1 | /* |
2 | * INET An implementation of the TCP/IP protocol suite for the LINUX |
3 | * operating system. INET is implemented using the BSD Socket |
4 | * interface as the means of communication with the user level. |
5 | * |
6 | * The User Datagram Protocol (UDP). |
7 | * |
8 | * Authors: Ross Biro |
9 | * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> |
10 | * Arnt Gulbrandsen, <agulbra@nvg.unit.no> |
11 | * Alan Cox, <alan@lxorguk.ukuu.org.uk> |
12 | * Hirokazu Takahashi, <taka@valinux.co.jp> |
13 | * |
14 | * Fixes: |
15 | * Alan Cox : verify_area() calls |
16 | * Alan Cox : stopped close while in use off icmp |
17 | * messages. Not a fix but a botch that |
18 | * for udp at least is 'valid'. |
19 | * Alan Cox : Fixed icmp handling properly |
20 | * Alan Cox : Correct error for oversized datagrams |
21 | * Alan Cox : Tidied select() semantics. |
22 | * Alan Cox : udp_err() fixed properly, also now |
23 | * select and read wake correctly on errors |
24 | * Alan Cox : udp_send verify_area moved to avoid mem leak |
25 | * Alan Cox : UDP can count its memory |
26 | * Alan Cox : send to an unknown connection causes |
27 | * an ECONNREFUSED off the icmp, but |
28 | * does NOT close. |
29 | * Alan Cox : Switched to new sk_buff handlers. No more backlog! |
30 | * Alan Cox : Using generic datagram code. Even smaller and the PEEK |
31 | * bug no longer crashes it. |
32 | * Fred Van Kempen : Net2e support for sk->broadcast. |
33 | * Alan Cox : Uses skb_free_datagram |
34 | * Alan Cox : Added get/set sockopt support. |
35 | * Alan Cox : Broadcasting without option set returns EACCES. |
36 | * Alan Cox : No wakeup calls. Instead we now use the callbacks. |
37 | * Alan Cox : Use ip_tos and ip_ttl |
38 | * Alan Cox : SNMP Mibs |
39 | * Alan Cox : MSG_DONTROUTE, and 0.0.0.0 support. |
40 | * Matt Dillon : UDP length checks. |
41 | * Alan Cox : Smarter af_inet used properly. |
42 | * Alan Cox : Use new kernel side addressing. |
43 | * Alan Cox : Incorrect return on truncated datagram receive. |
44 | * Arnt Gulbrandsen : New udp_send and stuff |
45 | * Alan Cox : Cache last socket |
46 | * Alan Cox : Route cache |
47 | * Jon Peatfield : Minor efficiency fix to sendto(). |
48 | * Mike Shaver : RFC1122 checks. |
49 | * Alan Cox : Nonblocking error fix. |
50 | * Willy Konynenberg : Transparent proxying support. |
51 | * Mike McLagan : Routing by source |
52 | * David S. Miller : New socket lookup architecture. |
53 | * Last socket cache retained as it |
54 | * does have a high hit rate. |
55 | * Olaf Kirch : Don't linearise iovec on sendmsg. |
56 | * Andi Kleen : Some cleanups, cache destination entry |
57 | * for connect. |
58 | * Vitaly E. Lavrov : Transparent proxy revived after year coma. |
59 | * Melvin Smith : Check msg_name not msg_namelen in sendto(), |
60 | * return ENOTCONN for unconnected sockets (POSIX) |
61 | * Janos Farkas : don't deliver multi/broadcasts to a different |
62 | * bound-to-device socket |
63 | * Hirokazu Takahashi : HW checksumming for outgoing UDP |
64 | * datagrams. |
65 | * Hirokazu Takahashi : sendfile() on UDP works now. |
66 | * Arnaldo C. Melo : convert /proc/net/udp to seq_file |
67 | * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which |
68 | * Alexey Kuznetsov: allow both IPv4 and IPv6 sockets to bind |
69 | * a single port at the same time. |
70 | * Derek Atkins <derek@ihtfp.com>: Add Encapulation Support |
71 | * James Chapman : Add L2TP encapsulation type. |
72 | * |
73 | * |
74 | * This program is free software; you can redistribute it and/or |
75 | * modify it under the terms of the GNU General Public License |
76 | * as published by the Free Software Foundation; either version |
77 | * 2 of the License, or (at your option) any later version. |
78 | */ |
79 | |
80 | #define pr_fmt(fmt) "UDP: " fmt |
81 | |
82 | #include <linux/uaccess.h> |
83 | #include <asm/ioctls.h> |
84 | #include <linux/memblock.h> |
85 | #include <linux/highmem.h> |
86 | #include <linux/swap.h> |
87 | #include <linux/types.h> |
88 | #include <linux/fcntl.h> |
89 | #include <linux/module.h> |
90 | #include <linux/socket.h> |
91 | #include <linux/sockios.h> |
92 | #include <linux/igmp.h> |
93 | #include <linux/inetdevice.h> |
94 | #include <linux/in.h> |
95 | #include <linux/errno.h> |
96 | #include <linux/timer.h> |
97 | #include <linux/mm.h> |
98 | #include <linux/inet.h> |
99 | #include <linux/netdevice.h> |
100 | #include <linux/slab.h> |
101 | #include <net/tcp_states.h> |
102 | #include <linux/skbuff.h> |
103 | #include <linux/proc_fs.h> |
104 | #include <linux/seq_file.h> |
105 | #include <net/net_namespace.h> |
106 | #include <net/icmp.h> |
107 | #include <net/inet_hashtables.h> |
108 | #include <net/ip_tunnels.h> |
109 | #include <net/route.h> |
110 | #include <net/checksum.h> |
111 | #include <net/xfrm.h> |
112 | #include <trace/events/udp.h> |
113 | #include <linux/static_key.h> |
114 | #include <trace/events/skb.h> |
115 | #include <net/busy_poll.h> |
116 | #include "udp_impl.h" |
117 | #include <net/sock_reuseport.h> |
118 | #include <net/addrconf.h> |
119 | #include <net/udp_tunnel.h> |
120 | |
121 | struct udp_table udp_table __read_mostly; |
122 | EXPORT_SYMBOL(udp_table); |
123 | |
124 | long sysctl_udp_mem[3] __read_mostly; |
125 | EXPORT_SYMBOL(sysctl_udp_mem); |
126 | |
127 | atomic_long_t udp_memory_allocated; |
128 | EXPORT_SYMBOL(udp_memory_allocated); |
129 | |
130 | #define MAX_UDP_PORTS 65536 |
131 | #define PORTS_PER_CHAIN (MAX_UDP_PORTS / UDP_HTABLE_SIZE_MIN) |
132 | |
133 | /* IPCB reference means this can not be used from early demux */ |
134 | static bool udp_lib_exact_dif_match(struct net *net, struct sk_buff *skb) |
135 | { |
136 | #if IS_ENABLED(CONFIG_NET_L3_MASTER_DEV) |
137 | if (!net->ipv4.sysctl_udp_l3mdev_accept && |
138 | skb && ipv4_l3mdev_skb(IPCB(skb)->flags)) |
139 | return true; |
140 | #endif |
141 | return false; |
142 | } |
143 | |
144 | static int udp_lib_lport_inuse(struct net *net, __u16 num, |
145 | const struct udp_hslot *hslot, |
146 | unsigned long *bitmap, |
147 | struct sock *sk, unsigned int log) |
148 | { |
149 | struct sock *sk2; |
150 | kuid_t uid = sock_i_uid(sk); |
151 | |
152 | sk_for_each(sk2, &hslot->head) { |
153 | if (net_eq(sock_net(sk2), net) && |
154 | sk2 != sk && |
155 | (bitmap || udp_sk(sk2)->udp_port_hash == num) && |
156 | (!sk2->sk_reuse || !sk->sk_reuse) && |
157 | (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if || |
158 | sk2->sk_bound_dev_if == sk->sk_bound_dev_if) && |
159 | inet_rcv_saddr_equal(sk, sk2, true)) { |
160 | if (sk2->sk_reuseport && sk->sk_reuseport && |
161 | !rcu_access_pointer(sk->sk_reuseport_cb) && |
162 | uid_eq(uid, sock_i_uid(sk2))) { |
163 | if (!bitmap) |
164 | return 0; |
165 | } else { |
166 | if (!bitmap) |
167 | return 1; |
168 | __set_bit(udp_sk(sk2)->udp_port_hash >> log, |
169 | bitmap); |
170 | } |
171 | } |
172 | } |
173 | return 0; |
174 | } |
175 | |
176 | /* |
177 | * Note: we still hold spinlock of primary hash chain, so no other writer |
178 | * can insert/delete a socket with local_port == num |
179 | */ |
180 | static int udp_lib_lport_inuse2(struct net *net, __u16 num, |
181 | struct udp_hslot *hslot2, |
182 | struct sock *sk) |
183 | { |
184 | struct sock *sk2; |
185 | kuid_t uid = sock_i_uid(sk); |
186 | int res = 0; |
187 | |
188 | spin_lock(&hslot2->lock); |
189 | udp_portaddr_for_each_entry(sk2, &hslot2->head) { |
190 | if (net_eq(sock_net(sk2), net) && |
191 | sk2 != sk && |
192 | (udp_sk(sk2)->udp_port_hash == num) && |
193 | (!sk2->sk_reuse || !sk->sk_reuse) && |
194 | (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if || |
195 | sk2->sk_bound_dev_if == sk->sk_bound_dev_if) && |
196 | inet_rcv_saddr_equal(sk, sk2, true)) { |
197 | if (sk2->sk_reuseport && sk->sk_reuseport && |
198 | !rcu_access_pointer(sk->sk_reuseport_cb) && |
199 | uid_eq(uid, sock_i_uid(sk2))) { |
200 | res = 0; |
201 | } else { |
202 | res = 1; |
203 | } |
204 | break; |
205 | } |
206 | } |
207 | spin_unlock(&hslot2->lock); |
208 | return res; |
209 | } |
210 | |
211 | static int udp_reuseport_add_sock(struct sock *sk, struct udp_hslot *hslot) |
212 | { |
213 | struct net *net = sock_net(sk); |
214 | kuid_t uid = sock_i_uid(sk); |
215 | struct sock *sk2; |
216 | |
217 | sk_for_each(sk2, &hslot->head) { |
218 | if (net_eq(sock_net(sk2), net) && |
219 | sk2 != sk && |
220 | sk2->sk_family == sk->sk_family && |
221 | ipv6_only_sock(sk2) == ipv6_only_sock(sk) && |
222 | (udp_sk(sk2)->udp_port_hash == udp_sk(sk)->udp_port_hash) && |
223 | (sk2->sk_bound_dev_if == sk->sk_bound_dev_if) && |
224 | sk2->sk_reuseport && uid_eq(uid, sock_i_uid(sk2)) && |
225 | inet_rcv_saddr_equal(sk, sk2, false)) { |
226 | return reuseport_add_sock(sk, sk2, |
227 | inet_rcv_saddr_any(sk)); |
