linux/net/netfilter/x_tables.c
<<
>>
Prefs
   1/*
   2 * x_tables core - Backend for {ip,ip6,arp}_tables
   3 *
   4 * Copyright (C) 2006-2006 Harald Welte <laforge@netfilter.org>
   5 * Copyright (C) 2006-2012 Patrick McHardy <kaber@trash.net>
   6 *
   7 * Based on existing ip_tables code which is
   8 *   Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
   9 *   Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org>
  10 *
  11 * This program is free software; you can redistribute it and/or modify
  12 * it under the terms of the GNU General Public License version 2 as
  13 * published by the Free Software Foundation.
  14 *
  15 */
  16#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  17#include <linux/kernel.h>
  18#include <linux/module.h>
  19#include <linux/socket.h>
  20#include <linux/net.h>
  21#include <linux/proc_fs.h>
  22#include <linux/seq_file.h>
  23#include <linux/string.h>
  24#include <linux/vmalloc.h>
  25#include <linux/mutex.h>
  26#include <linux/mm.h>
  27#include <linux/slab.h>
  28#include <linux/audit.h>
  29#include <linux/user_namespace.h>
  30#include <net/net_namespace.h>
  31
  32#include <linux/netfilter/x_tables.h>
  33#include <linux/netfilter_arp.h>
  34#include <linux/netfilter_ipv4/ip_tables.h>
  35#include <linux/netfilter_ipv6/ip6_tables.h>
  36#include <linux/netfilter_arp/arp_tables.h>
  37
  38MODULE_LICENSE("GPL");
  39MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
  40MODULE_DESCRIPTION("{ip,ip6,arp,eb}_tables backend module");
  41
  42#define XT_PCPU_BLOCK_SIZE 4096
  43#define XT_MAX_TABLE_SIZE       (512 * 1024 * 1024)
  44
  45struct compat_delta {
  46        unsigned int offset; /* offset in kernel */
  47        int delta; /* delta in 32bit user land */
  48};
  49
  50struct xt_af {
  51        struct mutex mutex;
  52        struct list_head match;
  53        struct list_head target;
  54#ifdef CONFIG_COMPAT
  55        struct mutex compat_mutex;
  56        struct compat_delta *compat_tab;
  57        unsigned int number; /* number of slots in compat_tab[] */
  58        unsigned int cur; /* number of used slots in compat_tab[] */
  59#endif
  60};
  61
  62static struct xt_af *xt;
  63
  64static const char *const xt_prefix[NFPROTO_NUMPROTO] = {
  65        [NFPROTO_UNSPEC] = "x",
  66        [NFPROTO_IPV4]   = "ip",
  67        [NFPROTO_ARP]    = "arp",
  68        [NFPROTO_BRIDGE] = "eb",
  69        [NFPROTO_IPV6]   = "ip6",
  70};
  71
  72/* Registration hooks for targets. */
  73int xt_register_target(struct xt_target *target)
  74{
  75        u_int8_t af = target->family;
  76
  77        mutex_lock(&xt[af].mutex);
  78        list_add(&target->list, &xt[af].target);
  79        mutex_unlock(&xt[af].mutex);
  80        return 0;
  81}
  82EXPORT_SYMBOL(xt_register_target);
  83
  84void
  85xt_unregister_target(struct xt_target *target)
  86{
  87        u_int8_t af = target->family;
  88
  89        mutex_lock(&xt[af].mutex);
  90        list_del(&target->list);
  91        mutex_unlock(&xt[af].mutex);
  92}
  93EXPORT_SYMBOL(xt_unregister_target);
  94
  95int
  96xt_register_targets(struct xt_target *target, unsigned int n)
  97{
  98        unsigned int i;
  99        int err = 0;
 100
 101        for (i = 0; i < n; i++) {
 102                err = xt_register_target(&target[i]);
 103                if (err)
 104                        goto err;
 105        }
 106        return err;
 107
 108err:
 109        if (i > 0)
 110                xt_unregister_targets(target, i);
 111        return err;
 112}
 113EXPORT_SYMBOL(xt_register_targets);
 114
 115void
 116xt_unregister_targets(struct xt_target *target, unsigned int n)
 117{
 118        while (n-- > 0)
 119                xt_unregister_target(&target[n]);
 120}
 121EXPORT_SYMBOL(xt_unregister_targets);
 122
 123int xt_register_match(struct xt_match *match)
 124{
 125        u_int8_t af = match->family;
 126
 127        mutex_lock(&xt[af].mutex);
 128        list_add(&match->list, &xt[af].match);
 129        mutex_unlock(&xt[af].mutex);
 130        return 0;
 131}
 132EXPORT_SYMBOL(xt_register_match);
 133
 134void
 135xt_unregister_match(struct xt_match *match)
 136{
 137        u_int8_t af = match->family;
 138
 139        mutex_lock(&xt[af].mutex);
 140        list_del(&match->list);
 141        mutex_unlock(&xt[af].mutex);
 142}
 143EXPORT_SYMBOL(xt_unregister_match);
 144
 145int
 146xt_register_matches(struct xt_match *match, unsigned int n)
 147{
 148        unsigned int i;
 149        int err = 0;
 150
 151        for (i = 0; i < n; i++) {
 152                err = xt_register_match(&match[i]);
 153                if (err)
 154                        goto err;
 155        }
 156        return err;
 157
 158err:
 159        if (i > 0)
 160                xt_unregister_matches(match, i);
 161        return err;
 162}
 163EXPORT_SYMBOL(xt_register_matches);
 164
 165void
 166xt_unregister_matches(struct xt_match *match, unsigned int n)
 167{
 168        while (n-- > 0)
 169                xt_unregister_match(&match[n]);
 170}
 171EXPORT_SYMBOL(xt_unregister_matches);
 172
 173
 174/*
 175 * These are weird, but module loading must not be done with mutex
 176 * held (since they will register), and we have to have a single
 177 * function to use.
 178 */
 179
 180/* Find match, grabs ref.  Returns ERR_PTR() on error. */
 181struct xt_match *xt_find_match(u8 af, const char *name, u8 revision)
 182{
 183        struct xt_match *m;
 184        int err = -ENOENT;
 185
 186        if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN)
 187                return ERR_PTR(-EINVAL);
 188
 189        mutex_lock(&xt[af].mutex);
 190        list_for_each_entry(m, &xt[af].match, list) {
 191                if (strcmp(m->name, name) == 0) {
 192                        if (m->revision == revision) {
 193                                if (try_module_get(m->me)) {
 194                                        mutex_unlock(&xt[af].mutex);
 195                                        return m;
 196                                }
 197                        } else
 198                                err = -EPROTOTYPE; /* Found something. */
 199                }
 200        }
 201        mutex_unlock(&xt[af].mutex);
 202
 203        if (af != NFPROTO_UNSPEC)
 204                /* Try searching again in the family-independent list */
 205                return xt_find_match(NFPROTO_UNSPEC, name, revision);
 206
 207        return ERR_PTR(err);
 208}
 209EXPORT_SYMBOL(xt_find_match);
 210
 211struct xt_match *
 212xt_request_find_match(uint8_t nfproto, const char *name, uint8_t revision)
 213{
 214        struct xt_match *match;
 215
 216        if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN)
 217                return ERR_PTR(-EINVAL);
 218
 219        match = xt_find_match(nfproto, name, revision);
 220        if (IS_ERR(match)) {
 221                request_module("%st_%s", xt_prefix[nfproto], name);
 222                match = xt_find_match(nfproto, name, revision);
 223        }
 224
 225        return match;
 226}
 227EXPORT_SYMBOL_GPL(xt_request_find_match);
 228
 229/* Find target, grabs ref.  Returns ERR_PTR() on error. */
 230struct xt_target *xt_find_target(u8 af, const char *name, u8 revision)
 231{
 232        struct xt_target *t;
 233        int err = -ENOENT;
 234
 235        if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN)
 236                return ERR_PTR(-EINVAL);
 237
 238        mutex_lock(&xt[af].mutex);
 239        list_for_each_entry(t, &xt[af].target, list) {
 240                if (strcmp(t->name, name) == 0) {
 241                        if (t->revision == revision) {
 242                                if (try_module_get(t->me)) {
 243                                        mutex_unlock(&xt[af].mutex);
 244                                        return t;
 245                                }
 246                        } else
 247                                err = -EPROTOTYPE; /* Found something. */
 248                }
 249        }
 250        mutex_unlock(&xt[af].mutex);
 251
 252        if (af != NFPROTO_UNSPEC)
 253                /* Try searching again in the family-independent list */
 254                return xt_find_target(NFPROTO_UNSPEC, name, revision);
 255
 256        return ERR_PTR(err);
 257}
 258EXPORT_SYMBOL(xt_find_target);
 259
 260struct xt_target *xt_request_find_target(u8 af, const char *name, u8 revision)
 261{
 262        struct xt_target *target;
 263
 264        if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN)
 265                return ERR_PTR(-EINVAL);
 266
 267        target = xt_find_target(af, name, revision);
 268        if (IS_ERR(target)) {
 269                request_module("%st_%s", xt_prefix[af], name);
 270                target = xt_find_target(af, name, revision);
 271        }
 272
 273        return target;
 274}
 275EXPORT_SYMBOL_GPL(xt_request_find_target);
 276
 277
 278static int xt_obj_to_user(u16 __user *psize, u16 size,
 279                          void __user *pname, const char *name,
 280                          u8 __user *prev, u8 rev)
 281{
 282        if (put_user(size, psize))
 283                return -EFAULT;
 284        if (copy_to_user(pname, name, strlen(name) + 1))
 285                return -EFAULT;
 286        if (put_user(rev, prev))
