, int __user *optlen)
2856{
2857 if (level == SOL_UDP || level == SOL_UDPLITE)
2858 return udp_lib_getsockopt(sk, level, optname, optval, optlen);
2859 return ip_getsockopt(sk, level, optname, optval, optlen);
2860}
2861
2862/**
2863 * udp_poll - wait for a UDP event.
2864 * @file: - file struct
2865 * @sock: - socket
2866 * @wait: - poll table
2867 *
2868 * This is same as datagram poll, except for the special case of
2869 * blocking sockets. If application is using a blocking fd
2870 * and a packet with checksum error is in the queue;
2871 * then it could get return from select indicating data available
2872 * but then block when reading it. Add special case code
2873 * to work around these arguably broken applications.
2874 */
2875__poll_t udp_poll(struct file *file, struct socket *sock, poll_table *wait)
2876{
2877 __poll_t mask = datagram_poll(file, sock, wait);
2878 struct sock *sk = sock->sk;
2879
2880 if (!skb_queue_empty_lockless(list: &udp_sk(sk)->reader_queue))
2881 mask |= EPOLLIN | EPOLLRDNORM;
2882
2883 /* Check for false positives due to checksum errors */
2884 if ((mask & EPOLLRDNORM) && !(file->f_flags & O_NONBLOCK) &&
2885 !(sk->sk_shutdown & RCV_SHUTDOWN) && first_packet_length(sk) == -1)
2886 mask &= ~(EPOLLIN | EPOLLRDNORM);
2887
2888 /* psock ingress_msg queue should not contain any bad checksum frames */
2889 if (sk_is_readable(sk))
2890 mask |= EPOLLIN | EPOLLRDNORM;
2891 return mask;
2892
2893}
2894EXPORT_SYMBOL(udp_poll);
2895
2896int udp_abort(struct sock *sk, int err)
2897{
2898 if (!has_current_bpf_ctx())
2899 lock_sock(sk);
2900
2901 /* udp{v6}_destroy_sock() sets it under the sk lock, avoid racing
2902 * with close()
2903 */
2904 if (sock_flag(sk, flag: SOCK_DEAD))
2905 goto out;
2906
2907 sk->sk_err = err;
2908 sk_error_report(sk);
2909 __udp_disconnect(sk, 0);
2910
2911out:
2912 if (!has_current_bpf_ctx())
2913 release_sock(sk);
2914
2915 return 0;
2916}
2917EXPORT_SYMBOL_GPL(udp_abort);
2918
2919struct proto udp_prot = {
2920 .name = "UDP",
2921 .owner = THIS_MODULE,
2922 .close = udp_lib_close,
2923 .pre_connect = udp_pre_connect,
2924 .connect = ip4_datagram_connect,
2925 .disconnect = udp_disconnect,
2926 .ioctl = udp_ioctl,
2927 .init = udp_init_sock,
2928 .destroy = udp_destroy_sock,
2929 .setsockopt = udp_setsockopt,
2930 .getsockopt = udp_getsockopt,
2931 .sendmsg = udp_sendmsg,
2932 .recvmsg = udp_recvmsg,
2933 .splice_eof = udp_splice_eof,
2934 .release_cb = ip4_datagram_release_cb,
2935 .hash = udp_lib_hash,
2936 .unhash = udp_lib_unhash,
2937 .rehash = udp_v4_rehash,
2938 .get_port = udp_v4_get_port,
2939 .put_port = udp_lib_unhash,
2940#ifdef CONFIG_BPF_SYSCALL
2941 .psock_update_sk_prot = udp_bpf_update_proto,
2942#endif
2943 .memory_allocated = &udp_memory_allocated,
2944 .per_cpu_fw_alloc = &udp_memory_per_cpu_fw_alloc,
2945
2946 .sysctl_mem = sysctl_udp_mem,
2947 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_udp_wmem_min),
2948 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_udp_rmem_min),
2949 .obj_size = sizeof(struct udp_sock),
2950 .h.udp_table = NULL,
2951 .diag_destroy = udp_abort,
2952};
2953EXPORT_SYMBOL(udp_prot);
2954
2955/* ------------------------------------------------------------------------ */
2956#ifdef CONFIG_PROC_FS
2957
2958static unsigned short seq_file_family(const struct seq_file *seq);