228 | } |
229 | } |
230 | |
231 | return reuseport_alloc(sk, inet_rcv_saddr_any(sk)); |
232 | } |
233 | |
234 | /** |
235 | * udp_lib_get_port - UDP/-Lite port lookup for IPv4 and IPv6 |
236 | * |
237 | * @sk: socket struct in question |
238 | * @snum: port number to look up |
239 | * @hash2_nulladdr: AF-dependent hash value in secondary hash chains, |
240 | * with NULL address |
241 | */ |
242 | int udp_lib_get_port(struct sock *sk, unsigned short snum, |
243 | unsigned int hash2_nulladdr) |
244 | { |
245 | struct udp_hslot *hslot, *hslot2; |
246 | struct udp_table *udptable = sk->sk_prot->h.udp_table; |
247 | int error = 1; |
248 | struct net *net = sock_net(sk); |
249 | |
250 | if (!snum) { |
251 | int low, high, remaining; |
252 | unsigned int rand; |
253 | unsigned short first, last; |
254 | DECLARE_BITMAP(bitmap, PORTS_PER_CHAIN); |
255 | |
256 | inet_get_local_port_range(net, &low, &high); |
257 | remaining = (high - low) + 1; |
258 | |
259 | rand = prandom_u32(); |
260 | first = reciprocal_scale(rand, remaining) + low; |
261 | /* |
262 | * force rand to be an odd multiple of UDP_HTABLE_SIZE |
263 | */ |
264 | rand = (rand | 1) * (udptable->mask + 1); |
265 | last = first + udptable->mask + 1; |
266 | do { |
267 | hslot = udp_hashslot(udptable, net, first); |
268 | bitmap_zero(bitmap, PORTS_PER_CHAIN); |
269 | spin_lock_bh(&hslot->lock); |
270 | udp_lib_lport_inuse(net, snum, hslot, bitmap, sk, |
271 | udptable->log); |
272 | |
273 | snum = first; |
274 | /* |
275 | * Iterate on all possible values of snum for this hash. |
276 | * Using steps of an odd multiple of UDP_HTABLE_SIZE |
277 | * give us randomization and full range coverage. |
278 | */ |
279 | do { |
280 | if (low <= snum && snum <= high && |
281 | !test_bit(snum >> udptable->log, bitmap) && |
282 | !inet_is_local_reserved_port(net, snum)) |
283 | goto found; |
284 | snum += rand; |
285 | } while (snum != first); |
286 | spin_unlock_bh(&hslot->lock); |
287 | cond_resched(); |
288 | } while (++first != last); |
289 | goto fail; |
290 | } else { |
291 | hslot = udp_hashslot(udptable, net, snum); |
292 | spin_lock_bh(&hslot->lock); |
293 | if (hslot->count > 10) { |
294 | int exist; |
295 | unsigned int slot2 = udp_sk(sk)->udp_portaddr_hash ^ snum; |
296 | |
297 | slot2 &= udptable->mask; |
298 | hash2_nulladdr &= udptable->mask; |
299 | |
300 | hslot2 = udp_hashslot2(udptable, slot2); |
301 | if (hslot->count < hslot2->count) |
302 | goto scan_primary_hash; |
303 | |
304 | exist = udp_lib_lport_inuse2(net, snum, hslot2, sk); |
305 | if (!exist && (hash2_nulladdr != slot2)) { |
306 | hslot2 = udp_hashslot2(udptable, hash2_nulladdr); |
307 | exist = udp_lib_lport_inuse2(net, snum, hslot2, |
308 | sk); |
309 | } |
310 | if (exist) |
311 | goto fail_unlock; |
312 | else |
313 | goto found; |
314 | } |
315 | scan_primary_hash: |
316 | if (udp_lib_lport_inuse(net, snum, hslot, NULL, sk, 0)) |
317 | goto fail_unlock; |
318 | } |
319 | found: |
320 | inet_sk(sk)->inet_num = snum; |
321 | udp_sk(sk)->udp_port_hash = snum; |
322 | udp_sk(sk)->udp_portaddr_hash ^= snum; |
323 | if (sk_unhashed(sk)) { |
324 | if (sk->sk_reuseport && |
325 | udp_reuseport_add_sock(sk, hslot)) { |
326 | inet_sk(sk)->inet_num = 0; |
327 | udp_sk(sk)->udp_port_hash = 0; |
328 | udp_sk(sk)->udp_portaddr_hash ^= snum; |
329 | goto fail_unlock; |
330 | } |
331 | |
332 | sk_add_node_rcu(sk, &hslot->head); |
333 | hslot->count++; |
334 | sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); |
335 | |
336 | hslot2 = udp_hashslot2(udptable, udp_sk(sk)->udp_portaddr_hash); |
337 | spin_lock(&hslot2->lock); |
338 | if (IS_ENABLED(CONFIG_IPV6) && sk->sk_reuseport && |
339 | sk->sk_family == AF_INET6) |
340 | hlist_add_tail_rcu(&udp_sk(sk)->udp_portaddr_node, |
341 | &hslot2->head); |
342 | else |
343 | hlist_add_head_rcu(&udp_sk(sk)->udp_portaddr_node, |
344 | &hslot2->head); |
345 | hslot2->count++; |
346 | spin_unlock(&hslot2->lock); |
347 | } |
348 | sock_set_flag(sk, SOCK_RCU_FREE); |
349 | error = 0; |
350 | fail_unlock: |
351 | spin_unlock_bh(&hslot->lock); |
352 | fail: |
353 | return error; |
354 | } |
355 | EXPORT_SYMBOL(udp_lib_get_port); |
356 | |
357 | int udp_v4_get_port(struct sock *sk, unsigned short snum) |
358 | { |
359 | unsigned int hash2_nulladdr = |
360 | ipv4_portaddr_hash(sock_net(sk), htonl(INADDR_ANY), snum); |
361 | unsigned int hash2_partial = |
362 | ipv4_portaddr_hash(sock_net(sk), inet_sk(sk)->inet_rcv_saddr, 0); |
363 | |
364 | /* precompute partial secondary hash */ |
365 | udp_sk(sk)->udp_portaddr_hash = hash2_partial; |
366 | return udp_lib_get_port(sk, snum, hash2_nulladdr); |
367 | } |
368 | |
369 | static int compute_score(struct sock *sk, struct net *net, |
370 | __be32 saddr, __be16 sport, |
371 | __be32 daddr, unsigned short hnum, |
372 | int dif, int sdif, bool exact_dif) |
373 | { |
374 | int score; |
375 | struct inet_sock *inet; |
376 | bool dev_match; |
377 | |
378 | if (!net_eq(sock_net(sk), net) || |
379 | udp_sk(sk)->udp_port_hash != hnum || |
380 | ipv6_only_sock(sk)) |
381 | return -1; |
382 | |
383 | if (sk->sk_rcv_saddr != daddr) |
384 | return -1; |
385 | |
386 | score = (sk->sk_family == PF_INET) ? 2 : 1; |
387 | |
388 | inet = inet_sk(sk); |
389 | if (inet->inet_daddr) { |
390 | if (inet->inet_daddr != saddr) |
391 | return -1; |
392 | score += 4; |
393 | } |
394 | |
395 | if (inet->inet_dport) { |
396 | if (inet->inet_dport != sport) |
397 | return -1; |
398 | score += 4; |
399 | } |
400 | |
401 | dev_match = udp_sk_bound_dev_eq(net, sk->sk_bound_dev_if, |
402 | dif, sdif); |
403 | if (!dev_match) |
404 | return -1; |
405 | score += 4; |
406 | |
407 | if (sk->sk_incoming_cpu == raw_smp_processor_id()) |
408 | score++; |
409 | return score; |
410 | } |
411 | |
412 | static u32 udp_ehashfn(const struct net *net, const __be32 laddr, |
413 | const __u16 lport, const __be32 faddr, |
414 | const __be16 fport) |
415 | { |
416 | static u32 udp_ehash_secret __read_mostly; |
417 | |
418 | net_get_random_once(&udp_ehash_secret, sizeof(udp_ehash_secret)); |
419 | |
420 | return __inet_ehashfn(laddr, lport, faddr, fport, |
421 | udp_ehash_secret + net_hash_mix(net)); |
422 | } |
423 | |
424 | /* called with rcu_read_lock() */ |
425 | static struct sock *udp4_lib_lookup2(struct net *net, |
426 | __be32 saddr, __be16 sport, |
427 | __be32 daddr, unsigned int hnum, |
428 | int dif, int sdif, bool exact_dif, |
429 | struct udp_hslot *hslot2, |
430 | struct sk_buff *skb) |
431 | { |
432 | struct sock *sk, *result; |
433 | int score, badness; |
434 | u32 hash = 0; |
435 | |
436 | result = NULL; |
437 | badness = 0; |
438 | udp_portaddr_for_each_entry_rcu(sk, &hslot2->head) { |
439 | score = compute_score(sk, net, saddr, sport, |
440 | daddr, hnum, dif, sdif, exact_dif); |
441 | if (score > badness) { |
442 | if (sk->sk_reuseport) { |
443 | hash = udp_ehashfn(net, daddr, hnum, |
444 | saddr, sport); |
445 | result = reuseport_select_sock(sk, hash, skb, |
446 | sizeof(struct udphdr)); |
447 | if (result) |
448 | return result; |
449 | } |
450 | badness = score; |
451 | result = sk; |
452 | } |
453 | } |
454 | return result; |
455 | } |
456 | |
457 | /* UDP is nearly always wildcards out the wazoo, it makes no sense to try |
458 | * harder than this. -DaveM |
459 | */ |
460 | struct sock *__udp4_lib_lookup(struct net *net, __be32 saddr, |
461 | __be16 sport, __be32 daddr, __be16 dport, int dif, |
462 | int sdif, struct udp_table *udptable, struct sk_buff *skb) |
463 | { |
464 | struct sock *result; |
465 | unsigned short hnum = ntohs(dport); |
466 | unsigned int hash2, slot2; |
467 | struct udp_hslot *hslot2; |
468 | bool exact_dif = udp_lib_exact_dif_match(net, skb); |
469 | |
470 | hash2 = ipv4_portaddr_hash(net, daddr, hnum); |
471 | slot2 = hash2 & udptable->mask; |
472 | hslot2 = &udptable->hash2[slot2]; |
473 | |
474 | result = udp4_lib_lookup2(net, saddr, sport, |
475 | daddr, hnum, dif, sdif, |
476 | exact_dif, hslot2, skb); |
477 | if (!result) { |
478 | hash2 = ipv4_portaddr_hash(net, htonl(INADDR_ANY), hnum); |
479 | slot2 = hash2 & udptable->mask; |
480 | hslot2 = &udptable->hash2[slot2]; |
481 | |
482 | result = udp4_lib_lookup2(net, saddr, sport, |
483 | htonl(INADDR_ANY), hnum, dif, sdif, |
484 | exact_dif, hslot2, skb); |
485 | } |
486 | if (unlikely(IS_ERR(result))) |
487 | return NULL; |
488 | return result; |
489 | } |
490 | EXPORT_SYMBOL_GPL(__udp4_lib_lookup); |
491 | |
492 | static inline struct sock *__udp4_lib_lookup_skb(struct sk_buff *skb, |
493 | __be16 sport, __be16 dport, |
494 | struct udp_table *udptable) |
495 | { |
496 | const struct iphdr *iph = ip_hdr(skb); |
497 | |
498 | return __udp4_lib_lookup(dev_net(skb->dev), iph->saddr, sport, |
499 | iph->daddr, dport, inet_iif(skb), |