 287                return -EFAULT;
 288
 289        return 0;
 290}
 291
 292#define XT_OBJ_TO_USER(U, K, TYPE, C_SIZE)                              \
 293        xt_obj_to_user(&U->u.TYPE##_size, C_SIZE ? : K->u.TYPE##_size,  \
 294                       U->u.user.name, K->u.kernel.TYPE->name,          \
 295                       &U->u.user.revision, K->u.kernel.TYPE->revision)
 296
 297int xt_data_to_user(void __user *dst, const void *src,
 298                    int usersize, int size, int aligned_size)
 299{
 300        usersize = usersize ? : size;
 301        if (copy_to_user(dst, src, usersize))
 302                return -EFAULT;
 303        if (usersize != aligned_size &&
 304            clear_user(dst + usersize, aligned_size - usersize))
 305                return -EFAULT;
 306
 307        return 0;
 308}
 309EXPORT_SYMBOL_GPL(xt_data_to_user);
 310
 311#define XT_DATA_TO_USER(U, K, TYPE)                                     \
 312        xt_data_to_user(U->data, K->data,                               \
 313                        K->u.kernel.TYPE->usersize,                     \
 314                        K->u.kernel.TYPE->TYPE##size,                   \
 315                        XT_ALIGN(K->u.kernel.TYPE->TYPE##size))
 316
 317int xt_match_to_user(const struct xt_entry_match *m,
 318                     struct xt_entry_match __user *u)
 319{
 320        return XT_OBJ_TO_USER(u, m, match, 0) ||
 321               XT_DATA_TO_USER(u, m, match);
 322}
 323EXPORT_SYMBOL_GPL(xt_match_to_user);
 324
 325int xt_target_to_user(const struct xt_entry_target *t,
 326                      struct xt_entry_target __user *u)
 327{
 328        return XT_OBJ_TO_USER(u, t, target, 0) ||
 329               XT_DATA_TO_USER(u, t, target);
 330}
 331EXPORT_SYMBOL_GPL(xt_target_to_user);
 332
 333static int match_revfn(u8 af, const char *name, u8 revision, int *bestp)
 334{
 335        const struct xt_match *m;
 336        int have_rev = 0;
 337
 338        list_for_each_entry(m, &xt[af].match, list) {
 339                if (strcmp(m->name, name) == 0) {
 340                        if (m->revision > *bestp)
 341                                *bestp = m->revision;
 342                        if (m->revision == revision)
 343                                have_rev = 1;
 344                }
 345        }
 346
 347        if (af != NFPROTO_UNSPEC && !have_rev)
 348                return match_revfn(NFPROTO_UNSPEC, name, revision, bestp);
 349
 350        return have_rev;
 351}
 352
 353static int target_revfn(u8 af, const char *name, u8 revision, int *bestp)
 354{
 355        const struct xt_target *t;
 356        int have_rev = 0;
 357
 358        list_for_each_entry(t, &xt[af].target, list) {
 359                if (strcmp(t->name, name) == 0) {
 360                        if (t->revision > *bestp)
 361                                *bestp = t->revision;
 362                        if (t->revision == revision)
 363                                have_rev = 1;
 364                }
 365        }
 366
 367        if (af != NFPROTO_UNSPEC && !have_rev)
 368                return target_revfn(NFPROTO_UNSPEC, name, revision, bestp);
 369
 370        return have_rev;
 371}
 372
 373/* Returns true or false (if no such extension at all) */
 374int xt_find_revision(u8 af, const char *name, u8 revision, int target,
 375                     int *err)
 376{
 377        int have_rev, best = -1;
 378
 379        mutex_lock(&xt[af].mutex);
 380        if (target == 1)
 381                have_rev = target_revfn(af, name, revision, &best);
 382        else
 383                have_rev = match_revfn(af, name, revision, &best);
 384        mutex_unlock(&xt[af].mutex);
 385
 386        /* Nothing at all?  Return 0 to try loading module. */
 387        if (best == -1) {
 388                *err = -ENOENT;
 389                return 0;
 390        }
 391
 392        *err = best;
 393        if (!have_rev)
 394                *err = -EPROTONOSUPPORT;
 395        return 1;
 396}
 397EXPORT_SYMBOL_GPL(xt_find_revision);
 398
 399static char *
 400textify_hooks(char *buf, size_t size, unsigned int mask, uint8_t nfproto)
 401{
 402        static const char *const inetbr_names[] = {
 403                "PREROUTING", "INPUT", "FORWARD",
 404                "OUTPUT", "POSTROUTING", "BROUTING",
 405        };
 406        static const char *const arp_names[] = {
 407                "INPUT", "FORWARD", "OUTPUT",
 408        };
 409        const char *const *names;
 410        unsigned int i, max;
 411        char *p = buf;
 412        bool np = false;
 413        int res;
 414
 415        names = (nfproto == NFPROTO_ARP) ? arp_names : inetbr_names;
 416        max   = (nfproto == NFPROTO_ARP) ? ARRAY_SIZE(arp_names) :
 417                                           ARRAY_SIZE(inetbr_names);
 418        *p = '\0';
 419        for (i = 0; i < max; ++i) {
 420                if (!(mask & (1 << i)))
 421                        continue;
 422                res = snprintf(p, size, "%s%s", np ? "/" : "", names[i]);
 423                if (res > 0) {
 424                        size -= res;
 425                        p += res;
 426                }
 427                np = true;
 428        }
 429
 430        return buf;
 431}
 432
 433/**
 434 * xt_check_proc_name - check that name is suitable for /proc file creation
 435 *
 436 * @name: file name candidate
 437 * @size: length of buffer
 438 *
 439 * some x_tables modules wish to create a file in /proc.
 440 * This function makes sure that the name is suitable for this
 441 * purpose, it checks that name is NUL terminated and isn't a 'special'
 442 * name, like "..".
 443 *
 444 * returns negative number on error or 0 if name is useable.
 445 */
 446int xt_check_proc_name(const char *name, unsigned int size)
 447{
 448        if (name[0] == '\0')
 449                return -EINVAL;
 450
 451        if (strnlen(name, size) == size)
 452                return -ENAMETOOLONG;
 453
 454        if (strcmp(name, ".") == 0 ||
 455            strcmp(name, "..") == 0 ||
 456            strchr(name, '/'))
 457                return -EINVAL;
 458
 459        return 0;
 460}
 461EXPORT_SYMBOL(xt_check_proc_name);
 462
 463int xt_check_match(struct xt_mtchk_param *par,
 464                   unsigned int size, u_int8_t proto, bool inv_proto)
 465{
 466        int ret;
 467
 468        if (XT_ALIGN(par->match->matchsize) != size &&
 469            par->match->matchsize != -1) {
 470                /*
 471                 * ebt_among is exempt from centralized matchsize checking
 472                 * because it uses a dynamic-size data set.
 473                 */
 474                pr_err_ratelimited("%s_tables: %s.%u match: invalid size %u (kernel) != (user) %u\n",
 475                                   xt_prefix[par->family], par->match->name,
 476                                   par->match->revision,
 477                                   XT_ALIGN(par->match->matchsize), size);
 478                return -EINVAL;
 479        }
 480        if (par->match->table != NULL &&
 481            strcmp(par->match->table, par->table) != 0) {
 482                pr_info_ratelimited("%s_tables: %s match: only valid in %s table, not %s\n",
 483                                    xt_prefix[par->family], par->match->name,
 484                                    par->match->table, par->table);
 485                return -EINVAL;
 486        }
 487        if (par->match->hooks && (par->hook_mask & ~par->match->hooks) != 0) {
 488                char used[64], allow[64];
 489
 490                pr_info_ratelimited("%s_tables: %s match: used from hooks %s, but only valid from %s\n",
 491                                    xt_prefix[par->family], par->match->name,
 492                                    textify_hooks(used, sizeof(used),
 493                                                  par->hook_mask, par->family),
 494                                    textify_hooks(allow, sizeof(allow),
 495                                                  par->match->hooks,
 496                                                  par->family));
 497                return -EINVAL;
 498        }
 499        if (par->match->proto && (par->match->proto != proto || inv_proto)) {
 500                pr_info_ratelimited("%s_tables: %s match: only valid for protocol %u\n",
 501                                    xt_prefix[par->family], par->match->name,
 502                                    par->match->proto);
 503                return -EINVAL;
 504        }
 505        if (par->match->checkentry != NULL) {
 506                ret = par->match->checkentry(par);
 507                if (ret < 0)
 508                        return ret;
 509                else if (ret > 0)
 510                        /* Flag up potential errors. */
 511                        return -EIO;
 512        }
 513        return 0;
 514}
 515EXPORT_SYMBOL_GPL(xt_check_match);
 516
 517/** xt_check_entry_match - check that matches end before start of target
 518 *
 519 * @match: beginning of xt_entry_match
 520 * @target: beginning of this rules target (alleged end of matches)
 521 * @alignment: alignment requirement of match structures
 522 *
 523 * Validates that all matches add up to the beginning of the target,
 524 * and that each match covers at least the base structure size.
