]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/sched/act_sample.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
net_sched: fix a NULL pointer deref in ipt action
[mirror_ubuntu-bionic-kernel.git] / net / sched / act_sample.c
1 /*
2 * net/sched/act_sample.c - Packet sampling tc action
3 * Copyright (c) 2017 Yotam Gigi <yotamg@mellanox.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9
10 #include <linux/types.h>
11 #include <linux/kernel.h>
12 #include <linux/string.h>
13 #include <linux/errno.h>
14 #include <linux/skbuff.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/module.h>
17 #include <linux/init.h>
18 #include <linux/gfp.h>
19 #include <net/net_namespace.h>
20 #include <net/netlink.h>
21 #include <net/pkt_sched.h>
22 #include <linux/tc_act/tc_sample.h>
23 #include <net/tc_act/tc_sample.h>
24 #include <net/psample.h>
25
26 #include <linux/if_arp.h>
27
28 static unsigned int sample_net_id;
29 static struct tc_action_ops act_sample_ops;
30
31 static const struct nla_policy sample_policy[TCA_SAMPLE_MAX + 1] = {
32 [TCA_SAMPLE_PARMS] = { .len = sizeof(struct tc_sample) },
33 [TCA_SAMPLE_RATE] = { .type = NLA_U32 },
34 [TCA_SAMPLE_TRUNC_SIZE] = { .type = NLA_U32 },
35 [TCA_SAMPLE_PSAMPLE_GROUP] = { .type = NLA_U32 },
36 };
37
38 static int tcf_sample_init(struct net *net, struct nlattr *nla,
39 struct nlattr *est, struct tc_action **a, int ovr,
40 int bind)
41 {
42 struct tc_action_net *tn = net_generic(net, sample_net_id);
43 struct nlattr *tb[TCA_SAMPLE_MAX + 1];
44 struct psample_group *psample_group;
45 struct tc_sample *parm;
46 struct tcf_sample *s;
47 bool exists = false;
48 u32 rate;
49 int ret;
50
51 if (!nla)
52 return -EINVAL;
53 ret = nla_parse_nested(tb, TCA_SAMPLE_MAX, nla, sample_policy, NULL);
54 if (ret < 0)
55 return ret;
56 if (!tb[TCA_SAMPLE_PARMS] || !tb[TCA_SAMPLE_RATE] ||
57 !tb[TCA_SAMPLE_PSAMPLE_GROUP])
58 return -EINVAL;
59
60 parm = nla_data(tb[TCA_SAMPLE_PARMS]);
61
62 exists = tcf_idr_check(tn, parm->index, a, bind);
63 if (exists && bind)
64 return 0;
65
66 if (!exists) {
67 ret = tcf_idr_create(tn, parm->index, est, a,
68 &act_sample_ops, bind, true);
69 if (ret)
70 return ret;
71 ret = ACT_P_CREATED;
72 } else {
73 tcf_idr_release(*a, bind);
74 if (!ovr)
75 return -EEXIST;
76 }
77
78 rate = nla_get_u32(tb[TCA_SAMPLE_RATE]);
79 if (!rate) {
80 tcf_idr_release(*a, bind);
81 return -EINVAL;
82 }
83
84 s = to_sample(*a);
85 s->tcf_action = parm->action;
86 s->rate = nla_get_u32(tb[TCA_SAMPLE_RATE]);
87 s->rate = rate;
88 s->psample_group_num = nla_get_u32(tb[TCA_SAMPLE_PSAMPLE_GROUP]);
89 psample_group = psample_group_get(net, s->psample_group_num);
90 if (!psample_group) {
91 if (ret == ACT_P_CREATED)
92 tcf_idr_release(*a, bind);
93 return -ENOMEM;
94 }
95 RCU_INIT_POINTER(s->psample_group, psample_group);
96
97 if (tb[TCA_SAMPLE_TRUNC_SIZE]) {
98 s->truncate = true;
99 s->trunc_size = nla_get_u32(tb[TCA_SAMPLE_TRUNC_SIZE]);
100 }
101
102 if (ret == ACT_P_CREATED)
103 tcf_idr_insert(tn, *a);
104 return ret;
105 }
106
107 static void tcf_sample_cleanup(struct tc_action *a, int bind)
108 {
109 struct tcf_sample *s = to_sample(a);
110 struct psample_group *psample_group;
111
112 psample_group = rtnl_dereference(s->psample_group);
113 RCU_INIT_POINTER(s->psample_group, NULL);
114 if (psample_group)
115 psample_group_put(psample_group);
116 }
117
118 static bool tcf_sample_dev_ok_push(struct net_device *dev)
119 {
120 switch (dev->type) {
121 case ARPHRD_TUNNEL:
122 case ARPHRD_TUNNEL6:
123 case ARPHRD_SIT:
124 case ARPHRD_IPGRE:
125 case ARPHRD_VOID:
126 case ARPHRD_NONE:
127 return false;
128 default:
129 return true;
130 }
131 }
132
133 static int tcf_sample_act(struct sk_buff *skb, const struct tc_action *a,
134 struct tcf_result *res)
135 {
136 struct tcf_sample *s = to_sample(a);
137 struct psample_group *psample_group;
138 int retval;
139 int size;
140 int iif;