2959static bool seq_sk_match(struct seq_file *seq, const struct sock *sk)
2960{
2961 unsigned short family = seq_file_family(seq);
2962
2963 /* AF_UNSPEC is used as a match all */
2964 return ((family == AF_UNSPEC || family == sk->sk_family) &&
2965 net_eq(net1: sock_net(sk), net2: seq_file_net(seq)));
2966}
2967
2968#ifdef CONFIG_BPF_SYSCALL
2969static const struct seq_operations bpf_iter_udp_seq_ops;
2970#endif
2971static struct udp_table *udp_get_table_seq(struct seq_file *seq,
2972 struct net *net)
2973{
2974 const struct udp_seq_afinfo *afinfo;
2975
2976#ifdef CONFIG_BPF_SYSCALL
2977 if (seq->op == &bpf_iter_udp_seq_ops)
2978 return net->ipv4.udp_table;
2979#endif
2980
2981 afinfo = pde_data(inode: file_inode(f: seq->file));
2982 return afinfo->udp_table ? : net->ipv4.udp_table;
2983}
2984
2985static struct sock *udp_get_first(struct seq_file *seq, int start)
2986{
2987 struct udp_iter_state *state = seq->private;
2988 struct net *net = seq_file_net(seq);
2989 struct udp_table *udptable;
2990 struct sock *sk;
2991
2992 udptable = udp_get_table_seq(seq, net);
2993
2994 for (state->bucket = start; state->bucket <= udptable->mask;
2995 ++state->bucket) {
2996 struct udp_hslot *hslot = &udptable->hash[state->bucket];
2997
2998 if (hlist_empty(h: &hslot->head))
2999 continue;
3000
3001 spin_lock_bh(lock: &hslot->lock);
3002 sk_for_each(sk, &hslot->head) {
3003 if (seq_sk_match(seq, sk))
3004 goto found;
3005 }
3006 spin_unlock_bh(lock: &hslot->lock);
3007 }
3008 sk = NULL;
3009found:
3010 return sk;
3011}
3012
3013static struct sock *udp_get_next(struct seq_file *seq, struct sock *sk)
3014{
3015 struct udp_iter_state *state = seq->private;
3016 struct net *net = seq_file_net(seq);
3017 struct udp_table *udptable;
3018
3019 do {
3020 sk = sk_next(sk);
3021 } while (sk && !seq_sk_match(seq, sk));
3022
3023 if (!sk) {
3024 udptable = udp_get_table_seq(seq, net);
3025
3026 if (state->bucket <= udptable->mask)
3027 spin_unlock_bh(lock: &udptable->hash[state->bucket].lock);
3028
3029 return udp_get_first(seq, start: state->bucket + 1);
3030 }
3031 return sk;
3032}
3033
3034static struct sock *udp_get_idx(struct seq_file *seq, loff_t pos)
3035{
3036 struct sock *sk = udp_get_first(seq, start: 0);
3037
3038 if (sk)
3039 while (pos && (sk = udp_get_next(seq, sk)) != NULL)
3040 --pos;
3041 return pos ? NULL : sk;
3042}
3043
3044void *udp_seq_start(struct seq_file *seq, loff_t *pos)
3045{
3046 struct udp_iter_state *state = seq->private;
3047 state->bucket = MAX_UDP_PORTS;
3048
3049 return *pos ? udp_get_idx(seq, pos: *pos-1) : SEQ_START_TOKEN;
3050}
3051EXPORT_SYMBOL(udp_seq_start);
3052
3053void *udp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3054{
3055 struct sock *sk;
3056
3057 if (v == SEQ_START_TOKEN)
3058 sk = udp_get_idx(seq, pos: 0);
3059 else
3060 sk = udp_get_next(seq, sk: v);
3061
3062 ++*pos;
3063 return sk;
3064}
3065EXPORT_SYMBOL(udp_seq_next);
3066
3067void udp_seq_stop(struct seq_file *seq, void *v)
3068{
3069 struct udp_iter_state *state = seq->private;
3070 struct udp_table *udptable;
3071
3072 udptable = udp_get_table_seq(seq, net: seq_file_net(seq));
3073
3074 if (state->bucket <= udptable->mask)
3075 spin_unlock_bh(lock: &udptable->hash[state->bucket].lock);
3076}
3077EXPORT_SYMBOL(udp_seq_stop);
3078
3079/* ------------------------------------------------------------------------ */