 525 *
 526 * Return: 0 on success, negative errno on failure.
 527 */
 528static int xt_check_entry_match(const char *match, const char *target,
 529                                const size_t alignment)
 530{
 531        const struct xt_entry_match *pos;
 532        int length = target - match;
 533
 534        if (length == 0) /* no matches */
 535                return 0;
 536
 537        pos = (struct xt_entry_match *)match;
 538        do {
 539                if ((unsigned long)pos % alignment)
 540                        return -EINVAL;
 541
 542                if (length < (int)sizeof(struct xt_entry_match))
 543                        return -EINVAL;
 544
 545                if (pos->u.match_size < sizeof(struct xt_entry_match))
 546                        return -EINVAL;
 547
 548                if (pos->u.match_size > length)
 549                        return -EINVAL;
 550
 551                length -= pos->u.match_size;
 552                pos = ((void *)((char *)(pos) + (pos)->u.match_size));
 553        } while (length > 0);
 554
 555        return 0;
 556}
 557
 558/** xt_check_table_hooks - check hook entry points are sane
 559 *
 560 * @info xt_table_info to check
 561 * @valid_hooks - hook entry points that we can enter from
 562 *
 563 * Validates that the hook entry and underflows points are set up.
 564 *
 565 * Return: 0 on success, negative errno on failure.
 566 */
 567int xt_check_table_hooks(const struct xt_table_info *info, unsigned int valid_hooks)
 568{
 569        const char *err = "unsorted underflow";
 570        unsigned int i, max_uflow, max_entry;
 571        bool check_hooks = false;
 572
 573        BUILD_BUG_ON(ARRAY_SIZE(info->hook_entry) != ARRAY_SIZE(info->underflow));
 574
 575        max_entry = 0;
 576        max_uflow = 0;
 577
 578        for (i = 0; i < ARRAY_SIZE(info->hook_entry); i++) {
 579                if (!(valid_hooks & (1 << i)))
 580                        continue;
 581
 582                if (info->hook_entry[i] == 0xFFFFFFFF)
 583                        return -EINVAL;
 584                if (info->underflow[i] == 0xFFFFFFFF)
 585                        return -EINVAL;
 586
 587                if (check_hooks) {
 588                        if (max_uflow > info->underflow[i])
 589                                goto error;
 590
 591                        if (max_uflow == info->underflow[i]) {
 592                                err = "duplicate underflow";
 593                                goto error;
 594                        }
 595                        if (max_entry > info->hook_entry[i]) {
 596                                err = "unsorted entry";
 597                                goto error;
 598                        }
 599                        if (max_entry == info->hook_entry[i]) {
 600                                err = "duplicate entry";
 601                                goto error;
 602                        }
 603                }
 604                max_entry = info->hook_entry[i];
 605                max_uflow = info->underflow[i];
 606                check_hooks = true;
 607        }
 608
 609        return 0;
 610error:
 611        pr_err_ratelimited("%s at hook %d\n", err, i);
 612        return -EINVAL;
 613}
 614EXPORT_SYMBOL(xt_check_table_hooks);
 615
 616static bool verdict_ok(int verdict)
 617{
 618        if (verdict > 0)
 619                return true;
 620
 621        if (verdict < 0) {
 622                int v = -verdict - 1;
 623
 624                if (verdict == XT_RETURN)
 625                        return true;
 626
 627                switch (v) {
 628                case NF_ACCEPT: return true;
 629                case NF_DROP: return true;
 630                case NF_QUEUE: return true;
 631                default:
 632                        break;
 633                }
 634
 635                return false;
 636        }
 637
 638        return false;
 639}
 640
 641static bool error_tg_ok(unsigned int usersize, unsigned int kernsize,
 642                        const char *msg, unsigned int msglen)
 643{
 644        return usersize == kernsize && strnlen(msg, msglen) < msglen;
 645}
 646
 647#ifdef CONFIG_COMPAT
 648int xt_compat_add_offset(u_int8_t af, unsigned int offset, int delta)
 649{
 650        struct xt_af *xp = &xt[af];
 651
 652        WARN_ON(!mutex_is_locked(&xt[af].compat_mutex));
 653
 654        if (WARN_ON(!xp->compat_tab))
 655                return -ENOMEM;
 656
 657        if (xp->cur >= xp->number)
 658                return -EINVAL;
 659
 660        if (xp->cur)
 661                delta += xp->compat_tab[xp->cur - 1].delta;
 662        xp->compat_tab[xp->cur].offset = offset;
 663        xp->compat_tab[xp->cur].delta = delta;
 664        xp->cur++;
 665        return 0;
 666}
 667EXPORT_SYMBOL_GPL(xt_compat_add_offset);
 668
 669void xt_compat_flush_offsets(u_int8_t af)
 670{
 671        WARN_ON(!mutex_is_locked(&xt[af].compat_mutex));
 672
 673        if (xt[af].compat_tab) {
 674                vfree(xt[af].compat_tab);
 675                xt[af].compat_tab = NULL;
 676                xt[af].number = 0;
 677                xt[af].cur = 0;
 678        }
 679}
 680EXPORT_SYMBOL_GPL(xt_compat_flush_offsets);
 681
 682int xt_compat_calc_jump(u_int8_t af, unsigned int offset)
 683{
 684        struct compat_delta *tmp = xt[af].compat_tab;
 685        int mid, left = 0, right = xt[af].cur - 1;
 686
 687        while (left <= right) {
 688                mid = (left + right) >> 1;
 689                if (offset > tmp[mid].offset)
 690                        left = mid + 1;
 691                else if (offset < tmp[mid].offset)
 692                        right = mid - 1;
 693                else
 694                        return mid ? tmp[mid - 1].delta : 0;
 695        }
 696        return left ? tmp[left - 1].delta : 0;
 697}
 698EXPORT_SYMBOL_GPL(xt_compat_calc_jump);
 699
 700int xt_compat_init_offsets(u8 af, unsigned int number)
 701{
 702        size_t mem;
 703
 704        WARN_ON(!mutex_is_locked(&xt[af].compat_mutex));
 705
 706        if (!number || number > (INT_MAX / sizeof(struct compat_delta)))
 707                return -EINVAL;
 708
 709        if (WARN_ON(xt[af].compat_tab))
 710                return -EINVAL;
 711
 712        mem = sizeof(struct compat_delta) * number;
 713        if (mem > XT_MAX_TABLE_SIZE)
 714                return -ENOMEM;
 715
 716        xt[af].compat_tab = vmalloc(mem);
 717        if (!xt[af].compat_tab)
 718                return -ENOMEM;
 719
 720        xt[af].number = number;
 721        xt[af].cur = 0;
 722
 723        return 0;
 724}
 725EXPORT_SYMBOL(xt_compat_init_offsets);
 726
 727int xt_compat_match_offset(const struct xt_match *match)
 728{
 729        u_int16_t csize = match->compatsize ? : match->matchsize;
 730        return XT_ALIGN(match->matchsize) - COMPAT_XT_ALIGN(csize);
 731}
 732EXPORT_SYMBOL_GPL(xt_compat_match_offset);
 733
 734void xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr,
 735                               unsigned int *size)
 736{
 737        const struct xt_match *match = m->u.kernel.match;
 738        struct compat_xt_entry_match *cm = (struct compat_xt_entry_match *)m;
 739        int pad, off = xt_compat_match_offset(match);
 740        u_int16_t msize = cm->u.user.match_size;
 741        char name[sizeof(m->u.user.name)];
 742
 743        m = *dstptr;
 744        memcpy(m, cm, sizeof(*cm));
 745        if (match->compat_from_user)
 746                match->compat_from_user(m->data, cm->data);
 747        else
 748                memcpy(m->data, cm->data, msize - sizeof(*cm));
 749        pad = XT_ALIGN(match->matchsize) - match->matchsize;
 750        if (pad > 0)
 751                memset(m->data + match->matchsize, 0, pad);
 752
 753        msize += off;
 754        m->u.user.match_size = msize;
 755        strlcpy(name, match->name, sizeof(name));
 756        module_put(match->me);
 757        strncpy(m->u.user.name, name, sizeof(m->u.user.name));
 758
 759        *size += off;
 760        *dstptr += msize;
 761}
 762EXPORT_SYMBOL_GPL(xt_compat_match_from_user);
 763
 764#define COMPAT_XT_DATA_TO_USER(U, K, TYPE, C_SIZE)                      \
 765        xt_data_to_user(U->data, K->data,                               \
 766                        K->u.kernel.TYPE->usersize,                     \
 767                        C_SIZE,                                         \
 768                        COMPAT_XT_ALIGN(C_SIZE))
 769
 770int xt_compat_match_to_user(const struct xt_entry_match *m,
 771                            void __user **dstptr, unsigned int *size)
 772{
 773        const struct xt_match *match = m->u.kernel.match;
 774        struct compat_xt_entry_match __user *cm = *dstptr;
 775        int off = xt_compat_match_offset(match);
 776        u_int16_t msize = m->u.user.match_size - off;
 777
 778        if (XT_OBJ_TO_USER(cm, m, match, msize))
 779                return -EFAULT;
 780
 781        if (match->compat_to_user) {
 782                if (match->compat_to_user((void __user *)cm->data, m->data))
 783                        return -EFAULT;
 784        } else {
 785                if (COMPAT_XT_DATA_TO_USER(cm, m, match, msize - sizeof(*cm)))
 786                        return -EFAULT;
 787        }
 788
 789        *size -= off;
 790        *dstptr += msize;
 791        return 0;
 792}
 793EXPORT_SYMBOL_GPL(xt_compat_match_to_user);
 794
 795/* non-compat version may have padding after verdict */
 796struct compat_xt_standard_target {
 797        struct compat_xt_entry_target t;
 798        compat_uint_t verdict;
 799};
 800
 801struct compat_xt_error_target {
 802        struct compat_xt_entry_target t;
 803        char errorname[XT_FUNCTION_MAXNAMELEN];
 804};
 805
 806int xt_compat_check_entry_offsets(const void *base, const char *elems,
 807                                  unsigned int target_offset,
 808                                  unsigned int next_offset)
 809{
 810        long size_of_base_struct = elems - (const char *)base;
