]> git.ipfire.org Git - thirdparty/linux.git/blame - drivers/net/tun.c
projects / thirdparty / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tuntap: fix dividing by zero in ebpf queue selection
[thirdparty/linux.git] / drivers / net / tun.c
CommitLineData
1da177e4
LT		 1/*
2 * TUN - Universal TUN/TAP device driver.
3 * Copyright (C) 1999-2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * $Id: tun.c,v 1.15 2002/03/01 02:44:24 maxk Exp $
16 */
17
18/*
19 * Changes:
20 *
ff4cc3ac
MK		 21 * Mike Kershaw <dragorn@kismetwireless.net> 2005/08/14
22 * Add TUNSETLINK ioctl to set the link encapsulation
23 *
1da177e4 24 * Mark Smith <markzzzsmith@yahoo.com.au>
344dc8ed 25 * Use eth_random_addr() for tap MAC address.
1da177e4
LT		 26 *
27 * Harald Roelle <harald.roelle@ifi.lmu.de> 2004/04/20
28 * Fixes in packet dropping, queue length setting and queue wakeup.
29 * Increased default tx queue length.
30 * Added ethtool API.
31 * Minor cleanups
32 *
33 * Daniel Podlejski <underley@underley.eu.org>
34 * Modifications for 2.3.99-pre5 kernel.
35 */
36
6b8a66ee
JP		 37#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
38
1da177e4
LT		 39#define DRV_NAME "tun"
40#define DRV_VERSION "1.6"
41#define DRV_DESCRIPTION "Universal TUN/TAP device driver"
42#define DRV_COPYRIGHT "(C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>"
43
1da177e4
LT		 44#include <linux/module.h>
45#include <linux/errno.h>
46#include <linux/kernel.h>
174cd4b1 47#include <linux/sched/signal.h>
1da177e4
LT		 48#include <linux/major.h>
49#include <linux/slab.h>
50#include <linux/poll.h>
51#include <linux/fcntl.h>
52#include <linux/init.h>
53#include <linux/skbuff.h>
54#include <linux/netdevice.h>
55#include <linux/etherdevice.h>
56#include <linux/miscdevice.h>
57#include <linux/ethtool.h>
58#include <linux/rtnetlink.h>
50857e2a 59#include <linux/compat.h>
1da177e4
LT		 60#include <linux/if.h>
61#include <linux/if_arp.h>
62#include <linux/if_ether.h>
63#include <linux/if_tun.h>
6680ec68 64#include <linux/if_vlan.h>
1da177e4 65#include <linux/crc32.h>
d647a591 66#include <linux/nsproxy.h>
f43798c2 67#include <linux/virtio_net.h>
99405162 68#include <linux/rcupdate.h>
881d966b 69#include <net/net_namespace.h>
79d17604 70#include <net/netns/generic.h>
f019a7a5 71#include <net/rtnetlink.h>
33dccbb0 72#include <net/sock.h>
735fc405 73#include <net/xdp.h>
93e14b6d 74#include <linux/seq_file.h>
e0b46d0e 75#include <linux/uio.h>
1576d986 76#include <linux/skb_array.h>
761876c8
JW		 77#include <linux/bpf.h>
78#include <linux/bpf_trace.h>
90e33d45 79#include <linux/mutex.h>
1da177e4 80
7c0f6ba6 81#include <linux/uaccess.h>
f2780d6d 82#include <linux/proc_fs.h>
1da177e4 83
4e24f2dd
CW		 84static void tun_default_link_ksettings(struct net_device *dev,
85 struct ethtool_link_ksettings *cmd);
86
14daa021
RR		 87/* Uncomment to enable debugging */
88/* #define TUN_DEBUG 1 */
89
1da177e4
LT		 90#ifdef TUN_DEBUG
91static int debug;
14daa021 92
6b8a66ee
JP		 93#define tun_debug(level, tun, fmt, args...) \
94do { \
95 if (tun->debug) \
96 netdev_printk(level, tun->dev, fmt, ##args); \
97} while (0)
98#define DBG1(level, fmt, args...) \
99do { \
100 if (debug == 2) \
101 printk(level fmt, ##args); \
102} while (0)
14daa021 103#else
6b8a66ee
JP		 104#define tun_debug(level, tun, fmt, args...) \
105do { \
106 if (0) \
107 netdev_printk(level, tun->dev, fmt, ##args); \
108} while (0)
109#define DBG1(level, fmt, args...) \
110do { \
111 if (0) \
112 printk(level fmt, ##args); \
113} while (0)
14daa021
RR		 114#endif
115
7df13219 116#define TUN_RX_PAD (NET_IP_ALIGN + NET_SKB_PAD)
66ccbc9c 117
031f5e03
MT		 118/* TUN device flags */
119
120/* IFF_ATTACH_QUEUE is never stored in device flags,
121 * overload it to mean fasync when stored there.
122 */
123#define TUN_FASYNC IFF_ATTACH_QUEUE
1cf8e410
MT		 124/* High bits in flags field are unused. */
125#define TUN_VNET_LE 0x80000000
8b8e658b 126#define TUN_VNET_BE 0x40000000
031f5e03
MT		 127
128#define TUN_FEATURES (IFF_NO_PI | IFF_ONE_QUEUE | IFF_VNET_HDR | \
90e33d45
PP		 129 IFF_MULTI_QUEUE | IFF_NAPI | IFF_NAPI_FRAGS)
130
0690899b
MT		 131#define GOODCOPY_LEN 128
132
f271b2cc
MK		 133#define FLT_EXACT_COUNT 8
134struct tap_filter {
135 unsigned int count; /* Number of addrs. Zero means disabled */
136 u32 mask[2]; /* Mask of the hashed addrs */
137 unsigned char addr[FLT_EXACT_COUNT][ETH_ALEN];
138};
139
baf71c5c
PG		 140/* MAX_TAP_QUEUES 256 is chosen to allow rx/tx queues to be equal
141 * to max number of VCPUs in guest. */
142#define MAX_TAP_QUEUES 256
b8732fb7 143#define MAX_TAP_FLOWS 4096
c8d68e6b 144
96442e42
JW		 145#define TUN_FLOW_EXPIRE (3 * HZ)
146
608b9977
PA		 147struct tun_pcpu_stats {
148 u64 rx_packets;
149 u64 rx_bytes;
150 u64 tx_packets;
151 u64 tx_bytes;
152 struct u64_stats_sync syncp;
153 u32 rx_dropped;
154 u32 tx_dropped;
155 u32 rx_frame_errors;
156};
157
54f968d6 158/* A tun_file connects an open character device to a tuntap netdevice. It
92d4ea6e 159 * also contains all socket related structures (except sock_fprog and tap_filter)
54f968d6
JW		 160 * to serve as one transmit queue for tuntap device. The sock_fprog and
161 * tap_filter were kept in tun_struct since they were used for filtering for the
36fe8c09 162 * netdevice not for a specific queue (at least I didn't see the requirement for
54f968d6 163 * this).
6e914fc7
JW		 164 *
165 * RCU usage:
36fe8c09 166 * The tun_file and tun_struct are loosely coupled, the pointer from one to the
6e914fc7 167 * other can only be read while rcu_read_lock or rtnl_lock is held.
54f968d6 168 */
631ab46b 169struct tun_file {
54f968d6
JW		 170 struct sock sk;
171 struct socket socket;
172 struct socket_wq wq;
6e914fc7 173 struct tun_struct __rcu *tun;
54f968d6
JW		 174 struct fasync_struct *fasync;
175 /* only used for fasnyc */
176 unsigned int flags;
fb7589a1
PE		 177 union {
178 u16 queue_index;
179 unsigned int ifindex;
180 };
94317099 181 struct napi_struct napi;
aec72f33 182 bool napi_enabled;
af3fb24e 183 bool napi_frags_enabled;
90e33d45 184 struct mutex napi_mutex; /* Protects access to the above napi */
4008e97f
JW		 185 struct list_head next;
186 struct tun_struct *detached;
5990a305 187 struct ptr_ring tx_ring;
8bf5c4ee 188 struct xdp_rxq_info xdp_rxq;
631ab46b
EB		 189};
190
f9e06c45
JW		 191struct tun_page {
192 struct page *page;
193 int count;
194};
195
96442e42
JW		 196struct tun_flow_entry {
197 struct hlist_node hash_link;
198 struct rcu_head rcu;
199 struct tun_struct *tun;
200
201 u32 rxhash;
9bc88939 202 u32 rps_rxhash;
96442e42 203 int queue_index;
83b1bc12 204 unsigned long updated ____cacheline_aligned_in_smp;
96442e42
JW		 205};
206
207#define TUN_NUM_FLOW_ENTRIES 1024
f13b5468 208#define TUN_MASK_FLOW_ENTRIES (TUN_NUM_FLOW_ENTRIES - 1)
96442e42 209
cd5681d7 210struct tun_prog {
96f84061
JW		 211 struct rcu_head rcu;
212 struct bpf_prog *prog;
213};
214
54f968d6 215/* Since the socket were moved to tun_file, to preserve the behavior of persist
36fe8c09 216 * device, socket filter, sndbuf and vnet header size were restore when the
54f968d6
JW		 217 * file were attached to a persist device.
218 */
14daa021 219struct tun_struct {
c8d68e6b
JW		 220 struct tun_file __rcu *tfiles[MAX_TAP_QUEUES];
221 unsigned int numqueues;
f271b2cc 222 unsigned int flags;
0625c883
EB		 223 kuid_t owner;
224 kgid_t group;
14daa021 225
14daa021 226 struct net_device *dev;
c8f44aff 227 netdev_features_t set_features;
88255375 228#define TUN_USER_FEATURES (NETIF_F_HW_CSUM|NETIF_F_TSO_ECN|NETIF_F_TSO| \
d591a1f3 229 NETIF_F_TSO6)
d9d52b51 230
eaea34b2 231 int align;
d9d52b51 232 int vnet_hdr_sz;
54f968d6
JW		 233 int sndbuf;
234 struct tap_filter txflt;
235 struct sock_fprog fprog;
236 /* protected by rtnl lock */
237 bool filter_attached;
14daa021
RR		 238#ifdef TUN_DEBUG
239 int debug;
1da177e4 240#endif
96442e42 241 spinlock_t lock;
96442e42
JW		 242 struct hlist_head flows[TUN_NUM_FLOW_ENTRIES];
243 struct timer_list flow_gc_timer;
244 unsigned long ageing_time;
4008e97f
JW		 245 unsigned int numdisabled;
246 struct list_head disabled;
5dbbaf2d 247 void *security;
b8732fb7 248 u32 flow_count;
5503fcec 249 u32 rx_batched;
608b9977 250 struct tun_pcpu_stats __percpu *pcpu_stats;
761876c8 251 struct bpf_prog __rcu *xdp_prog;
cd5681d7 252 struct tun_prog __rcu *steering_prog;
aff3d70a 253 struct tun_prog __rcu *filter_prog;
4e24f2dd 254 struct ethtool_link_ksettings link_ksettings;
14daa021 255};
1da177e4 256
aff3d70a
JW		 257struct veth {
258 __be16 h_vlan_proto;
259 __be16 h_vlan_TCI;
14daa021 260};
1da177e4 261
1ffcbc85 262bool tun_is_xdp_frame(void *ptr)
fc72d1d5
JW		 263{
264 return (unsigned long)ptr & TUN_XDP_FLAG;
265}
1ffcbc85 266EXPORT_SYMBOL(tun_is_xdp_frame);
fc72d1d5
JW		 267
268void *tun_xdp_to_ptr(void *ptr)
269{
270 return (void *)((unsigned long)ptr | TUN_XDP_FLAG);
271}
272EXPORT_SYMBOL(tun_xdp_to_ptr);
273
274void *tun_ptr_to_xdp(void *ptr)
275{
276 return (void *)((unsigned long)ptr & ~TUN_XDP_FLAG);
277}
278EXPORT_SYMBOL(tun_ptr_to_xdp);
279
94317099
PP		 280static int tun_napi_receive(struct napi_struct *napi, int budget)
281{
282 struct tun_file *tfile = container_of(napi, struct tun_file, napi);
283 struct sk_buff_head *queue = &tfile->sk.sk_write_queue;
284 struct sk_buff_head process_queue;
285 struct sk_buff *skb;
286 int received = 0;
287
288 __skb_queue_head_init(&process_queue);
289
290 spin_lock(&queue->lock);
291 skb_queue_splice_tail_init(queue, &process_queue);
292 spin_unlock(&queue->lock);
293
294 while (received < budget && (skb = __skb_dequeue(&process_queue))) {
295 napi_gro_receive(napi, skb);
296 ++received;
297 }
298
299 if (!skb_queue_empty(&process_queue)) {
300 spin_lock(&queue->lock);
301 skb_queue_splice(&process_queue, queue);
302 spin_unlock(&queue->lock);
303 }
304
305 return received;
306}
307
308static int tun_napi_poll(struct napi_struct *napi, int budget)
309{
310 unsigned int received;
311
312 received = tun_napi_receive(napi, budget);
313
314 if (received < budget)
315 napi_complete_done(napi, received);
316
317 return received;
318}
319
320static void tun_napi_init(struct tun_struct *tun, struct tun_file *tfile,
af3fb24e 321 bool napi_en, bool napi_frags)
94317099 322{
aec72f33 323 tfile->napi_enabled = napi_en;
af3fb24e 324 tfile->napi_frags_enabled = napi_en && napi_frags;
94317099
PP		 325 if (napi_en) {
326 netif_napi_add(tun->dev, &tfile->napi, tun_napi_poll,
327 NAPI_POLL_WEIGHT);
328 napi_enable(&tfile->napi);
329 }
330}
331
06e55add 332static void tun_napi_disable(struct tun_file *tfile)
94317099 333{
aec72f33 334 if (tfile->napi_enabled)
94317099
PP		 335 napi_disable(&tfile->napi);
336}
337
06e55add 338static void tun_napi_del(struct tun_file *tfile)
94317099 339{
aec72f33 340 if (tfile->napi_enabled)
94317099
PP		 341 netif_napi_del(&tfile->napi);
342}
343
af3fb24e 344static bool tun_napi_frags_enabled(const struct tun_file *tfile)
90e33d45 345{
af3fb24e 346 return tfile->napi_frags_enabled;
90e33d45
PP		 347}
348
8b8e658b
GK		 349#ifdef CONFIG_TUN_VNET_CROSS_LE
350static inline bool tun_legacy_is_little_endian(struct tun_struct *tun)
351{
352 return tun->flags & TUN_VNET_BE ? false :
353 virtio_legacy_is_little_endian();
354}
355
356static long tun_get_vnet_be(struct tun_struct *tun, int __user *argp)
357{
358 int be = !!(tun->flags & TUN_VNET_BE);
359
360 if (put_user(be, argp))
361 return -EFAULT;
362
363 return 0;
364}
365
366static long tun_set_vnet_be(struct tun_struct *tun, int __user *argp)
367{
368 int be;
369
370 if (get_user(be, argp))
371 return -EFAULT;
372
373 if (be)
374 tun->flags |= TUN_VNET_BE;
375 else
376 tun->flags &= ~TUN_VNET_BE;
377
378 return 0;
379}
380#else
381static inline bool tun_legacy_is_little_endian(struct tun_struct *tun)
382{
383 return virtio_legacy_is_little_endian();
384}
385
386static long tun_get_vnet_be(struct tun_struct *tun, int __user *argp)
387{
388 return -EINVAL;
389}
390
391static long tun_set_vnet_be(struct tun_struct *tun, int __user *argp)
392{
393 return -EINVAL;
394}
395#endif /* CONFIG_TUN_VNET_CROSS_LE */
396
25bd55bb
GK		 397static inline bool tun_is_little_endian(struct tun_struct *tun)
398{
7d824109 399 return tun->flags & TUN_VNET_LE ||
8b8e658b 400 tun_legacy_is_little_endian(tun);
25bd55bb
GK		 401}
402
56f0dcc5
MT		 403static inline u16 tun16_to_cpu(struct tun_struct *tun, __virtio16 val)
404{
25bd55bb 405 return __virtio16_to_cpu(tun_is_little_endian(tun), val);
56f0dcc5
MT		 406}
407
408static inline __virtio16 cpu_to_tun16(struct tun_struct *tun, u16 val)
409{
25bd55bb 410 return __cpu_to_virtio16(tun_is_little_endian(tun), val);
56f0dcc5
MT		 411}
412
96442e42
JW		 413static inline u32 tun_hashfn(u32 rxhash)
414{
f13b5468 415 return rxhash & TUN_MASK_FLOW_ENTRIES;
96442e42
JW		 416}
417
418static struct tun_flow_entry *tun_flow_find(struct hlist_head *head, u32 rxhash)
419{
420 struct tun_flow_entry *e;
96442e42 421
b67bfe0d 422 hlist_for_each_entry_rcu(e, head, hash_link) {
96442e42
JW		 423 if (e->rxhash == rxhash)
424 return e;
425 }
426 return NULL;
427}
428
429static struct tun_flow_entry *tun_flow_create(struct tun_struct *tun,
430 struct hlist_head *head,
431 u32 rxhash, u16 queue_index)
432{
9fdc6bef
ED		 433 struct tun_flow_entry *e = kmalloc(sizeof(*e), GFP_ATOMIC);
434
96442e42
JW		 435 if (e) {
436 tun_debug(KERN_INFO, tun, "create flow: hash %u index %u\n",
437 rxhash, queue_index);
438 e->updated = jiffies;
439 e->rxhash = rxhash;
9bc88939 440 e->rps_rxhash = 0;
96442e42
JW		 441 e->queue_index = queue_index;
442 e->tun = tun;
443 hlist_add_head_rcu(&e->hash_link, head);
b8732fb7 444 ++tun->flow_count;
96442e42
JW		 445 }
446 return e;
447}
448
96442e42
JW		 449static void tun_flow_delete(struct tun_struct *tun, struct tun_flow_entry *e)
450{
451 tun_debug(KERN_INFO, tun, "delete flow: hash %u index %u\n",
452 e->rxhash, e->queue_index);
453 hlist_del_rcu(&e->hash_link);
9fdc6bef 454 kfree_rcu(e, rcu);
b8732fb7 455 --tun->flow_count;
96442e42
JW		 456}
457
458static void tun_flow_flush(struct tun_struct *tun)
459{
460 int i;
461
462 spin_lock_bh(&tun->lock);
463 for (i = 0; i < TUN_NUM_FLOW_ENTRIES; i++) {
464 struct tun_flow_entry *e;
b67bfe0d 465 struct hlist_node *n;
96442e42 466
b67bfe0d 467 hlist_for_each_entry_safe(e, n, &tun->flows[i], hash_link)
96442e42
JW		 468 tun_flow_delete(tun, e);
469 }
470 spin_unlock_bh(&tun->lock);
471}
472
473static void tun_flow_delete_by_queue(struct tun_struct *tun, u16 queue_index)
474{
475 int i;
476
477 spin_lock_bh(&tun->lock);
478 for (i = 0; i < TUN_NUM_FLOW_ENTRIES; i++) {
479 struct tun_flow_entry *e;
b67bfe0d 480 struct hlist_node *n;
96442e42 481
b67bfe0d 482 hlist_for_each_entry_safe(e, n, &tun->flows[i], hash_link) {
96442e42
JW		 483 if (e->queue_index == queue_index)
484 tun_flow_delete(tun, e);
485 }
486 }
487 spin_unlock_bh(&tun->lock);
488}
489
e99e88a9 490static void tun_flow_cleanup(struct timer_list *t)
96442e42 491{
e99e88a9 492 struct tun_struct *tun = from_timer(tun, t, flow_gc_timer);
96442e42
JW		 493 unsigned long delay = tun->ageing_time;
494 unsigned long next_timer = jiffies + delay;
495 unsigned long count = 0;
496 int i;
497
498 tun_debug(KERN_INFO, tun, "tun_flow_cleanup\n");
499
7dbfb4ef 500 spin_lock(&tun->lock);
96442e42
JW		 501 for (i = 0; i < TUN_NUM_FLOW_ENTRIES; i++) {
502 struct tun_flow_entry *e;
b67bfe0d 503 struct hlist_node *n;
96442e42 504
b67bfe0d 505 hlist_for_each_entry_safe(e, n, &tun->flows[i], hash_link) {
96442e42 506 unsigned long this_timer;
81d98fa4 507
96442e42 508 this_timer = e->updated + delay;
81d98fa4 509 if (time_before_eq(this_timer, jiffies)) {
96442e42 510 tun_flow_delete(tun, e);
81d98fa4
ED		 511 continue;
512 }
513 count++;
514 if (time_before(this_timer, next_timer))
96442e42
JW		 515 next_timer = this_timer;
516 }
517 }
518
519 if (count)
520 mod_timer(&tun->flow_gc_timer, round_jiffies_up(next_timer));
7dbfb4ef 521 spin_unlock(&tun->lock);
96442e42
JW		 522}
523
49974420 524static void tun_flow_update(struct tun_struct *tun, u32 rxhash,
9e85722d 525 struct tun_file *tfile)
96442e42
JW		 526{
527 struct hlist_head *head;
528 struct tun_flow_entry *e;
529 unsigned long delay = tun->ageing_time;
9e85722d 530 u16 queue_index = tfile->queue_index;
96442e42 531
5c327f67 532 head = &tun->flows[tun_hashfn(rxhash)];
96442e42
JW		 533
534 rcu_read_lock();
535
96442e42
JW		 536 e = tun_flow_find(head, rxhash);
537 if (likely(e)) {
538 /* TODO: keep queueing to old queue until it's empty? */
83b1bc12
LR		 539 if (e->queue_index != queue_index)
540 e->queue_index = queue_index;
541 if (e->updated != jiffies)
542 e->updated = jiffies;
9bc88939 543 sock_rps_record_flow_hash(e->rps_rxhash);
96442e42
JW		 544 } else {
545 spin_lock_bh(&tun->lock);
b8732fb7
JW		 546 if (!tun_flow_find(head, rxhash) &&
547 tun->flow_count < MAX_TAP_FLOWS)
96442e42
JW		 548 tun_flow_create(tun, head, rxhash, queue_index);
549
550 if (!timer_pending(&tun->flow_gc_timer))
551 mod_timer(&tun->flow_gc_timer,
552 round_jiffies_up(jiffies + delay));
553 spin_unlock_bh(&tun->lock);
554 }
555
96442e42
JW		 556 rcu_read_unlock();
557}
558
9bc88939
TH		 559/**
560 * Save the hash received in the stack receive path and update the
561 * flow_hash table accordingly.