3080static void udp4_format_sock(struct sock *sp, struct seq_file *f,
3081 int bucket)
3082{
3083 struct inet_sock *inet = inet_sk(sp);
3084 __be32 dest = inet->inet_daddr;
3085 __be32 src = inet->inet_rcv_saddr;
3086 __u16 destp = ntohs(inet->inet_dport);
3087 __u16 srcp = ntohs(inet->inet_sport);
3088
3089 seq_printf(m: f, fmt: "%5d: %08X:%04X %08X:%04X"
3090 " %02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %u",
3091 bucket, src, srcp, dest, destp, sp->sk_state,
3092 sk_wmem_alloc_get(sk: sp),
3093 udp_rqueue_get(sk: sp),
3094 0, 0L, 0,
3095 from_kuid_munged(to: seq_user_ns(seq: f), uid: sock_i_uid(sk: sp)),
3096 0, sock_i_ino(sk: sp),
3097 refcount_read(r: &sp->sk_refcnt), sp,
3098 atomic_read(v: &sp->sk_drops));
3099}
3100
3101int udp4_seq_show(struct seq_file *seq, void *v)
3102{
3103 seq_setwidth(m: seq, size: 127);
3104 if (v == SEQ_START_TOKEN)
3105 seq_puts(m: seq, s: " sl local_address rem_address st tx_queue "
3106 "rx_queue tr tm->when retrnsmt uid timeout "
3107 "inode ref pointer drops");
3108 else {
3109 struct udp_iter_state *state = seq->private;
3110
3111 udp4_format_sock(sp: v, f: seq, bucket: state->bucket);
3112 }
3113 seq_pad(m: seq, c: '\n');
3114 return 0;
3115}
3116
3117#ifdef CONFIG_BPF_SYSCALL
3118struct bpf_iter__udp {
3119 __bpf_md_ptr(struct bpf_iter_meta *, meta);
3120 __bpf_md_ptr(struct udp_sock *, udp_sk);
3121 uid_t uid __aligned(8);
3122 int bucket __aligned(8);
3123};
3124
3125struct bpf_udp_iter_state {
3126 struct udp_iter_state state;
3127 unsigned int cur_sk;
3128 unsigned int end_sk;
3129 unsigned int max_sk;
3130 int offset;
3131 struct sock **batch;
3132 bool st_bucket_done;
3133};
3134
3135static int bpf_iter_udp_realloc_batch(struct bpf_udp_iter_state *iter,
3136 unsigned int new_batch_sz);
3137static struct sock *bpf_iter_udp_batch(struct seq_file *seq)
3138{
3139 struct bpf_udp_iter_state *iter = seq->private;
3140 struct udp_iter_state *state = &iter->state;
3141 struct net *net = seq_file_net(seq);
3142 int resume_bucket, resume_offset;
3143 struct udp_table *udptable;
3144 unsigned int batch_sks = 0;
3145 bool resized = false;
3146 struct sock *sk;
3147
3148 resume_bucket = state->bucket;
3149 resume_offset = iter->offset;
3150
3151 /* The current batch is done, so advance the bucket. */
3152 if (iter->st_bucket_done)
3153 state->bucket++;
3154
3155 udptable = udp_get_table_seq(seq, net);
3156
3157again:
3158 /* New batch for the next bucket.
3159 * Iterate over the hash table to find a bucket with sockets matching
3160 * the iterator attributes, and return the first matching socket from
3161 * the bucket. The remaining matched sockets from the bucket are batched
3162 * before releasing the bucket lock. This allows BPF programs that are
3163 * called in seq_show to acquire the bucket lock if needed.
3164 */
3165 iter->cur_sk = 0;
3166 iter->end_sk = 0;
3167 iter->st_bucket_done = false;
3168 batch_sks = 0;
3169
3170 for (; state->bucket <= udptable->mask; state->bucket++) {
3171 struct udp_hslot *hslot2 = &udptable->hash2[state->bucket];
3172
3173 if (hlist_empty(h: &hslot2->head))
3174 continue;
3175
3176 iter->offset = 0;
3177 spin_lock_bh(lock: &hslot2->lock);
3178 udp_portaddr_for_each_entry(sk, &hslot2->head) {
3179 if (seq_sk_match(seq, sk)) {
3180 /* Resume from the last iterated socket at the
3181 * offset in the bucket before iterator was stopped.