 811        const struct compat_xt_entry_target *t;
 812        const char *e = base;
 813
 814        if (target_offset < size_of_base_struct)
 815                return -EINVAL;
 816
 817        if (target_offset + sizeof(*t) > next_offset)
 818                return -EINVAL;
 819
 820        t = (void *)(e + target_offset);
 821        if (t->u.target_size < sizeof(*t))
 822                return -EINVAL;
 823
 824        if (target_offset + t->u.target_size > next_offset)
 825                return -EINVAL;
 826
 827        if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) {
 828                const struct compat_xt_standard_target *st = (const void *)t;
 829
 830                if (COMPAT_XT_ALIGN(target_offset + sizeof(*st)) != next_offset)
 831                        return -EINVAL;
 832
 833                if (!verdict_ok(st->verdict))
 834                        return -EINVAL;
 835        } else if (strcmp(t->u.user.name, XT_ERROR_TARGET) == 0) {
 836                const struct compat_xt_error_target *et = (const void *)t;
 837
 838                if (!error_tg_ok(t->u.target_size, sizeof(*et),
 839                                 et->errorname, sizeof(et->errorname)))
 840                        return -EINVAL;
 841        }
 842
 843        /* compat_xt_entry match has less strict alignment requirements,
 844         * otherwise they are identical.  In case of padding differences
 845         * we need to add compat version of xt_check_entry_match.
 846         */
 847        BUILD_BUG_ON(sizeof(struct compat_xt_entry_match) != sizeof(struct xt_entry_match));
 848
 849        return xt_check_entry_match(elems, base + target_offset,
 850                                    __alignof__(struct compat_xt_entry_match));
 851}
 852EXPORT_SYMBOL(xt_compat_check_entry_offsets);
 853#endif /* CONFIG_COMPAT */
 854
 855/**
 856 * xt_check_entry_offsets - validate arp/ip/ip6t_entry
 857 *
 858 * @base: pointer to arp/ip/ip6t_entry
 859 * @elems: pointer to first xt_entry_match, i.e. ip(6)t_entry->elems
 860 * @target_offset: the arp/ip/ip6_t->target_offset
 861 * @next_offset: the arp/ip/ip6_t->next_offset
 862 *
 863 * validates that target_offset and next_offset are sane and that all
 864 * match sizes (if any) align with the target offset.
 865 *
 866 * This function does not validate the targets or matches themselves, it
 867 * only tests that all the offsets and sizes are correct, that all
 868 * match structures are aligned, and that the last structure ends where
 869 * the target structure begins.
 870 *
 871 * Also see xt_compat_check_entry_offsets for CONFIG_COMPAT version.
 872 *
 873 * The arp/ip/ip6t_entry structure @base must have passed following tests:
 874 * - it must point to a valid memory location
 875 * - base to base + next_offset must be accessible, i.e. not exceed allocated
 876 *   length.
 877 *
 878 * A well-formed entry looks like this:
 879 *
 880 * ip(6)t_entry   match [mtdata]  match [mtdata] target [tgdata] ip(6)t_entry
 881 * e->elems[]-----'                              |               |
 882 *                matchsize                      |               |
 883 *                                matchsize      |               |
 884 *                                               |               |
 885 * target_offset---------------------------------'               |
 886 * next_offset---------------------------------------------------'
 887 *
 888 * elems[]: flexible array member at end of ip(6)/arpt_entry struct.
 889 *          This is where matches (if any) and the target reside.
 890 * target_offset: beginning of target.
 891 * next_offset: start of the next rule; also: size of this rule.
 892 * Since targets have a minimum size, target_offset + minlen <= next_offset.
 893 *
 894 * Every match stores its size, sum of sizes must not exceed target_offset.
 895 *
 896 * Return: 0 on success, negative errno on failure.
 897 */
 898int xt_check_entry_offsets(const void *base,
 899                           const char *elems,
 900                           unsigned int target_offset,
 901                           unsigned int next_offset)
 902{
 903        long size_of_base_struct = elems - (const char *)base;
 904        const struct xt_entry_target *t;
 905        const char *e = base;
 906
 907        /* target start is within the ip/ip6/arpt_entry struct */
 908        if (target_offset < size_of_base_struct)
 909                return -EINVAL;
 910
 911        if (target_offset + sizeof(*t) > next_offset)
 912                return -EINVAL;
 913
 914        t = (void *)(e + target_offset);
 915        if (t->u.target_size < sizeof(*t))
 916                return -EINVAL;
 917
 918        if (target_offset + t->u.target_size > next_offset)
 919                return -EINVAL;
 920
 921        if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) {
 922                const struct xt_standard_target *st = (const void *)t;
 923
 924                if (XT_ALIGN(target_offset + sizeof(*st)) != next_offset)
 925                        return -EINVAL;
 926
 927                if (!verdict_ok(st->verdict))
 928                        return -EINVAL;
 929        } else if (strcmp(t->u.user.name, XT_ERROR_TARGET) == 0) {
 930                const struct xt_error_target *et = (const void *)t;
 931
 932                if (!error_tg_ok(t->u.target_size, sizeof(*et),
 933                                 et->errorname, sizeof(et->errorname)))
 934                        return -EINVAL;
 935        }
 936
 937        return xt_check_entry_match(elems, base + target_offset,
 938                                    __alignof__(struct xt_entry_match));
 939}
 940EXPORT_SYMBOL(xt_check_entry_offsets);
 941
 942/**
 943 * xt_alloc_entry_offsets - allocate array to store rule head offsets
 944 *
 945 * @size: number of entries
 946 *
 947 * Return: NULL or kmalloc'd or vmalloc'd array
 948 */
 949unsigned int *xt_alloc_entry_offsets(unsigned int size)
 950{
 951        if (size > XT_MAX_TABLE_SIZE / sizeof(unsigned int))
 952                return NULL;
 953
 954        return kvmalloc_array(size, sizeof(unsigned int), GFP_KERNEL | __GFP_ZERO);
 955
 956}
 957EXPORT_SYMBOL(xt_alloc_entry_offsets);
 958
 959/**
 960 * xt_find_jump_offset - check if target is a valid jump offset
 961 *
 962 * @offsets: array containing all valid rule start offsets of a rule blob
 963 * @target: the jump target to search for
 964 * @size: entries in @offset
 965 */
 966bool xt_find_jump_offset(const unsigned int *offsets,
 967                         unsigned int target, unsigned int size)
 968{
 969        int m, low = 0, hi = size;
 970
 971        while (hi > low) {
 972                m = (low + hi) / 2u;
 973
 974                if (offsets[m] > target)
 975                        hi = m;
 976                else if (offsets[m] < target)
 977                        low = m + 1;
 978                else
 979                        return true;
 980        }
 981
 982        return false;
 983}
 984EXPORT_SYMBOL(xt_find_jump_offset);
 985
 986int xt_check_target(struct xt_tgchk_param *par,
 987                    unsigned int size, u_int8_t proto, bool inv_proto)
 988{
 989        int ret;
 990
 991        if (XT_ALIGN(par->target->targetsize) != size) {
 992                pr_err_ratelimited("%s_tables: %s.%u target: invalid size %u (kernel) != (user) %u\n",
 993                                   xt_prefix[par->family], par->target->name,
 994                                   par->target->revision,
 995                                   XT_ALIGN(par->target->targetsize), size);
 996                return -EINVAL;
 997        }
 998        if (par->target->table != NULL &&
 999            strcmp(par->target->table, par->table) != 0) {
1000                pr_info_ratelimited("%s_tables: %s target: only valid in %s table, not %s\n",
1001                                    xt_prefix[par->family], par->target->name,
1002                                    par->target->table, par->table);
1003                return -EINVAL;
1004        }
1005        if (par->target->hooks && (par->hook_mask & ~par->target->hooks) != 0) {
1006                char used[64], allow[64];
1007
1008                pr_info_ratelimited("%s_tables: %s target: used from hooks %s, but only usable from %s\n",
1009                                    xt_prefix[par->family], par->target->name,
1010                                    textify_hooks(used, sizeof(used),
1011                                                  par->hook_mask, par->family),
1012                                    textify_hooks(allow, sizeof(allow),
1013                                                  par->target->hooks,
1014                                                  par->family));
1015                return -EINVAL;
1016        }
1017        if (par->target->proto && (par->target->proto != proto || inv_proto)) {
1018                pr_info_ratelimited("%s_tables: %s target: only valid for protocol %u\n",
1019                                    xt_prefix[par->family], par->target->name,
1020                                    par->target->proto);
1021                return -EINVAL;
1022        }
1023        if (par->target->checkentry != NULL) {
1024                ret = par->target->checkentry(par);
1025                if (ret < 0)
1026                        return ret;
1027                else if (ret > 0)
1028                        /* Flag up potential errors. */
1029                        return -EIO;
1030        }
1031        return 0;
1032}
1033EXPORT_SYMBOL_GPL(xt_check_target);
1034
1035/**
1036 * xt_copy_counters_from_user - copy counters and metadata from userspace
1037 *
1038 * @user: src pointer to userspace memory
1039 * @len: alleged size of userspace memory
1040 * @info: where to store the xt_counters_info metadata
1041 * @compat: true if we setsockopt call is done by 32bit task on 64bit kernel
1042 *
1043 * Copies counter meta data from @user and stores it in @info.