562 */
563static inline void tun_flow_save_rps_rxhash(struct tun_flow_entry *e, u32 hash)
564{
567e4b79 565 if (unlikely(e->rps_rxhash != hash))
9bc88939 566 e->rps_rxhash = hash;
9bc88939
TH		 567}
568
4b035271 569/* We try to identify a flow through its rxhash. The reason that
92d4ea6e 570 * we do not check rxq no. is because some cards(e.g 82599), chooses
c8d68e6b
JW		 571 * the rxq based on the txq where the last packet of the flow comes. As
572 * the userspace application move between processors, we may get a
4b035271 573 * different rxq no. here.
c8d68e6b 574 */
96f84061 575static u16 tun_automq_select_queue(struct tun_struct *tun, struct sk_buff *skb)
c8d68e6b 576{
96442e42 577 struct tun_flow_entry *e;
c8d68e6b
JW		 578 u32 txq = 0;
579 u32 numqueues = 0;
580
6aa7de05 581 numqueues = READ_ONCE(tun->numqueues);
c8d68e6b 582
feec084a 583 txq = __skb_get_hash_symmetric(skb);
4b035271
WL		 584 e = tun_flow_find(&tun->flows[tun_hashfn(txq)], txq);
585 if (e) {
586 tun_flow_save_rps_rxhash(e, txq);
587 txq = e->queue_index;
588 } else {
589 /* use multiply and shift instead of expensive divide */
590 txq = ((u64)txq * numqueues) >> 32;
c8d68e6b
JW		 591 }
592
c8d68e6b
JW		 593 return txq;
594}
595
96f84061
JW		 596static u16 tun_ebpf_select_queue(struct tun_struct *tun, struct sk_buff *skb)
597{
cd5681d7 598 struct tun_prog *prog;
a35d310f 599 u32 numqueues;
96f84061
JW		 600 u16 ret = 0;
601
a35d310f
JW		 602 numqueues = READ_ONCE(tun->numqueues);
603 if (!numqueues)
604 return 0;
605
96f84061
JW		 606 prog = rcu_dereference(tun->steering_prog);
607 if (prog)
608 ret = bpf_prog_run_clear_cb(prog->prog, skb);
609
a35d310f 610 return ret % numqueues;
96f84061
JW		 611}
612
613static u16 tun_select_queue(struct net_device *dev, struct sk_buff *skb,
a350ecce 614 struct net_device *sb_dev)
96f84061
JW		 615{
616 struct tun_struct *tun = netdev_priv(dev);
617 u16 ret;
618
619 rcu_read_lock();
620 if (rcu_dereference(tun->steering_prog))
621 ret = tun_ebpf_select_queue(tun, skb);
622 else
623 ret = tun_automq_select_queue(tun, skb);
624 rcu_read_unlock();
625
626 return ret;
627}
628
cde8b15f
JW		 629static inline bool tun_not_capable(struct tun_struct *tun)
630{
631 const struct cred *cred = current_cred();
c260b772 632 struct net *net = dev_net(tun->dev);
cde8b15f
JW		 633
634 return ((uid_valid(tun->owner) && !uid_eq(cred->euid, tun->owner)) ||
635 (gid_valid(tun->group) && !in_egroup_p(tun->group))) &&
c260b772 636 !ns_capable(net->user_ns, CAP_NET_ADMIN);
cde8b15f
JW		 637}
638
c8d68e6b
JW		 639static void tun_set_real_num_queues(struct tun_struct *tun)
640{
641 netif_set_real_num_tx_queues(tun->dev, tun->numqueues);
642 netif_set_real_num_rx_queues(tun->dev, tun->numqueues);
643}
644
4008e97f
JW		 645static void tun_disable_queue(struct tun_struct *tun, struct tun_file *tfile)
646{
647 tfile->detached = tun;
648 list_add_tail(&tfile->next, &tun->disabled);
649 ++tun->numdisabled;
650}
651
d32649d1 652static struct tun_struct *tun_enable_queue(struct tun_file *tfile)
4008e97f
JW		 653{
654 struct tun_struct *tun = tfile->detached;
655
656 tfile->detached = NULL;
657 list_del_init(&tfile->next);
658 --tun->numdisabled;
659 return tun;
660}
661
3a403076 662void tun_ptr_free(void *ptr)
fc72d1d5
JW		 663{
664 if (!ptr)
665 return;
1ffcbc85
JDB		 666 if (tun_is_xdp_frame(ptr)) {
667 struct xdp_frame *xdpf = tun_ptr_to_xdp(ptr);
fc72d1d5 668
03993094 669 xdp_return_frame(xdpf);
fc72d1d5
JW		 670 } else {
671 __skb_array_destroy_skb(ptr);
672 }
673}
3a403076 674EXPORT_SYMBOL_GPL(tun_ptr_free);
fc72d1d5 675
4bfb0513
JW		 676static void tun_queue_purge(struct tun_file *tfile)
677{
fc72d1d5 678 void *ptr;
1576d986 679
fc72d1d5
JW		 680 while ((ptr = ptr_ring_consume(&tfile->tx_ring)) != NULL)
681 tun_ptr_free(ptr);
1576d986 682
5503fcec 683 skb_queue_purge(&tfile->sk.sk_write_queue);
4bfb0513
JW		 684 skb_queue_purge(&tfile->sk.sk_error_queue);
685}
686
c8d68e6b
JW		 687static void __tun_detach(struct tun_file *tfile, bool clean)
688{
689 struct tun_file *ntfile;
690 struct tun_struct *tun;
c8d68e6b 691
b8deabd3
JW		 692 tun = rtnl_dereference(tfile->tun);
693
94317099 694 if (tun && clean) {
06e55add
ED		 695 tun_napi_disable(tfile);
696 tun_napi_del(tfile);
94317099
PP		 697 }
698
9e85722d 699 if (tun && !tfile->detached) {
c8d68e6b
JW		 700 u16 index = tfile->queue_index;
701 BUG_ON(index >= tun->numqueues);
c8d68e6b
JW		 702
703 rcu_assign_pointer(tun->tfiles[index],
704 tun->tfiles[tun->numqueues - 1]);
b8deabd3 705 ntfile = rtnl_dereference(tun->tfiles[index]);
c8d68e6b
JW		 706 ntfile->queue_index = index;
707
708 --tun->numqueues;
9e85722d 709 if (clean) {
c956674b 710 RCU_INIT_POINTER(tfile->tun, NULL);
4008e97f 711 sock_put(&tfile->sk);
9e85722d 712 } else
4008e97f 713 tun_disable_queue(tun, tfile);
c8d68e6b
JW		 714
715 synchronize_net();
96442e42 716 tun_flow_delete_by_queue(tun, tun->numqueues + 1);
c8d68e6b 717 /* Drop read queue */
4bfb0513 718 tun_queue_purge(tfile);
c8d68e6b 719 tun_set_real_num_queues(tun);
dd38bd85 720 } else if (tfile->detached && clean) {
4008e97f 721 tun = tun_enable_queue(tfile);
dd38bd85
JW		 722 sock_put(&tfile->sk);
723 }
c8d68e6b
JW		 724
725 if (clean) {
af668b3c
MT		 726 if (tun && tun->numqueues == 0 && tun->numdisabled == 0) {
727 netif_carrier_off(tun->dev);
728
40630b82 729 if (!(tun->flags & IFF_PERSIST) &&
af668b3c 730 tun->dev->reg_state == NETREG_REGISTERED)
4008e97f 731 unregister_netdevice(tun->dev);
af668b3c 732 }
b196d88a
JW		 733 if (tun)
734 xdp_rxq_info_unreg(&tfile->xdp_rxq);
7063efd3 735 ptr_ring_cleanup(&tfile->tx_ring, tun_ptr_free);
140e807d 736 sock_put(&tfile->sk);
c8d68e6b
JW		 737 }
738}
739
740static void tun_detach(struct tun_file *tfile, bool clean)
741{
83c1f36f
SD		 742 struct tun_struct *tun;
743 struct net_device *dev;
744
c8d68e6b 745 rtnl_lock();
83c1f36f
SD		 746 tun = rtnl_dereference(tfile->tun);
747 dev = tun ? tun->dev : NULL;
c8d68e6b 748 __tun_detach(tfile, clean);
83c1f36f
SD		 749 if (dev)
750 netdev_state_change(dev);
c8d68e6b
JW		 751 rtnl_unlock();
752}
753
754static void tun_detach_all(struct net_device *dev)
755{
756 struct tun_struct *tun = netdev_priv(dev);
4008e97f 757 struct tun_file *tfile, *tmp;
c8d68e6b
JW		 758 int i, n = tun->numqueues;
759
760 for (i = 0; i < n; i++) {
b8deabd3 761 tfile = rtnl_dereference(tun->tfiles[i]);
c8d68e6b 762 BUG_ON(!tfile);
06e55add 763 tun_napi_disable(tfile);
addf8fc4 764 tfile->socket.sk->sk_shutdown = RCV_SHUTDOWN;
9e641bdc 765 tfile->socket.sk->sk_data_ready(tfile->socket.sk);
c956674b 766 RCU_INIT_POINTER(tfile->tun, NULL);
c8d68e6b
JW		 767 --tun->numqueues;
768 }
9e85722d 769 list_for_each_entry(tfile, &tun->disabled, next) {
addf8fc4 770 tfile->socket.sk->sk_shutdown = RCV_SHUTDOWN;
9e641bdc 771 tfile->socket.sk->sk_data_ready(tfile->socket.sk);
c956674b 772 RCU_INIT_POINTER(tfile->tun, NULL);
9e85722d 773 }
c8d68e6b
JW		 774 BUG_ON(tun->numqueues != 0);
775
776 synchronize_net();
777 for (i = 0; i < n; i++) {
b8deabd3 778 tfile = rtnl_dereference(tun->tfiles[i]);
06e55add 779 tun_napi_del(tfile);
c8d68e6b 780 /* Drop read queue */
4bfb0513 781 tun_queue_purge(tfile);
b196d88a 782 xdp_rxq_info_unreg(&tfile->xdp_rxq);
c8d68e6b
JW		 783 sock_put(&tfile->sk);
784 }
4008e97f
JW		 785 list_for_each_entry_safe(tfile, tmp, &tun->disabled, next) {
786 tun_enable_queue(tfile);
4bfb0513 787 tun_queue_purge(tfile);
b196d88a 788 xdp_rxq_info_unreg(&tfile->xdp_rxq);
4008e97f
JW		 789 sock_put(&tfile->sk);
790 }
791 BUG_ON(tun->numdisabled != 0);
dd38bd85 792
40630b82 793 if (tun->flags & IFF_PERSIST)
dd38bd85 794 module_put(THIS_MODULE);
c8d68e6b
JW		 795}
796
94317099 797static int tun_attach(struct tun_struct *tun, struct file *file,
af3fb24e 798 bool skip_filter, bool napi, bool napi_frags)
a7385ba2 799{
631ab46b 800 struct tun_file *tfile = file->private_data;
1576d986 801 struct net_device *dev = tun->dev;
38231b7a 802 int err;
a7385ba2 803
5dbbaf2d
PM		 804 err = security_tun_dev_attach(tfile->socket.sk, tun->security);
805 if (err < 0)
806 goto out;
807
38231b7a 808 err = -EINVAL;
9e85722d 809 if (rtnl_dereference(tfile->tun) && !tfile->detached)
38231b7a
EB		 810 goto out;
811
812 err = -EBUSY;
40630b82 813 if (!(tun->flags & IFF_MULTI_QUEUE) && tun->numqueues == 1)
c8d68e6b
JW		 814 goto out;
815
816 err = -E2BIG;
4008e97f
JW		 817 if (!tfile->detached &&
818 tun->numqueues + tun->numdisabled == MAX_TAP_QUEUES)
38231b7a
EB		 819 goto out;
820
821 err = 0;
54f968d6 822
92d4ea6e 823 /* Re-attach the filter to persist device */
849c9b6f 824 if (!skip_filter && (tun->filter_attached == true)) {
8ced425e
HFS		 825 lock_sock(tfile->socket.sk);
826 err = sk_attach_filter(&tun->fprog, tfile->socket.sk);
827 release_sock(tfile->socket.sk);
54f968d6
JW		 828 if (!err)
829 goto out;
830 }
1576d986
JW		 831
832 if (!tfile->detached &&
b196d88a
JW		 833 ptr_ring_resize(&tfile->tx_ring, dev->tx_queue_len,
834 GFP_KERNEL, tun_ptr_free)) {
1576d986
JW		 835 err = -ENOMEM;
836 goto out;
837 }
838
c8d68e6b 839 tfile->queue_index = tun->numqueues;
addf8fc4 840 tfile->socket.sk->sk_shutdown &= ~RCV_SHUTDOWN;
8bf5c4ee
JDB		 841
842 if (tfile->detached) {
843 /* Re-attach detached tfile, updating XDP queue_index */
844 WARN_ON(!xdp_rxq_info_is_reg(&tfile->xdp_rxq));
845
846 if (tfile->xdp_rxq.queue_index != tfile->queue_index)
847 tfile->xdp_rxq.queue_index = tfile->queue_index;
848 } else {
849 /* Setup XDP RX-queue info, for new tfile getting attached */
850 err = xdp_rxq_info_reg(&tfile->xdp_rxq,
851 tun->dev, tfile->queue_index);
852 if (err < 0)
853 goto out;
8d5d8852
JDB		 854 err = xdp_rxq_info_reg_mem_model(&tfile->xdp_rxq,
855 MEM_TYPE_PAGE_SHARED, NULL);
856 if (err < 0) {
857 xdp_rxq_info_unreg(&tfile->xdp_rxq);
858 goto out;
859 }
8bf5c4ee
JDB		 860 err = 0;
861 }
862
94317099 863 if (tfile->detached) {
4008e97f 864 tun_enable_queue(tfile);
94317099 865 } else {
4008e97f 866 sock_hold(&tfile->sk);
af3fb24e 867 tun_napi_init(tun, tfile, napi, napi_frags);
94317099 868 }
4008e97f 869
e4a2a304
JW		 870 if (rtnl_dereference(tun->xdp_prog))
871 sock_set_flag(&tfile->sk, SOCK_XDP);
872
c8d68e6b
JW		 873 /* device is allowed to go away first, so no need to hold extra
874 * refcnt.