500 | inet_sdif(skb), udptable, skb); |
501 | } |
502 | |
503 | struct sock *udp4_lib_lookup_skb(struct sk_buff *skb, |
504 | __be16 sport, __be16 dport) |
505 | { |
506 | return __udp4_lib_lookup_skb(skb, sport, dport, &udp_table); |
507 | } |
508 | EXPORT_SYMBOL_GPL(udp4_lib_lookup_skb); |
509 | |
510 | /* Must be called under rcu_read_lock(). |
511 | * Does increment socket refcount. |
512 | */ |
513 | #if IS_ENABLED(CONFIG_NF_TPROXY_IPV4) || IS_ENABLED(CONFIG_NF_SOCKET_IPV4) |
514 | struct sock *udp4_lib_lookup(struct net *net, __be32 saddr, __be16 sport, |
515 | __be32 daddr, __be16 dport, int dif) |
516 | { |
517 | struct sock *sk; |
518 | |
519 | sk = __udp4_lib_lookup(net, saddr, sport, daddr, dport, |
520 | dif, 0, &udp_table, NULL); |
521 | if (sk && !refcount_inc_not_zero(&sk->sk_refcnt)) |
522 | sk = NULL; |
523 | return sk; |
524 | } |
525 | EXPORT_SYMBOL_GPL(udp4_lib_lookup); |
526 | #endif |
527 | |
528 | static inline bool __udp_is_mcast_sock(struct net *net, struct sock *sk, |
529 | __be16 loc_port, __be32 loc_addr, |
530 | __be16 rmt_port, __be32 rmt_addr, |
531 | int dif, int sdif, unsigned short hnum) |
532 | { |
533 | struct inet_sock *inet = inet_sk(sk); |
534 | |
535 | if (!net_eq(sock_net(sk), net) || |
536 | udp_sk(sk)->udp_port_hash != hnum || |
537 | (inet->inet_daddr && inet->inet_daddr != rmt_addr) || |
538 | (inet->inet_dport != rmt_port && inet->inet_dport) || |
539 | (inet->inet_rcv_saddr && inet->inet_rcv_saddr != loc_addr) || |
540 | ipv6_only_sock(sk) || |
541 | (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif && |
542 | sk->sk_bound_dev_if != sdif)) |
543 | return false; |
544 | if (!ip_mc_sf_allow(sk, loc_addr, rmt_addr, dif, sdif)) |
545 | return false; |
546 | return true; |
547 | } |
548 | |
549 | DEFINE_STATIC_KEY_FALSE(udp_encap_needed_key); |
550 | void udp_encap_enable(void) |
551 | { |
552 | static_branch_inc(&udp_encap_needed_key); |
553 | } |
554 | EXPORT_SYMBOL(udp_encap_enable); |
555 | |
556 | /* Handler for tunnels with arbitrary destination ports: no socket lookup, go |
557 | * through error handlers in encapsulations looking for a match. |
558 | */ |
559 | static int __udp4_lib_err_encap_no_sk(struct sk_buff *skb, u32 info) |
560 | { |
561 | int i; |
562 | |
563 | for (i = 0; i < MAX_IPTUN_ENCAP_OPS; i++) { |
564 | int (*handler)(struct sk_buff *skb, u32 info); |
565 | const struct ip_tunnel_encap_ops *encap; |
566 | |
567 | encap = rcu_dereference(iptun_encaps[i]); |
568 | if (!encap) |
569 | continue; |
570 | handler = encap->err_handler; |
571 | if (handler && !handler(skb, info)) |
572 | return 0; |
573 | } |
574 | |
575 | return -ENOENT; |
576 | } |
577 | |
578 | /* Try to match ICMP errors to UDP tunnels by looking up a socket without |
579 | * reversing source and destination port: this will match tunnels that force the |
580 | * same destination port on both endpoints (e.g. VXLAN, GENEVE). Note that |
581 | * lwtunnels might actually break this assumption by being configured with |
582 | * different destination ports on endpoints, in this case we won't be able to |
583 | * trace ICMP messages back to them. |
584 | * |
585 | * If this doesn't match any socket, probe tunnels with arbitrary destination |
586 | * ports (e.g. FoU, GUE): there, the receiving socket is useless, as the port |
587 | * we've sent packets to won't necessarily match the local destination port. |
588 | * |
589 | * Then ask the tunnel implementation to match the error against a valid |
590 | * association. |
591 | * |
592 | * Return an error if we can't find a match, the socket if we need further |
593 | * processing, zero otherwise. |
594 | */ |
595 | static struct sock *__udp4_lib_err_encap(struct net *net, |
596 | const struct iphdr *iph, |
597 | struct udphdr *uh, |
598 | struct udp_table *udptable, |
599 | struct sk_buff *skb, u32 info) |
600 | { |
601 | int network_offset, transport_offset; |
602 | struct sock *sk; |
603 | |
604 | network_offset = skb_network_offset(skb); |
605 | transport_offset = skb_transport_offset(skb); |
606 | |
607 | /* Network header needs to point to the outer IPv4 header inside ICMP */ |
608 | skb_reset_network_header(skb); |
609 | |
610 | /* Transport header needs to point to the UDP header */ |
611 | skb_set_transport_header(skb, iph->ihl << 2); |
612 | |
613 | sk = __udp4_lib_lookup(net, iph->daddr, uh->source, |
614 | iph->saddr, uh->dest, skb->dev->ifindex, 0, |
615 | udptable, NULL); |
616 | if (sk) { |
617 | int (*lookup)(struct sock *sk, struct sk_buff *skb); |
618 | struct udp_sock *up = udp_sk(sk); |
619 | |
620 | lookup = READ_ONCE(up->encap_err_lookup); |
621 | if (!lookup || lookup(sk, skb)) |
622 | sk = NULL; |
623 | } |
624 | |
625 | if (!sk) |
626 | sk = ERR_PTR(__udp4_lib_err_encap_no_sk(skb, info)); |
627 | |
628 | skb_set_transport_header(skb, transport_offset); |
629 | skb_set_network_header(skb, network_offset); |
630 | |
631 | return sk; |
632 | } |
633 | |
634 | /* |
635 | * This routine is called by the ICMP module when it gets some |
636 | * sort of error condition. If err < 0 then the socket should |
637 | * be closed and the error returned to the user. If err > 0 |
638 | * it's just the icmp type << 8 | icmp code. |
639 | * Header points to the ip header of the error packet. We move |
640 | * on past this. Then (as it used to claim before adjustment) |
641 | * header points to the first 8 bytes of the udp header. We need |
642 | * to find the appropriate port. |
643 | */ |
644 | |
645 | int __udp4_lib_err(struct sk_buff *skb, u32 info, struct udp_table *udptable) |
646 | { |
647 | struct inet_sock *inet; |
648 | const struct iphdr *iph = (const struct iphdr *)skb->data; |
649 | struct udphdr *uh = (struct udphdr *)(skb->data+(iph->ihl<<2)); |
650 | const int type = icmp_hdr(skb)->type; |
651 | const int code = icmp_hdr(skb)->code; |
652 | bool tunnel = false; |
653 | struct sock *sk; |
654 | int harderr; |
655 | int err; |
656 | struct net *net = dev_net(skb->dev); |
657 | |
658 | sk = __udp4_lib_lookup(net, iph->daddr, uh->dest, |
659 | iph->saddr, uh->source, skb->dev->ifindex, |
660 | inet_sdif(skb), udptable, NULL); |
661 | if (!sk) { |
662 | /* No socket for error: try tunnels before discarding */ |
663 | sk = ERR_PTR(-ENOENT); |
664 | if (static_branch_unlikely(&udp_encap_needed_key)) { |
665 | sk = __udp4_lib_err_encap(net, iph, uh, udptable, skb, |
666 | info); |
667 | if (!sk) |
668 | return 0; |
669 | } |
670 | |
671 | if (IS_ERR(sk)) { |
672 | __ICMP_INC_STATS(net, ICMP_MIB_INERRORS); |
673 | return PTR_ERR(sk); |
674 | } |
675 | |
676 | tunnel = true; |
677 | } |
678 | |
679 | err = 0; |
680 | harderr = 0; |
681 | inet = inet_sk(sk); |
682 | |
683 | switch (type) { |
684 | default: |
685 | case ICMP_TIME_EXCEEDED: |
686 | err = EHOSTUNREACH; |
687 | break; |
688 | case ICMP_SOURCE_QUENCH: |
689 | goto out; |
690 | case ICMP_PARAMETERPROB: |
691 | err = EPROTO; |
692 | harderr = 1; |
693 | break; |
694 | case ICMP_DEST_UNREACH: |
695 | if (code == ICMP_FRAG_NEEDED) { /* Path MTU discovery */ |
696 | ipv4_sk_update_pmtu(skb, sk, info); |
697 | if (inet->pmtudisc != IP_PMTUDISC_DONT) { |
698 | err = EMSGSIZE; |
699 | harderr = 1; |
700 | break; |
701 | } |
702 | goto out; |
703 | } |
704 | err = EHOSTUNREACH; |
705 | if (code <= NR_ICMP_UNREACH) { |
706 | harderr = icmp_err_convert[code].fatal; |
707 | err = icmp_err_convert[code].errno; |
708 | } |
709 | break; |
710 | case ICMP_REDIRECT: |
711 | ipv4_sk_redirect(skb, sk); |
712 | goto out; |
713 | } |
714 | |
715 | /* |
716 | * RFC1122: OK. Passes ICMP errors back to application, as per |
717 | * 4.1.3.3. |
718 | */ |
719 | if (tunnel) { |
720 | /* ...not for tunnels though: we don't have a sending socket */ |
721 | goto out; |
722 | } |
723 | if (!inet->recverr) { |
724 | if (!harderr || sk->sk_state != TCP_ESTABLISHED) |
725 | goto out; |
726 | } else |
727 | ip_icmp_error(sk, skb, err, uh->dest, info, (u8 *)(uh+1)); |
728 | |
729 | sk->sk_err = err; |
730 | sk->sk_error_report(sk); |
731 | out: |
732 | return 0; |
733 | } |
734 | |
735 | int udp_err(struct sk_buff *skb, u32 info) |
736 | { |
737 | return __udp4_lib_err(skb, info, &udp_table); |
738 | } |
739 | |
740 | /* |
741 | * Throw away all pending data and cancel the corking. Socket is locked. |
742 | */ |
743 | void udp_flush_pending_frames(struct sock *sk) |
744 | { |
745 | struct udp_sock *up = udp_sk(sk); |
746 | |
747 | if (up->pending) { |
748 | up->len = 0; |
749 | up->pending = 0; |
750 | ip_flush_pending_frames(sk); |
751 | } |
752 | } |
753 | EXPORT_SYMBOL(udp_flush_pending_frames); |
754 | |
755 | /** |
756 | * udp4_hwcsum - handle outgoing HW checksumming |
757 | * @skb: sk_buff containing the filled-in UDP header |
758 | * (checksum field must be zeroed out) |