1044 *
1045 * vmallocs memory to hold the counters, then copies the counter data
1046 * from @user to the new memory and returns a pointer to it.
1047 *
1048 * If @compat is true, @info gets converted automatically to the 64bit
1049 * representation.
1050 *
1051 * The metadata associated with the counters is stored in @info.
1052 *
1053 * Return: returns pointer that caller has to test via IS_ERR().
1054 * If IS_ERR is false, caller has to vfree the pointer.
1055 */
1056void *xt_copy_counters_from_user(const void __user *user, unsigned int len,
1057                                 struct xt_counters_info *info, bool compat)
1058{
1059        void *mem;
1060        u64 size;
1061
1062#ifdef CONFIG_COMPAT
1063        if (compat) {
1064                /* structures only differ in size due to alignment */
1065                struct compat_xt_counters_info compat_tmp;
1066
1067                if (len <= sizeof(compat_tmp))
1068                        return ERR_PTR(-EINVAL);
1069
1070                len -= sizeof(compat_tmp);
1071                if (copy_from_user(&compat_tmp, user, sizeof(compat_tmp)) != 0)
1072                        return ERR_PTR(-EFAULT);
1073
1074                memcpy(info->name, compat_tmp.name, sizeof(info->name) - 1);
1075                info->num_counters = compat_tmp.num_counters;
1076                user += sizeof(compat_tmp);
1077        } else
1078#endif
1079        {
1080                if (len <= sizeof(*info))
1081                        return ERR_PTR(-EINVAL);
1082
1083                len -= sizeof(*info);
1084                if (copy_from_user(info, user, sizeof(*info)) != 0)
1085                        return ERR_PTR(-EFAULT);
1086
1087                user += sizeof(*info);
1088        }
1089        info->name[sizeof(info->name) - 1] = '\0';
1090
1091        size = sizeof(struct xt_counters);
1092        size *= info->num_counters;
1093
1094        if (size != (u64)len)
1095                return ERR_PTR(-EINVAL);
1096
1097        mem = vmalloc(len);
1098        if (!mem)
1099                return ERR_PTR(-ENOMEM);
1100
1101        if (copy_from_user(mem, user, len) == 0)
1102                return mem;
1103
1104        vfree(mem);
1105        return ERR_PTR(-EFAULT);
1106}
1107EXPORT_SYMBOL_GPL(xt_copy_counters_from_user);
1108
1109#ifdef CONFIG_COMPAT
1110int xt_compat_target_offset(const struct xt_target *target)
1111{
1112        u_int16_t csize = target->compatsize ? : target->targetsize;
1113        return XT_ALIGN(target->targetsize) - COMPAT_XT_ALIGN(csize);
1114}
1115EXPORT_SYMBOL_GPL(xt_compat_target_offset);
1116
1117void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr,
1118                                unsigned int *size)
1119{
1120        const struct xt_target *target = t->u.kernel.target;
1121        struct compat_xt_entry_target *ct = (struct compat_xt_entry_target *)t;
1122        int pad, off = xt_compat_target_offset(target);
1123        u_int16_t tsize = ct->u.user.target_size;
1124        char name[sizeof(t->u.user.name)];
1125
1126        t = *dstptr;
1127        memcpy(t, ct, sizeof(*ct));
1128        if (target->compat_from_user)
1129                target->compat_from_user(t->data, ct->data);
1130        else
1131                memcpy(t->data, ct->data, tsize - sizeof(*ct));
1132        pad = XT_ALIGN(target->targetsize) - target->targetsize;
1133        if (pad > 0)
1134                memset(t->data + target->targetsize, 0, pad);
1135
1136        tsize += off;
1137        t->u.user.target_size = tsize;
1138        strlcpy(name, target->name, sizeof(name));
1139        module_put(target->me);
1140        strncpy(t->u.user.name, name, sizeof(t->u.user.name));
1141
1142        *size += off;
1143        *dstptr += tsize;
1144}
1145EXPORT_SYMBOL_GPL(xt_compat_target_from_user);
1146
1147int xt_compat_target_to_user(const struct xt_entry_target *t,
1148                             void __user **dstptr, unsigned int *size)
1149{
1150        const struct xt_target *target = t->u.kernel.target;
1151        struct compat_xt_entry_target __user *ct = *dstptr;
1152        int off = xt_compat_target_offset(target);
1153        u_int16_t tsize = t->u.user.target_size - off;
1154
1155        if (XT_OBJ_TO_USER(ct, t, target, tsize))
1156                return -EFAULT;
1157
1158        if (target->compat_to_user) {
1159                if (target->compat_to_user((void __user *)ct->data, t->data))
1160                        return -EFAULT;
1161        } else {
1162                if (COMPAT_XT_DATA_TO_USER(ct, t, target, tsize - sizeof(*ct)))
1163                        return -EFAULT;
1164        }
1165
1166        *size -= off;
1167        *dstptr += tsize;
1168        return 0;
1169}
1170EXPORT_SYMBOL_GPL(xt_compat_target_to_user);
1171#endif
1172
1173struct xt_table_info *xt_alloc_table_info(unsigned int size)
1174{
1175        struct xt_table_info *info = NULL;
1176        size_t sz = sizeof(*info) + size;
1177
1178        if (sz < sizeof(*info) || sz >= XT_MAX_TABLE_SIZE)
1179                return NULL;
1180
1181        /* __GFP_NORETRY is not fully supported by kvmalloc but it should
1182         * work reasonably well if sz is too large and bail out rather
1183         * than shoot all processes down before realizing there is nothing
1184         * more to reclaim.