875 */
876
0b7959b6
SF		 877 /* Publish tfile->tun and tun->tfiles only after we've fully
878 * initialized tfile; otherwise we risk using half-initialized
879 * object.
880 */
881 rcu_assign_pointer(tfile->tun, tun);
882 rcu_assign_pointer(tun->tfiles[tun->numqueues], tfile);
883 tun->numqueues++;
3a03cb84 884 tun_set_real_num_queues(tun);
c8d68e6b
JW		 885out:
886 return err;
631ab46b
EB		 887}
888
9484dc74 889static struct tun_struct *tun_get(struct tun_file *tfile)
631ab46b 890{
6e914fc7 891 struct tun_struct *tun;
c70f1829 892
6e914fc7
JW		 893 rcu_read_lock();
894 tun = rcu_dereference(tfile->tun);
895 if (tun)
896 dev_hold(tun->dev);
897 rcu_read_unlock();
c70f1829
EB		 898
899 return tun;
631ab46b
EB		 900}
901
631ab46b
EB		 902static void tun_put(struct tun_struct *tun)
903{
6e914fc7 904 dev_put(tun->dev);
631ab46b
EB		 905}
906
6b8a66ee 907/* TAP filtering */
f271b2cc
MK		 908static void addr_hash_set(u32 *mask, const u8 *addr)
909{
910 int n = ether_crc(ETH_ALEN, addr) >> 26;
911 mask[n >> 5] |= (1 << (n & 31));
912}
913
914static unsigned int addr_hash_test(const u32 *mask, const u8 *addr)
915{
916 int n = ether_crc(ETH_ALEN, addr) >> 26;
917 return mask[n >> 5] & (1 << (n & 31));
918}
919
920static int update_filter(struct tap_filter *filter, void __user *arg)
921{
922 struct { u8 u[ETH_ALEN]; } *addr;
923 struct tun_filter uf;
924 int err, alen, n, nexact;
925
926 if (copy_from_user(&uf, arg, sizeof(uf)))
927 return -EFAULT;
928
929 if (!uf.count) {
930 /* Disabled */
931 filter->count = 0;
932 return 0;
933 }
934
935 alen = ETH_ALEN * uf.count;
28e8190d
ME		 936 addr = memdup_user(arg + sizeof(uf), alen);
937 if (IS_ERR(addr))
938 return PTR_ERR(addr);
f271b2cc
MK		 939
940 /* The filter is updated without holding any locks. Which is
941 * perfectly safe. We disable it first and in the worst
942 * case we'll accept a few undesired packets. */
943 filter->count = 0;
944 wmb();
945
946 /* Use first set of addresses as an exact filter */
947 for (n = 0; n < uf.count && n < FLT_EXACT_COUNT; n++)
948 memcpy(filter->addr[n], addr[n].u, ETH_ALEN);
949
950 nexact = n;
951
cfbf84fc
AW		 952 /* Remaining multicast addresses are hashed,
953 * unicast will leave the filter disabled. */
f271b2cc 954 memset(filter->mask, 0, sizeof(filter->mask));
cfbf84fc
AW		 955 for (; n < uf.count; n++) {
956 if (!is_multicast_ether_addr(addr[n].u)) {
957 err = 0; /* no filter */
3b8d2a69 958 goto free_addr;
cfbf84fc 959 }
f271b2cc 960 addr_hash_set(filter->mask, addr[n].u);
cfbf84fc 961 }
f271b2cc
MK		 962
963 /* For ALLMULTI just set the mask to all ones.
964 * This overrides the mask populated above. */
965 if ((uf.flags & TUN_FLT_ALLMULTI))
966 memset(filter->mask, ~0, sizeof(filter->mask));
967
968 /* Now enable the filter */
969 wmb();
970 filter->count = nexact;
971
972 /* Return the number of exact filters */
973 err = nexact;
3b8d2a69 974free_addr:
f271b2cc
MK		 975 kfree(addr);
976 return err;
977}
978
979/* Returns: 0 - drop, !=0 - accept */
980static int run_filter(struct tap_filter *filter, const struct sk_buff *skb)
981{
982 /* Cannot use eth_hdr(skb) here because skb_mac_hdr() is incorrect
983 * at this point. */
984 struct ethhdr *eh = (struct ethhdr *) skb->data;
985 int i;
986
987 /* Exact match */
988 for (i = 0; i < filter->count; i++)
2e42e474 989 if (ether_addr_equal(eh->h_dest, filter->addr[i]))
f271b2cc
MK		 990 return 1;
991
992 /* Inexact match (multicast only) */
993 if (is_multicast_ether_addr(eh->h_dest))
994 return addr_hash_test(filter->mask, eh->h_dest);
995
996 return 0;
997}
998
999/*
1000 * Checks whether the packet is accepted or not.
1001 * Returns: 0 - drop, !=0 - accept
1002 */
1003static int check_filter(struct tap_filter *filter, const struct sk_buff *skb)
1004{
1005 if (!filter->count)
1006 return 1;
1007
1008 return run_filter(filter, skb);
1009}
1010
1da177e4
LT		 1011/* Network device part of the driver */
1012
7282d491 1013static const struct ethtool_ops tun_ethtool_ops;
1da177e4 1014
c70f1829
EB		 1015/* Net device detach from fd. */
1016static void tun_net_uninit(struct net_device *dev)
1017{
c8d68e6b 1018 tun_detach_all(dev);
c70f1829
EB		 1019}
1020
1da177e4
LT		 1021/* Net device open. */
1022static int tun_net_open(struct net_device *dev)
1023{
b20e2d54
HFS		 1024 struct tun_struct *tun = netdev_priv(dev);
1025 int i;
1026
c8d68e6b 1027 netif_tx_start_all_queues(dev);
b20e2d54
HFS		 1028
1029 for (i = 0; i < tun->numqueues; i++) {
1030 struct tun_file *tfile;
1031
1032 tfile = rtnl_dereference(tun->tfiles[i]);
1033 tfile->socket.sk->sk_write_space(tfile->socket.sk);
1034 }
1035
1da177e4
LT		 1036 return 0;
1037}
1038
1039/* Net device close. */
1040static int tun_net_close(struct net_device *dev)
1041{
c8d68e6b 1042 netif_tx_stop_all_queues(dev);
1da177e4
LT		 1043 return 0;
1044}
1045
1046/* Net device start xmit */
96f84061 1047static void tun_automq_xmit(struct tun_struct *tun, struct sk_buff *skb)
1da177e4 1048{
3df97ba8 1049#ifdef CONFIG_RPS
dc05360f 1050 if (tun->numqueues == 1 && static_branch_unlikely(&rps_needed)) {
9bc88939
TH		 1051 /* Select queue was not called for the skbuff, so we extract the
1052 * RPS hash and save it into the flow_table here.
1053 */
4b035271 1054 struct tun_flow_entry *e;
9bc88939
TH		 1055 __u32 rxhash;
1056
feec084a 1057 rxhash = __skb_get_hash_symmetric(skb);
4b035271
WL		 1058 e = tun_flow_find(&tun->flows[tun_hashfn(rxhash)], rxhash);
1059 if (e)
1060 tun_flow_save_rps_rxhash(e, rxhash);
9bc88939 1061 }
3df97ba8 1062#endif
96f84061
JW		 1063}
1064
aff3d70a
JW		 1065static unsigned int run_ebpf_filter(struct tun_struct *tun,
1066 struct sk_buff *skb,
1067 int len)
1068{
1069 struct tun_prog *prog = rcu_dereference(tun->filter_prog);
1070
1071 if (prog)
1072 len = bpf_prog_run_clear_cb(prog->prog, skb);
1073
1074 return len;
1075}
1076
96f84061
JW		 1077/* Net device start xmit */
1078static netdev_tx_t tun_net_xmit(struct sk_buff *skb, struct net_device *dev)
1079{
1080 struct tun_struct *tun = netdev_priv(dev);
1081 int txq = skb->queue_mapping;
1082 struct tun_file *tfile;
aff3d70a 1083 int len = skb->len;
96f84061
JW		 1084
1085 rcu_read_lock();
1086 tfile = rcu_dereference(tun->tfiles[txq]);
96f84061
JW		 1087
1088 /* Drop packet if interface is not attached */
cc166427 1089 if (txq >= tun->numqueues)
96f84061
JW		 1090 goto drop;
1091
1092 if (!rcu_dereference(tun->steering_prog))
1093 tun_automq_xmit(tun, skb);
9bc88939 1094
6e914fc7
JW		 1095 tun_debug(KERN_INFO, tun, "tun_net_xmit %d\n", skb->len);
1096
c8d68e6b
JW		 1097 BUG_ON(!tfile);
1098
f271b2cc
MK		 1099 /* Drop if the filter does not like it.
1100 * This is a noop if the filter is disabled.
1101 * Filter can be enabled only for the TAP devices. */
1102 if (!check_filter(&tun->txflt, skb))
1103 goto drop;
1104
54f968d6
JW		 1105 if (tfile->socket.sk->sk_filter &&
1106 sk_filter(tfile->socket.sk, skb))
99405162
MT		 1107 goto drop;
1108
aff3d70a 1109 len = run_ebpf_filter(tun, skb, len);
81c89507 1110 if (len == 0 || pskb_trim(skb, len))
aff3d70a
JW		 1111 goto drop;
1112
1f8b977a 1113 if (unlikely(skb_orphan_frags_rx(skb, GFP_ATOMIC)))
7bf66305
JW		 1114 goto drop;
1115
7b996243 1116 skb_tx_timestamp(skb);
eda29772 1117
0110d6f2 1118 /* Orphan the skb - required as we might hang on to it
7bf66305
JW		 1119 * for indefinite time.
1120 */
0110d6f2
MT		 1121 skb_orphan(skb);
1122
f8af75f3
ED		 1123 nf_reset(skb);
1124
5990a305 1125 if (ptr_ring_produce(&tfile->tx_ring, skb))
1576d986 1126 goto drop;
1da177e4
LT		 1127
1128 /* Notify and wake up reader process */
54f968d6
JW		 1129 if (tfile->flags & TUN_FASYNC)
1130 kill_fasync(&tfile->fasync, SIGIO, POLL_IN);
9e641bdc 1131 tfile->socket.sk->sk_data_ready(tfile->socket.sk);
6e914fc7
JW		 1132
1133 rcu_read_unlock();
6ed10654 1134 return NETDEV_TX_OK;
1da177e4
LT		 1135
1136drop:
608b9977 1137 this_cpu_inc(tun->pcpu_stats->tx_dropped);
149d36f7 1138 skb_tx_error(skb);
1da177e4 1139 kfree_skb(skb);
6e914fc7 1140 rcu_read_unlock();
baeababb 1141 return NET_XMIT_DROP;
1da177e4
LT		 1142}
1143
f271b2cc 1144static void tun_net_mclist(struct net_device *dev)
1da177e4 1145{
f271b2cc
MK		 1146 /*
1147 * This callback is supposed to deal with mc filter in
1148 * _rx_ path and has nothing to do with the _tx_ path.
1149 * In rx path we always accept everything userspace gives us.
1150 */
1da177e4
LT		 1151}
1152
c8f44aff
MM		 1153static netdev_features_t tun_net_fix_features(struct net_device *dev,
1154 netdev_features_t features)
88255375
MM		 1155{
1156 struct tun_struct *tun = netdev_priv(dev);
1157
1158 return (features & tun->set_features) | (features & ~TUN_USER_FEATURES);
1159}
eaea34b2
PA		 1160
1161static void tun_set_headroom(struct net_device *dev, int new_hr)
1162{
1163 struct tun_struct *tun = netdev_priv(dev);
1164
1165 if (new_hr < NET_SKB_PAD)
1166 new_hr = NET_SKB_PAD;
1167
1168 tun->align = new_hr;
1169}
1170
bc1f4470 1171static void
608b9977
PA		 1172tun_net_get_stats64(struct net_device *dev, struct rtnl_link_stats64 *stats)
1173{
1174 u32 rx_dropped = 0, tx_dropped = 0, rx_frame_errors = 0;
1175 struct tun_struct *tun = netdev_priv(dev);
1176 struct tun_pcpu_stats *p;
1177 int i;
1178
1179 for_each_possible_cpu(i) {
1180 u64 rxpackets, rxbytes, txpackets, txbytes;
1181 unsigned int start;
1182
1183 p = per_cpu_ptr(tun->pcpu_stats, i);
1184 do {
1185 start = u64_stats_fetch_begin(&p->syncp);
1186 rxpackets = p->rx_packets;
1187 rxbytes = p->rx_bytes;
1188 txpackets = p->tx_packets;
1189 txbytes = p->tx_bytes;
1190 } while (u64_stats_fetch_retry(&p->syncp, start));
1191
1192 stats->rx_packets += rxpackets;
1193 stats->rx_bytes += rxbytes;
1194 stats->tx_packets += txpackets;
1195 stats->tx_bytes += txbytes;
1196
1197 /* u32 counters */
1198 rx_dropped += p->rx_dropped;
1199 rx_frame_errors += p->rx_frame_errors;
1200 tx_dropped += p->tx_dropped;
1201 }
1202 stats->rx_dropped = rx_dropped;
1203 stats->rx_frame_errors = rx_frame_errors;
1204 stats->tx_dropped = tx_dropped;
608b9977
PA		 1205}
1206
761876c8
JW		 1207static int tun_xdp_set(struct net_device *dev, struct bpf_prog *prog,
1208 struct netlink_ext_ack *extack)
1209{
1210 struct tun_struct *tun = netdev_priv(dev);
e4a2a304 1211 struct tun_file *tfile;
761876c8 1212 struct bpf_prog *old_prog;
e4a2a304 1213 int i;
761876c8
JW		 1214
1215 old_prog = rtnl_dereference(tun->xdp_prog);
1216 rcu_assign_pointer(tun->xdp_prog, prog);
1217 if (old_prog)
1218 bpf_prog_put(old_prog);
1219
e4a2a304
JW		 1220 for (i = 0; i < tun->numqueues; i++) {
1221 tfile = rtnl_dereference(tun->tfiles[i]);
1222 if (prog)
1223 sock_set_flag(&tfile->sk, SOCK_XDP);
1224 else
1225 sock_reset_flag(&tfile->sk, SOCK_XDP);
1226 }
1227 list_for_each_entry(tfile, &tun->disabled, next) {
1228 if (prog)
1229 sock_set_flag(&tfile->sk, SOCK_XDP);
1230 else
1231 sock_reset_flag(&tfile->sk, SOCK_XDP);
1232 }
1233
761876c8
JW		 1234 return 0;
1235}
1236
1237static u32 tun_xdp_query(struct net_device *dev)
1238{
1239 struct tun_struct *tun = netdev_priv(dev);
1240 const struct bpf_prog *xdp_prog;
1241
1242 xdp_prog = rtnl_dereference(tun->xdp_prog);
1243 if (xdp_prog)
1244 return xdp_prog->aux->id;
1245
1246 return 0;
1247}
1248
f4e63525 1249static int tun_xdp(struct net_device *dev, struct netdev_bpf *xdp)
761876c8
JW		 1250{
1251 switch (xdp->command) {
1252 case XDP_SETUP_PROG:
1253 return tun_xdp_set(dev, xdp->prog, xdp->extack);
1254 case XDP_QUERY_PROG:
1255 xdp->prog_id = tun_xdp_query(dev);
761876c8
JW		 1256 return 0;
1257 default:
1258 return -EINVAL;
1259 }
1260}
1261
26d31925
ND		 1262static int tun_net_change_carrier(struct net_device *dev, bool new_carrier)
1263{
1264 if (new_carrier) {
1265 struct tun_struct *tun = netdev_priv(dev);
1266
1267 if (!tun->numqueues)
1268 return -EPERM;
1269
1270 netif_carrier_on(dev);
1271 } else {
1272 netif_carrier_off(dev);
1273 }
1274 return 0;
1275}
1276
758e43b7 1277static const struct net_device_ops tun_netdev_ops = {
c70f1829 1278 .ndo_uninit = tun_net_uninit,
758e43b7
SH		 1279 .ndo_open = tun_net_open,
1280 .ndo_stop = tun_net_close,
00829823 1281 .ndo_start_xmit = tun_net_xmit,
88255375 1282 .ndo_fix_features = tun_net_fix_features,
c8d68e6b 1283 .ndo_select_queue = tun_select_queue,
eaea34b2 1284 .ndo_set_rx_headroom = tun_set_headroom,
608b9977 1285 .ndo_get_stats64 = tun_net_get_stats64,
26d31925 1286 .ndo_change_carrier = tun_net_change_carrier,
758e43b7
SH		 1287};
1288
0c9d917b
JDB		 1289static void __tun_xdp_flush_tfile(struct tun_file *tfile)
1290{
1291 /* Notify and wake up reader process */
1292 if (tfile->flags & TUN_FASYNC)
1293 kill_fasync(&tfile->fasync, SIGIO, POLL_IN);
1294 tfile->socket.sk->sk_data_ready(tfile->socket.sk);
1295}
1296
42b33468
JDB		 1297static int tun_xdp_xmit(struct net_device *dev, int n,
1298 struct xdp_frame **frames, u32 flags)
fc72d1d5
JW		 1299{
1300 struct tun_struct *tun = netdev_priv(dev);
fc72d1d5
JW		 1301 struct tun_file *tfile;
1302 u32 numqueues;
735fc405
JDB		 1303 int drops = 0;
1304 int cnt = n;
1305 int i;
fc72d1d5 1306
0c9d917b 1307 if (unlikely(flags & ~XDP_XMIT_FLAGS_MASK))
42b33468
JDB		 1308 return -EINVAL;
1309
fc72d1d5
JW		 1310 rcu_read_lock();
1311
1312 numqueues = READ_ONCE(tun->numqueues);
1313 if (!numqueues) {
735fc405
JDB		 1314 rcu_read_unlock();
1315 return -ENXIO; /* Caller will free/return all frames */
fc72d1d5
JW		 1316 }
1317
1318 tfile = rcu_dereference(tun->tfiles[smp_processor_id() %
1319 numqueues]);
735fc405
JDB		 1320
1321 spin_lock(&tfile->tx_ring.producer_lock);
1322 for (i = 0; i < n; i++) {
1323 struct xdp_frame *xdp = frames[i];
1324 /* Encode the XDP flag into lowest bit for consumer to differ
1325 * XDP buffer from sk_buff.