3182 */
3183 if (state->bucket == resume_bucket &&
3184 iter->offset < resume_offset) {
3185 ++iter->offset;
3186 continue;
3187 }
3188 if (iter->end_sk < iter->max_sk) {
3189 sock_hold(sk);
3190 iter->batch[iter->end_sk++] = sk;
3191 }
3192 batch_sks++;
3193 }
3194 }
3195 spin_unlock_bh(lock: &hslot2->lock);
3196
3197 if (iter->end_sk)
3198 break;
3199 }
3200
3201 /* All done: no batch made. */
3202 if (!iter->end_sk)
3203 return NULL;
3204
3205 if (iter->end_sk == batch_sks) {
3206 /* Batching is done for the current bucket; return the first
3207 * socket to be iterated from the batch.
3208 */
3209 iter->st_bucket_done = true;
3210 goto done;
3211 }
3212 if (!resized && !bpf_iter_udp_realloc_batch(iter, new_batch_sz: batch_sks * 3 / 2)) {
3213 resized = true;
3214 /* After allocating a larger batch, retry one more time to grab
3215 * the whole bucket.
3216 */
3217 goto again;
3218 }
3219done:
3220 return iter->batch[0];
3221}
3222
3223static void *bpf_iter_udp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3224{
3225 struct bpf_udp_iter_state *iter = seq->private;
3226 struct sock *sk;
3227
3228 /* Whenever seq_next() is called, the iter->cur_sk is
3229 * done with seq_show(), so unref the iter->cur_sk.
3230 */
3231 if (iter->cur_sk < iter->end_sk) {
3232 sock_put(sk: iter->batch[iter->cur_sk++]);
3233 ++iter->offset;
3234 }
3235
3236 /* After updating iter->cur_sk, check if there are more sockets
3237 * available in the current bucket batch.
3238 */
3239 if (iter->cur_sk < iter->end_sk)
3240 sk = iter->batch[iter->cur_sk];
3241 else
3242 /* Prepare a new batch. */
3243 sk = bpf_iter_udp_batch(seq);
3244
3245 ++*pos;
3246 return sk;
3247}
3248
3249static void *bpf_iter_udp_seq_start(struct seq_file *seq, loff_t *pos)
3250{
3251 /* bpf iter does not support lseek, so it always
3252 * continue from where it was stop()-ped.
3253 */
3254 if (*pos)
3255 return bpf_iter_udp_batch(seq);
3256
3257 return SEQ_START_TOKEN;
3258}
3259
3260static int udp_prog_seq_show(struct bpf_prog *prog, struct bpf_iter_meta *meta,
3261 struct udp_sock *udp_sk, uid_t uid, int bucket)
3262{
3263 struct bpf_iter__udp ctx;
3264
3265 meta->seq_num--; /* skip SEQ_START_TOKEN */
3266 ctx.meta = meta;
3267 ctx.udp_sk = udp_sk;
3268 ctx.uid = uid;
3269 ctx.bucket = bucket;
3270 return bpf_iter_run_prog(prog, ctx: &ctx);
3271}
3272
3273static int bpf_iter_udp_seq_show(struct seq_file *seq, void *v)
3274{
3275 struct udp_iter_state *state = seq->private;
3276 struct bpf_iter_meta meta;
3277 struct bpf_prog *prog;
3278 struct sock *sk = v;
3279 uid_t uid;
3280 int ret;
3281
3282 if (v == SEQ_START_TOKEN)
3283 return 0;
3284
3285 lock_sock(sk);
3286
3287 if (unlikely(sk_unhashed(sk))) {
3288 ret = SEQ_SKIP;
3289 goto unlock;
3290 }
3291
3292 uid = from_kuid_munged(to: seq_user_ns(seq), uid: sock_i_uid(sk));
3293 meta.seq = seq;
3294 prog = bpf_iter_get_info(meta: &meta, in_stop: false);
3295 ret = udp_prog_seq_show(prog, meta: &meta, udp_sk: v, uid, bucket: state->bucket);
3296
3297unlock:
3298 release_sock(sk);
3299 return ret;
3300}
3301
3302static void bpf_iter_udp_put_batch(struct bpf_udp_iter_state *iter)
3303{
3304 while (iter->cur_sk < iter->end_sk)
3305 sock_put(sk: iter->batch[iter->cur_sk++]);
3306}
3307