1185         */
1186        info = kvmalloc(sz, GFP_KERNEL | __GFP_NORETRY);
1187        if (!info)
1188                return NULL;
1189
1190        memset(info, 0, sizeof(*info));
1191        info->size = size;
1192        return info;
1193}
1194EXPORT_SYMBOL(xt_alloc_table_info);
1195
1196void xt_free_table_info(struct xt_table_info *info)
1197{
1198        int cpu;
1199
1200        if (info->jumpstack != NULL) {
1201                for_each_possible_cpu(cpu)
1202                        kvfree(info->jumpstack[cpu]);
1203                kvfree(info->jumpstack);
1204        }
1205
1206        kvfree(info);
1207}
1208EXPORT_SYMBOL(xt_free_table_info);
1209
1210/* Find table by name, grabs mutex & ref.  Returns ERR_PTR on error. */
1211struct xt_table *xt_find_table_lock(struct net *net, u_int8_t af,
1212                                    const char *name)
1213{
1214        struct xt_table *t, *found = NULL;
1215
1216        mutex_lock(&xt[af].mutex);
1217        list_for_each_entry(t, &net->xt.tables[af], list)
1218                if (strcmp(t->name, name) == 0 && try_module_get(t->me))
1219                        return t;
1220
1221        if (net == &init_net)
1222                goto out;
1223
1224        /* Table doesn't exist in this netns, re-try init */
1225        list_for_each_entry(t, &init_net.xt.tables[af], list) {
1226                int err;
1227
1228                if (strcmp(t->name, name))
1229                        continue;
1230                if (!try_module_get(t->me))
1231                        goto out;
1232                mutex_unlock(&xt[af].mutex);
1233                err = t->table_init(net);
1234                if (err < 0) {
1235                        module_put(t->me);
1236                        return ERR_PTR(err);
1237                }
1238
1239                found = t;
1240
1241                mutex_lock(&xt[af].mutex);
1242                break;
1243        }
1244
1245        if (!found)
1246                goto out;
1247
1248        /* and once again: */
1249        list_for_each_entry(t, &net->xt.tables[af], list)
1250                if (strcmp(t->name, name) == 0)
1251                        return t;
1252
1253        module_put(found->me);
1254 out:
1255        mutex_unlock(&xt[af].mutex);
1256        return ERR_PTR(-ENOENT);
1257}
1258EXPORT_SYMBOL_GPL(xt_find_table_lock);
1259
1260struct xt_table *xt_request_find_table_lock(struct net *net, u_int8_t af,
1261                                            const char *name)
1262{
1263        struct xt_table *t = xt_find_table_lock(net, af, name);
1264
1265#ifdef CONFIG_MODULES
1266        if (IS_ERR(t)) {
1267                int err = request_module("%stable_%s", xt_prefix[af], name);
1268                if (err < 0)
1269                        return ERR_PTR(err);
1270                t = xt_find_table_lock(net, af, name);
1271        }
1272#endif
1273
1274        return t;
1275}
1276EXPORT_SYMBOL_GPL(xt_request_find_table_lock);
1277
1278void xt_table_unlock(struct xt_table *table)
1279{
1280        mutex_unlock(&xt[table->af].mutex);
1281}
1282EXPORT_SYMBOL_GPL(xt_table_unlock);
1283
1284#ifdef CONFIG_COMPAT
1285void xt_compat_lock(u_int8_t af)
1286{
1287        mutex_lock(&xt[af].compat_mutex);
1288}
1289EXPORT_SYMBOL_GPL(xt_compat_lock);
1290
1291void xt_compat_unlock(u_int8_t af)
1292{
1293        mutex_unlock(&xt[af].compat_mutex);
1294}
1295EXPORT_SYMBOL_GPL(xt_compat_unlock);
1296#endif
1297
1298DEFINE_PER_CPU(seqcount_t, xt_recseq);
1299EXPORT_PER_CPU_SYMBOL_GPL(xt_recseq);
1300
1301struct static_key xt_tee_enabled __read_mostly;
1302EXPORT_SYMBOL_GPL(xt_tee_enabled);
1303
1304static int xt_jumpstack_alloc(struct xt_table_info *i)
1305{
1306        unsigned int size;
1307        int cpu;
1308
1309        size = sizeof(void **) * nr_cpu_ids;
1310        if (size > PAGE_SIZE)
1311                i->jumpstack = kvzalloc(size, GFP_KERNEL);
1312        else
1313                i->jumpstack = kzalloc(size, GFP_KERNEL);
1314        if (i->jumpstack == NULL)
1315                return -ENOMEM;
1316
1317        /* ruleset without jumps -- no stack needed */
1318        if (i->stacksize == 0)
1319                return 0;
1320
1321        /* Jumpstack needs to be able to record two full callchains, one
1322         * from the first rule set traversal, plus one table reentrancy
1323         * via -j TEE without clobbering the callchain that brought us to
1324         * TEE target.
1325         *
1326         * This is done by allocating two jumpstacks per cpu, on reentry
1327         * the upper half of the stack is used.
1328         *
1329         * see the jumpstack setup in ipt_do_table() for more details.
1330         */
1331        size = sizeof(void *) * i->stacksize * 2u;
1332        for_each_possible_cpu(cpu) {
1333                i->jumpstack[cpu] = kvmalloc_node(size, GFP_KERNEL,
1334                        cpu_to_node(cpu));
1335                if (i->jumpstack[cpu] == NULL)
1336                        /*
1337                         * Freeing will be done later on by the callers. The
1338                         * chain is: xt_replace_table -> __do_replace ->
1339                         * do_replace -> xt_free_table_info.
1340                         */
1341                        return -ENOMEM;
1342        }
1343
1344        return 0;
1345}
1346
1347struct xt_counters *xt_counters_alloc(unsigned int counters)
1348{
1349        struct xt_counters *mem;
1350
1351        if (counters == 0 || counters > INT_MAX / sizeof(*mem))
1352                return NULL;
1353
1354        counters *= sizeof(*mem);
1355        if (counters > XT_MAX_TABLE_SIZE)
1356                return NULL;
1357
1358        return vzalloc(counters);
1359}
1360EXPORT_SYMBOL(xt_counters_alloc);
1361
1362struct xt_table_info *
1363xt_replace_table(struct xt_table *table,
1364              unsigned int num_counters,
1365              struct xt_table_info *newinfo,
1366              int *error)
1367{
1368        struct xt_table_info *private;
1369        unsigned int cpu;
1370        int ret;
1371
1372        ret = xt_jumpstack_alloc(newinfo);
1373        if (ret < 0) {
1374                *error = ret;
1375                return NULL;
1376        }
1377
1378        /* Do the substitution. */
1379        local_bh_disable();
1380        private = table->private;
1381
1382        /* Check inside lock: is the old number correct? */
1383        if (num_counters != private->number) {
1384                pr_debug("num_counters != table->private->number (%u/%u)\n",
1385                         num_counters, private->number);
1386                local_bh_enable();
1387                *error = -EAGAIN;
1388                return NULL;
1389        }
1390
1391        newinfo->initial_entries = private->initial_entries;
1392        /*
1393         * Ensure contents of newinfo are visible before assigning to
1394         * private.
1395         */
1396        smp_wmb();
1397        table->private = newinfo;
1398
1399        /* make sure all cpus see new ->private value */
1400        smp_wmb();
1401
1402        /*
1403         * Even though table entries have now been swapped, other CPU's
1404         * may still be using the old entries...
1405         */
1406        local_bh_enable();
1407
1408        /* ... so wait for even xt_recseq on all cpus */
1409        for_each_possible_cpu(cpu) {
1410                seqcount_t *s = &per_cpu(xt_recseq, cpu);
1411                u32 seq = raw_read_seqcount(s);
1412
1413                if (seq & 1) {
1414                        do {
1415                                cond_resched();
1416                                cpu_relax();
1417                        } while (seq == raw_read_seqcount(s));
1418                }
1419        }
1420
1421#ifdef CONFIG_AUDIT
1422        if (audit_enabled) {
1423                audit_log(audit_context(), GFP_KERNEL,
1424                          AUDIT_NETFILTER_CFG,
1425                          "table=%s family=%u entries=%u",
1426                          table->name, table->af, private->number);
1427        }
1428#endif
1429
1430        return private;
1431}
1432EXPORT_SYMBOL_GPL(xt_replace_table);
1433
1434struct xt_table *xt_register_table(struct net *net,
1435                                   const struct xt_table *input_table,
1436                                   struct xt_table_info *bootstrap,
1437                                   struct xt_table_info *newinfo)
1438{
1439        int ret;
1440        struct xt_table_info *private;
1441        struct xt_table *t, *table;
1442
1443        /* Don't add one object to multiple lists. */
1444        table = kmemdup(input_table, sizeof(struct xt_table), GFP_KERNEL);
1445        if (!table) {
1446                ret = -ENOMEM;
1447                goto out;
1448        }
1449
1450        mutex_lock(&xt[table->af].mutex);
1451        /* Don't autoload: we'd eat our tail... */
1452        list_for_each_entry(t, &net->xt.tables[table->af], list) {
1453                if (strcmp(t->name, table->name) == 0) {
1454                        ret = -EEXIST;
1455                        goto unlock;
1456                }
1457        }
1458
1459        /* Simplifies replace_table code. */
1460        table->private = bootstrap;
1461
1462        if (!xt_replace_table(table, 0, newinfo, &ret))
1463                goto unlock;
1464
1465        private = table->private;
1466        pr_debug("table->private->number = %u\n", private->number);
1467
1468        /* save number of initial entries */
1469        private->initial_entries = private->number;
1470
1471        list_add(&table->list, &net->xt.tables[table->af]);
1472        mutex_unlock(&xt[table->af].mutex);
1473        return table;
1474
1475unlock:
1476        mutex_unlock(&xt[table->af].mutex);
1477        kfree(table);
1478out:
1479        return ERR_PTR(ret);
1480}
1481EXPORT_SYMBOL_GPL(xt_register_table);
1482
1483void *xt_unregister_table(struct xt_table *table)
1484{
1485        struct xt_table_info *private;
1486
1487        mutex_lock(&xt[table->af].mutex);
1488        private = table->private;
1489        list_del(&table->list);
1490        mutex_unlock(&xt[table->af].mutex);
1491        kfree(table);
1492
1493        return private;
1494}
1495EXPORT_SYMBOL_GPL(xt_unregister_table);
1496
1497#ifdef CONFIG_PROC_FS
1498static void *xt_table_seq_start(struct seq_file *seq, loff_t *pos)
1499{
1500        struct net *net = seq_file_net(seq);
1501        u_int8_t af = (unsigned long)PDE_DATA(file_inode(seq->file));
1502
1503        mutex_lock(&xt[af].mutex);
1504        return seq_list_start(&net->xt.tables[af], *pos);
1505}
1506
1507static void *xt_table_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1508{
1509        struct net *net = seq_file_net(seq);
1510        u_int8_t af = (unsigned long)PDE_DATA(file_inode(seq->file));
1511
1512        return seq_list_next(v, &net->xt.tables[af], pos);
1513}
1514
1515static void xt_table_seq_stop(struct seq_file *seq, void *v)
1516{
1517        u_int8_t af = (unsigned long)PDE_DATA(file_inode(seq->file));
1518
1519        mutex_unlock(&xt[af].mutex);
1520}
1521
1522static int xt_table_seq_show(struct seq_file *seq, void *v)
1523{
1524        struct xt_table *table = list_entry(v, struct xt_table, list);
1525
1526        if (*table->name)
1527                seq_printf(seq, "%s\n", table->name);
1528        return 0;
1529}
1530
1531static const struct seq_operations xt_table_seq_ops = {
1532        .start  = xt_table_seq_start,
1533        .next   = xt_table_seq_next,
1534        .stop   = xt_table_seq_stop,
1535        .show   = xt_table_seq_show,
1536};
1537
1538/*
1539 * Traverse state for ip{,6}_{tables,matches} for helping crossing
1540 * the multi-AF mutexes.