1326 */
1327 void *frame = tun_xdp_to_ptr(xdp);
1328
1329 if (__ptr_ring_produce(&tfile->tx_ring, frame)) {
1330 this_cpu_inc(tun->pcpu_stats->tx_dropped);
1331 xdp_return_frame_rx_napi(xdp);
1332 drops++;
1333 }
fc72d1d5 1334 }
735fc405 1335 spin_unlock(&tfile->tx_ring.producer_lock);
fc72d1d5 1336
0c9d917b
JDB		 1337 if (flags & XDP_XMIT_FLUSH)
1338 __tun_xdp_flush_tfile(tfile);
1339
fc72d1d5 1340 rcu_read_unlock();
735fc405 1341 return cnt - drops;
fc72d1d5
JW		 1342}
1343
44fa2dbd
JDB		 1344static int tun_xdp_tx(struct net_device *dev, struct xdp_buff *xdp)
1345{
1346 struct xdp_frame *frame = convert_to_xdp_frame(xdp);
1347
1348 if (unlikely(!frame))
1349 return -EOVERFLOW;
1350
42421a56 1351 return tun_xdp_xmit(dev, 1, &frame, XDP_XMIT_FLUSH);
fc72d1d5
JW		 1352}
1353
758e43b7 1354static const struct net_device_ops tap_netdev_ops = {
c70f1829 1355 .ndo_uninit = tun_net_uninit,
758e43b7
SH		 1356 .ndo_open = tun_net_open,
1357 .ndo_stop = tun_net_close,
00829823 1358 .ndo_start_xmit = tun_net_xmit,
88255375 1359 .ndo_fix_features = tun_net_fix_features,
afc4b13d 1360 .ndo_set_rx_mode = tun_net_mclist,
758e43b7
SH		 1361 .ndo_set_mac_address = eth_mac_addr,
1362 .ndo_validate_addr = eth_validate_addr,
c8d68e6b 1363 .ndo_select_queue = tun_select_queue,
5e52796a 1364 .ndo_features_check = passthru_features_check,
eaea34b2 1365 .ndo_set_rx_headroom = tun_set_headroom,
608b9977 1366 .ndo_get_stats64 = tun_net_get_stats64,
f4e63525 1367 .ndo_bpf = tun_xdp,
fc72d1d5 1368 .ndo_xdp_xmit = tun_xdp_xmit,
26d31925 1369 .ndo_change_carrier = tun_net_change_carrier,
758e43b7
SH		 1370};
1371
944a1376 1372static void tun_flow_init(struct tun_struct *tun)
96442e42
JW		 1373{
1374 int i;
1375
96442e42
JW		 1376 for (i = 0; i < TUN_NUM_FLOW_ENTRIES; i++)
1377 INIT_HLIST_HEAD(&tun->flows[i]);
1378
1379 tun->ageing_time = TUN_FLOW_EXPIRE;
e99e88a9
KC		 1380 timer_setup(&tun->flow_gc_timer, tun_flow_cleanup, 0);
1381 mod_timer(&tun->flow_gc_timer,
1382 round_jiffies_up(jiffies + tun->ageing_time));
96442e42
JW		 1383}
1384
1385static void tun_flow_uninit(struct tun_struct *tun)
1386{
1387 del_timer_sync(&tun->flow_gc_timer);
1388 tun_flow_flush(tun);
96442e42
JW		 1389}
1390
91572088
JW		 1391#define MIN_MTU 68
1392#define MAX_MTU 65535
1393
1da177e4
LT		 1394/* Initialize net device. */
1395static void tun_net_init(struct net_device *dev)
1396{
1397 struct tun_struct *tun = netdev_priv(dev);
6aa20a22 1398
1da177e4 1399 switch (tun->flags & TUN_TYPE_MASK) {
40630b82 1400 case IFF_TUN:
758e43b7
SH		 1401 dev->netdev_ops = &tun_netdev_ops;
1402
1da177e4
LT		 1403 /* Point-to-Point TUN Device */
1404 dev->hard_header_len = 0;
1405 dev->addr_len = 0;
1406 dev->mtu = 1500;
1407
1408 /* Zero header length */
6aa20a22 1409 dev->type = ARPHRD_NONE;
1da177e4 1410 dev->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
1da177e4
LT		 1411 break;
1412
40630b82 1413 case IFF_TAP:
7a0a9608 1414 dev->netdev_ops = &tap_netdev_ops;
1da177e4 1415 /* Ethernet TAP Device */
1da177e4 1416 ether_setup(dev);
550fd08c 1417 dev->priv_flags &= ~IFF_TX_SKB_SHARING;
a676847b 1418 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
36226a8d 1419
f2cedb63 1420 eth_hw_addr_random(dev);
36226a8d 1421
1da177e4
LT		 1422 break;
1423 }
91572088
JW		 1424
1425 dev->min_mtu = MIN_MTU;
1426 dev->max_mtu = MAX_MTU - dev->hard_header_len;
1da177e4
LT		 1427}
1428
2f3ab622
JW		 1429static bool tun_sock_writeable(struct tun_struct *tun, struct tun_file *tfile)
1430{
1431 struct sock *sk = tfile->socket.sk;
1432
1433 return (tun->dev->flags & IFF_UP) && sock_writeable(sk);
1434}
1435
1da177e4
LT		 1436/* Character device part */
1437
1438/* Poll */
afc9a42b 1439static __poll_t tun_chr_poll(struct file *file, poll_table *wait)
6aa20a22 1440{
b2430de3 1441 struct tun_file *tfile = file->private_data;
9484dc74 1442 struct tun_struct *tun = tun_get(tfile);
3c8a9c63 1443 struct sock *sk;
afc9a42b 1444 __poll_t mask = 0;
1da177e4
LT		 1445
1446 if (!tun)
a9a08845 1447 return EPOLLERR;
1da177e4 1448
54f968d6 1449 sk = tfile->socket.sk;
3c8a9c63 1450
6b8a66ee 1451 tun_debug(KERN_INFO, tun, "tun_chr_poll\n");
1da177e4 1452
9e641bdc 1453 poll_wait(file, sk_sleep(sk), wait);
6aa20a22 1454
5990a305 1455 if (!ptr_ring_empty(&tfile->tx_ring))
a9a08845 1456 mask |= EPOLLIN | EPOLLRDNORM;
1da177e4 1457
2f3ab622
JW		 1458 /* Make sure SOCKWQ_ASYNC_NOSPACE is set if not writable to
1459 * guarantee EPOLLOUT to be raised by either here or
1460 * tun_sock_write_space(). Then process could get notification
1461 * after it writes to a down device and meets -EIO.
1462 */
1463 if (tun_sock_writeable(tun, tfile) ||
1464 (!test_and_set_bit(SOCKWQ_ASYNC_NOSPACE, &sk->sk_socket->flags) &&
1465 tun_sock_writeable(tun, tfile)))
a9a08845 1466 mask |= EPOLLOUT | EPOLLWRNORM;
33dccbb0 1467
c70f1829 1468 if (tun->dev->reg_state != NETREG_REGISTERED)
a9a08845 1469 mask = EPOLLERR;
c70f1829 1470
631ab46b 1471 tun_put(tun);
1da177e4
LT		 1472 return mask;
1473}
1474
90e33d45
PP		 1475static struct sk_buff *tun_napi_alloc_frags(struct tun_file *tfile,
1476 size_t len,
1477 const struct iov_iter *it)
1478{
1479 struct sk_buff *skb;
1480 size_t linear;
1481 int err;
1482 int i;
1483
1484 if (it->nr_segs > MAX_SKB_FRAGS + 1)
1485 return ERR_PTR(-ENOMEM);
1486
1487 local_bh_disable();
1488 skb = napi_get_frags(&tfile->napi);
1489 local_bh_enable();
1490 if (!skb)
1491 return ERR_PTR(-ENOMEM);
1492
1493 linear = iov_iter_single_seg_count(it);
1494 err = __skb_grow(skb, linear);
1495 if (err)
1496 goto free;
1497
1498 skb->len = len;
1499 skb->data_len = len - linear;
1500 skb->truesize += skb->data_len;
1501
1502 for (i = 1; i < it->nr_segs; i++) {
1503 size_t fragsz = it->iov[i].iov_len;
aa6daaca
ED		 1504 struct page *page;
1505 void *frag;
90e33d45
PP		 1506
1507 if (fragsz == 0 || fragsz > PAGE_SIZE) {
1508 err = -EINVAL;
1509 goto free;
1510 }
aa6daaca
ED		 1511 frag = netdev_alloc_frag(fragsz);
1512 if (!frag) {
90e33d45
PP		 1513 err = -ENOMEM;
1514 goto free;
1515 }
aa6daaca
ED		 1516 page = virt_to_head_page(frag);
1517 skb_fill_page_desc(skb, i - 1, page,
1518 frag - page_address(page), fragsz);
90e33d45
PP		 1519 }
1520
1521 return skb;
1522free:
1523 /* frees skb and all frags allocated with napi_alloc_frag() */
1524 napi_free_frags(&tfile->napi);
1525 return ERR_PTR(err);
1526}
1527
f42157cb
RR		 1528/* prepad is the amount to reserve at front. len is length after that.
1529 * linear is a hint as to how much to copy (usually headers). */
54f968d6 1530static struct sk_buff *tun_alloc_skb(struct tun_file *tfile,
6f7c156c 1531 size_t prepad, size_t len,
1532 size_t linear, int noblock)
f42157cb 1533{
54f968d6 1534 struct sock *sk = tfile->socket.sk;
f42157cb 1535 struct sk_buff *skb;
33dccbb0 1536 int err;
f42157cb
RR		 1537
1538 /* Under a page? Don't bother with paged skb. */
0eca93bc 1539 if (prepad + len < PAGE_SIZE || !linear)
33dccbb0 1540 linear = len;
f42157cb 1541
33dccbb0 1542 skb = sock_alloc_send_pskb(sk, prepad + linear, len - linear, noblock,
28d64271 1543 &err, 0);
f42157cb 1544 if (!skb)
33dccbb0 1545 return ERR_PTR(err);
f42157cb
RR		 1546
1547 skb_reserve(skb, prepad);
1548 skb_put(skb, linear);
33dccbb0
HX		 1549 skb->data_len = len - linear;
1550 skb->len += len - linear;
f42157cb
RR		 1551
1552 return skb;
1553}
1554
5503fcec
JW		 1555static void tun_rx_batched(struct tun_struct *tun, struct tun_file *tfile,
1556 struct sk_buff *skb, int more)
1557{
1558 struct sk_buff_head *queue = &tfile->sk.sk_write_queue;
1559 struct sk_buff_head process_queue;
1560 u32 rx_batched = tun->rx_batched;
1561 bool rcv = false;
1562
1563 if (!rx_batched || (!more && skb_queue_empty(queue))) {
1564 local_bh_disable();
8ebebcba 1565 skb_record_rx_queue(skb, tfile->queue_index);
5503fcec
JW		 1566 netif_receive_skb(skb);
1567 local_bh_enable();
1568 return;
1569 }
1570
1571 spin_lock(&queue->lock);
1572 if (!more || skb_queue_len(queue) == rx_batched) {
1573 __skb_queue_head_init(&process_queue);
1574 skb_queue_splice_tail_init(queue, &process_queue);
1575 rcv = true;
1576 } else {
1577 __skb_queue_tail(queue, skb);
1578 }
1579 spin_unlock(&queue->lock);
1580
1581 if (rcv) {
1582 struct sk_buff *nskb;
1583
1584 local_bh_disable();
8ebebcba
MC		 1585 while ((nskb = __skb_dequeue(&process_queue))) {
1586 skb_record_rx_queue(nskb, tfile->queue_index);
5503fcec 1587 netif_receive_skb(nskb);
8ebebcba
MC		 1588 }
1589 skb_record_rx_queue(skb, tfile->queue_index);
5503fcec
JW		 1590 netif_receive_skb(skb);
1591 local_bh_enable();
1592 }
1593}
1594
66ccbc9c
JW		 1595static bool tun_can_build_skb(struct tun_struct *tun, struct tun_file *tfile,
1596 int len, int noblock, bool zerocopy)
1597{
1598 if ((tun->flags & TUN_TYPE_MASK) != IFF_TAP)
1599 return false;
1600
1601 if (tfile->socket.sk->sk_sndbuf != INT_MAX)
1602 return false;
1603
1604 if (!noblock)
1605 return false;
1606
1607 if (zerocopy)
1608 return false;
1609
1610 if (SKB_DATA_ALIGN(len + TUN_RX_PAD) +
1611 SKB_DATA_ALIGN(sizeof(struct skb_shared_info)) > PAGE_SIZE)
1612 return false;
1613
1614 return true;
1615}
1616
ac1f1f6c 1617static struct sk_buff *__tun_build_skb(struct page_frag *alloc_frag, char *buf,
8ae1aff0 1618 int buflen, int len, int pad)
ac1f1f6c
JW		 1619{
1620 struct sk_buff *skb = build_skb(buf, buflen);
1621
1622 if (!skb)
1623 return ERR_PTR(-ENOMEM);
1624
8ae1aff0 1625 skb_reserve(skb, pad);
ac1f1f6c
JW		 1626 skb_put(skb, len);
1627
1628 get_page(alloc_frag->page);
1629 alloc_frag->offset += buflen;
1630
1631 return skb;
1632}
1633
8ae1aff0
JW		 1634static int tun_xdp_act(struct tun_struct *tun, struct bpf_prog *xdp_prog,
1635 struct xdp_buff *xdp, u32 act)
1636{
1637 int err;
1638
1639 switch (act) {
1640 case XDP_REDIRECT:
1641 err = xdp_do_redirect(tun->dev, xdp, xdp_prog);
8ae1aff0
JW		 1642 if (err)
1643 return err;
1644 break;
1645 case XDP_TX:
1646 err = tun_xdp_tx(tun->dev, xdp);
1647 if (err < 0)
1648 return err;
1649 break;
1650 case XDP_PASS:
1651 break;
1652 default:
1653 bpf_warn_invalid_xdp_action(act);
1654 /* fall through */
1655 case XDP_ABORTED:
1656 trace_xdp_exception(tun->dev, xdp_prog, act);
1657 /* fall through */
1658 case XDP_DROP:
1659 this_cpu_inc(tun->pcpu_stats->rx_dropped);
1660 break;
1661 }
1662
1663 return act;
1664}
1665
761876c8
JW		 1666static struct sk_buff *tun_build_skb(struct tun_struct *tun,
1667 struct tun_file *tfile,
66ccbc9c 1668 struct iov_iter *from,
761876c8 1669 struct virtio_net_hdr *hdr,
1cfe6e93 1670 int len, int *skb_xdp)
66ccbc9c 1671{
0bbd7dad 1672 struct page_frag *alloc_frag = &current->task_frag;
761876c8 1673 struct bpf_prog *xdp_prog;
7df13219 1674 int buflen = SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
66ccbc9c
JW		 1675 char *buf;
1676 size_t copied;
8ae1aff0
JW		 1677 int pad = TUN_RX_PAD;
1678 int err = 0;
7df13219
JW		 1679
1680 rcu_read_lock();
1681 xdp_prog = rcu_dereference(tun->xdp_prog);
1682 if (xdp_prog)
4f23aff8 1683 pad += XDP_PACKET_HEADROOM;
7df13219
JW		 1684 buflen += SKB_DATA_ALIGN(len + pad);
1685 rcu_read_unlock();
66ccbc9c 1686
63b9ab65 1687 alloc_frag->offset = ALIGN((u64)alloc_frag->offset, SMP_CACHE_BYTES);
66ccbc9c
JW		 1688 if (unlikely(!skb_page_frag_refill(buflen, alloc_frag, GFP_KERNEL)))
1689 return ERR_PTR(-ENOMEM);
1690
1691 buf = (char *)page_address(alloc_frag->page) + alloc_frag->offset;
1692 copied = copy_page_from_iter(alloc_frag->page,
7df13219 1693 alloc_frag->offset + pad,
66ccbc9c
JW		 1694 len, from);
1695 if (copied != len)
1696 return ERR_PTR(-EFAULT);
1697
7df13219
JW		 1698 /* There's a small window that XDP may be set after the check
1699 * of xdp_prog above, this should be rare and for simplicity
1700 * we do XDP on skb in case the headroom is not enough.