3308static void bpf_iter_udp_seq_stop(struct seq_file *seq, void *v)
3309{
3310 struct bpf_udp_iter_state *iter = seq->private;
3311 struct bpf_iter_meta meta;
3312 struct bpf_prog *prog;
3313
3314 if (!v) {
3315 meta.seq = seq;
3316 prog = bpf_iter_get_info(meta: &meta, in_stop: true);
3317 if (prog)
3318 (void)udp_prog_seq_show(prog, meta: &meta, udp_sk: v, uid: 0, bucket: 0);
3319 }
3320
3321 if (iter->cur_sk < iter->end_sk) {
3322 bpf_iter_udp_put_batch(iter);
3323 iter->st_bucket_done = false;
3324 }
3325}
3326
3327static const struct seq_operations bpf_iter_udp_seq_ops = {
3328 .start = bpf_iter_udp_seq_start,
3329 .next = bpf_iter_udp_seq_next,
3330 .stop = bpf_iter_udp_seq_stop,
3331 .show = bpf_iter_udp_seq_show,
3332};
3333#endif
3334
3335static unsigned short seq_file_family(const struct seq_file *seq)
3336{
3337 const struct udp_seq_afinfo *afinfo;
3338
3339#ifdef CONFIG_BPF_SYSCALL
3340 /* BPF iterator: bpf programs to filter sockets. */
3341 if (seq->op == &bpf_iter_udp_seq_ops)
3342 return AF_UNSPEC;
3343#endif
3344
3345 /* Proc fs iterator */
3346 afinfo = pde_data(inode: file_inode(f: seq->file));
3347 return afinfo->family;
3348}
3349
3350const struct seq_operations udp_seq_ops = {
3351 .start = udp_seq_start,
3352 .next = udp_seq_next,
3353 .stop = udp_seq_stop,
3354 .show = udp4_seq_show,
3355};
3356EXPORT_SYMBOL(udp_seq_ops);
3357
3358static struct udp_seq_afinfo udp4_seq_afinfo = {
3359 .family = AF_INET,
3360 .udp_table = NULL,
3361};
3362
3363static int __net_init udp4_proc_init_net(struct net *net)
3364{
3365 if (!proc_create_net_data(name: "udp", mode: 0444, parent: net->proc_net, ops: &udp_seq_ops,
3366 state_size: sizeof(struct udp_iter_state), data: &udp4_seq_afinfo))
3367 return -ENOMEM;
3368 return 0;
3369}
3370
3371static void __net_exit udp4_proc_exit_net(struct net *net)
3372{
3373 remove_proc_entry("udp", net->proc_net);
3374}
3375
3376static struct pernet_operations udp4_net_ops = {
3377 .init = udp4_proc_init_net,
3378 .exit = udp4_proc_exit_net,
3379};
3380
3381int __init udp4_proc_init(void)
3382{
3383 return register_pernet_subsys(&udp4_net_ops);
3384}
3385
3386void udp4_proc_exit(void)
3387{
3388 unregister_pernet_subsys(&udp4_net_ops);
3389}
3390#endif /* CONFIG_PROC_FS */
3391
3392static __initdata unsigned long uhash_entries;
3393static int __init set_uhash_entries(char *str)
3394{
3395 ssize_t ret;
3396
3397 if (!str)
3398 return 0;
3399
3400 ret = kstrtoul(s: str, base: 0, res: &uhash_entries);
3401 if (ret)
3402 return 0;
3403
3404 if (uhash_entries && uhash_entries < UDP_HTABLE_SIZE_MIN)
3405 uhash_entries = UDP_HTABLE_SIZE_MIN;
3406 return 1;
3407}
3408__setup("uhash_entries=", set_uhash_entries);
3409
3410void __init udp_table_init(struct udp_table *table, const char *name)
3411{
3412 unsigned int i;
3413
3414 table->hash = alloc_large_system_hash(tablename: name,
3415 bucketsize: 2 * sizeof(struct udp_hslot),
3416 numentries: uhash_entries,
3417 scale: 21, /* one slot per 2 MB */
3418 flags: 0,
3419 hash_shift: &table->log,
3420 hash_mask: &table->mask,
3421 UDP_HTABLE_SIZE_MIN,
3422 UDP_HTABLE_SIZE_MAX);
3423
3424 table->hash2 = table->hash + (table->mask + 1);
3425 for (i = 0; i <= table->mask; i++) {
3426 INIT_HLIST_HEAD(&table->hash[i].head);