1541 */
1542struct nf_mttg_trav {
1543        struct list_head *head, *curr;
1544        uint8_t class;
1545};
1546
1547enum {
1548        MTTG_TRAV_INIT,
1549        MTTG_TRAV_NFP_UNSPEC,
1550        MTTG_TRAV_NFP_SPEC,
1551        MTTG_TRAV_DONE,
1552};
1553
1554static void *xt_mttg_seq_next(struct seq_file *seq, void *v, loff_t *ppos,
1555    bool is_target)
1556{
1557        static const uint8_t next_class[] = {
1558                [MTTG_TRAV_NFP_UNSPEC] = MTTG_TRAV_NFP_SPEC,
1559                [MTTG_TRAV_NFP_SPEC]   = MTTG_TRAV_DONE,
1560        };
1561        uint8_t nfproto = (unsigned long)PDE_DATA(file_inode(seq->file));
1562        struct nf_mttg_trav *trav = seq->private;
1563
1564        switch (trav->class) {
1565        case MTTG_TRAV_INIT:
1566                trav->class = MTTG_TRAV_NFP_UNSPEC;
1567                mutex_lock(&xt[NFPROTO_UNSPEC].mutex);
1568                trav->head = trav->curr = is_target ?
1569                        &xt[NFPROTO_UNSPEC].target : &xt[NFPROTO_UNSPEC].match;
1570                break;
1571        case MTTG_TRAV_NFP_UNSPEC:
1572                trav->curr = trav->curr->next;
1573                if (trav->curr != trav->head)
1574                        break;
1575                mutex_unlock(&xt[NFPROTO_UNSPEC].mutex);
1576                mutex_lock(&xt[nfproto].mutex);
1577                trav->head = trav->curr = is_target ?
1578                        &xt[nfproto].target : &xt[nfproto].match;
1579                trav->class = next_class[trav->class];
1580                break;
1581        case MTTG_TRAV_NFP_SPEC:
1582                trav->curr = trav->curr->next;
1583                if (trav->curr != trav->head)
1584                        break;
1585                /* fall through */
1586        default:
1587                return NULL;
1588        }
1589
1590        if (ppos != NULL)
1591                ++*ppos;
1592        return trav;
1593}
1594
1595static void *xt_mttg_seq_start(struct seq_file *seq, loff_t *pos,
1596    bool is_target)
1597{
1598        struct nf_mttg_trav *trav = seq->private;
1599        unsigned int j;
1600
1601        trav->class = MTTG_TRAV_INIT;
1602        for (j = 0; j < *pos; ++j)
1603                if (xt_mttg_seq_next(seq, NULL, NULL, is_target) == NULL)
1604                        return NULL;
1605        return trav;
1606}
1607
1608static void xt_mttg_seq_stop(struct seq_file *seq, void *v)
1609{
1610        uint8_t nfproto = (unsigned long)PDE_DATA(file_inode(seq->file));
1611        struct nf_mttg_trav *trav = seq->private;
1612
1613        switch (trav->class) {
1614        case MTTG_TRAV_NFP_UNSPEC:
1615                mutex_unlock(&xt[NFPROTO_UNSPEC].mutex);
1616                break;
1617        case MTTG_TRAV_NFP_SPEC:
1618                mutex_unlock(&xt[nfproto].mutex);
1619                break;
1620        }
1621}
1622
1623static void *xt_match_seq_start(struct seq_file *seq, loff_t *pos)
1624{
1625        return xt_mttg_seq_start(seq, pos, false);
1626}
1627
1628static void *xt_match_seq_next(struct seq_file *seq, void *v, loff_t *ppos)
1629{
1630        return xt_mttg_seq_next(seq, v, ppos, false);
1631}
1632
1633static int xt_match_seq_show(struct seq_file *seq, void *v)
1634{
1635        const struct nf_mttg_trav *trav = seq->private;
1636        const struct xt_match *match;
1637
1638        switch (trav->class) {
1639        case MTTG_TRAV_NFP_UNSPEC:
1640        case MTTG_TRAV_NFP_SPEC:
1641                if (trav->curr == trav->head)
1642                        return 0;
1643                match = list_entry(trav->curr, struct xt_match, list);
1644                if (*match->name)
1645                        seq_printf(seq, "%s\n", match->name);
1646        }
1647        return 0;
1648}
1649
1650static const struct seq_operations xt_match_seq_ops = {
1651        .start  = xt_match_seq_start,
1652        .next   = xt_match_seq_next,
1653        .stop   = xt_mttg_seq_stop,
1654        .show   = xt_match_seq_show,
1655};
1656
1657static void *xt_target_seq_start(struct seq_file *seq, loff_t *pos)
1658{
1659        return xt_mttg_seq_start(seq, pos, true);
1660}
1661
1662static void *xt_target_seq_next(struct seq_file *seq, void *v, loff_t *ppos)
1663{
1664        return xt_mttg_seq_next(seq, v, ppos, true);
1665}
1666
1667static int xt_target_seq_show(struct seq_file *seq, void *v)
1668{
1669        const struct nf_mttg_trav *trav = seq->private;
1670        const struct xt_target *target;
1671
1672        switch (trav->class) {
1673        case MTTG_TRAV_NFP_UNSPEC:
1674        case MTTG_TRAV_NFP_SPEC:
1675                if (trav->curr == trav->head)
1676                        return 0;
1677                target = list_entry(trav->curr, struct xt_target, list);
1678                if (*target->name)
1679                        seq_printf(seq, "%s\n", target->name);
1680        }
1681        return 0;
1682}
1683
1684static const struct seq_operations xt_target_seq_ops = {
1685        .start  = xt_target_seq_start,
1686        .next   = xt_target_seq_next,
1687        .stop   = xt_mttg_seq_stop,
1688        .show   = xt_target_seq_show,
1689};
1690
1691#define FORMAT_TABLES   "_tables_names"
1692#define FORMAT_MATCHES  "_tables_matches"
1693#define FORMAT_TARGETS  "_tables_targets"
1694
1695#endif /* CONFIG_PROC_FS */
1696
1697/**
1698 * xt_hook_ops_alloc - set up hooks for a new table
1699 * @table:      table with metadata needed to set up hooks
1700 * @fn:         Hook function
1701 *
1702 * This function will create the nf_hook_ops that the x_table needs
1703 * to hand to xt_hook_link_net().