759 | * @src: source IP address |
760 | * @dst: destination IP address |
761 | */ |
762 | void udp4_hwcsum(struct sk_buff *skb, __be32 src, __be32 dst) |
763 | { |
764 | struct udphdr *uh = udp_hdr(skb); |
765 | int offset = skb_transport_offset(skb); |
766 | int len = skb->len - offset; |
767 | int hlen = len; |
768 | __wsum csum = 0; |
769 | |
770 | if (!skb_has_frag_list(skb)) { |
771 | /* |
772 | * Only one fragment on the socket. |
773 | */ |
774 | skb->csum_start = skb_transport_header(skb) - skb->head; |
775 | skb->csum_offset = offsetof(struct udphdr, check); |
776 | uh->check = ~csum_tcpudp_magic(src, dst, len, |
777 | IPPROTO_UDP, 0); |
778 | } else { |
779 | struct sk_buff *frags; |
780 | |
781 | /* |
782 | * HW-checksum won't work as there are two or more |
783 | * fragments on the socket so that all csums of sk_buffs |
784 | * should be together |
785 | */ |
786 | skb_walk_frags(skb, frags) { |
787 | csum = csum_add(csum, frags->csum); |
788 | hlen -= frags->len; |
789 | } |
790 | |
791 | csum = skb_checksum(skb, offset, hlen, csum); |
792 | skb->ip_summed = CHECKSUM_NONE; |
793 | |
794 | uh->check = csum_tcpudp_magic(src, dst, len, IPPROTO_UDP, csum); |
795 | if (uh->check == 0) |
796 | uh->check = CSUM_MANGLED_0; |
797 | } |
798 | } |
799 | EXPORT_SYMBOL_GPL(udp4_hwcsum); |
800 | |
801 | /* Function to set UDP checksum for an IPv4 UDP packet. This is intended |
802 | * for the simple case like when setting the checksum for a UDP tunnel. |
803 | */ |
804 | void udp_set_csum(bool nocheck, struct sk_buff *skb, |
805 | __be32 saddr, __be32 daddr, int len) |
806 | { |
807 | struct udphdr *uh = udp_hdr(skb); |
808 | |
809 | if (nocheck) { |
810 | uh->check = 0; |
811 | } else if (skb_is_gso(skb)) { |
812 | uh->check = ~udp_v4_check(len, saddr, daddr, 0); |
813 | } else if (skb->ip_summed == CHECKSUM_PARTIAL) { |
814 | uh->check = 0; |
815 | uh->check = udp_v4_check(len, saddr, daddr, lco_csum(skb)); |
816 | if (uh->check == 0) |
817 | uh->check = CSUM_MANGLED_0; |
818 | } else { |
819 | skb->ip_summed = CHECKSUM_PARTIAL; |
820 | skb->csum_start = skb_transport_header(skb) - skb->head; |
821 | skb->csum_offset = offsetof(struct udphdr, check); |
822 | uh->check = ~udp_v4_check(len, saddr, daddr, 0); |
823 | } |
824 | } |
825 | EXPORT_SYMBOL(udp_set_csum); |
826 | |
827 | static int udp_send_skb(struct sk_buff *skb, struct flowi4 *fl4, |
828 | struct inet_cork *cork) |
829 | { |
830 | struct sock *sk = skb->sk; |
831 | struct inet_sock *inet = inet_sk(sk); |
832 | struct udphdr *uh; |
833 | int err = 0; |
834 | int is_udplite = IS_UDPLITE(sk); |
835 | int offset = skb_transport_offset(skb); |
836 | int len = skb->len - offset; |
837 | __wsum csum = 0; |
838 | |
839 | /* |
840 | * Create a UDP header |
841 | */ |
842 | uh = udp_hdr(skb); |
843 | uh->source = inet->inet_sport; |
844 | uh->dest = fl4->fl4_dport; |
845 | uh->len = htons(len); |
846 | uh->check = 0; |
847 | |
848 | if (cork->gso_size) { |
849 | const int hlen = skb_network_header_len(skb) + |
850 | sizeof(struct udphdr); |
851 | |
852 | if (hlen + cork->gso_size > cork->fragsize) { |
853 | kfree_skb(skb); |
854 | return -EINVAL; |
855 | } |
856 | if (skb->len > cork->gso_size * UDP_MAX_SEGMENTS) { |
857 | kfree_skb(skb); |
858 | return -EINVAL; |
859 | } |
860 | if (sk->sk_no_check_tx) { |
861 | kfree_skb(skb); |
862 | return -EINVAL; |
863 | } |
864 | if (skb->ip_summed != CHECKSUM_PARTIAL || is_udplite || |
865 | dst_xfrm(skb_dst(skb))) { |
866 | kfree_skb(skb); |
867 | return -EIO; |
868 | } |
869 | |
870 | skb_shinfo(skb)->gso_size = cork->gso_size; |
871 | skb_shinfo(skb)->gso_type = SKB_GSO_UDP_L4; |
872 | skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(len - sizeof(uh), |
873 | cork->gso_size); |
874 | goto csum_partial; |
875 | } |
876 | |
877 | if (is_udplite) /* UDP-Lite */ |
878 | csum = udplite_csum(skb); |
879 | |
880 | else if (sk->sk_no_check_tx) { /* UDP csum off */ |
881 | |
882 | skb->ip_summed = CHECKSUM_NONE; |
883 | goto send; |
884 | |
885 | } else if (skb->ip_summed == CHECKSUM_PARTIAL) { /* UDP hardware csum */ |
886 | csum_partial: |
887 | |
888 | udp4_hwcsum(skb, fl4->saddr, fl4->daddr); |
889 | goto send; |
890 | |
891 | } else |
892 | csum = udp_csum(skb); |
893 | |
894 | /* add protocol-dependent pseudo-header */ |
895 | uh->check = csum_tcpudp_magic(fl4->saddr, fl4->daddr, len, |
896 | sk->sk_protocol, csum); |
897 | if (uh->check == 0) |
898 | uh->check = CSUM_MANGLED_0; |
899 | |
900 | send: |
901 | err = ip_send_skb(sock_net(sk), skb); |
902 | if (err) { |
903 | if (err == -ENOBUFS && !inet->recverr) { |
904 | UDP_INC_STATS(sock_net(sk), |
905 | UDP_MIB_SNDBUFERRORS, is_udplite); |
906 | err = 0; |
907 | } |
908 | } else |
909 | UDP_INC_STATS(sock_net(sk), |
910 | UDP_MIB_OUTDATAGRAMS, is_udplite); |
911 | return err; |
912 | } |
913 | |
914 | /* |
915 | * Push out all pending data as one UDP datagram. Socket is locked. |
916 | */ |
917 | int udp_push_pending_frames(struct sock *sk) |
918 | { |
919 | struct udp_sock *up = udp_sk(sk); |
920 | struct inet_sock *inet = inet_sk(sk); |
921 | struct flowi4 *fl4 = &inet->cork.fl.u.ip4; |
922 | struct sk_buff *skb; |
923 | int err = 0; |
924 | |
925 | skb = ip_finish_skb(sk, fl4); |
926 | if (!skb) |
927 | goto out; |
928 | |
929 | err = udp_send_skb(skb, fl4, &inet->cork.base); |
930 | |
931 | out: |
932 | up->len = 0; |
933 | up->pending = 0; |
934 | return err; |
935 | } |
936 | EXPORT_SYMBOL(udp_push_pending_frames); |
937 | |
938 | static int __udp_cmsg_send(struct cmsghdr *cmsg, u16 *gso_size) |
939 | { |
940 | switch (cmsg->cmsg_type) { |
941 | case UDP_SEGMENT: |
942 | if (cmsg->cmsg_len != CMSG_LEN(sizeof(__u16))) |
943 | return -EINVAL; |
944 | *gso_size = *(__u16 *)CMSG_DATA(cmsg); |
945 | return 0; |
946 | default: |
947 | return -EINVAL; |
948 | } |
949 | } |
950 | |
951 | int udp_cmsg_send(struct sock *sk, struct msghdr *msg, u16 *gso_size) |
952 | { |
953 | struct cmsghdr *cmsg; |
954 | bool need_ip = false; |
955 | int err; |
956 | |
957 | for_each_cmsghdr(cmsg, msg) { |
958 | if (!CMSG_OK(msg, cmsg)) |
959 | return -EINVAL; |
960 | |
961 | if (cmsg->cmsg_level != SOL_UDP) { |
962 | need_ip = true; |
963 | continue; |
964 | } |
965 | |
966 | err = __udp_cmsg_send(cmsg, gso_size); |
967 | if (err) |
968 | return err; |
969 | } |
970 | |
971 | return need_ip; |
972 | } |
973 | EXPORT_SYMBOL_GPL(udp_cmsg_send); |
974 | |
975 | int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) |
976 | { |
977 | struct inet_sock *inet = inet_sk(sk); |
978 | struct udp_sock *up = udp_sk(sk); |
979 | DECLARE_SOCKADDR(struct sockaddr_in *, usin, msg->msg_name); |
980 | struct flowi4 fl4_stack; |
981 | struct flowi4 *fl4; |
982 | int ulen = len; |
983 | struct ipcm_cookie ipc; |
984 | struct rtable *rt = NULL; |
985 | int free = 0; |
986 | int connected = 0; |
987 | __be32 daddr, faddr, saddr; |
988 | __be16 dport; |
989 | u8 tos; |
990 | int err, is_udplite = IS_UDPLITE(sk); |
991 | int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; |
992 | int (*getfrag)(void *, char *, int, int, int, struct sk_buff *); |
993 | struct sk_buff *skb; |
994 | struct ip_options_data opt_copy; |
995 | |
996 | if (len > 0xFFFF) |
997 | return -EMSGSIZE; |
998 | |
999 | /* |
1000 | * Check the flags. |
1001 | */ |
1002 | |
1003 | if (msg->msg_flags & MSG_OOB) /* Mirror BSD error message compatibility */ |
1004 | return -EOPNOTSUPP; |
1005 | |
1006 | getfrag = is_udplite ? udplite_getfrag : ip_generic_getfrag; |
1007 | |
1008 | fl4 = &inet->cork.fl.u.ip4; |
1009 | if (up->pending) { |
1010 | /* |
1011 | * There are pending frames. |
1012 | * The socket lock must be held while it's corked. |
1013 | */ |
1014 | lock_sock(sk); |
1015 | if (likely(up->pending)) { |
1016 | if (unlikely(up->pending != AF_INET)) { |
1017 | release_sock(sk); |
1018 | return -EINVAL; |
1019 | } |
1020 | goto do_append_data; |
1021 | } |
1022 | release_sock(sk); |
1023 | } |
1024 | ulen += sizeof(struct udphdr); |
1025 | |
1026 | /* |
1027 | * Get and verify the address. |
1028 | */ |
1029 | if (usin) { |
1030 | if (msg->msg_namelen < sizeof(*usin)) |
1031 | return -EINVAL; |
1032 | if (usin->sin_family != AF_INET) { |
1033 | if (usin->sin_family != AF_UNSPEC) |
1034 | return -EAFNOSUPPORT; |
1035 | } |
1036 | |
1037 | daddr = usin->sin_addr.s_addr; |
1038 | dport = usin->sin_port; |
1039 | if (dport == 0) |
1040 | return -EINVAL; |
1041 | } else { |
1042 | if (sk->sk_state != TCP_ESTABLISHED) |
1043 | return -EDESTADDRREQ; |
1044 | daddr = inet->inet_daddr; |
1045 | dport = inet->inet_dport; |
1046 | /* Open fast path for connected socket. |
1047 | Route will not be used, if at least one option is set. |
1048 | */ |
1049 | connected = 1; |
1050 | } |
1051 | |
1052 | ipcm_init_sk(&ipc, inet); |
