1// SPDX-License-Identifier: GPL-2.0
  2#include <linux/kernel.h>
  3#include <linux/init.h>
  4#include <linux/module.h>
  5#include <linux/skbuff.h>
  6#include <linux/netfilter.h>
  7#include <linux/mutex.h>
  8#include <net/sock.h>
  9
 10#include "nf_internals.h"
 11
 12/* Sockopts only registered and called from user context, so
 13   net locking would be overkill.  Also, [gs]etsockopt calls may
 14   sleep. */
 15static DEFINE_MUTEX(nf_sockopt_mutex);
 16static LIST_HEAD(nf_sockopts);
 17
 18/* Do exclusive ranges overlap? */
 19static inline int overlap(int min1, int max1, int min2, int max2)
 20{
 21	return max1 > min2 && min1 < max2;
 22}
 23
 24/* Functions to register sockopt ranges (exclusive). */
 25int nf_register_sockopt(struct nf_sockopt_ops *reg)
 26{
 27	struct nf_sockopt_ops *ops;
 28	int ret = 0;
 29
 30	mutex_lock(&nf_sockopt_mutex);
 
 
 31	list_for_each_entry(ops, &nf_sockopts, list) {
 32		if (ops->pf == reg->pf
 33		    && (overlap(ops->set_optmin, ops->set_optmax,
 34				reg->set_optmin, reg->set_optmax)
 35			|| overlap(ops->get_optmin, ops->get_optmax,
 36				   reg->get_optmin, reg->get_optmax))) {
 37			pr_debug("nf_sock overlap: %u-%u/%u-%u v %u-%u/%u-%u\n",
 38				ops->set_optmin, ops->set_optmax,
 39				ops->get_optmin, ops->get_optmax,
 40				reg->set_optmin, reg->set_optmax,
 41				reg->get_optmin, reg->get_optmax);
 42			ret = -EBUSY;
 43			goto out;
 44		}
 45	}
 46
 47	list_add(&reg->list, &nf_sockopts);
 48out:
 49	mutex_unlock(&nf_sockopt_mutex);
 50	return ret;
 51}
 52EXPORT_SYMBOL(nf_register_sockopt);
 53
 54void nf_unregister_sockopt(struct nf_sockopt_ops *reg)
 55{
 56	mutex_lock(&nf_sockopt_mutex);
 57	list_del(&reg->list);
 58	mutex_unlock(&nf_sockopt_mutex);
 59}
 60EXPORT_SYMBOL(nf_unregister_sockopt);
 61
 62static struct nf_sockopt_ops *nf_sockopt_find(struct sock *sk, u_int8_t pf,
 63		int val, int get)
 64{
 65	struct nf_sockopt_ops *ops;
 66
 67	mutex_lock(&nf_sockopt_mutex);
 
 
 68	list_for_each_entry(ops, &nf_sockopts, list) {
 69		if (ops->pf == pf) {
 70			if (!try_module_get(ops->owner))
 71				goto out_nosup;
 72
 73			if (get) {
 74				if (val >= ops->get_optmin &&
 75						val < ops->get_optmax)
 76					goto out;
 77			} else {
 78				if (val >= ops->set_optmin &&
 79						val < ops->set_optmax)
 80					goto out;
 81			}
 82			module_put(ops->owner);
 83		}
 84	}
 85out_nosup:
 86	ops = ERR_PTR(-ENOPROTOOPT);
 87out:
 88	mutex_unlock(&nf_sockopt_mutex);
 89	return ops;
 90}
 91
 92int nf_setsockopt(struct sock *sk, u_int8_t pf, int val, sockptr_t opt,
 93		  unsigned int len)
 
 94{
 95	struct nf_sockopt_ops *ops;
 96	int ret;
 97
 98	ops = nf_sockopt_find(sk, pf, val, 0);
 99	if (IS_ERR(ops))
100		return PTR_ERR(ops);
101	ret = ops->set(sk, val, opt, len);
 
 
 
 
 
102	module_put(ops->owner);
103	return ret;
104}
 
 
 
 
 
 
105EXPORT_SYMBOL(nf_setsockopt);
106
107int nf_getsockopt(struct sock *sk, u_int8_t pf, int val, char __user *opt,
108		  int *len)
109{
 
 
 
 
 
 
 
 
110	struct nf_sockopt_ops *ops;
111	int ret;
112
113	ops = nf_sockopt_find(sk, pf, val, 1);
114	if (IS_ERR(ops))
115		return PTR_ERR(ops);
116	ret = ops->get(sk, val, opt, len);
 
 
 
 
 
 
 
 
 
 
 