1701 */
ac1f1f6c 1702 if (hdr->gso_type || !xdp_prog) {
1cfe6e93 1703 *skb_xdp = 1;
8ae1aff0 1704 return __tun_build_skb(alloc_frag, buf, buflen, len, pad);
ac1f1f6c
JW		 1705 }
1706
1707 *skb_xdp = 0;
761876c8 1708
6547e387 1709 local_bh_disable();
761876c8
JW		 1710 rcu_read_lock();
1711 xdp_prog = rcu_dereference(tun->xdp_prog);
8ae1aff0 1712 if (xdp_prog) {
761876c8 1713 struct xdp_buff xdp;
761876c8
JW		 1714 u32 act;
1715
1716 xdp.data_hard_start = buf;
7df13219 1717 xdp.data = buf + pad;
de8f3a83 1718 xdp_set_data_meta_invalid(&xdp);
761876c8 1719 xdp.data_end = xdp.data + len;
8bf5c4ee 1720 xdp.rxq = &tfile->xdp_rxq;
761876c8 1721
8ae1aff0
JW		 1722 act = bpf_prog_run_xdp(xdp_prog, &xdp);
1723 if (act == XDP_REDIRECT || act == XDP_TX) {
59655a5b
JW		 1724 get_page(alloc_frag->page);
1725 alloc_frag->offset += buflen;
761876c8 1726 }
8ae1aff0
JW		 1727 err = tun_xdp_act(tun, xdp_prog, &xdp, act);
1728 if (err < 0)
1729 goto err_xdp;
1a097910
JW		 1730 if (err == XDP_REDIRECT)
1731 xdp_do_flush_map();
8ae1aff0
JW		 1732 if (err != XDP_PASS)
1733 goto out;
1734
1735 pad = xdp.data - xdp.data_hard_start;
1736 len = xdp.data_end - xdp.data;
761876c8 1737 }
291aeb2b
JW		 1738 rcu_read_unlock();
1739 local_bh_enable();
761876c8 1740
8ae1aff0 1741 return __tun_build_skb(alloc_frag, buf, buflen, len, pad);
761876c8 1742
8ae1aff0 1743err_xdp:
761876c8 1744 put_page(alloc_frag->page);
f7053b6c 1745out:
761876c8 1746 rcu_read_unlock();
6547e387 1747 local_bh_enable();
761876c8 1748 return NULL;
66ccbc9c
JW		 1749}
1750
1da177e4 1751/* Get packet from user space buffer */
54f968d6 1752static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
f5ff53b4 1753 void *msg_control, struct iov_iter *from,
5503fcec 1754 int noblock, bool more)
1da177e4 1755{
09640e63 1756 struct tun_pi pi = { 0, cpu_to_be16(ETH_P_IP) };
1da177e4 1757 struct sk_buff *skb;
f5ff53b4 1758 size_t total_len = iov_iter_count(from);
eaea34b2 1759 size_t len = total_len, align = tun->align, linear;
f43798c2 1760 struct virtio_net_hdr gso = { 0 };
608b9977 1761 struct tun_pcpu_stats *stats;
96f8d9ec 1762 int good_linear;
0690899b
MT		 1763 int copylen;
1764 bool zerocopy = false;
1765 int err;
96f84061 1766 u32 rxhash = 0;
1cfe6e93 1767 int skb_xdp = 1;
af3fb24e 1768 bool frags = tun_napi_frags_enabled(tfile);
1da177e4 1769
40630b82 1770 if (!(tun->flags & IFF_NO_PI)) {
15718ea0 1771 if (len < sizeof(pi))
1da177e4 1772 return -EINVAL;
15718ea0 1773 len -= sizeof(pi);
1da177e4 1774
cbbd26b8 1775 if (!copy_from_iter_full(&pi, sizeof(pi), from))
1da177e4
LT		 1776 return -EFAULT;
1777 }
1778
40630b82 1779 if (tun->flags & IFF_VNET_HDR) {
e1edab87
WB		 1780 int vnet_hdr_sz = READ_ONCE(tun->vnet_hdr_sz);
1781
1782 if (len < vnet_hdr_sz)
f43798c2 1783 return -EINVAL;
e1edab87 1784 len -= vnet_hdr_sz;
f43798c2 1785
cbbd26b8 1786 if (!copy_from_iter_full(&gso, sizeof(gso), from))
f43798c2
RR		 1787 return -EFAULT;
1788
4909122f 1789 if ((gso.flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) &&
56f0dcc5
MT		 1790 tun16_to_cpu(tun, gso.csum_start) + tun16_to_cpu(tun, gso.csum_offset) + 2 > tun16_to_cpu(tun, gso.hdr_len))
1791 gso.hdr_len = cpu_to_tun16(tun, tun16_to_cpu(tun, gso.csum_start) + tun16_to_cpu(tun, gso.csum_offset) + 2);
4909122f 1792
56f0dcc5 1793 if (tun16_to_cpu(tun, gso.hdr_len) > len)
f43798c2 1794 return -EINVAL;
e1edab87 1795 iov_iter_advance(from, vnet_hdr_sz - sizeof(gso));
f43798c2
RR		 1796 }
1797
40630b82 1798 if ((tun->flags & TUN_TYPE_MASK) == IFF_TAP) {
a504b86e 1799 align += NET_IP_ALIGN;
0eca93bc 1800 if (unlikely(len < ETH_HLEN ||
56f0dcc5 1801 (gso.hdr_len && tun16_to_cpu(tun, gso.hdr_len) < ETH_HLEN)))
e01bf1c8
RR		 1802 return -EINVAL;
1803 }
6aa20a22 1804
96f8d9ec
JW		 1805 good_linear = SKB_MAX_HEAD(align);
1806
88529176 1807 if (msg_control) {
f5ff53b4
AV		 1808 struct iov_iter i = *from;
1809
88529176
JW		 1810 /* There are 256 bytes to be copied in skb, so there is
1811 * enough room for skb expand head in case it is used.
0690899b
MT		 1812 * The rest of the buffer is mapped from userspace.
1813 */
56f0dcc5 1814 copylen = gso.hdr_len ? tun16_to_cpu(tun, gso.hdr_len) : GOODCOPY_LEN;
96f8d9ec
JW		 1815 if (copylen > good_linear)
1816 copylen = good_linear;
3dd5c330 1817 linear = copylen;
f5ff53b4
AV		 1818 iov_iter_advance(&i, copylen);
1819 if (iov_iter_npages(&i, INT_MAX) <= MAX_SKB_FRAGS)
88529176
JW		 1820 zerocopy = true;
1821 }
1822
90e33d45 1823 if (!frags && tun_can_build_skb(tun, tfile, len, noblock, zerocopy)) {
1cfe6e93
JW		 1824 /* For the packet that is not easy to be processed
1825 * (e.g gso or jumbo packet), we will do it at after
1826 * skb was created with generic XDP routine.
1827 */
1828 skb = tun_build_skb(tun, tfile, from, &gso, len, &skb_xdp);
66ccbc9c 1829 if (IS_ERR(skb)) {
608b9977 1830 this_cpu_inc(tun->pcpu_stats->rx_dropped);
66ccbc9c
JW		 1831 return PTR_ERR(skb);
1832 }
761876c8
JW		 1833 if (!skb)
1834 return total_len;
66ccbc9c
JW		 1835 } else {
1836 if (!zerocopy) {
1837 copylen = len;
1838 if (tun16_to_cpu(tun, gso.hdr_len) > good_linear)
1839 linear = good_linear;
1840 else
1841 linear = tun16_to_cpu(tun, gso.hdr_len);
1842 }
1da177e4 1843
90e33d45
PP		 1844 if (frags) {
1845 mutex_lock(&tfile->napi_mutex);
1846 skb = tun_napi_alloc_frags(tfile, copylen, from);
1847 /* tun_napi_alloc_frags() enforces a layout for the skb.
1848 * If zerocopy is enabled, then this layout will be
1849 * overwritten by zerocopy_sg_from_iter().
1850 */
1851 zerocopy = false;
1852 } else {
1853 skb = tun_alloc_skb(tfile, align, copylen, linear,
1854 noblock);
1855 }
1856
66ccbc9c
JW		 1857 if (IS_ERR(skb)) {
1858 if (PTR_ERR(skb) != -EAGAIN)
1859 this_cpu_inc(tun->pcpu_stats->rx_dropped);
90e33d45
PP		 1860 if (frags)
1861 mutex_unlock(&tfile->napi_mutex);
66ccbc9c
JW		 1862 return PTR_ERR(skb);
1863 }
0690899b 1864
66ccbc9c
JW		 1865 if (zerocopy)
1866 err = zerocopy_sg_from_iter(skb, from);
1867 else
1868 err = skb_copy_datagram_from_iter(skb, 0, from, len);
1869
1870 if (err) {
4477138f
ED		 1871 err = -EFAULT;
1872drop:
66ccbc9c
JW		 1873 this_cpu_inc(tun->pcpu_stats->rx_dropped);
1874 kfree_skb(skb);
90e33d45
PP		 1875 if (frags) {
1876 tfile->napi.skb = NULL;
1877 mutex_unlock(&tfile->napi_mutex);
1878 }
1879
4477138f 1880 return err;
66ccbc9c 1881 }
8f22757e 1882 }
1da177e4 1883
3e9e40e7 1884 if (virtio_net_hdr_to_skb(skb, &gso, tun_is_little_endian(tun))) {
df10db98
PA		 1885 this_cpu_inc(tun->pcpu_stats->rx_frame_errors);
1886 kfree_skb(skb);
90e33d45
PP		 1887 if (frags) {
1888 tfile->napi.skb = NULL;
1889 mutex_unlock(&tfile->napi_mutex);
1890 }
1891
df10db98
PA		 1892 return -EINVAL;
1893 }
1894
1da177e4 1895 switch (tun->flags & TUN_TYPE_MASK) {
40630b82
MT		 1896 case IFF_TUN:
1897 if (tun->flags & IFF_NO_PI) {
2580c4c1
AP		 1898 u8 ip_version = skb->len ? (skb->data[0] >> 4) : 0;
1899
1900 switch (ip_version) {
1901 case 4:
f09f7ee2
AWC		 1902 pi.proto = htons(ETH_P_IP);
1903 break;
2580c4c1 1904 case 6:
f09f7ee2
AWC		 1905 pi.proto = htons(ETH_P_IPV6);
1906 break;
1907 default:
608b9977 1908 this_cpu_inc(tun->pcpu_stats->rx_dropped);
f09f7ee2
AWC		 1909 kfree_skb(skb);
1910 return -EINVAL;
1911 }
1912 }
1913
459a98ed 1914 skb_reset_mac_header(skb);
1da177e4 1915 skb->protocol = pi.proto;
4c13eb66 1916 skb->dev = tun->dev;
1da177e4 1917 break;
40630b82 1918 case IFF_TAP:
90e33d45
PP		 1919 if (!frags)
1920 skb->protocol = eth_type_trans(skb, tun->dev);
1da177e4 1921 break;
6403eab1 1922 }
1da177e4 1923
0690899b
MT		 1924 /* copy skb_ubuf_info for callback when skb has no error */
1925 if (zerocopy) {
1926 skb_shinfo(skb)->destructor_arg = msg_control;
1927 skb_shinfo(skb)->tx_flags |= SKBTX_DEV_ZEROCOPY;
c9af6db4 1928 skb_shinfo(skb)->tx_flags |= SKBTX_SHARED_FRAG;
af1cc7a2
JW		 1929 } else if (msg_control) {
1930 struct ubuf_info *uarg = msg_control;
1931 uarg->callback(uarg, false);
0690899b
MT		 1932 }
1933
72f65107 1934 skb_reset_network_header(skb);
d2aa125d 1935 skb_probe_transport_header(skb);
38502af7 1936
1cfe6e93 1937 if (skb_xdp) {
761876c8
JW		 1938 struct bpf_prog *xdp_prog;
1939 int ret;
1940
6547e387 1941 local_bh_disable();
761876c8
JW		 1942 rcu_read_lock();
1943 xdp_prog = rcu_dereference(tun->xdp_prog);
1944 if (xdp_prog) {
1945 ret = do_xdp_generic(xdp_prog, skb);
1946 if (ret != XDP_PASS) {
1947 rcu_read_unlock();
6547e387 1948 local_bh_enable();
761876c8
JW		 1949 return total_len;
1950 }
1951 }
1952 rcu_read_unlock();
6547e387 1953 local_bh_enable();
761876c8
JW		 1954 }
1955
cf1a1e07
PA		 1956 /* Compute the costly rx hash only if needed for flow updates.
1957 * We may get a very small possibility of OOO during switching, not
1958 * worth to optimize.
1959 */
1960 if (!rcu_access_pointer(tun->steering_prog) && tun->numqueues > 1 &&
1961 !tfile->detached)
96f84061 1962 rxhash = __skb_get_hash_symmetric(skb);
94317099 1963
4477138f
ED		 1964 rcu_read_lock();
1965 if (unlikely(!(tun->dev->flags & IFF_UP))) {
1966 err = -EIO;
9180bb4f 1967 rcu_read_unlock();
4477138f
ED		 1968 goto drop;
1969 }
1970
90e33d45
PP		 1971 if (frags) {
1972 /* Exercise flow dissector code path. */
c43f1255
SF		 1973 u32 headlen = eth_get_headlen(tun->dev, skb->data,
1974 skb_headlen(skb));
90e33d45 1975
010f245b 1976 if (unlikely(headlen > skb_headlen(skb))) {
90e33d45
PP		 1977 this_cpu_inc(tun->pcpu_stats->rx_dropped);
1978 napi_free_frags(&tfile->napi);
4477138f 1979 rcu_read_unlock();
90e33d45
PP		 1980 mutex_unlock(&tfile->napi_mutex);
1981 WARN_ON(1);
1982 return -ENOMEM;
1983 }
1984
1985 local_bh_disable();
1986 napi_gro_frags(&tfile->napi);
1987 local_bh_enable();
1988 mutex_unlock(&tfile->napi_mutex);
aec72f33 1989 } else if (tfile->napi_enabled) {
94317099
PP		 1990 struct sk_buff_head *queue = &tfile->sk.sk_write_queue;
1991 int queue_len;
1992
1993 spin_lock_bh(&queue->lock);
1994 __skb_queue_tail(queue, skb);
1995 queue_len = skb_queue_len(queue);
1996 spin_unlock(&queue->lock);
1997
1998 if (!more || queue_len > NAPI_POLL_WEIGHT)
1999 napi_schedule(&tfile->napi);
2000
2001 local_bh_enable();
2002 } else if (!IS_ENABLED(CONFIG_4KSTACKS)) {
2003 tun_rx_batched(tun, tfile, skb, more);
2004 } else {
2005 netif_rx_ni(skb);
2006 }
4477138f 2007 rcu_read_unlock();
6aa20a22 2008
608b9977
PA		 2009 stats = get_cpu_ptr(tun->pcpu_stats);
2010 u64_stats_update_begin(&stats->syncp);
2011 stats->rx_packets++;
2012 stats->rx_bytes += len;
2013 u64_stats_update_end(&stats->syncp);
2014 put_cpu_ptr(stats);
1da177e4 2015
96f84061
JW		 2016 if (rxhash)
2017 tun_flow_update(tun, rxhash, tfile);
2018
0690899b 2019 return total_len;
6aa20a22 2020}
1da177e4 2021
f5ff53b4 2022static ssize_t tun_chr_write_iter(struct kiocb *iocb, struct iov_iter *from)
1da177e4 2023{
33dccbb0 2024 struct file *file = iocb->ki_filp;
54f968d6 2025 struct tun_file *tfile = file->private_data;
9484dc74 2026 struct tun_struct *tun = tun_get(tfile);
631ab46b 2027 ssize_t result;
1da177e4
LT		 2028
2029 if (!tun)
2030 return -EBADFD;
2031
5503fcec
JW		 2032 result = tun_get_user(tun, tfile, NULL, from,
2033 file->f_flags & O_NONBLOCK, false);
631ab46b
EB		 2034
2035 tun_put(tun);
2036 return result;
1da177e4
LT		 2037}
2038
fc72d1d5
JW		 2039static ssize_t tun_put_user_xdp(struct tun_struct *tun,
2040 struct tun_file *tfile,
1ffcbc85 2041 struct xdp_frame *xdp_frame,
fc72d1d5
JW		 2042 struct iov_iter *iter)
2043{
2044 int vnet_hdr_sz = 0;
1ffcbc85 2045 size_t size = xdp_frame->len;
fc72d1d5
JW		 2046 struct tun_pcpu_stats *stats;
2047 size_t ret;
2048
2049 if (tun->flags & IFF_VNET_HDR) {
2050 struct virtio_net_hdr gso = { 0 };
2051
2052 vnet_hdr_sz = READ_ONCE(tun->vnet_hdr_sz);
2053 if (unlikely(iov_iter_count(iter) < vnet_hdr_sz))
2054 return -EINVAL;
2055 if (unlikely(copy_to_iter(&gso, sizeof(gso), iter) !=
2056 sizeof(gso)))
2057 return -EFAULT;
2058 iov_iter_advance(iter, vnet_hdr_sz - sizeof(gso));
2059 }
2060
1ffcbc85 2061 ret = copy_to_iter(xdp_frame->data, size, iter) + vnet_hdr_sz;
fc72d1d5
JW		 2062
2063 stats = get_cpu_ptr(tun->pcpu_stats);
2064 u64_stats_update_begin(&stats->syncp);
2065 stats->tx_packets++;
2066 stats->tx_bytes += ret;
2067 u64_stats_update_end(&stats->syncp);
2068 put_cpu_ptr(tun->pcpu_stats);
2069
2070 return ret;
2071}
2072
1da177e4 2073/* Put packet to the user space buffer */
6f7c156c 2074static ssize_t tun_put_user(struct tun_struct *tun,
54f968d6 2075 struct tun_file *tfile,
6f7c156c 2076 struct sk_buff *skb,
e0b46d0e 2077 struct iov_iter *iter)