1053 | ipc.gso_size = up->gso_size; |
1054 | |
1055 | if (msg->msg_controllen) { |
1056 | err = udp_cmsg_send(sk, msg, &ipc.gso_size); |
1057 | if (err > 0) |
1058 | err = ip_cmsg_send(sk, msg, &ipc, |
1059 | sk->sk_family == AF_INET6); |
1060 | if (unlikely(err < 0)) { |
1061 | kfree(ipc.opt); |
1062 | return err; |
1063 | } |
1064 | if (ipc.opt) |
1065 | free = 1; |
1066 | connected = 0; |
1067 | } |
1068 | if (!ipc.opt) { |
1069 | struct ip_options_rcu *inet_opt; |
1070 | |
1071 | rcu_read_lock(); |
1072 | inet_opt = rcu_dereference(inet->inet_opt); |
1073 | if (inet_opt) { |
1074 | memcpy(&opt_copy, inet_opt, |
1075 | sizeof(*inet_opt) + inet_opt->opt.optlen); |
1076 | ipc.opt = &opt_copy.opt; |
1077 | } |
1078 | rcu_read_unlock(); |
1079 | } |
1080 | |
1081 | if (cgroup_bpf_enabled && !connected) { |
1082 | err = BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk, |
1083 | (struct sockaddr *)usin, &ipc.addr); |
1084 | if (err) |
1085 | goto out_free; |
1086 | if (usin) { |
1087 | if (usin->sin_port == 0) { |
1088 | /* BPF program set invalid port. Reject it. */ |
1089 | err = -EINVAL; |
1090 | goto out_free; |
1091 | } |
1092 | daddr = usin->sin_addr.s_addr; |
1093 | dport = usin->sin_port; |
1094 | } |
1095 | } |
1096 | |
1097 | saddr = ipc.addr; |
1098 | ipc.addr = faddr = daddr; |
1099 | |
1100 | if (ipc.opt && ipc.opt->opt.srr) { |
1101 | if (!daddr) { |
1102 | err = -EINVAL; |
1103 | goto out_free; |
1104 | } |
1105 | faddr = ipc.opt->opt.faddr; |
1106 | connected = 0; |
1107 | } |
1108 | tos = get_rttos(&ipc, inet); |
1109 | if (sock_flag(sk, SOCK_LOCALROUTE) || |
1110 | (msg->msg_flags & MSG_DONTROUTE) || |
1111 | (ipc.opt && ipc.opt->opt.is_strictroute)) { |
1112 | tos |= RTO_ONLINK; |
1113 | connected = 0; |
1114 | } |
1115 | |
1116 | if (ipv4_is_multicast(daddr)) { |
1117 | if (!ipc.oif || netif_index_is_l3_master(sock_net(sk), ipc.oif)) |
1118 | ipc.oif = inet->mc_index; |
1119 | if (!saddr) |
1120 | saddr = inet->mc_addr; |
1121 | connected = 0; |
1122 | } else if (!ipc.oif) { |
1123 | ipc.oif = inet->uc_index; |
1124 | } else if (ipv4_is_lbcast(daddr) && inet->uc_index) { |
1125 | /* oif is set, packet is to local broadcast and |
1126 | * and uc_index is set. oif is most likely set |
1127 | * by sk_bound_dev_if. If uc_index != oif check if the |
1128 | * oif is an L3 master and uc_index is an L3 slave. |
1129 | * If so, we want to allow the send using the uc_index. |
1130 | */ |
1131 | if (ipc.oif != inet->uc_index && |
1132 | ipc.oif == l3mdev_master_ifindex_by_index(sock_net(sk), |
1133 | inet->uc_index)) { |
1134 | ipc.oif = inet->uc_index; |
1135 | } |
1136 | } |
1137 | |
1138 | if (connected) |
1139 | rt = (struct rtable *)sk_dst_check(sk, 0); |
1140 | |
1141 | if (!rt) { |
1142 | struct net *net = sock_net(sk); |
1143 | __u8 flow_flags = inet_sk_flowi_flags(sk); |
1144 | |
1145 | fl4 = &fl4_stack; |
1146 | |
1147 | flowi4_init_output(fl4, ipc.oif, sk->sk_mark, tos, |
1148 | RT_SCOPE_UNIVERSE, sk->sk_protocol, |
1149 | flow_flags, |
1150 | faddr, saddr, dport, inet->inet_sport, |
1151 | sk->sk_uid); |
1152 | |
1153 | security_sk_classify_flow(sk, flowi4_to_flowi(fl4)); |
1154 | rt = ip_route_output_flow(net, fl4, sk); |
1155 | if (IS_ERR(rt)) { |
1156 | err = PTR_ERR(rt); |
1157 | rt = NULL; |
1158 | if (err == -ENETUNREACH) |
1159 | IP_INC_STATS(net, IPSTATS_MIB_OUTNOROUTES); |
1160 | goto out; |
1161 | } |
1162 | |
1163 | err = -EACCES; |
1164 | if ((rt->rt_flags & RTCF_BROADCAST) && |
1165 | !sock_flag(sk, SOCK_BROADCAST)) |
1166 | goto out; |
1167 | if (connected) |
1168 | sk_dst_set(sk, dst_clone(&rt->dst)); |
1169 | } |
1170 | |
1171 | if (msg->msg_flags&MSG_CONFIRM) |
1172 | goto do_confirm; |
1173 | back_from_confirm: |
1174 | |
1175 | saddr = fl4->saddr; |
1176 | if (!ipc.addr) |
1177 | daddr = ipc.addr = fl4->daddr; |
1178 | |
1179 | /* Lockless fast path for the non-corking case. */ |
1180 | if (!corkreq) { |
1181 | struct inet_cork cork; |
1182 | |
1183 | skb = ip_make_skb(sk, fl4, getfrag, msg, ulen, |
1184 | sizeof(struct udphdr), &ipc, &rt, |
1185 | &cork, msg->msg_flags); |
1186 | err = PTR_ERR(skb); |
1187 | if (!IS_ERR_OR_NULL(skb)) |
1188 | err = udp_send_skb(skb, fl4, &cork); |
1189 | goto out; |
1190 | } |
1191 | |
1192 | lock_sock(sk); |
1193 | if (unlikely(up->pending)) { |
1194 | /* The socket is already corked while preparing it. */ |
1195 | /* ... which is an evident application bug. --ANK */ |
1196 | release_sock(sk); |
1197 | |
1198 | net_dbg_ratelimited("socket already corked\n" ); |
1199 | err = -EINVAL; |
1200 | goto out; |
1201 | } |
1202 | /* |
1203 | * Now cork the socket to pend data. |
1204 | */ |
1205 | fl4 = &inet->cork.fl.u.ip4; |
1206 | fl4->daddr = daddr; |
1207 | fl4->saddr = saddr; |
1208 | fl4->fl4_dport = dport; |
1209 | fl4->fl4_sport = inet->inet_sport; |
1210 | up->pending = AF_INET; |
1211 | |
1212 | do_append_data: |
1213 | up->len += ulen; |
1214 | err = ip_append_data(sk, fl4, getfrag, msg, ulen, |
1215 | sizeof(struct udphdr), &ipc, &rt, |
1216 | corkreq ? msg->msg_flags|MSG_MORE : msg->msg_flags); |
1217 | if (err) |
1218 | udp_flush_pending_frames(sk); |
1219 | else if (!corkreq) |
1220 | err = udp_push_pending_frames(sk); |
1221 | else if (unlikely(skb_queue_empty(&sk->sk_write_queue))) |
1222 | up->pending = 0; |
1223 | release_sock(sk); |
1224 | |
1225 | out: |
1226 | ip_rt_put(rt); |
1227 | out_free: |
1228 | if (free) |
1229 | kfree(ipc.opt); |
1230 | if (!err) |
1231 | return len; |
1232 | /* |
1233 | * ENOBUFS = no kernel mem, SOCK_NOSPACE = no sndbuf space. Reporting |
1234 | * ENOBUFS might not be good (it's not tunable per se), but otherwise |
1235 | * we don't have a good statistic (IpOutDiscards but it can be too many |
1236 | * things). We could add another new stat but at least for now that |
1237 | * seems like overkill. |
1238 | */ |
1239 | if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { |
1240 | UDP_INC_STATS(sock_net(sk), |
1241 | UDP_MIB_SNDBUFERRORS, is_udplite); |
1242 | } |
1243 | return err; |
1244 | |
1245 | do_confirm: |
1246 | if (msg->msg_flags & MSG_PROBE) |
1247 | dst_confirm_neigh(&rt->dst, &fl4->daddr); |
1248 | if (!(msg->msg_flags&MSG_PROBE) || len) |
1249 | goto back_from_confirm; |
1250 | err = 0; |
1251 | goto out; |
1252 | } |
1253 | EXPORT_SYMBOL(udp_sendmsg); |
1254 | |
1255 | int udp_sendpage(struct sock *sk, struct page *page, int offset, |
1256 | size_t size, int flags) |
1257 | { |
1258 | struct inet_sock *inet = inet_sk(sk); |
1259 | struct udp_sock *up = udp_sk(sk); |
1260 | int ret; |
1261 | |
1262 | if (flags & MSG_SENDPAGE_NOTLAST) |
1263 | flags |= MSG_MORE; |
1264 | |
1265 | if (!up->pending) { |
1266 | struct msghdr msg = { .msg_flags = flags|MSG_MORE }; |
1267 | |
1268 | /* Call udp_sendmsg to specify destination address which |
1269 | * sendpage interface can't pass. |
1270 | * This will succeed only when the socket is connected. |
1271 | */ |
1272 | ret = udp_sendmsg(sk, &msg, 0); |
1273 | if (ret < 0) |
1274 | return ret; |
1275 | } |
1276 | |
1277 | lock_sock(sk); |
1278 | |
1279 | if (unlikely(!up->pending)) { |
1280 | release_sock(sk); |
1281 | |
1282 | net_dbg_ratelimited("cork failed\n" ); |
1283 | return -EINVAL; |
1284 | } |
1285 | |
1286 | ret = ip_append_page(sk, &inet->cork.fl.u.ip4, |
1287 | page, offset, size, flags); |
1288 | if (ret == -EOPNOTSUPP) { |
1289 | release_sock(sk); |
1290 | return sock_no_sendpage(sk->sk_socket, page, offset, |
1291 | size, flags); |
1292 | } |
1293 | if (ret < 0) { |
1294 | udp_flush_pending_frames(sk); |
1295 | goto out; |
1296 | } |
1297 | |
1298 | up->len += size; |
1299 | if (!(up->corkflag || (flags&MSG_MORE))) |
1300 | ret = udp_push_pending_frames(sk); |
1301 | if (!ret) |
1302 | ret = size; |
1303 | out: |
1304 | release_sock(sk); |
1305 | return ret; |
1306 | } |
1307 | |
1308 | #define UDP_SKB_IS_STATELESS 0x80000000 |
1309 | |
1310 | static void udp_set_dev_scratch(struct sk_buff *skb) |
1311 | { |
1312 | struct udp_dev_scratch *scratch = udp_skb_scratch(skb); |
1313 | |
1314 | BUILD_BUG_ON(sizeof(struct udp_dev_scratch) > sizeof(long)); |
1315 | scratch->_tsize_state = skb->truesize; |
1316 | #if BITS_PER_LONG == 64 |
1317 | scratch->len = skb->len; |
1318 | scratch->csum_unnecessary = !!skb_csum_unnecessary(skb); |
1319 | scratch->is_linear = !skb_is_nonlinear(skb); |
1320 | #endif |
1321 | /* all head states execept sp (dst, sk, nf) are always cleared by |
1322 | * udp_rcv() and we need to preserve secpath, if present, to eventually |
1323 | * process IP_CMSG_PASSSEC at recvmsg() time |
1324 | */ |
1325 | if (likely(!skb_sec_path(skb))) |
1326 | scratch->_tsize_state |= UDP_SKB_IS_STATELESS; |
1327 | } |
1328 | |
1329 | static int udp_skb_truesize(struct sk_buff *skb) |
1330 | { |