141 int oif;
142
143 tcf_lastuse_update(&s->tcf_tm);
144 bstats_cpu_update(this_cpu_ptr(s->common.cpu_bstats), skb);
145 retval = READ_ONCE(s->tcf_action);
146
147 rcu_read_lock();
148 psample_group = rcu_dereference(s->psample_group);
149
150 /* randomly sample packets according to rate */
151 if (psample_group && (prandom_u32() % s->rate == 0)) {
152 if (!skb_at_tc_ingress(skb)) {
153 iif = skb->skb_iif;
154 oif = skb->dev->ifindex;
155 } else {
156 iif = skb->dev->ifindex;
157 oif = 0;
158 }
159
160 /* on ingress, the mac header gets popped, so push it back */
161 if (skb_at_tc_ingress(skb) && tcf_sample_dev_ok_push(skb->dev))
162 skb_push(skb, skb->mac_len);
163
164 size = s->truncate ? s->trunc_size : skb->len;
165 psample_sample_packet(psample_group, skb, size, iif, oif,
166 s->rate);
167
168 if (skb_at_tc_ingress(skb) && tcf_sample_dev_ok_push(skb->dev))
169 skb_pull(skb, skb->mac_len);
170 }
171
172 rcu_read_unlock();
173 return retval;
174 }
175
176 static int tcf_sample_dump(struct sk_buff *skb, struct tc_action *a,
177 int bind, int ref)
178 {
179 unsigned char *b = skb_tail_pointer(skb);
180 struct tcf_sample *s = to_sample(a);
181 struct tc_sample opt = {
182 .index = s->tcf_index,
183 .action = s->tcf_action,
184 .refcnt = s->tcf_refcnt - ref,
185 .bindcnt = s->tcf_bindcnt - bind,
186 };
187 struct tcf_t t;
188
189 if (nla_put(skb, TCA_SAMPLE_PARMS, sizeof(opt), &opt))
190 goto nla_put_failure;
191
192 tcf_tm_dump(&t, &s->tcf_tm);
193 if (nla_put_64bit(skb, TCA_SAMPLE_TM, sizeof(t), &t, TCA_SAMPLE_PAD))
194 goto nla_put_failure;
195
196 if (nla_put_u32(skb, TCA_SAMPLE_RATE, s->rate))
197 goto nla_put_failure;
198
199 if (s->truncate)
200 if (nla_put_u32(skb, TCA_SAMPLE_TRUNC_SIZE, s->trunc_size))
201 goto nla_put_failure;
202
203 if (nla_put_u32(skb, TCA_SAMPLE_PSAMPLE_GROUP, s->psample_group_num))
204 goto nla_put_failure;
205 return skb->len;
206
207 nla_put_failure:
208 nlmsg_trim(skb, b);
209 return -1;
210 }
211
212 static int tcf_sample_walker(struct net *net, struct sk_buff *skb,
213 struct netlink_callback *cb, int type,
214 const struct tc_action_ops *ops)
215 {
216 struct tc_action_net *tn = net_generic(net, sample_net_id);
217
218 return tcf_generic_walker(tn, skb, cb, type, ops);
219 }
220
221 static int tcf_sample_search(struct net *net, struct tc_action **a, u32 index)
222 {
223 struct tc_action_net *tn = net_generic(net, sample_net_id);
224
225 return tcf_idr_search(tn, a, index);
226 }
227
228 static struct tc_action_ops act_sample_ops = {
229 .kind = "sample",
230 .type = TCA_ACT_SAMPLE,
231 .owner = THIS_MODULE,
232 .act = tcf_sample_act,
233 .dump = tcf_sample_dump,
234 .init = tcf_sample_init,
235 .cleanup = tcf_sample_cleanup,
236 .walk = tcf_sample_walker,
237 .lookup = tcf_sample_search,
238 .size = sizeof(struct tcf_sample),
239 };
240
241 static __net_init int sample_init_net(struct net *net)
242 {
243 struct tc_action_net *tn = net_generic(net, sample_net_id);
244
245 return tc_action_net_init(net, tn, &act_sample_ops);
246 }
247
248 static void __net_exit sample_exit_net(struct net *net)
249 {
250 struct tc_action_net *tn = net_generic(net, sample_net_id);
251
252 tc_action_net_exit(tn);
253 }
254
255 static struct pernet_operations sample_net_ops = {
256 .init = sample_init_net,
257 .exit = sample_exit_net,
258 .id = &sample_net_id,
259 .size = sizeof(struct tc_action_net),
260 };
261
262 static int __init sample_init_module(void)
263 {
264 return tcf_register_action(&act_sample_ops, &sample_net_ops);
265 }
266
267 static void __exit sample_cleanup_module(void)
268 {
269 tcf_unregister_action(&act_sample_ops, &sample_net_ops);
270 }
271
272 module_init(sample_init_module);
273 module_exit(sample_cleanup_module);
274
275 MODULE_AUTHOR("Yotam Gigi <yotam.gi@gmail.com>");
276 MODULE_DESCRIPTION("Packet sampling action");
277 MODULE_LICENSE("GPL v2");
ubuntu-bionic-kernel mirror