1da177e4
LT		 2078{
2079 struct tun_pi pi = { 0, skb->protocol };
608b9977 2080 struct tun_pcpu_stats *stats;
e0b46d0e 2081 ssize_t total;
8c847d25 2082 int vlan_offset = 0;
a8f9bfdf 2083 int vlan_hlen = 0;
2eb783c4 2084 int vnet_hdr_sz = 0;
a8f9bfdf 2085
df8a39de 2086 if (skb_vlan_tag_present(skb))
a8f9bfdf 2087 vlan_hlen = VLAN_HLEN;
1da177e4 2088
40630b82 2089 if (tun->flags & IFF_VNET_HDR)
e1edab87 2090 vnet_hdr_sz = READ_ONCE(tun->vnet_hdr_sz);
1da177e4 2091
e0b46d0e
HX		 2092 total = skb->len + vlan_hlen + vnet_hdr_sz;
2093
40630b82 2094 if (!(tun->flags & IFF_NO_PI)) {
e0b46d0e 2095 if (iov_iter_count(iter) < sizeof(pi))
1da177e4
LT		 2096 return -EINVAL;
2097
e0b46d0e
HX		 2098 total += sizeof(pi);
2099 if (iov_iter_count(iter) < total) {
1da177e4
LT		 2100 /* Packet will be striped */
2101 pi.flags |= TUN_PKT_STRIP;
2102 }
6aa20a22 2103
e0b46d0e 2104 if (copy_to_iter(&pi, sizeof(pi), iter) != sizeof(pi))
1da177e4 2105 return -EFAULT;
6aa20a22 2106 }
1da177e4 2107
2eb783c4 2108 if (vnet_hdr_sz) {
9403cd7c 2109 struct virtio_net_hdr gso;
34166093 2110
e0b46d0e 2111 if (iov_iter_count(iter) < vnet_hdr_sz)
f43798c2
RR		 2112 return -EINVAL;
2113
3e9e40e7 2114 if (virtio_net_hdr_from_skb(skb, &gso,
fd3a8862
WB		 2115 tun_is_little_endian(tun), true,
2116 vlan_hlen)) {
f43798c2 2117 struct skb_shared_info *sinfo = skb_shinfo(skb);
34166093
MR		 2118 pr_err("unexpected GSO type: "
2119 "0x%x, gso_size %d, hdr_len %d\n",
2120 sinfo->gso_type, tun16_to_cpu(tun, gso.gso_size),
2121 tun16_to_cpu(tun, gso.hdr_len));
2122 print_hex_dump(KERN_ERR, "tun: ",
2123 DUMP_PREFIX_NONE,
2124 16, 1, skb->head,
2125 min((int)tun16_to_cpu(tun, gso.hdr_len), 64), true);
2126 WARN_ON_ONCE(1);
2127 return -EINVAL;
2128 }
f43798c2 2129
e0b46d0e 2130 if (copy_to_iter(&gso, sizeof(gso), iter) != sizeof(gso))
f43798c2 2131 return -EFAULT;
8c847d25
JW		 2132
2133 iov_iter_advance(iter, vnet_hdr_sz - sizeof(gso));
f43798c2
RR		 2134 }
2135
a8f9bfdf 2136 if (vlan_hlen) {
e0b46d0e 2137 int ret;
aff3d70a 2138 struct veth veth;
6680ec68
JW		 2139
2140 veth.h_vlan_proto = skb->vlan_proto;
df8a39de 2141 veth.h_vlan_TCI = htons(skb_vlan_tag_get(skb));
6680ec68
JW		 2142
2143 vlan_offset = offsetof(struct vlan_ethhdr, h_vlan_proto);
6680ec68 2144
e0b46d0e
HX		 2145 ret = skb_copy_datagram_iter(skb, 0, iter, vlan_offset);
2146 if (ret || !iov_iter_count(iter))
6680ec68
JW		 2147 goto done;
2148
e0b46d0e
HX		 2149 ret = copy_to_iter(&veth, sizeof(veth), iter);
2150 if (ret != sizeof(veth) || !iov_iter_count(iter))
6680ec68
JW		 2151 goto done;
2152 }
1da177e4 2153
e0b46d0e 2154 skb_copy_datagram_iter(skb, vlan_offset, iter, skb->len - vlan_offset);
1da177e4 2155
6680ec68 2156done:
608b9977
PA		 2157 /* caller is in process context, */
2158 stats = get_cpu_ptr(tun->pcpu_stats);
2159 u64_stats_update_begin(&stats->syncp);
2160 stats->tx_packets++;
2161 stats->tx_bytes += skb->len + vlan_hlen;
2162 u64_stats_update_end(&stats->syncp);
2163 put_cpu_ptr(tun->pcpu_stats);
1da177e4
LT		 2164
2165 return total;
2166}
2167
fc72d1d5 2168static void *tun_ring_recv(struct tun_file *tfile, int noblock, int *err)
1576d986
JW		 2169{
2170 DECLARE_WAITQUEUE(wait, current);
fc72d1d5 2171 void *ptr = NULL;
f48cc6b2 2172 int error = 0;
1576d986 2173
fc72d1d5
JW		 2174 ptr = ptr_ring_consume(&tfile->tx_ring);
2175 if (ptr)
1576d986
JW		 2176 goto out;
2177 if (noblock) {
f48cc6b2 2178 error = -EAGAIN;
1576d986
JW		 2179 goto out;
2180 }
2181
2182 add_wait_queue(&tfile->wq.wait, &wait);
1576d986
JW		 2183
2184 while (1) {
71828b22 2185 set_current_state(TASK_INTERRUPTIBLE);
fc72d1d5
JW		 2186 ptr = ptr_ring_consume(&tfile->tx_ring);
2187 if (ptr)
1576d986
JW		 2188 break;
2189 if (signal_pending(current)) {
f48cc6b2 2190 error = -ERESTARTSYS;
1576d986
JW		 2191 break;
2192 }
2193 if (tfile->socket.sk->sk_shutdown & RCV_SHUTDOWN) {
f48cc6b2 2194 error = -EFAULT;
1576d986
JW		 2195 break;
2196 }
2197
2198 schedule();
2199 }
2200
ecef67cb 2201 __set_current_state(TASK_RUNNING);
1576d986
JW		 2202 remove_wait_queue(&tfile->wq.wait, &wait);
2203
2204out:
f48cc6b2 2205 *err = error;
fc72d1d5 2206 return ptr;
1576d986
JW		 2207}
2208
54f968d6 2209static ssize_t tun_do_read(struct tun_struct *tun, struct tun_file *tfile,
9b067034 2210 struct iov_iter *to,
fc72d1d5 2211 int noblock, void *ptr)
1da177e4 2212{
9b067034 2213 ssize_t ret;
1576d986 2214 int err;
1da177e4 2215
3872baf6 2216 tun_debug(KERN_INFO, tun, "tun_do_read\n");
1da177e4 2217
c33ee15b 2218 if (!iov_iter_count(to)) {
fc72d1d5 2219 tun_ptr_free(ptr);
9b067034 2220 return 0;
c33ee15b 2221 }
1da177e4 2222
fc72d1d5 2223 if (!ptr) {
ac77cfd4 2224 /* Read frames from ring */
fc72d1d5
JW		 2225 ptr = tun_ring_recv(tfile, noblock, &err);
2226 if (!ptr)
ac77cfd4
JW		 2227 return err;
2228 }
e0b46d0e 2229
1ffcbc85
JDB		 2230 if (tun_is_xdp_frame(ptr)) {
2231 struct xdp_frame *xdpf = tun_ptr_to_xdp(ptr);
fc72d1d5 2232
1ffcbc85 2233 ret = tun_put_user_xdp(tun, tfile, xdpf, to);
03993094 2234 xdp_return_frame(xdpf);
fc72d1d5
JW		 2235 } else {
2236 struct sk_buff *skb = ptr;
2237
2238 ret = tun_put_user(tun, tfile, skb, to);
2239 if (unlikely(ret < 0))
2240 kfree_skb(skb);
2241 else
2242 consume_skb(skb);
2243 }
1da177e4 2244
05c2828c
MT		 2245 return ret;
2246}
2247
9b067034 2248static ssize_t tun_chr_read_iter(struct kiocb *iocb, struct iov_iter *to)
05c2828c
MT		 2249{
2250 struct file *file = iocb->ki_filp;
2251 struct tun_file *tfile = file->private_data;
9484dc74 2252 struct tun_struct *tun = tun_get(tfile);
9b067034 2253 ssize_t len = iov_iter_count(to), ret;
05c2828c
MT		 2254
2255 if (!tun)
2256 return -EBADFD;
ac77cfd4 2257 ret = tun_do_read(tun, tfile, to, file->f_flags & O_NONBLOCK, NULL);
42404c09 2258 ret = min_t(ssize_t, ret, len);
d0b7da8a
ZYW		 2259 if (ret > 0)
2260 iocb->ki_pos = ret;
631ab46b 2261 tun_put(tun);
1da177e4
LT		 2262 return ret;
2263}
2264
cd5681d7 2265static void tun_prog_free(struct rcu_head *rcu)
96f84061 2266{
cd5681d7 2267 struct tun_prog *prog = container_of(rcu, struct tun_prog, rcu);
96f84061
JW		 2268
2269 bpf_prog_destroy(prog->prog);
2270 kfree(prog);
2271}
2272
9d6474e4
JW		 2273static int __tun_set_ebpf(struct tun_struct *tun,
2274 struct tun_prog __rcu **prog_p,
cd5681d7 2275 struct bpf_prog *prog)
96f84061 2276{
cd5681d7 2277 struct tun_prog *old, *new = NULL;
96f84061
JW		 2278
2279 if (prog) {
2280 new = kmalloc(sizeof(*new), GFP_KERNEL);
2281 if (!new)
2282 return -ENOMEM;
2283 new->prog = prog;
2284 }
2285
124da8f6 2286 spin_lock_bh(&tun->lock);
cd5681d7 2287 old = rcu_dereference_protected(*prog_p,
124da8f6 2288 lockdep_is_held(&tun->lock));
cd5681d7 2289 rcu_assign_pointer(*prog_p, new);
124da8f6 2290 spin_unlock_bh(&tun->lock);
96f84061
JW		 2291
2292 if (old)
cd5681d7 2293 call_rcu(&old->rcu, tun_prog_free);
96f84061
JW		 2294
2295 return 0;
2296}
2297
96442e42
JW		 2298static void tun_free_netdev(struct net_device *dev)
2299{
2300 struct tun_struct *tun = netdev_priv(dev);
2301
4008e97f 2302 BUG_ON(!(list_empty(&tun->disabled)));
608b9977 2303 free_percpu(tun->pcpu_stats);
96442e42 2304 tun_flow_uninit(tun);
5dbbaf2d 2305 security_tun_dev_free_security(tun->security);
cd5681d7 2306 __tun_set_ebpf(tun, &tun->steering_prog, NULL);
aff3d70a 2307 __tun_set_ebpf(tun, &tun->filter_prog, NULL);
96442e42
JW		 2308}
2309
1da177e4
LT		 2310static void tun_setup(struct net_device *dev)
2311{
2312 struct tun_struct *tun = netdev_priv(dev);
2313
0625c883
EB		 2314 tun->owner = INVALID_UID;
2315 tun->group = INVALID_GID;
4e24f2dd 2316 tun_default_link_ksettings(dev, &tun->link_ksettings);
1da177e4 2317
1da177e4 2318 dev->ethtool_ops = &tun_ethtool_ops;
cf124db5
DM		 2319 dev->needs_free_netdev = true;
2320 dev->priv_destructor = tun_free_netdev;
016adb72
JW		 2321 /* We prefer our own queue length */
2322 dev->tx_queue_len = TUN_READQ_SIZE;
1da177e4
LT		 2323}
2324
f019a7a5
EB		 2325/* Trivial set of netlink ops to allow deleting tun or tap
2326 * device with netlink.
2327 */
a8b8a889
MS		 2328static int tun_validate(struct nlattr *tb[], struct nlattr *data[],
2329 struct netlink_ext_ack *extack)
f019a7a5 2330{
35b827b6
ND		 2331 NL_SET_ERR_MSG(extack,
2332 "tun/tap creation via rtnetlink is not supported.");
2333 return -EOPNOTSUPP;
f019a7a5
EB		 2334}
2335
1ec010e7
SD		 2336static size_t tun_get_size(const struct net_device *dev)
2337{
2338 BUILD_BUG_ON(sizeof(u32) != sizeof(uid_t));
2339 BUILD_BUG_ON(sizeof(u32) != sizeof(gid_t));
2340
2341 return nla_total_size(sizeof(uid_t)) + /* OWNER */
2342 nla_total_size(sizeof(gid_t)) + /* GROUP */
2343 nla_total_size(sizeof(u8)) + /* TYPE */
2344 nla_total_size(sizeof(u8)) + /* PI */
2345 nla_total_size(sizeof(u8)) + /* VNET_HDR */
2346 nla_total_size(sizeof(u8)) + /* PERSIST */
2347 nla_total_size(sizeof(u8)) + /* MULTI_QUEUE */
2348 nla_total_size(sizeof(u32)) + /* NUM_QUEUES */
2349 nla_total_size(sizeof(u32)) + /* NUM_DISABLED_QUEUES */
2350 0;
2351}
2352
2353static int tun_fill_info(struct sk_buff *skb, const struct net_device *dev)
2354{
2355 struct tun_struct *tun = netdev_priv(dev);
2356
2357 if (nla_put_u8(skb, IFLA_TUN_TYPE, tun->flags & TUN_TYPE_MASK))
2358 goto nla_put_failure;
2359 if (uid_valid(tun->owner) &&
2360 nla_put_u32(skb, IFLA_TUN_OWNER,
2361 from_kuid_munged(current_user_ns(), tun->owner)))
2362 goto nla_put_failure;
2363 if (gid_valid(tun->group) &&
2364 nla_put_u32(skb, IFLA_TUN_GROUP,
2365 from_kgid_munged(current_user_ns(), tun->group)))
2366 goto nla_put_failure;
2367 if (nla_put_u8(skb, IFLA_TUN_PI, !(tun->flags & IFF_NO_PI)))
2368 goto nla_put_failure;
2369 if (nla_put_u8(skb, IFLA_TUN_VNET_HDR, !!(tun->flags & IFF_VNET_HDR)))
2370 goto nla_put_failure;
2371 if (nla_put_u8(skb, IFLA_TUN_PERSIST, !!(tun->flags & IFF_PERSIST)))
2372 goto nla_put_failure;
2373 if (nla_put_u8(skb, IFLA_TUN_MULTI_QUEUE,
2374 !!(tun->flags & IFF_MULTI_QUEUE)))
2375 goto nla_put_failure;
2376 if (tun->flags & IFF_MULTI_QUEUE) {
2377 if (nla_put_u32(skb, IFLA_TUN_NUM_QUEUES, tun->numqueues))
2378 goto nla_put_failure;
2379 if (nla_put_u32(skb, IFLA_TUN_NUM_DISABLED_QUEUES,
2380 tun->numdisabled))
2381 goto nla_put_failure;
2382 }
2383
2384 return 0;
2385
2386nla_put_failure:
2387 return -EMSGSIZE;
2388}
2389
f019a7a5
EB		 2390static struct rtnl_link_ops tun_link_ops __read_mostly = {
2391 .kind = DRV_NAME,
2392 .priv_size = sizeof(struct tun_struct),
2393 .setup = tun_setup,
2394 .validate = tun_validate,
1ec010e7
SD		 2395 .get_size = tun_get_size,
2396 .fill_info = tun_fill_info,
f019a7a5
EB		 2397};
2398
33dccbb0
HX		 2399static void tun_sock_write_space(struct sock *sk)
2400{
54f968d6 2401 struct tun_file *tfile;
43815482 2402 wait_queue_head_t *wqueue;
33dccbb0
HX		 2403
2404 if (!sock_writeable(sk))
2405 return;
2406
9cd3e072 2407 if (!test_and_clear_bit(SOCKWQ_ASYNC_NOSPACE, &sk->sk_socket->flags))
33dccbb0
HX		 2408 return;
2409
43815482
ED		 2410 wqueue = sk_sleep(sk);
2411 if (wqueue && waitqueue_active(wqueue))
a9a08845
LT		 2412 wake_up_interruptible_sync_poll(wqueue, EPOLLOUT |
2413 EPOLLWRNORM | EPOLLWRBAND);
c722c625 2414
54f968d6
JW		 2415 tfile = container_of(sk, struct tun_file, sk);
2416 kill_fasync(&tfile->fasync, SIGIO, POLL_OUT);
33dccbb0
HX		 2417}
2418
f9e06c45
JW		 2419static void tun_put_page(struct tun_page *tpage)
2420{
2421 if (tpage->page)
2422 __page_frag_cache_drain(tpage->page, tpage->count);
2423}
2424
043d222f
JW		 2425static int tun_xdp_one(struct tun_struct *tun,
2426 struct tun_file *tfile,
f9e06c45
JW		 2427 struct xdp_buff *xdp, int *flush,
2428 struct tun_page *tpage)
043d222f 2429{
4e4b08e5 2430 unsigned int datasize = xdp->data_end - xdp->data;
043d222f
JW		 2431 struct tun_xdp_hdr *hdr = xdp->data_hard_start;
2432 struct virtio_net_hdr *gso = &hdr->gso;
2433 struct tun_pcpu_stats *stats;
2434 struct bpf_prog *xdp_prog;
2435 struct sk_buff *skb = NULL;
2436 u32 rxhash = 0, act;
2437 int buflen = hdr->buflen;
2438 int err = 0;
2439 bool skb_xdp = false;
f9e06c45 2440 struct page *page;
043d222f
JW		 2441
2442 xdp_prog = rcu_dereference(tun->xdp_prog);
2443 if (xdp_prog) {
2444 if (gso->gso_type) {
2445 skb_xdp = true;
2446 goto build;
2447 }
2448 xdp_set_data_meta_invalid(xdp);
2449 xdp->rxq = &tfile->xdp_rxq;
2450
2451 act = bpf_prog_run_xdp(xdp_prog, xdp);
2452 err = tun_xdp_act(tun, xdp_prog, xdp, act);
2453 if (err < 0) {
2454 put_page(virt_to_head_page(xdp->data));
2455 return err;
2456 }
2457
2458 switch (err) {