1331 | return udp_skb_scratch(skb)->_tsize_state & ~UDP_SKB_IS_STATELESS; |
1332 | } |
1333 | |
1334 | static bool udp_skb_has_head_state(struct sk_buff *skb) |
1335 | { |
1336 | return !(udp_skb_scratch(skb)->_tsize_state & UDP_SKB_IS_STATELESS); |
1337 | } |
1338 | |
1339 | /* fully reclaim rmem/fwd memory allocated for skb */ |
1340 | static void udp_rmem_release(struct sock *sk, int size, int partial, |
1341 | bool rx_queue_lock_held) |
1342 | { |
1343 | struct udp_sock *up = udp_sk(sk); |
1344 | struct sk_buff_head *sk_queue; |
1345 | int amt; |
1346 | |
1347 | if (likely(partial)) { |
1348 | up->forward_deficit += size; |
1349 | size = up->forward_deficit; |
1350 | if (size < (sk->sk_rcvbuf >> 2)) |
1351 | return; |
1352 | } else { |
1353 | size += up->forward_deficit; |
1354 | } |
1355 | up->forward_deficit = 0; |
1356 | |
1357 | /* acquire the sk_receive_queue for fwd allocated memory scheduling, |
1358 | * if the called don't held it already |
1359 | */ |
1360 | sk_queue = &sk->sk_receive_queue; |
1361 | if (!rx_queue_lock_held) |
1362 | spin_lock(&sk_queue->lock); |
1363 | |
1364 | |
1365 | sk->sk_forward_alloc += size; |
1366 | amt = (sk->sk_forward_alloc - partial) & ~(SK_MEM_QUANTUM - 1); |
1367 | sk->sk_forward_alloc -= amt; |
1368 | |
1369 | if (amt) |
1370 | __sk_mem_reduce_allocated(sk, amt >> SK_MEM_QUANTUM_SHIFT); |
1371 | |
1372 | atomic_sub(size, &sk->sk_rmem_alloc); |
1373 | |
1374 | /* this can save us from acquiring the rx queue lock on next receive */ |
1375 | skb_queue_splice_tail_init(sk_queue, &up->reader_queue); |
1376 | |
1377 | if (!rx_queue_lock_held) |
1378 | spin_unlock(&sk_queue->lock); |
1379 | } |
1380 | |
1381 | /* Note: called with reader_queue.lock held. |
1382 | * Instead of using skb->truesize here, find a copy of it in skb->dev_scratch |
1383 | * This avoids a cache line miss while receive_queue lock is held. |
1384 | * Look at __udp_enqueue_schedule_skb() to find where this copy is done. |
1385 | */ |
1386 | void udp_skb_destructor(struct sock *sk, struct sk_buff *skb) |
1387 | { |
1388 | prefetch(&skb->data); |
1389 | udp_rmem_release(sk, udp_skb_truesize(skb), 1, false); |
1390 | } |
1391 | EXPORT_SYMBOL(udp_skb_destructor); |
1392 | |
1393 | /* as above, but the caller held the rx queue lock, too */ |
1394 | static void udp_skb_dtor_locked(struct sock *sk, struct sk_buff *skb) |
1395 | { |
1396 | prefetch(&skb->data); |
1397 | udp_rmem_release(sk, udp_skb_truesize(skb), 1, true); |
1398 | } |
1399 | |
1400 | /* Idea of busylocks is to let producers grab an extra spinlock |
1401 | * to relieve pressure on the receive_queue spinlock shared by consumer. |
1402 | * Under flood, this means that only one producer can be in line |
1403 | * trying to acquire the receive_queue spinlock. |
1404 | * These busylock can be allocated on a per cpu manner, instead of a |
1405 | * per socket one (that would consume a cache line per socket) |
1406 | */ |
1407 | static int udp_busylocks_log __read_mostly; |
1408 | static spinlock_t *udp_busylocks __read_mostly; |
1409 | |
1410 | static spinlock_t *busylock_acquire(void *ptr) |
1411 | { |
1412 | spinlock_t *busy; |
1413 | |
1414 | busy = udp_busylocks + hash_ptr(ptr, udp_busylocks_log); |
1415 | spin_lock(busy); |
1416 | return busy; |
1417 | } |
1418 | |
1419 | static void busylock_release(spinlock_t *busy) |
1420 | { |
1421 | if (busy) |
1422 | spin_unlock(busy); |
1423 | } |
1424 | |
1425 | int __udp_enqueue_schedule_skb(struct sock *sk, struct sk_buff *skb) |
1426 | { |
1427 | struct sk_buff_head *list = &sk->sk_receive_queue; |
1428 | int rmem, delta, amt, err = -ENOMEM; |
1429 | spinlock_t *busy = NULL; |
1430 | int size; |
1431 | |
1432 | /* try to avoid the costly atomic add/sub pair when the receive |
1433 | * queue is full; always allow at least a packet |
1434 | */ |
1435 | rmem = atomic_read(&sk->sk_rmem_alloc); |
1436 | if (rmem > sk->sk_rcvbuf) |
1437 | goto drop; |
1438 | |
1439 | /* Under mem pressure, it might be helpful to help udp_recvmsg() |
1440 | * having linear skbs : |
1441 | * - Reduce memory overhead and thus increase receive queue capacity |
1442 | * - Less cache line misses at copyout() time |
1443 | * - Less work at consume_skb() (less alien page frag freeing) |
1444 | */ |
1445 | if (rmem > (sk->sk_rcvbuf >> 1)) { |
1446 | skb_condense(skb); |
1447 | |
1448 | busy = busylock_acquire(sk); |
1449 | } |
1450 | size = skb->truesize; |
1451 | udp_set_dev_scratch(skb); |
1452 | |
1453 | /* we drop only if the receive buf is full and the receive |
1454 | * queue contains some other skb |
1455 | */ |
1456 | rmem = atomic_add_return(size, &sk->sk_rmem_alloc); |
1457 | if (rmem > (size + sk->sk_rcvbuf)) |
1458 | goto uncharge_drop; |
1459 | |
1460 | spin_lock(&list->lock); |
1461 | if (size >= sk->sk_forward_alloc) { |
1462 | amt = sk_mem_pages(size); |
1463 | delta = amt << SK_MEM_QUANTUM_SHIFT; |
1464 | if (!__sk_mem_raise_allocated(sk, delta, amt, SK_MEM_RECV)) { |
1465 | err = -ENOBUFS; |
1466 | spin_unlock(&list->lock); |
1467 | goto uncharge_drop; |
1468 | } |
1469 | |
1470 | sk->sk_forward_alloc += delta; |
1471 | } |
1472 | |
1473 | sk->sk_forward_alloc -= size; |
1474 | |
1475 | /* no need to setup a destructor, we will explicitly release the |
1476 | * forward allocated memory on dequeue |
1477 | */ |
1478 | sock_skb_set_dropcount(sk, skb); |
1479 | |
1480 | __skb_queue_tail(list, skb); |
1481 | spin_unlock(&list->lock); |
1482 | |
1483 | if (!sock_flag(sk, SOCK_DEAD)) |
1484 | sk->sk_data_ready(sk); |
1485 | |
1486 | busylock_release(busy); |
1487 | return 0; |
1488 | |
1489 | uncharge_drop: |
1490 | atomic_sub(skb->truesize, &sk->sk_rmem_alloc); |
1491 | |
1492 | drop: |
1493 | atomic_inc(&sk->sk_drops); |
1494 | busylock_release(busy); |
1495 | return err; |
1496 | } |
1497 | EXPORT_SYMBOL_GPL(__udp_enqueue_schedule_skb); |
1498 | |
1499 | void udp_destruct_sock(struct sock *sk) |
1500 | { |
1501 | /* reclaim completely the forward allocated memory */ |
1502 | struct udp_sock *up = udp_sk(sk); |
1503 | unsigned int total = 0; |
1504 | struct sk_buff *skb; |
1505 | |
1506 | skb_queue_splice_tail_init(&sk->sk_receive_queue, &up->reader_queue); |
1507 | while ((skb = __skb_dequeue(&up->reader_queue)) != NULL) { |
1508 | total += skb->truesize; |
1509 | kfree_skb(skb); |
1510 | } |
1511 | udp_rmem_release(sk, total, 0, true); |
1512 | |
1513 | inet_sock_destruct(sk); |
1514 | } |
1515 | EXPORT_SYMBOL_GPL(udp_destruct_sock); |
1516 | |
1517 | int udp_init_sock(struct sock *sk) |
1518 | { |
1519 | skb_queue_head_init(&udp_sk(sk)->reader_queue); |
1520 | sk->sk_destruct = udp_destruct_sock; |
1521 | return 0; |
1522 | } |
1523 | EXPORT_SYMBOL_GPL(udp_init_sock); |
1524 | |
1525 | void skb_consume_udp(struct sock *sk, struct sk_buff *skb, int len) |
1526 | { |
1527 | if (unlikely(READ_ONCE(sk->sk_peek_off) >= 0)) { |
1528 | bool slow = lock_sock_fast(sk); |
1529 | |
1530 | sk_peek_offset_bwd(sk, len); |
1531 | unlock_sock_fast(sk, slow); |
1532 | } |
1533 | |
1534 | if (!skb_unref(skb)) |
1535 | return; |
1536 | |
1537 | /* In the more common cases we cleared the head states previously, |
1538 | * see __udp_queue_rcv_skb(). |
1539 | */ |
1540 | if (unlikely(udp_skb_has_head_state(skb))) |
1541 | skb_release_head_state(skb); |
1542 | __consume_stateless_skb(skb); |
1543 | } |
1544 | EXPORT_SYMBOL_GPL(skb_consume_udp); |
1545 | |
1546 | static struct sk_buff *__first_packet_length(struct sock *sk, |
1547 | struct sk_buff_head *rcvq, |
1548 | int *total) |
1549 | { |
1550 | struct sk_buff *skb; |
1551 | |
1552 | while ((skb = skb_peek(rcvq)) != NULL) { |
1553 | if (udp_lib_checksum_complete(skb)) { |
1554 | __UDP_INC_STATS(sock_net(sk), UDP_MIB_CSUMERRORS, |
1555 | IS_UDPLITE(sk)); |
1556 | __UDP_INC_STATS(sock_net(sk), UDP_MIB_INERRORS, |
1557 | IS_UDPLITE(sk)); |
1558 | atomic_inc(&sk->sk_drops); |
1559 | __skb_unlink(skb, rcvq); |
1560 | *total += skb->truesize; |
1561 | kfree_skb(skb); |
1562 | } else { |
1563 | /* the csum related bits could be changed, refresh |
1564 | * the scratch area |
1565 | */ |
1566 | udp_set_dev_scratch(skb); |
1567 | break; |
1568 | } |
1569 | } |
1570 | return skb; |
1571 | } |
1572 | |
1573 | /** |
1574 | * first_packet_length - return length of first packet in receive queue |
1575 | * @sk: socket |
1576 | * |
1577 | * Drops all bad checksum frames, until a valid one is found. |
1578 | * Returns the length of found skb, or -1 if none is found. |
1579 | */ |
1580 | static int first_packet_length(struct sock *sk) |
1581 | { |
1582 | struct sk_buff_head *rcvq = &udp_sk(sk)->reader_queue; |
1583 | struct sk_buff_head *sk_queue = &sk->sk_receive_queue; |
1584 | struct sk_buff *skb; |
1585 | int total = 0; |
1586 | int res; |
1587 | |
1588 | spin_lock_bh(&rcvq->lock); |