3427 table->hash[i].count = 0;
3428 spin_lock_init(&table->hash[i].lock);
3429 }
3430 for (i = 0; i <= table->mask; i++) {
3431 INIT_HLIST_HEAD(&table->hash2[i].head);
3432 table->hash2[i].count = 0;
3433 spin_lock_init(&table->hash2[i].lock);
3434 }
3435}
3436
3437u32 udp_flow_hashrnd(void)
3438{
3439 static u32 hashrnd __read_mostly;
3440
3441 net_get_random_once(&hashrnd, sizeof(hashrnd));
3442
3443 return hashrnd;
3444}
3445EXPORT_SYMBOL(udp_flow_hashrnd);
3446
3447static void __net_init udp_sysctl_init(struct net *net)
3448{
3449 net->ipv4.sysctl_udp_rmem_min = PAGE_SIZE;
3450 net->ipv4.sysctl_udp_wmem_min = PAGE_SIZE;
3451
3452#ifdef CONFIG_NET_L3_MASTER_DEV
3453 net->ipv4.sysctl_udp_l3mdev_accept = 0;
3454#endif
3455}
3456
3457static struct udp_table __net_init *udp_pernet_table_alloc(unsigned int hash_entries)
3458{
3459 struct udp_table *udptable;
3460 int i;
3461
3462 udptable = kmalloc(size: sizeof(*udptable), GFP_KERNEL);
3463 if (!udptable)
3464 goto out;
3465
3466 udptable->hash = vmalloc_huge(size: hash_entries * 2 * sizeof(struct udp_hslot),
3467 GFP_KERNEL_ACCOUNT);
3468 if (!udptable->hash)
3469 goto free_table;
3470
3471 udptable->hash2 = udptable->hash + hash_entries;
3472 udptable->mask = hash_entries - 1;
3473 udptable->log = ilog2(hash_entries);
3474
3475 for (i = 0; i < hash_entries; i++) {
3476 INIT_HLIST_HEAD(&udptable->hash[i].head);
3477 udptable->hash[i].count = 0;
3478 spin_lock_init(&udptable->hash[i].lock);
3479
3480 INIT_HLIST_HEAD(&udptable->hash2[i].head);
3481 udptable->hash2[i].count = 0;
3482 spin_lock_init(&udptable->hash2[i].lock);
3483 }
3484
3485 return udptable;
3486
3487free_table:
3488 kfree(objp: udptable);
3489out:
3490 return NULL;
3491}
3492
3493static void __net_exit udp_pernet_table_free(struct net *net)
3494{
3495 struct udp_table *udptable = net->ipv4.udp_table;
3496
3497 if (udptable == &udp_table)
3498 return;
3499
3500 kvfree(addr: udptable->hash);
3501 kfree(objp: udptable);
3502}
3503
3504static void __net_init udp_set_table(struct net *net)
3505{
3506 struct udp_table *udptable;
3507 unsigned int hash_entries;
3508 struct net *old_net;
3509
3510 if (net_eq(net1: net, net2: &init_net))
3511 goto fallback;
3512
3513 old_net = current->nsproxy->net_ns;
3514 hash_entries = READ_ONCE(old_net->ipv4.sysctl_udp_child_hash_entries);
3515 if (!hash_entries)
3516 goto fallback;
3517
3518 /* Set min to keep the bitmap on stack in udp_lib_get_port() */
3519 if (hash_entries < UDP_HTABLE_SIZE_MIN_PERNET)
3520 hash_entries = UDP_HTABLE_SIZE_MIN_PERNET;
3521 else
3522 hash_entries = roundup_pow_of_two(hash_entries);
3523
3524 udptable = udp_pernet_table_alloc(hash_entries);
3525 if (udptable) {
3526 net->ipv4.udp_table = udptable;
3527 } else {
3528 pr_warn("Failed to allocate UDP hash table (entries: %u) "
3529 "for a netns, fallback to the global one\n",
3530 hash_entries);
3531fallback:
3532 net->ipv4.udp_table = &udp_table;
3533 }
3534}
3535
3536static int __net_init udp_pernet_init(struct net *net)
3537{
3538 udp_sysctl_init(net);
3539 udp_set_table(net);
3540
3541 return 0;
3542}
3543
3544static void __net_exit udp_pernet_exit(struct net *net)
3545{
3546 udp_pernet_table_free(net);
3547}
3548
3549static struct pernet_operations __net_initdata udp_sysctl_ops = {