2459 case XDP_REDIRECT:
2460 *flush = true;
2461 /* fall through */
2462 case XDP_TX:
2463 return 0;
2464 case XDP_PASS:
2465 break;
2466 default:
f9e06c45
JW		 2467 page = virt_to_head_page(xdp->data);
2468 if (tpage->page == page) {
2469 ++tpage->count;
2470 } else {
2471 tun_put_page(tpage);
2472 tpage->page = page;
2473 tpage->count = 1;
2474 }
043d222f
JW		 2475 return 0;
2476 }
2477 }
2478
2479build:
2480 skb = build_skb(xdp->data_hard_start, buflen);
2481 if (!skb) {
2482 err = -ENOMEM;
2483 goto out;
2484 }
2485
2486 skb_reserve(skb, xdp->data - xdp->data_hard_start);
2487 skb_put(skb, xdp->data_end - xdp->data);
2488
2489 if (virtio_net_hdr_to_skb(skb, gso, tun_is_little_endian(tun))) {
2490 this_cpu_inc(tun->pcpu_stats->rx_frame_errors);
2491 kfree_skb(skb);
2492 err = -EINVAL;
2493 goto out;
2494 }
2495
2496 skb->protocol = eth_type_trans(skb, tun->dev);
2497 skb_reset_network_header(skb);
d2aa125d 2498 skb_probe_transport_header(skb);
043d222f
JW		 2499
2500 if (skb_xdp) {
2501 err = do_xdp_generic(xdp_prog, skb);
2502 if (err != XDP_PASS)
2503 goto out;
2504 }
2505
f29eb2a9
PA		 2506 if (!rcu_dereference(tun->steering_prog) && tun->numqueues > 1 &&
2507 !tfile->detached)
043d222f
JW		 2508 rxhash = __skb_get_hash_symmetric(skb);
2509
8ebebcba 2510 skb_record_rx_queue(skb, tfile->queue_index);
043d222f
JW		 2511 netif_receive_skb(skb);
2512
6342ca64
PB		 2513 /* No need for get_cpu_ptr() here since this function is
2514 * always called with bh disabled
2515 */
2516 stats = this_cpu_ptr(tun->pcpu_stats);
043d222f
JW		 2517 u64_stats_update_begin(&stats->syncp);
2518 stats->rx_packets++;
4e4b08e5 2519 stats->rx_bytes += datasize;
043d222f 2520 u64_stats_update_end(&stats->syncp);
043d222f
JW		 2521
2522 if (rxhash)
2523 tun_flow_update(tun, rxhash, tfile);
2524
2525out:
2526 return err;
2527}
2528
1b784140 2529static int tun_sendmsg(struct socket *sock, struct msghdr *m, size_t total_len)
05c2828c 2530{
043d222f 2531 int ret, i;
54f968d6 2532 struct tun_file *tfile = container_of(sock, struct tun_file, socket);
9484dc74 2533 struct tun_struct *tun = tun_get(tfile);
fe8dd45b 2534 struct tun_msg_ctl *ctl = m->msg_control;
043d222f 2535 struct xdp_buff *xdp;
54f968d6
JW		 2536
2537 if (!tun)
2538 return -EBADFD;
f5ff53b4 2539
043d222f 2540 if (ctl && (ctl->type == TUN_MSG_PTR)) {
6f0271d9 2541 struct tun_page tpage;
043d222f
JW		 2542 int n = ctl->num;
2543 int flush = 0;
2544
6f0271d9
DM		 2545 memset(&tpage, 0, sizeof(tpage));
2546
043d222f
JW		 2547 local_bh_disable();
2548 rcu_read_lock();
2549
2550 for (i = 0; i < n; i++) {
2551 xdp = &((struct xdp_buff *)ctl->ptr)[i];
f9e06c45 2552 tun_xdp_one(tun, tfile, xdp, &flush, &tpage);
043d222f
JW		 2553 }
2554
2555 if (flush)
2556 xdp_do_flush_map();
2557
2558 rcu_read_unlock();
2559 local_bh_enable();
2560
f9e06c45
JW		 2561 tun_put_page(&tpage);
2562
043d222f
JW		 2563 ret = total_len;
2564 goto out;
2565 }
fe8dd45b
JW		 2566
2567 ret = tun_get_user(tun, tfile, ctl ? ctl->ptr : NULL, &m->msg_iter,
5503fcec
JW		 2568 m->msg_flags & MSG_DONTWAIT,
2569 m->msg_flags & MSG_MORE);
043d222f 2570out:
54f968d6
JW		 2571 tun_put(tun);
2572 return ret;
05c2828c
MT		 2573}
2574
1b784140 2575static int tun_recvmsg(struct socket *sock, struct msghdr *m, size_t total_len,
05c2828c
MT		 2576 int flags)
2577{
54f968d6 2578 struct tun_file *tfile = container_of(sock, struct tun_file, socket);
9484dc74 2579 struct tun_struct *tun = tun_get(tfile);
fc72d1d5 2580 void *ptr = m->msg_control;
05c2828c 2581 int ret;
54f968d6 2582
c33ee15b
WX		 2583 if (!tun) {
2584 ret = -EBADFD;
fc72d1d5 2585 goto out_free;
c33ee15b 2586 }
54f968d6 2587
eda29772 2588 if (flags & ~(MSG_DONTWAIT|MSG_TRUNC|MSG_ERRQUEUE)) {
3811ae76 2589 ret = -EINVAL;
c33ee15b 2590 goto out_put_tun;
3811ae76 2591 }
eda29772
RC		 2592 if (flags & MSG_ERRQUEUE) {
2593 ret = sock_recv_errqueue(sock->sk, m, total_len,
2594 SOL_PACKET, TUN_TX_TIMESTAMP);
2595 goto out;
2596 }
fc72d1d5 2597 ret = tun_do_read(tun, tfile, &m->msg_iter, flags & MSG_DONTWAIT, ptr);
87897931 2598 if (ret > (ssize_t)total_len) {
42404c09
DM		 2599 m->msg_flags |= MSG_TRUNC;
2600 ret = flags & MSG_TRUNC ? ret : total_len;
2601 }
3811ae76 2602out:
54f968d6 2603 tun_put(tun);
05c2828c 2604 return ret;
c33ee15b
WX		 2605
2606out_put_tun:
2607 tun_put(tun);
fc72d1d5
JW		 2608out_free:
2609 tun_ptr_free(ptr);
c33ee15b 2610 return ret;
05c2828c
MT		 2611}
2612
fc72d1d5
JW		 2613static int tun_ptr_peek_len(void *ptr)
2614{
2615 if (likely(ptr)) {
1ffcbc85
JDB		 2616 if (tun_is_xdp_frame(ptr)) {
2617 struct xdp_frame *xdpf = tun_ptr_to_xdp(ptr);
fc72d1d5 2618
1ffcbc85 2619 return xdpf->len;
fc72d1d5
JW		 2620 }
2621 return __skb_array_len_with_tag(ptr);
2622 } else {
2623 return 0;
2624 }
2625}
2626
1576d986
JW		 2627static int tun_peek_len(struct socket *sock)
2628{
2629 struct tun_file *tfile = container_of(sock, struct tun_file, socket);
2630 struct tun_struct *tun;
2631 int ret = 0;
2632
9484dc74 2633 tun = tun_get(tfile);
1576d986
JW		 2634 if (!tun)
2635 return 0;
2636
fc72d1d5 2637 ret = PTR_RING_PEEK_CALL(&tfile->tx_ring, tun_ptr_peek_len);
1576d986
JW		 2638 tun_put(tun);
2639
2640 return ret;
2641}
2642
05c2828c
MT		 2643/* Ops structure to mimic raw sockets with tun */
2644static const struct proto_ops tun_socket_ops = {
1576d986 2645 .peek_len = tun_peek_len,
05c2828c
MT		 2646 .sendmsg = tun_sendmsg,
2647 .recvmsg = tun_recvmsg,
2648};
2649
33dccbb0
HX		 2650static struct proto tun_proto = {
2651 .name = "tun",
2652 .owner = THIS_MODULE,
54f968d6 2653 .obj_size = sizeof(struct tun_file),
33dccbb0 2654};
f019a7a5 2655
980c9e8c
DW		 2656static int tun_flags(struct tun_struct *tun)
2657{
031f5e03 2658 return tun->flags & (TUN_FEATURES | IFF_PERSIST | IFF_TUN | IFF_TAP);
980c9e8c
DW		 2659}
2660
2661static ssize_t tun_show_flags(struct device *dev, struct device_attribute *attr,
2662 char *buf)
2663{
2664 struct tun_struct *tun = netdev_priv(to_net_dev(dev));
2665 return sprintf(buf, "0x%x\n", tun_flags(tun));
2666}
2667
2668static ssize_t tun_show_owner(struct device *dev, struct device_attribute *attr,
2669 char *buf)
2670{
2671 struct tun_struct *tun = netdev_priv(to_net_dev(dev));
0625c883
EB		 2672 return uid_valid(tun->owner)?
2673 sprintf(buf, "%u\n",
2674 from_kuid_munged(current_user_ns(), tun->owner)):
2675 sprintf(buf, "-1\n");
980c9e8c
DW		 2676}
2677
2678static ssize_t tun_show_group(struct device *dev, struct device_attribute *attr,
2679 char *buf)
2680{
2681 struct tun_struct *tun = netdev_priv(to_net_dev(dev));
0625c883
EB		 2682 return gid_valid(tun->group) ?
2683 sprintf(buf, "%u\n",
2684 from_kgid_munged(current_user_ns(), tun->group)):
2685 sprintf(buf, "-1\n");
980c9e8c
DW		 2686}
2687
2688static DEVICE_ATTR(tun_flags, 0444, tun_show_flags, NULL);
2689static DEVICE_ATTR(owner, 0444, tun_show_owner, NULL);
2690static DEVICE_ATTR(group, 0444, tun_show_group, NULL);
2691
c4d33e24
TI		 2692static struct attribute *tun_dev_attrs[] = {
2693 &dev_attr_tun_flags.attr,
2694 &dev_attr_owner.attr,
2695 &dev_attr_group.attr,
2696 NULL
2697};
2698
2699static const struct attribute_group tun_attr_group = {
2700 .attrs = tun_dev_attrs
2701};
2702
d647a591 2703static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
1da177e4
LT		 2704{
2705 struct tun_struct *tun;
54f968d6 2706 struct tun_file *tfile = file->private_data;
1da177e4
LT		 2707 struct net_device *dev;
2708 int err;
2709
7c0c3b1a
JW		 2710 if (tfile->detached)
2711 return -EINVAL;
2712
90e33d45
PP		 2713 if ((ifr->ifr_flags & IFF_NAPI_FRAGS)) {
2714 if (!capable(CAP_NET_ADMIN))
2715 return -EPERM;
2716
2717 if (!(ifr->ifr_flags & IFF_NAPI) ||
2718 (ifr->ifr_flags & TUN_TYPE_MASK) != IFF_TAP)
2719 return -EINVAL;
2720 }
2721
74a3e5a7
EB		 2722 dev = __dev_get_by_name(net, ifr->ifr_name);
2723 if (dev) {
f85ba780
DW		 2724 if (ifr->ifr_flags & IFF_TUN_EXCL)
2725 return -EBUSY;
74a3e5a7
EB		 2726 if ((ifr->ifr_flags & IFF_TUN) && dev->netdev_ops == &tun_netdev_ops)
2727 tun = netdev_priv(dev);
2728 else if ((ifr->ifr_flags & IFF_TAP) && dev->netdev_ops == &tap_netdev_ops)
2729 tun = netdev_priv(dev);
2730 else
2731 return -EINVAL;
2732
8e6d91ae 2733 if (!!(ifr->ifr_flags & IFF_MULTI_QUEUE) !=
40630b82 2734 !!(tun->flags & IFF_MULTI_QUEUE))
8e6d91ae
JW		 2735 return -EINVAL;
2736
cde8b15f 2737 if (tun_not_capable(tun))
2b980dbd 2738 return -EPERM;
5dbbaf2d 2739 err = security_tun_dev_open(tun->security);
2b980dbd
PM		 2740 if (err < 0)
2741 return err;
2742
94317099 2743 err = tun_attach(tun, file, ifr->ifr_flags & IFF_NOFILTER,
af3fb24e
ED		 2744 ifr->ifr_flags & IFF_NAPI,
2745 ifr->ifr_flags & IFF_NAPI_FRAGS);
a7385ba2
EB		 2746 if (err < 0)
2747 return err;
4008e97f 2748
40630b82 2749 if (tun->flags & IFF_MULTI_QUEUE &&
e8dbad66
JW		 2750 (tun->numqueues + tun->numdisabled > 1)) {
2751 /* One or more queue has already been attached, no need
2752 * to initialize the device again.
2753 */
83c1f36f 2754 netdev_state_change(dev);
e8dbad66
JW		 2755 return 0;
2756 }
9fffc5c6
SD		 2757
2758 tun->flags = (tun->flags & ~TUN_FEATURES) |
2759 (ifr->ifr_flags & TUN_FEATURES);
83c1f36f
SD		 2760
2761 netdev_state_change(dev);
2762 } else {
1da177e4
LT		 2763 char *name;
2764 unsigned long flags = 0;
edfb6a14
JW		 2765 int queues = ifr->ifr_flags & IFF_MULTI_QUEUE ?
2766 MAX_TAP_QUEUES : 1;
1da177e4 2767
c260b772 2768 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
ca6bb5d7 2769 return -EPERM;
2b980dbd
PM		 2770 err = security_tun_dev_create();
2771 if (err < 0)
2772 return err;
ca6bb5d7 2773
1da177e4
LT		 2774 /* Set dev type */
2775 if (ifr->ifr_flags & IFF_TUN) {
2776 /* TUN device */
40630b82 2777 flags |= IFF_TUN;
1da177e4
LT		 2778 name = "tun%d";
2779 } else if (ifr->ifr_flags & IFF_TAP) {
2780 /* TAP device */
40630b82 2781 flags |= IFF_TAP;
1da177e4 2782 name = "tap%d";
6aa20a22 2783 } else
36989b90 2784 return -EINVAL;
6aa20a22 2785
1da177e4
LT		 2786 if (*ifr->ifr_name)
2787 name = ifr->ifr_name;
2788
c8d68e6b 2789 dev = alloc_netdev_mqs(sizeof(struct tun_struct), name,
c835a677
TG		 2790 NET_NAME_UNKNOWN, tun_setup, queues,
2791 queues);
edfb6a14 2792
1da177e4
LT		 2793 if (!dev)
2794 return -ENOMEM;
0ad646c8 2795 err = dev_get_valid_name(net, dev, name);
5c25f65f 2796 if (err < 0)
0ad646c8 2797 goto err_free_dev;
1da177e4 2798
fc54c658 2799 dev_net_set(dev, net);
f019a7a5 2800 dev->rtnl_link_ops = &tun_link_ops;
fb7589a1 2801 dev->ifindex = tfile->ifindex;
c4d33e24 2802 dev->sysfs_groups[0] = &tun_attr_group;
758e43b7 2803
1da177e4
LT		 2804 tun = netdev_priv(dev);
2805 tun->dev = dev;
2806 tun->flags = flags;
f271b2cc 2807 tun->txflt.count = 0;
d9d52b51 2808 tun->vnet_hdr_sz = sizeof(struct virtio_net_hdr);
33dccbb0 2809
eaea34b2 2810 tun->align = NET_SKB_PAD;
54f968d6
JW		 2811 tun->filter_attached = false;
2812 tun->sndbuf = tfile->socket.sk->sk_sndbuf;
5503fcec 2813 tun->rx_batched = 0;
96f84061 2814 RCU_INIT_POINTER(tun->steering_prog, NULL);
33dccbb0 2815
608b9977
PA		 2816 tun->pcpu_stats = netdev_alloc_pcpu_stats(struct tun_pcpu_stats);
2817 if (!tun->pcpu_stats) {
2818 err = -ENOMEM;
2819 goto err_free_dev;
2820 }
2821
96442e42
JW		 2822 spin_lock_init(&tun->lock);
2823
5dbbaf2d
PM		 2824 err = security_tun_dev_alloc_security(&tun->security);
2825 if (err < 0)
608b9977 2826 goto err_free_stat;
2b980dbd 2827
1da177e4 2828 tun_net_init(dev);
944a1376 2829 tun_flow_init(tun);
96442e42 2830
88255375 2831 dev->hw_features = NETIF_F_SG | NETIF_F_FRAGLIST |
6680ec68
JW		 2832 TUN_USER_FEATURES | NETIF_F_HW_VLAN_CTAG_TX |
2833 NETIF_F_HW_VLAN_STAG_TX;
2a2bbf17 2834 dev->features = dev->hw_features | NETIF_F_LLTX;
6671b224
FLVC		 2835 dev->vlan_features = dev->features &
2836 ~(NETIF_F_HW_VLAN_CTAG_TX |
2837 NETIF_F_HW_VLAN_STAG_TX);
88255375 2838
9fffc5c6
SD		 2839 tun->flags = (tun->flags & ~TUN_FEATURES) |
2840 (ifr->ifr_flags & TUN_FEATURES);
2841
4008e97f 2842 INIT_LIST_HEAD(&tun->disabled);
af3fb24e
ED		 2843 err = tun_attach(tun, file, false, ifr->ifr_flags & IFF_NAPI,
2844 ifr->ifr_flags & IFF_NAPI_FRAGS);
eb0fb363 2845 if (err < 0)
662ca437 2846 goto err_free_flow;
eb0fb363 2847
1da177e4
LT		 2848 err = register_netdevice(tun->dev);
2849 if (err < 0)
662ca437 2850 goto err_detach;
1da177e4
LT		 2851 }
2852
af668b3c
MT		 2853 netif_carrier_on(tun->dev);
2854
6b8a66ee 2855 tun_debug(KERN_INFO, tun, "tun_set_iff\n");
1da177e4 2856
e35259a9
MK		 2857 /* Make sure persistent devices do not get stuck in
2858 * xoff state.