1589 | skb = __first_packet_length(sk, rcvq, &total); |
1590 | if (!skb && !skb_queue_empty(sk_queue)) { |
1591 | spin_lock(&sk_queue->lock); |
1592 | skb_queue_splice_tail_init(sk_queue, rcvq); |
1593 | spin_unlock(&sk_queue->lock); |
1594 | |
1595 | skb = __first_packet_length(sk, rcvq, &total); |
1596 | } |
1597 | res = skb ? skb->len : -1; |
1598 | if (total) |
1599 | udp_rmem_release(sk, total, 1, false); |
1600 | spin_unlock_bh(&rcvq->lock); |
1601 | return res; |
1602 | } |
1603 | |
1604 | /* |
1605 | * IOCTL requests applicable to the UDP protocol |
1606 | */ |
1607 | |
1608 | int udp_ioctl(struct sock *sk, int cmd, unsigned long arg) |
1609 | { |
1610 | switch (cmd) { |
1611 | case SIOCOUTQ: |
1612 | { |
1613 | int amount = sk_wmem_alloc_get(sk); |
1614 | |
1615 | return put_user(amount, (int __user *)arg); |
1616 | } |
1617 | |
1618 | case SIOCINQ: |
1619 | { |
1620 | int amount = max_t(int, 0, first_packet_length(sk)); |
1621 | |
1622 | return put_user(amount, (int __user *)arg); |
1623 | } |
1624 | |
1625 | default: |
1626 | return -ENOIOCTLCMD; |
1627 | } |
1628 | |
1629 | return 0; |
1630 | } |
1631 | EXPORT_SYMBOL(udp_ioctl); |
1632 | |
1633 | struct sk_buff *__skb_recv_udp(struct sock *sk, unsigned int flags, |
1634 | int noblock, int *peeked, int *off, int *err) |
1635 | { |
1636 | struct sk_buff_head *sk_queue = &sk->sk_receive_queue; |
1637 | struct sk_buff_head *queue; |
1638 | struct sk_buff *last; |
1639 | long timeo; |
1640 | int error; |
1641 | |
1642 | queue = &udp_sk(sk)->reader_queue; |
1643 | flags |= noblock ? MSG_DONTWAIT : 0; |
1644 | timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); |
1645 | do { |
1646 | struct sk_buff *skb; |
1647 | |
1648 | error = sock_error(sk); |
1649 | if (error) |
1650 | break; |
1651 | |
1652 | error = -EAGAIN; |
1653 | *peeked = 0; |
1654 | do { |
1655 | spin_lock_bh(&queue->lock); |
1656 | skb = __skb_try_recv_from_queue(sk, queue, flags, |
1657 | udp_skb_destructor, |
1658 | peeked, off, err, |
1659 | &last); |
1660 | if (skb) { |
1661 | spin_unlock_bh(&queue->lock); |
1662 | return skb; |
1663 | } |
1664 | |
1665 | if (skb_queue_empty(sk_queue)) { |
1666 | spin_unlock_bh(&queue->lock); |
1667 | goto busy_check; |
1668 | } |
1669 | |
1670 | /* refill the reader queue and walk it again |
1671 | * keep both queues locked to avoid re-acquiring |
1672 | * the sk_receive_queue lock if fwd memory scheduling |
1673 | * is needed. |
1674 | */ |
1675 | spin_lock(&sk_queue->lock); |
1676 | skb_queue_splice_tail_init(sk_queue, queue); |
1677 | |
1678 | skb = __skb_try_recv_from_queue(sk, queue, flags, |
1679 | udp_skb_dtor_locked, |
1680 | peeked, off, err, |
1681 | &last); |
1682 | spin_unlock(&sk_queue->lock); |
1683 | spin_unlock_bh(&queue->lock); |
1684 | if (skb) |
1685 | return skb; |
1686 | |
1687 | busy_check: |
1688 | if (!sk_can_busy_loop(sk)) |
1689 | break; |
1690 | |
1691 | sk_busy_loop(sk, flags & MSG_DONTWAIT); |
1692 | } while (!skb_queue_empty(sk_queue)); |
1693 | |
1694 | /* sk_queue is empty, reader_queue may contain peeked packets */ |
1695 | } while (timeo && |
1696 | !__skb_wait_for_more_packets(sk, &error, &timeo, |
1697 | (struct sk_buff *)sk_queue)); |
1698 | |
1699 | *err = error; |
1700 | return NULL; |
1701 | } |
1702 | EXPORT_SYMBOL(__skb_recv_udp); |
1703 | |
1704 | /* |
1705 | * This should be easy, if there is something there we |
1706 | * return it, otherwise we block. |
1707 | */ |
1708 | |
1709 | int udp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int noblock, |
1710 | int flags, int *addr_len) |
1711 | { |
1712 | struct inet_sock *inet = inet_sk(sk); |
1713 | DECLARE_SOCKADDR(struct sockaddr_in *, sin, msg->msg_name); |
1714 | struct sk_buff *skb; |
1715 | unsigned int ulen, copied; |
1716 | int peeked, peeking, off; |
1717 | int err; |
1718 | int is_udplite = IS_UDPLITE(sk); |
1719 | bool checksum_valid = false; |
1720 | |
1721 | if (flags & MSG_ERRQUEUE) |
1722 | return ip_recv_error(sk, msg, len, addr_len); |
1723 | |
1724 | try_again: |
1725 | peeking = flags & MSG_PEEK; |
1726 | off = sk_peek_offset(sk, flags); |
1727 | skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err); |
1728 | if (!skb) |
1729 | return err; |
1730 | |
1731 | ulen = udp_skb_len(skb); |
1732 | copied = len; |
1733 | if (copied > ulen - off) |
1734 | copied = ulen - off; |
1735 | else if (copied < ulen) |
1736 | msg->msg_flags |= MSG_TRUNC; |
1737 | |
1738 | /* |
1739 | * If checksum is needed at all, try to do it while copying the |
1740 | * data. If the data is truncated, or if we only want a partial |
1741 | * coverage checksum (UDP-Lite), do it before the copy. |
1742 | */ |
1743 | |
1744 | if (copied < ulen || peeking || |
1745 | (is_udplite && UDP_SKB_CB(skb)->partial_cov)) { |
1746 | checksum_valid = udp_skb_csum_unnecessary(skb) || |
1747 | !__udp_lib_checksum_complete(skb); |
1748 | if (!checksum_valid) |
1749 | goto csum_copy_err; |
1750 | } |
1751 | |
1752 | if (checksum_valid || udp_skb_csum_unnecessary(skb)) { |
1753 | if (udp_skb_is_linear(skb)) |
1754 | err = copy_linear_skb(skb, copied, off, &msg->msg_iter); |
1755 | else |
1756 | err = skb_copy_datagram_msg(skb, off, msg, copied); |
1757 | } else { |
1758 | err = skb_copy_and_csum_datagram_msg(skb, off, msg); |
1759 | |
1760 | if (err == -EINVAL) |
1761 | goto csum_copy_err; |
1762 | } |
1763 | |
1764 | if (unlikely(err)) { |
1765 | if (!peeked) { |
1766 | atomic_inc(&sk->sk_drops); |
1767 | UDP_INC_STATS(sock_net(sk), |
1768 | UDP_MIB_INERRORS, is_udplite); |
1769 | } |
1770 | kfree_skb(skb); |
1771 | return err; |
1772 | } |
1773 | |
1774 | if (!peeked) |
1775 | UDP_INC_STATS(sock_net(sk), |
1776 | UDP_MIB_INDATAGRAMS, is_udplite); |
1777 | |
1778 | sock_recv_ts_and_drops(msg, sk, skb); |
1779 | |
1780 | /* Copy the address. */ |
1781 | if (sin) { |
1782 | sin->sin_family = AF_INET; |
1783 | sin->sin_port = udp_hdr(skb)->source; |
1784 | sin->sin_addr.s_addr = ip_hdr(skb)->saddr; |
1785 | memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); |
1786 | *addr_len = sizeof(*sin); |
1787 | } |
1788 | |
1789 | if (udp_sk(sk)->gro_enabled) |
1790 | udp_cmsg_recv(msg, sk, skb); |
1791 | |
1792 | if (inet->cmsg_flags) |
1793 | ip_cmsg_recv_offset(msg, sk, skb, sizeof(struct udphdr), off); |
1794 | |
1795 | err = copied; |
1796 | if (flags & MSG_TRUNC) |
1797 | err = ulen; |
1798 | |
1799 | skb_consume_udp(sk, skb, peeking ? -err : err); |
1800 | return err; |
1801 | |
1802 | csum_copy_err: |
1803 | if (!__sk_queue_drop_skb(sk, &udp_sk(sk)->reader_queue, skb, flags, |
1804 | udp_skb_destructor)) { |
1805 | UDP_INC_STATS(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); |
1806 | UDP_INC_STATS(sock_net(sk), UDP_MIB_INERRORS, is_udplite); |
1807 | } |
1808 | kfree_skb(skb); |
1809 | |
1810 | /* starting over for a new packet, but check if we need to yield */ |
1811 | cond_resched(); |
1812 | msg->msg_flags &= ~MSG_TRUNC; |
1813 | goto try_again; |
1814 | } |
1815 | |
1816 | int udp_pre_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) |
1817 | { |
1818 | /* This check is replicated from __ip4_datagram_connect() and |
1819 | * intended to prevent BPF program called below from accessing bytes |
1820 | * that are out of the bound specified by user in addr_len. |
1821 | */ |
1822 | if (addr_len < sizeof(struct sockaddr_in)) |
1823 | return -EINVAL; |
1824 | |
1825 | return BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr); |
1826 | } |
1827 | EXPORT_SYMBOL(udp_pre_connect); |
1828 | |
1829 | int __udp_disconnect(struct sock *sk, int flags) |
1830 | { |
1831 | struct inet_sock *inet = inet_sk(sk); |
1832 | /* |
1833 | * 1003.1g - break association. |
1834 | */ |
1835 | |
1836 | sk->sk_state = TCP_CLOSE; |
1837 | inet->inet_daddr = 0; |
1838 | inet->inet_dport = 0; |
1839 | sock_rps_reset_rxhash(sk); |
1840 | sk->sk_bound_dev_if = 0; |
1841 | if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK)) |
1842 | inet_reset_saddr(sk); |
1843 | |
1844 | if (!(sk->sk_userlocks & SOCK_BINDPORT_LOCK)) { |
1845 | sk->sk_prot->unhash(sk); |
1846 | inet->inet_sport = 0; |
1847 | } |
1848 | sk_dst_reset(sk); |
1849 | return 0; |
1850 | } |
1851 | EXPORT_SYMBOL(__udp_disconnect); |
1852 | |
1853 | int udp_disconnect(struct sock *sk, int flags) |
1854 | { |
1855 | lock_sock(sk); |
1856 | __udp_disconnect(sk, flags); |
1857 | release_sock(sk); |
1858 | return 0; |
1859 | } |
1860 | EXPORT_SYMBOL(udp_disconnect); |
1861 | |
1862 | void udp_lib_unhash(struct sock *sk) |
1863 | { |
1864 | if (sk_hashed(sk)) { |
1865 | struct udp_table *udptable = sk->sk_prot->h.udp_table; |
1866 | struct udp_hslot *hslot, *hslot2; |
1867 | |
1868 | hslot = udp_hashslot(udptable, sock_net(sk), |
1869 | udp_sk(sk)->udp_port_hash); |