3550 .init = udp_pernet_init,
3551 .exit = udp_pernet_exit,
3552};
3553
3554#if defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_PROC_FS)
3555DEFINE_BPF_ITER_FUNC(udp, struct bpf_iter_meta *meta,
3556 struct udp_sock *udp_sk, uid_t uid, int bucket)
3557
3558static int bpf_iter_udp_realloc_batch(struct bpf_udp_iter_state *iter,
3559 unsigned int new_batch_sz)
3560{
3561 struct sock **new_batch;
3562
3563 new_batch = kvmalloc_array(n: new_batch_sz, size: sizeof(*new_batch),
3564 GFP_USER | __GFP_NOWARN);
3565 if (!new_batch)
3566 return -ENOMEM;
3567
3568 bpf_iter_udp_put_batch(iter);
3569 kvfree(addr: iter->batch);
3570 iter->batch = new_batch;
3571 iter->max_sk = new_batch_sz;
3572
3573 return 0;
3574}
3575
3576#define INIT_BATCH_SZ 16
3577
3578static int bpf_iter_init_udp(void *priv_data, struct bpf_iter_aux_info *aux)
3579{
3580 struct bpf_udp_iter_state *iter = priv_data;
3581 int ret;
3582
3583 ret = bpf_iter_init_seq_net(priv_data, aux);
3584 if (ret)
3585 return ret;
3586
3587 ret = bpf_iter_udp_realloc_batch(iter, INIT_BATCH_SZ);
3588 if (ret)
3589 bpf_iter_fini_seq_net(priv_data);
3590
3591 return ret;
3592}
3593
3594static void bpf_iter_fini_udp(void *priv_data)
3595{
3596 struct bpf_udp_iter_state *iter = priv_data;
3597
3598 bpf_iter_fini_seq_net(priv_data);
3599 kvfree(addr: iter->batch);
3600}
3601
3602static const struct bpf_iter_seq_info udp_seq_info = {
3603 .seq_ops = &bpf_iter_udp_seq_ops,
3604 .init_seq_private = bpf_iter_init_udp,
3605 .fini_seq_private = bpf_iter_fini_udp,
3606 .seq_priv_size = sizeof(struct bpf_udp_iter_state),
3607};
3608
3609static struct bpf_iter_reg udp_reg_info = {
3610 .target = "udp",
3611 .ctx_arg_info_size = 1,
3612 .ctx_arg_info = {
3613 { offsetof(struct bpf_iter__udp, udp_sk),
3614 .reg_type: PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED },
3615 },
3616 .seq_info = &udp_seq_info,
3617};
3618
3619static void __init bpf_iter_register(void)
3620{
3621 udp_reg_info.ctx_arg_info[0].btf_id = btf_sock_ids[BTF_SOCK_TYPE_UDP];
3622 if (bpf_iter_reg_target(reg_info: &udp_reg_info))
3623 pr_warn("Warning: could not register bpf iterator udp\n");
3624}
3625#endif
3626
3627void __init udp_init(void)
3628{
3629 unsigned long limit;
3630 unsigned int i;
3631
3632 udp_table_init(table: &udp_table, name: "UDP");
3633 limit = nr_free_buffer_pages() / 8;
3634 limit = max(limit, 128UL);
3635 sysctl_udp_mem[0] = limit / 4 * 3;
3636 sysctl_udp_mem[1] = limit;
3637 sysctl_udp_mem[2] = sysctl_udp_mem[0] * 2;
3638
3639 /* 16 spinlocks per cpu */
3640 udp_busylocks_log = ilog2(nr_cpu_ids) + 4;
3641 udp_busylocks = kmalloc(size: sizeof(spinlock_t) << udp_busylocks_log,
3642 GFP_KERNEL);
3643 if (!udp_busylocks)
3644 panic(fmt: "UDP: failed to alloc udp_busylocks\n");
3645 for (i = 0; i < (1U << udp_busylocks_log); i++)
3646 spin_lock_init(udp_busylocks + i);
3647
3648 if (register_pernet_subsys(&udp_sysctl_ops))
3649 panic(fmt: "UDP: failed to init sysctl parameters.\n");
3650
3651#if defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_PROC_FS)
3652 bpf_iter_register();
3653#endif
3654}
3655

Provided by KDAB

Privacy Policy
Improve your Profiling and Debugging skills
Find out more

source code of linux/net/ipv4/udp.c