1704 */
1705struct nf_hook_ops *
1706xt_hook_ops_alloc(const struct xt_table *table, nf_hookfn *fn)
1707{
1708        unsigned int hook_mask = table->valid_hooks;
1709        uint8_t i, num_hooks = hweight32(hook_mask);
1710        uint8_t hooknum;
1711        struct nf_hook_ops *ops;
1712
1713        if (!num_hooks)
1714                return ERR_PTR(-EINVAL);
1715
1716        ops = kcalloc(num_hooks, sizeof(*ops), GFP_KERNEL);
1717        if (ops == NULL)
1718                return ERR_PTR(-ENOMEM);
1719
1720        for (i = 0, hooknum = 0; i < num_hooks && hook_mask != 0;
1721             hook_mask >>= 1, ++hooknum) {
1722                if (!(hook_mask & 1))
1723                        continue;
1724                ops[i].hook     = fn;
1725                ops[i].pf       = table->af;
1726                ops[i].hooknum  = hooknum;
1727                ops[i].priority = table->priority;
1728                ++i;
1729        }
1730
1731        return ops;
1732}
1733EXPORT_SYMBOL_GPL(xt_hook_ops_alloc);
1734
1735int xt_proto_init(struct net *net, u_int8_t af)
1736{
1737#ifdef CONFIG_PROC_FS
1738        char buf[XT_FUNCTION_MAXNAMELEN];
1739        struct proc_dir_entry *proc;
1740        kuid_t root_uid;
1741        kgid_t root_gid;
1742#endif
1743
1744        if (af >= ARRAY_SIZE(xt_prefix))
1745                return -EINVAL;
1746
1747
1748#ifdef CONFIG_PROC_FS
1749        root_uid = make_kuid(net->user_ns, 0);
1750        root_gid = make_kgid(net->user_ns, 0);
1751
1752        strlcpy(buf, xt_prefix[af], sizeof(buf));
1753        strlcat(buf, FORMAT_TABLES, sizeof(buf));
1754        proc = proc_create_net_data(buf, 0440, net->proc_net, &xt_table_seq_ops,
1755                        sizeof(struct seq_net_private),
1756                        (void *)(unsigned long)af);
1757        if (!proc)
1758                goto out;
1759        if (uid_valid(root_uid) && gid_valid(root_gid))
1760                proc_set_user(proc, root_uid, root_gid);
1761
1762        strlcpy(buf, xt_prefix[af], sizeof(buf));
1763        strlcat(buf, FORMAT_MATCHES, sizeof(buf));
1764        proc = proc_create_seq_private(buf, 0440, net->proc_net,
1765                        &xt_match_seq_ops, sizeof(struct nf_mttg_trav),
1766                        (void *)(unsigned long)af);
1767        if (!proc)
1768                goto out_remove_tables;
1769        if (uid_valid(root_uid) && gid_valid(root_gid))
1770                proc_set_user(proc, root_uid, root_gid);
1771
1772        strlcpy(buf, xt_prefix[af], sizeof(buf));
1773        strlcat(buf, FORMAT_TARGETS, sizeof(buf));
1774        proc = proc_create_seq_private(buf, 0440, net->proc_net,
1775                         &xt_target_seq_ops, sizeof(struct nf_mttg_trav),
1776                         (void *)(unsigned long)af);
1777        if (!proc)
1778                goto out_remove_matches;
1779        if (uid_valid(root_uid) && gid_valid(root_gid))
1780                proc_set_user(proc, root_uid, root_gid);
1781#endif
1782
1783        return 0;
1784
1785#ifdef CONFIG_PROC_FS
1786out_remove_matches:
1787        strlcpy(buf, xt_prefix[af], sizeof(buf));
1788        strlcat(buf, FORMAT_MATCHES, sizeof(buf));
1789        remove_proc_entry(buf, net->proc_net);
1790
1791out_remove_tables:
1792        strlcpy(buf, xt_prefix[af], sizeof(buf));
1793        strlcat(buf, FORMAT_TABLES, sizeof(buf));
1794        remove_proc_entry(buf, net->proc_net);
1795out:
1796        return -1;
1797#endif
1798}
1799EXPORT_SYMBOL_GPL(xt_proto_init);
1800
1801void xt_proto_fini(struct net *net, u_int8_t af)
1802{
1803#ifdef CONFIG_PROC_FS
1804        char buf[XT_FUNCTION_MAXNAMELEN];
1805
1806        strlcpy(buf, xt_prefix[af], sizeof(buf));
1807        strlcat(buf, FORMAT_TABLES, sizeof(buf));
1808        remove_proc_entry(buf, net->proc_net);
1809
1810        strlcpy(buf, xt_prefix[af], sizeof(buf));
1811        strlcat(buf, FORMAT_TARGETS, sizeof(buf));
1812        remove_proc_entry(buf, net->proc_net);
1813
1814        strlcpy(buf, xt_prefix[af], sizeof(buf));
1815        strlcat(buf, FORMAT_MATCHES, sizeof(buf));
1816        remove_proc_entry(buf, net->proc_net);
1817#endif /*CONFIG_PROC_FS*/
1818}
1819EXPORT_SYMBOL_GPL(xt_proto_fini);
1820
1821/**
1822 * xt_percpu_counter_alloc - allocate x_tables rule counter
1823 *
1824 * @state: pointer to xt_percpu allocation state
1825 * @counter: pointer to counter struct inside the ip(6)/arpt_entry struct
1826 *
1827 * On SMP, the packet counter [ ip(6)t_entry->counters.pcnt ] will then
1828 * contain the address of the real (percpu) counter.
1829 *
1830 * Rule evaluation needs to use xt_get_this_cpu_counter() helper
1831 * to fetch the real percpu counter.
1832 *
1833 * To speed up allocation and improve data locality, a 4kb block is
1834 * allocated.  Freeing any counter may free an entire block, so all
1835 * counters allocated using the same state must be freed at the same
1836 * time.
1837 *
1838 * xt_percpu_counter_alloc_state contains the base address of the
1839 * allocated page and the current sub-offset.
1840 *
1841 * returns false on error.
1842 */
1843bool xt_percpu_counter_alloc(struct xt_percpu_counter_alloc_state *state,
1844                             struct xt_counters *counter)
1845{
1846        BUILD_BUG_ON(XT_PCPU_BLOCK_SIZE < (sizeof(*counter) * 2));
1847
1848        if (nr_cpu_ids <= 1)
1849                return true;
1850
1851        if (!state->mem) {
1852                state->mem = __alloc_percpu(XT_PCPU_BLOCK_SIZE,
1853                                            XT_PCPU_BLOCK_SIZE);
1854                if (!state->mem)
1855                        return false;
1856        }
1857        counter->pcnt = (__force unsigned long)(state->mem + state->off);
1858        state->off += sizeof(*counter);
1859        if (state->off > (XT_PCPU_BLOCK_SIZE - sizeof(*counter))) {
1860                state->mem = NULL;
1861                state->off = 0;
1862        }
1863        return true;
1864}
1865EXPORT_SYMBOL_GPL(xt_percpu_counter_alloc);
1866
1867void xt_percpu_counter_free(struct xt_counters *counters)
1868{
1869        unsigned long pcnt = counters->pcnt;
1870
1871        if (nr_cpu_ids > 1 && (pcnt & (XT_PCPU_BLOCK_SIZE - 1)) == 0)
1872                free_percpu((void __percpu *)pcnt);
1873}
1874EXPORT_SYMBOL_GPL(xt_percpu_counter_free);
1875
1876static int __net_init xt_net_init(struct net *net)
1877{
1878        int i;
1879
1880        for (i = 0; i < NFPROTO_NUMPROTO; i++)
1881                INIT_LIST_HEAD(&net->xt.tables[i]);
1882        return 0;
1883}
1884
1885static void __net_exit xt_net_exit(struct net *net)
1886{
1887        int i;
1888
1889        for (i = 0; i < NFPROTO_NUMPROTO; i++)
1890                WARN_ON_ONCE(!list_empty(&net->xt.tables[i]));
1891}
1892
1893static struct pernet_operations xt_net_ops = {
1894        .init = xt_net_init,
1895        .exit = xt_net_exit,
1896};
1897
1898static int __init xt_init(void)
1899{
1900        unsigned int i;
1901        int rv;
1902
1903        for_each_possible_cpu(i) {
1904                seqcount_init(&per_cpu(xt_recseq, i));
1905        }
1906
1907        xt = kmalloc_array(NFPROTO_NUMPROTO, sizeof(struct xt_af), GFP_KERNEL);
1908        if (!xt)
1909                return -ENOMEM;
1910
1911        for (i = 0; i < NFPROTO_NUMPROTO; i++) {
1912                mutex_init(&xt[i].mutex);
1913#ifdef CONFIG_COMPAT
1914                mutex_init(&xt[i].compat_mutex);
1915                xt[i].compat_tab = NULL;
1916#endif
1917                INIT_LIST_HEAD(&xt[i].target);
1918                INIT_LIST_HEAD(&xt[i].match);
1919        }
1920        rv = register_pernet_subsys(&xt_net_ops);
1921        if (rv < 0)
1922                kfree(xt);
1923        return rv;
1924}
1925
1926static void __exit xt_fini(void)
1927{
1928        unregister_pernet_subsys(&xt_net_ops);
1929        kfree(xt);
1930}
1931
1932module_init(xt_init);
1933module_exit(xt_fini);
1934
1935