1870 | hslot2 = udp_hashslot2(udptable, udp_sk(sk)->udp_portaddr_hash); |
1871 | |
1872 | spin_lock_bh(&hslot->lock); |
1873 | if (rcu_access_pointer(sk->sk_reuseport_cb)) |
1874 | reuseport_detach_sock(sk); |
1875 | if (sk_del_node_init_rcu(sk)) { |
1876 | hslot->count--; |
1877 | inet_sk(sk)->inet_num = 0; |
1878 | sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); |
1879 | |
1880 | spin_lock(&hslot2->lock); |
1881 | hlist_del_init_rcu(&udp_sk(sk)->udp_portaddr_node); |
1882 | hslot2->count--; |
1883 | spin_unlock(&hslot2->lock); |
1884 | } |
1885 | spin_unlock_bh(&hslot->lock); |
1886 | } |
1887 | } |
1888 | EXPORT_SYMBOL(udp_lib_unhash); |
1889 | |
1890 | /* |
1891 | * inet_rcv_saddr was changed, we must rehash secondary hash |
1892 | */ |
1893 | void udp_lib_rehash(struct sock *sk, u16 newhash) |
1894 | { |
1895 | if (sk_hashed(sk)) { |
1896 | struct udp_table *udptable = sk->sk_prot->h.udp_table; |
1897 | struct udp_hslot *hslot, *hslot2, *nhslot2; |
1898 | |
1899 | hslot2 = udp_hashslot2(udptable, udp_sk(sk)->udp_portaddr_hash); |
1900 | nhslot2 = udp_hashslot2(udptable, newhash); |
1901 | udp_sk(sk)->udp_portaddr_hash = newhash; |
1902 | |
1903 | if (hslot2 != nhslot2 || |
1904 | rcu_access_pointer(sk->sk_reuseport_cb)) { |
1905 | hslot = udp_hashslot(udptable, sock_net(sk), |
1906 | udp_sk(sk)->udp_port_hash); |
1907 | /* we must lock primary chain too */ |
1908 | spin_lock_bh(&hslot->lock); |
1909 | if (rcu_access_pointer(sk->sk_reuseport_cb)) |
1910 | reuseport_detach_sock(sk); |
1911 | |
1912 | if (hslot2 != nhslot2) { |
1913 | spin_lock(&hslot2->lock); |
1914 | hlist_del_init_rcu(&udp_sk(sk)->udp_portaddr_node); |
1915 | hslot2->count--; |
1916 | spin_unlock(&hslot2->lock); |
1917 | |
1918 | spin_lock(&nhslot2->lock); |
1919 | hlist_add_head_rcu(&udp_sk(sk)->udp_portaddr_node, |
1920 | &nhslot2->head); |
1921 | nhslot2->count++; |
1922 | spin_unlock(&nhslot2->lock); |
1923 | } |
1924 | |
1925 | spin_unlock_bh(&hslot->lock); |
1926 | } |
1927 | } |
1928 | } |
1929 | EXPORT_SYMBOL(udp_lib_rehash); |
1930 | |
1931 | void udp_v4_rehash(struct sock *sk) |
1932 | { |
1933 | u16 new_hash = ipv4_portaddr_hash(sock_net(sk), |
1934 | inet_sk(sk)->inet_rcv_saddr, |
1935 | inet_sk(sk)->inet_num); |
1936 | udp_lib_rehash(sk, new_hash); |
1937 | } |
1938 | |
1939 | static int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) |
1940 | { |
1941 | int rc; |
1942 | |
1943 | if (inet_sk(sk)->inet_daddr) { |
1944 | sock_rps_save_rxhash(sk, skb); |
1945 | sk_mark_napi_id(sk, skb); |
1946 | sk_incoming_cpu_update(sk); |
1947 | } else { |
1948 | sk_mark_napi_id_once(sk, skb); |
1949 | } |
1950 | |
1951 | rc = __udp_enqueue_schedule_skb(sk, skb); |
1952 | if (rc < 0) { |
1953 | int is_udplite = IS_UDPLITE(sk); |
1954 | |
1955 | /* Note that an ENOMEM error is charged twice */ |
1956 | if (rc == -ENOMEM) |
1957 | UDP_INC_STATS(sock_net(sk), UDP_MIB_RCVBUFERRORS, |
1958 | is_udplite); |
1959 | UDP_INC_STATS(sock_net(sk), UDP_MIB_INERRORS, is_udplite); |
1960 | kfree_skb(skb); |
1961 | trace_udp_fail_queue_rcv_skb(rc, sk); |
1962 | return -1; |
1963 | } |
1964 | |
1965 | return 0; |
1966 | } |
1967 | |
1968 | /* returns: |
1969 | * -1: error |
1970 | * 0: success |
1971 | * >0: "udp encap" protocol resubmission |
1972 | * |
1973 | * Note that in the success and error cases, the skb is assumed to |
1974 | * have either been requeued or freed. |
1975 | */ |
1976 | static int udp_queue_rcv_one_skb(struct sock *sk, struct sk_buff *skb) |
1977 | { |
1978 | struct udp_sock *up = udp_sk(sk); |
1979 | int is_udplite = IS_UDPLITE(sk); |
1980 | |
1981 | /* |
1982 | * Charge it to the socket, dropping if the queue is full. |
1983 | */ |
1984 | if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) |
1985 | goto drop; |
1986 | nf_reset(skb); |
1987 | |
1988 | if (static_branch_unlikely(&udp_encap_needed_key) && up->encap_type) { |
1989 | int (*encap_rcv)(struct sock *sk, struct sk_buff *skb); |
1990 | |
1991 | /* |
1992 | * This is an encapsulation socket so pass the skb to |
1993 | * the socket's udp_encap_rcv() hook. Otherwise, just |
1994 | * fall through and pass this up the UDP socket. |
1995 | * up->encap_rcv() returns the following value: |
1996 | * =0 if skb was successfully passed to the encap |
1997 | * handler or was discarded by it. |
1998 | * >0 if skb should be passed on to UDP. |
1999 | * <0 if skb should be resubmitted as proto -N |
2000 | */ |
2001 | |
2002 | /* if we're overly short, let UDP handle it */ |
2003 | encap_rcv = READ_ONCE(up->encap_rcv); |
2004 | if (encap_rcv) { |
2005 | int ret; |
2006 | |
2007 | /* Verify checksum before giving to encap */ |
2008 | if (udp_lib_checksum_complete(skb)) |
2009 | goto csum_error; |
2010 | |
2011 | ret = encap_rcv(sk, skb); |
2012 | if (ret <= 0) { |
2013 | __UDP_INC_STATS(sock_net(sk), |
2014 | UDP_MIB_INDATAGRAMS, |
2015 | is_udplite); |
2016 | return -ret; |
2017 | } |
2018 | } |
2019 | |
2020 | /* FALLTHROUGH -- it's a UDP Packet */ |
2021 | } |
2022 | |
2023 | /* |
2024 | * UDP-Lite specific tests, ignored on UDP sockets |
2025 | */ |
2026 | if ((is_udplite & UDPLITE_RECV_CC) && UDP_SKB_CB(skb)->partial_cov) { |
2027 | |
2028 | /* |
2029 | * MIB statistics other than incrementing the error count are |
2030 | * disabled for the following two types of errors: these depend |
2031 | * on the application settings, not on the functioning of the |
2032 | * protocol stack as such. |
2033 | * |
2034 | * RFC 3828 here recommends (sec 3.3): "There should also be a |
2035 | * way ... to ... at least let the receiving application block |
2036 | * delivery of packets with coverage values less than a value |
2037 | * provided by the application." |
2038 | */ |
2039 | if (up->pcrlen == 0) { /* full coverage was set */ |
2040 | net_dbg_ratelimited("UDPLite: partial coverage %d while full coverage %d requested\n" , |
2041 | UDP_SKB_CB(skb)->cscov, skb->len); |
2042 | goto drop; |
2043 | } |
2044 | /* The next case involves violating the min. coverage requested |
2045 | * by the receiver. This is subtle: if receiver wants x and x is |
2046 | * greater than the buffersize/MTU then receiver will complain |
2047 | * that it wants x while sender emits packets of smaller size y. |
2048 | * Therefore the above ...()->partial_cov statement is essential. |
2049 | */ |
2050 | if (UDP_SKB_CB(skb)->cscov < up->pcrlen) { |
2051 | net_dbg_ratelimited("UDPLite: coverage %d too small, need min %d\n" , |
2052 | UDP_SKB_CB(skb)->cscov, up->pcrlen); |
2053 | goto drop; |
2054 | } |
2055 | } |
2056 | |
2057 | prefetch(&sk->sk_rmem_alloc); |
2058 | if (rcu_access_pointer(sk->sk_filter) && |
2059 | udp_lib_checksum_complete(skb)) |
2060 | goto csum_error; |
2061 | |
2062 | if (sk_filter_trim_cap(sk, skb, sizeof(struct udphdr))) |
2063 | goto drop; |
2064 | |
2065 | udp_csum_pull_header(skb); |
2066 | |
2067 | ipv4_pktinfo_prepare(sk, skb); |
2068 | return __udp_queue_rcv_skb(sk, skb); |
2069 | |
2070 | csum_error: |
2071 | __UDP_INC_STATS(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); |
2072 | drop: |
2073 | __UDP_INC_STATS(sock_net(sk), UDP_MIB_INERRORS, is_udplite); |
2074 | atomic_inc(&sk->sk_drops); |
2075 | kfree_skb(skb); |
2076 | return -1; |
2077 | } |
2078 | |
2079 | static int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) |
2080 | { |
2081 | struct sk_buff *next, *segs; |
2082 | int ret; |
2083 | |
2084 | if (likely(!udp_unexpected_gso(sk, skb))) |
2085 | return udp_queue_rcv_one_skb(sk, skb); |
2086 | |
2087 | BUILD_BUG_ON(sizeof(struct udp_skb_cb) > SKB_SGO_CB_OFFSET); |
2088 | __skb_push(skb, -skb_mac_offset(skb)); |
2089 | segs = udp_rcv_segment(sk, skb, true); |
2090 | for (skb = segs; skb; skb = next) { |
2091 | next = skb->next; |
2092 | __skb_pull(skb, skb_transport_offset(skb)); |
2093 | ret = udp_queue_rcv_one_skb(sk, skb); |
2094 | if (ret > 0) |
2095 | ip_protocol_deliver_rcu(dev_net(skb->dev), skb, -ret); |
2096 | } |
2097 | return 0; |
2098 | } |
2099 | |
2100 | /* For TCP sockets, sk_rx_dst is protected by socket lock |
2101 | * For UDP, we use xchg() to guard against concurrent changes. |
2102 | */ |
2103 | bool udp_sk_rx_dst_set(struct sock *sk, struct dst_entry *dst) |
2104 | { |
2105 | struct dst_entry *old; |
2106 | |
2107 | if (dst_hold_safe(dst)) { |
2108 | old = xchg(&sk->sk_rx_dst, dst); |
2109 | dst_release(old); |
2110 | return old != dst; |
2111 | } |
2112 | return false; |
2113 | } |
2114 | EXPORT_SYMBOL(udp_sk_rx_dst_set); |
2115 | |
2116 | /* |
2117 | * Multicasts and broadcasts go to each listener. |
2118 | * |
2119 | * Note: called only from the BH handler context. |
2120 | */ |
2121 | static int __udp4_lib_mcast_deliver(struct net *net, struct sk_buff *skb, |
2122 | struct udphdr *uh, |
2123 | __be32 saddr, __be32 daddr, |
2124 | struct |
---|