 
117	module_put(ops->owner);
118	return ret;
119}
120EXPORT_SYMBOL(nf_getsockopt);
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
  1#include <linux/kernel.h>
  2#include <linux/init.h>
  3#include <linux/module.h>
  4#include <linux/skbuff.h>
  5#include <linux/netfilter.h>
  6#include <linux/mutex.h>
  7#include <net/sock.h>
  8
  9#include "nf_internals.h"
 10
 11/* Sockopts only registered and called from user context, so
 12   net locking would be overkill.  Also, [gs]etsockopt calls may
 13   sleep. */
 14static DEFINE_MUTEX(nf_sockopt_mutex);
 15static LIST_HEAD(nf_sockopts);
 16
 17/* Do exclusive ranges overlap? */
 18static inline int overlap(int min1, int max1, int min2, int max2)
 19{
 20	return max1 > min2 && min1 < max2;
 21}
 22
 23/* Functions to register sockopt ranges (exclusive). */
 24int nf_register_sockopt(struct nf_sockopt_ops *reg)
 25{
 26	struct nf_sockopt_ops *ops;
 27	int ret = 0;
 28
 29	if (mutex_lock_interruptible(&nf_sockopt_mutex) != 0)
 30		return -EINTR;
 31
 32	list_for_each_entry(ops, &nf_sockopts, list) {
 33		if (ops->pf == reg->pf
 34		    && (overlap(ops->set_optmin, ops->set_optmax,
 35				reg->set_optmin, reg->set_optmax)
 36			|| overlap(ops->get_optmin, ops->get_optmax,
 37				   reg->get_optmin, reg->get_optmax))) {
 38			NFDEBUG("nf_sock overlap: %u-%u/%u-%u v %u-%u/%u-%u\n",
 39				ops->set_optmin, ops->set_optmax,
 40				ops->get_optmin, ops->get_optmax,
 41				reg->set_optmin, reg->set_optmax,
 42				reg->get_optmin, reg->get_optmax);
 43			ret = -EBUSY;
 44			goto out;
 45		}
 46	}
 47
 48	list_add(&reg->list, &nf_sockopts);
 49out:
 50	mutex_unlock(&nf_sockopt_mutex);
 51	return ret;
 52}
 53EXPORT_SYMBOL(nf_register_sockopt);
 54
 55void nf_unregister_sockopt(struct nf_sockopt_ops *reg)
 56{
 57	mutex_lock(&nf_sockopt_mutex);
 58	list_del(&reg->list);
 59	mutex_unlock(&nf_sockopt_mutex);
 60}
 61EXPORT_SYMBOL(nf_unregister_sockopt);
 62
 63static struct nf_sockopt_ops *nf_sockopt_find(struct sock *sk, u_int8_t pf,
 64		int val, int get)
 65{
 66	struct nf_sockopt_ops *ops;
 67
 68	if (mutex_lock_interruptible(&nf_sockopt_mutex) != 0)
 69		return ERR_PTR(-EINTR);
 70
 71	list_for_each_entry(ops, &nf_sockopts, list) {
 72		if (ops->pf == pf) {
 73			if (!try_module_get(ops->owner))
 74				goto out_nosup;
 75
 76			if (get) {
 77				if (val >= ops->get_optmin &&
 78						val < ops->get_optmax)
 79					goto out;
 80			} else {
 81				if (val >= ops->set_optmin &&
 82						val < ops->set_optmax)
 83					goto out;
 84			}
 85			module_put(ops->owner);
 86		}
 87	}
 88out_nosup:
 89	ops = ERR_PTR(-ENOPROTOOPT);
 90out:
 91	mutex_unlock(&nf_sockopt_mutex);
 92	return ops;
 93}
 94
 95/* Call get/setsockopt() */
 96static int nf_sockopt(struct sock *sk, u_int8_t pf, int val,
 97		      char __user *opt, int *len, int get)
 98{
 99	struct nf_sockopt_ops *ops;
100	int ret;
101
102	ops = nf_sockopt_find(sk, pf, val, get);
103	if (IS_ERR(ops))
104		return PTR_ERR(ops);
105
106	if (get)
107		ret = ops->get(sk, val, opt, len);
108	else
109		ret = ops->set(sk, val, opt, *len);
110
111	module_put(ops->owner);
112	return ret;
113}
114
115int nf_setsockopt(struct sock *sk, u_int8_t pf, int val, char __user *opt,
116		  unsigned int len)
117{
118	return nf_sockopt(sk, pf, val, opt, &len, 0);
119}
120EXPORT_SYMBOL(nf_setsockopt);
121
122int nf_getsockopt(struct sock *sk, u_int8_t pf, int val, char __user *opt,
123		  int *len)
124{
125	return nf_sockopt(sk, pf, val, opt, len, 1);
126}
127EXPORT_SYMBOL(nf_getsockopt);
128
129#ifdef CONFIG_COMPAT
130static int compat_nf_sockopt(struct sock *sk, u_int8_t pf, int val,
131			     char __user *opt, int *len, int get)
132{
133	struct nf_sockopt_ops *ops;
134	int ret;
135
136	ops = nf_sockopt_find(sk, pf, val, get);
137	if (IS_ERR(ops))
138		return PTR_ERR(ops);
139
140	if (get) {
141		if (ops->compat_get)
142			ret = ops->compat_get(sk, val, opt, len);
143		else
144			ret = ops->get(sk, val, opt, len);
145	} else {
146		if (ops->compat_set)
147			ret = ops->compat_set(sk, val, opt, *len);
148		else
149			ret = ops->set(sk, val, opt, *len);
150	}
151
152	module_put(ops->owner);
153	return ret;
154}
155
156int compat_nf_setsockopt(struct sock *sk, u_int8_t pf,
157		int val, char __user *opt, unsigned int len)
158{
159	return compat_nf_sockopt(sk, pf, val, opt, &len, 0);
160}
161EXPORT_SYMBOL(compat_nf_setsockopt);
162
163int compat_nf_getsockopt(struct sock *sk, u_int8_t pf,
164		int val, char __user *opt, int *len)
165{
166	return compat_nf_sockopt(sk, pf, val, opt, len, 1);
167}
168EXPORT_SYMBOL(compat_nf_getsockopt);
169#endif