2859 */
2860 if (netif_running(tun->dev))
c8d68e6b 2861 netif_tx_wake_all_queues(tun->dev);
e35259a9 2862
1da177e4
LT		 2863 strcpy(ifr->ifr_name, tun->dev->name);
2864 return 0;
2865
662ca437
JW		 2866err_detach:
2867 tun_detach_all(dev);
ff244c6b
ED		 2868 /* register_netdevice() already called tun_free_netdev() */
2869 goto err_free_dev;
2870
662ca437
JW		 2871err_free_flow:
2872 tun_flow_uninit(tun);
2873 security_tun_dev_free_security(tun->security);
608b9977
PA		 2874err_free_stat:
2875 free_percpu(tun->pcpu_stats);
662ca437 2876err_free_dev:
1da177e4 2877 free_netdev(dev);
1da177e4
LT		 2878 return err;
2879}
2880
12132768 2881static void tun_get_iff(struct tun_struct *tun, struct ifreq *ifr)
e3b99556 2882{
6b8a66ee 2883 tun_debug(KERN_INFO, tun, "tun_get_iff\n");
e3b99556
MM		 2884
2885 strcpy(ifr->ifr_name, tun->dev->name);
2886
980c9e8c 2887 ifr->ifr_flags = tun_flags(tun);
e3b99556 2888
e3b99556
MM		 2889}
2890
5228ddc9
RR		 2891/* This is like a cut-down ethtool ops, except done via tun fd so no
2892 * privs required. */
88255375 2893static int set_offload(struct tun_struct *tun, unsigned long arg)
5228ddc9 2894{
c8f44aff 2895 netdev_features_t features = 0;
5228ddc9
RR		 2896
2897 if (arg & TUN_F_CSUM) {
88255375 2898 features |= NETIF_F_HW_CSUM;
5228ddc9
RR		 2899 arg &= ~TUN_F_CSUM;
2900
2901 if (arg & (TUN_F_TSO4|TUN_F_TSO6)) {
2902 if (arg & TUN_F_TSO_ECN) {
2903 features |= NETIF_F_TSO_ECN;
2904 arg &= ~TUN_F_TSO_ECN;
2905 }
2906 if (arg & TUN_F_TSO4)
2907 features |= NETIF_F_TSO;
2908 if (arg & TUN_F_TSO6)
2909 features |= NETIF_F_TSO6;
2910 arg &= ~(TUN_F_TSO4|TUN_F_TSO6);
2911 }
0c19f846
WB		 2912
2913 arg &= ~TUN_F_UFO;
5228ddc9
RR		 2914 }
2915
2916 /* This gives the user a way to test for new features in future by
2917 * trying to set them. */
2918 if (arg)
2919 return -EINVAL;
2920
88255375 2921 tun->set_features = features;
09050957
YI		 2922 tun->dev->wanted_features &= ~TUN_USER_FEATURES;
2923 tun->dev->wanted_features |= features;
88255375 2924 netdev_update_features(tun->dev);
5228ddc9
RR		 2925
2926 return 0;
2927}
2928
c8d68e6b
JW		 2929static void tun_detach_filter(struct tun_struct *tun, int n)
2930{
2931 int i;
2932 struct tun_file *tfile;
2933
2934 for (i = 0; i < n; i++) {
b8deabd3 2935 tfile = rtnl_dereference(tun->tfiles[i]);
8ced425e
HFS		 2936 lock_sock(tfile->socket.sk);
2937 sk_detach_filter(tfile->socket.sk);
2938 release_sock(tfile->socket.sk);
c8d68e6b
JW		 2939 }
2940
2941 tun->filter_attached = false;
2942}
2943
2944static int tun_attach_filter(struct tun_struct *tun)
2945{
2946 int i, ret = 0;
2947 struct tun_file *tfile;
2948
2949 for (i = 0; i < tun->numqueues; i++) {
b8deabd3 2950 tfile = rtnl_dereference(tun->tfiles[i]);
8ced425e
HFS		 2951 lock_sock(tfile->socket.sk);
2952 ret = sk_attach_filter(&tun->fprog, tfile->socket.sk);
2953 release_sock(tfile->socket.sk);
c8d68e6b
JW		 2954 if (ret) {
2955 tun_detach_filter(tun, i);
2956 return ret;
2957 }
2958 }
2959
2960 tun->filter_attached = true;
2961 return ret;
2962}
2963
2964static void tun_set_sndbuf(struct tun_struct *tun)
2965{
2966 struct tun_file *tfile;
2967 int i;
2968
2969 for (i = 0; i < tun->numqueues; i++) {
b8deabd3 2970 tfile = rtnl_dereference(tun->tfiles[i]);
c8d68e6b
JW		 2971 tfile->socket.sk->sk_sndbuf = tun->sndbuf;
2972 }
2973}
2974
cde8b15f
JW		 2975static int tun_set_queue(struct file *file, struct ifreq *ifr)
2976{
2977 struct tun_file *tfile = file->private_data;
2978 struct tun_struct *tun;
cde8b15f
JW		 2979 int ret = 0;
2980
2981 rtnl_lock();
2982
2983 if (ifr->ifr_flags & IFF_ATTACH_QUEUE) {
4008e97f 2984 tun = tfile->detached;
5dbbaf2d 2985 if (!tun) {
cde8b15f 2986 ret = -EINVAL;
5dbbaf2d
PM		 2987 goto unlock;
2988 }
2989 ret = security_tun_dev_attach_queue(tun->security);
2990 if (ret < 0)
2991 goto unlock;
af3fb24e
ED		 2992 ret = tun_attach(tun, file, false, tun->flags & IFF_NAPI,
2993 tun->flags & IFF_NAPI_FRAGS);
4008e97f 2994 } else if (ifr->ifr_flags & IFF_DETACH_QUEUE) {
b8deabd3 2995 tun = rtnl_dereference(tfile->tun);
40630b82 2996 if (!tun || !(tun->flags & IFF_MULTI_QUEUE) || tfile->detached)
4008e97f
JW		 2997 ret = -EINVAL;
2998 else
2999 __tun_detach(tfile, false);
3000 } else
cde8b15f
JW		 3001 ret = -EINVAL;
3002
83c1f36f
SD		 3003 if (ret >= 0)
3004 netdev_state_change(tun->dev);
3005
5dbbaf2d 3006unlock:
cde8b15f
JW		 3007 rtnl_unlock();
3008 return ret;
3009}
3010
cd5681d7
JW		 3011static int tun_set_ebpf(struct tun_struct *tun, struct tun_prog **prog_p,
3012 void __user *data)
96f84061
JW		 3013{
3014 struct bpf_prog *prog;
3015 int fd;
3016
3017 if (copy_from_user(&fd, data, sizeof(fd)))
3018 return -EFAULT;
3019
3020 if (fd == -1) {
3021 prog = NULL;
3022 } else {
3023 prog = bpf_prog_get_type(fd, BPF_PROG_TYPE_SOCKET_FILTER);
3024 if (IS_ERR(prog))
3025 return PTR_ERR(prog);
3026 }
3027
cd5681d7 3028 return __tun_set_ebpf(tun, prog_p, prog);
96f84061
JW		 3029}
3030
50857e2a
AB		 3031static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
3032 unsigned long arg, int ifreq_len)
1da177e4 3033{
36b50bab 3034 struct tun_file *tfile = file->private_data;
f663706a 3035 struct net *net = sock_net(&tfile->sk);
631ab46b 3036 struct tun_struct *tun;
1da177e4 3037 void __user* argp = (void __user*)arg;
26d31925 3038 unsigned int ifindex, carrier;
1da177e4 3039 struct ifreq ifr;
0625c883
EB		 3040 kuid_t owner;
3041 kgid_t group;
33dccbb0 3042 int sndbuf;
d9d52b51 3043 int vnet_hdr_sz;
1cf8e410 3044 int le;
f271b2cc 3045 int ret;
83c1f36f 3046 bool do_notify = false;
1da177e4 3047
f2780d6d
KT		 3048 if (cmd == TUNSETIFF || cmd == TUNSETQUEUE ||
3049 (_IOC_TYPE(cmd) == SOCK_IOC_TYPE && cmd != SIOCGSKNS)) {
50857e2a 3050 if (copy_from_user(&ifr, argp, ifreq_len))
1da177e4 3051 return -EFAULT;
8bbb1813 3052 } else {
a117dacd 3053 memset(&ifr, 0, sizeof(ifr));
8bbb1813 3054 }
631ab46b
EB		 3055 if (cmd == TUNGETFEATURES) {
3056 /* Currently this just means: "what IFF flags are valid?".
3057 * This is needed because we never checked for invalid flags on
031f5e03
MT		 3058 * TUNSETIFF.
3059 */
3060 return put_user(IFF_TUN | IFF_TAP | TUN_FEATURES,
631ab46b 3061 (unsigned int __user*)argp);
f663706a 3062 } else if (cmd == TUNSETQUEUE) {
cde8b15f 3063 return tun_set_queue(file, &ifr);
f663706a
KT		 3064 } else if (cmd == SIOCGSKNS) {
3065 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
3066 return -EPERM;
3067 return open_related_ns(&net->ns, get_net_ns);
3068 }
631ab46b 3069
c8d68e6b 3070 ret = 0;
876bfd4d
HX		 3071 rtnl_lock();
3072
9484dc74 3073 tun = tun_get(tfile);
0f16bc13
GF		 3074 if (cmd == TUNSETIFF) {
3075 ret = -EEXIST;
3076 if (tun)
3077 goto unlock;
3078
1da177e4
LT		 3079 ifr.ifr_name[IFNAMSIZ-1] = '\0';
3080
f2780d6d 3081 ret = tun_set_iff(net, file, &ifr);
1da177e4 3082
876bfd4d
HX		 3083 if (ret)
3084 goto unlock;
1da177e4 3085
50857e2a 3086 if (copy_to_user(argp, &ifr, ifreq_len))
876bfd4d
HX		 3087 ret = -EFAULT;
3088 goto unlock;
1da177e4 3089 }
fb7589a1
PE		 3090 if (cmd == TUNSETIFINDEX) {
3091 ret = -EPERM;
3092 if (tun)
3093 goto unlock;
3094
3095 ret = -EFAULT;
3096 if (copy_from_user(&ifindex, argp, sizeof(ifindex)))
3097 goto unlock;
3098
3099 ret = 0;
3100 tfile->ifindex = ifindex;
3101 goto unlock;
3102 }
1da177e4 3103
876bfd4d 3104 ret = -EBADFD;
1da177e4 3105 if (!tun)
876bfd4d 3106 goto unlock;
1da177e4 3107
1e588338 3108 tun_debug(KERN_INFO, tun, "tun_chr_ioctl cmd %u\n", cmd);
1da177e4 3109
0c3e0e3b 3110 net = dev_net(tun->dev);
631ab46b 3111 ret = 0;
1da177e4 3112 switch (cmd) {
e3b99556 3113 case TUNGETIFF:
12132768 3114 tun_get_iff(tun, &ifr);
e3b99556 3115
3d407a80
PE		 3116 if (tfile->detached)
3117 ifr.ifr_flags |= IFF_DETACH_QUEUE;
849c9b6f
PE		 3118 if (!tfile->socket.sk->sk_filter)
3119 ifr.ifr_flags |= IFF_NOFILTER;
3d407a80 3120
50857e2a 3121 if (copy_to_user(argp, &ifr, ifreq_len))
631ab46b 3122 ret = -EFAULT;
e3b99556
MM		 3123 break;
3124
1da177e4
LT		 3125 case TUNSETNOCSUM:
3126 /* Disable/Enable checksum */
1da177e4 3127
88255375
MM		 3128 /* [unimplemented] */
3129 tun_debug(KERN_INFO, tun, "ignored: set checksum %s\n",
6b8a66ee 3130 arg ? "disabled" : "enabled");
1da177e4
LT		 3131 break;
3132
3133 case TUNSETPERSIST:
54f968d6
JW		 3134 /* Disable/Enable persist mode. Keep an extra reference to the
3135 * module to prevent the module being unprobed.
3136 */
40630b82
MT		 3137 if (arg && !(tun->flags & IFF_PERSIST)) {
3138 tun->flags |= IFF_PERSIST;
54f968d6 3139 __module_get(THIS_MODULE);
83c1f36f 3140 do_notify = true;
dd38bd85 3141 }
40630b82
MT		 3142 if (!arg && (tun->flags & IFF_PERSIST)) {
3143 tun->flags &= ~IFF_PERSIST;
54f968d6 3144 module_put(THIS_MODULE);
83c1f36f 3145 do_notify = true;
54f968d6 3146 }
1da177e4 3147
6b8a66ee
JP		 3148 tun_debug(KERN_INFO, tun, "persist %s\n",
3149 arg ? "enabled" : "disabled");
1da177e4
LT		 3150 break;
3151
3152 case TUNSETOWNER:
3153 /* Set owner of the device */
0625c883
EB		 3154 owner = make_kuid(current_user_ns(), arg);
3155 if (!uid_valid(owner)) {
3156 ret = -EINVAL;
3157 break;
3158 }
3159 tun->owner = owner;
83c1f36f 3160 do_notify = true;
1e588338 3161 tun_debug(KERN_INFO, tun, "owner set to %u\n",
0625c883 3162 from_kuid(&init_user_ns, tun->owner));
1da177e4
LT		 3163 break;
3164
8c644623
GG		 3165 case TUNSETGROUP:
3166 /* Set group of the device */
0625c883
EB		 3167 group = make_kgid(current_user_ns(), arg);
3168 if (!gid_valid(group)) {
3169 ret = -EINVAL;
3170 break;
3171 }
3172 tun->group = group;
83c1f36f 3173 do_notify = true;
1e588338 3174 tun_debug(KERN_INFO, tun, "group set to %u\n",
0625c883 3175 from_kgid(&init_user_ns, tun->group));
8c644623
GG		 3176 break;
3177
ff4cc3ac
MK		 3178 case TUNSETLINK:
3179 /* Only allow setting the type when the interface is down */
3180 if (tun->dev->flags & IFF_UP) {
6b8a66ee
JP		 3181 tun_debug(KERN_INFO, tun,
3182 "Linktype set failed because interface is up\n");
48abfe05 3183 ret = -EBUSY;
ff4cc3ac
MK		 3184 } else {
3185 tun->dev->type = (int) arg;
6b8a66ee
JP		 3186 tun_debug(KERN_INFO, tun, "linktype set to %d\n",
3187 tun->dev->type);
48abfe05 3188 ret = 0;
ff4cc3ac 3189 }
631ab46b 3190 break;
ff4cc3ac 3191
1da177e4
LT		 3192#ifdef TUN_DEBUG
3193 case TUNSETDEBUG:
3194 tun->debug = arg;
3195 break;
3196#endif
5228ddc9 3197 case TUNSETOFFLOAD:
88255375 3198 ret = set_offload(tun, arg);
631ab46b 3199 break;
5228ddc9 3200
f271b2cc
MK		 3201 case TUNSETTXFILTER:
3202 /* Can be set only for TAPs */
631ab46b 3203 ret = -EINVAL;
40630b82 3204 if ((tun->flags & TUN_TYPE_MASK) != IFF_TAP)
631ab46b 3205 break;
c0e5a8c2 3206 ret = update_filter(&tun->txflt, (void __user *)arg);
631ab46b 3207 break;
1da177e4
LT		 3208
3209 case SIOCGIFHWADDR:
b595076a 3210 /* Get hw address */
f271b2cc
MK		 3211 memcpy(ifr.ifr_hwaddr.sa_data, tun->dev->dev_addr, ETH_ALEN);
3212 ifr.ifr_hwaddr.sa_family = tun->dev->type;
50857e2a 3213 if (copy_to_user(argp, &ifr, ifreq_len))
631ab46b
EB		 3214 ret = -EFAULT;
3215 break;
1da177e4
LT		 3216
3217 case SIOCSIFHWADDR:
f271b2cc 3218 /* Set hw address */
6b8a66ee
JP		 3219 tun_debug(KERN_DEBUG, tun, "set hw address: %pM\n",
3220 ifr.ifr_hwaddr.sa_data);
40102371 3221
3a37a963 3222 ret = dev_set_mac_address(tun->dev, &ifr.ifr_hwaddr, NULL);
631ab46b 3223 break;
33dccbb0
HX		 3224
3225 case TUNGETSNDBUF:
54f968d6 3226 sndbuf = tfile->socket.sk->sk_sndbuf;
33dccbb0
HX		 3227 if (copy_to_user(argp, &sndbuf, sizeof(sndbuf)))
3228 ret = -EFAULT;
3229 break;
3230
3231 case TUNSETSNDBUF:
3232 if (copy_from_user(&sndbuf, argp, sizeof(sndbuf))) {
3233 ret = -EFAULT;
3234 break;
3235 }
93161922
CG		 3236 if (sndbuf <= 0) {
3237 ret = -EINVAL;
3238 break;
3239 }
33dccbb0 3240
c8d68e6b
JW		 3241 tun->sndbuf = sndbuf;
3242 tun_set_sndbuf(tun);
33dccbb0
HX		 3243 break;
3244
d9d52b51
MT		 3245 case TUNGETVNETHDRSZ:
3246 vnet_hdr_sz = tun->vnet_hdr_sz;
3247 if (copy_to_user(argp, &vnet_hdr_sz, sizeof(vnet_hdr_sz)))
3248 ret = -EFAULT;
3249 break;
3250
3251 case TUNSETVNETHDRSZ:
3252 if (copy_from_user(&vnet_hdr_sz, argp, sizeof(vnet_hdr_sz))) {
3253 ret = -EFAULT;
3254 break;
3255 }
3256 if (vnet_hdr_sz < (int)sizeof(struct virtio_net_hdr)) {
3257 ret = -EINVAL;
3258 break;
3259 }
3260
3261 tun->vnet_hdr_sz = vnet_hdr_sz;
3262 break;
3263
1cf8e410
MT		 3264 case TUNGETVNETLE:
3265 le = !!(tun->flags & TUN_VNET_LE);
3266 if (put_user(le, (int __user *)argp))
3267 ret = -EFAULT;
3268 break;
3269
3270 case TUNSETVNETLE:
3271 if (get_user(le, (int __user *)argp)) {
3272 ret = -EFAULT;
3273 break;
3274 }
3275 if (le)
3276 tun->flags |= TUN_VNET_LE;
3277 else
3278 tun->flags &= ~TUN_VNET_LE;
3279 break;
3280
8b8e658b
GK		 3281 case TUNGETVNETBE:
3282 ret = tun_get_vnet_be(tun, argp);
3283 break;
3284
3285 case TUNSETVNETBE:
3286 ret = tun_set_vnet_be(tun, argp);
3287 break;
3288
99405162
MT		 3289 case TUNATTACHFILTER:
3290 /* Can be set only for TAPs */
3291 ret = -EINVAL;
40630b82 3292 if ((tun->flags & TUN_TYPE_MASK) != IFF_TAP)
99405162
MT		 3293 break;
3294 ret = -EFAULT;
54f968d6 3295 if (copy_from_user(&tun->fprog, argp, sizeof(tun->fprog)))
99405162
MT		 3296 break;
3297
c8d68e6b 3298 ret = tun_attach_filter(tun);
99405162
MT		 3299 break;
3300
3301 case TUNDETACHFILTER:
3302 /* Can be set only for TAPs */
3303 ret = -EINVAL;
40630b82 3304 if ((tun->flags & TUN_TYPE_MASK) != IFF_TAP)
99405162 3305 break;
c8d68e6b
JW		 3306 ret = 0;
3307 tun_detach_filter(tun, tun->numqueues);
99405162
MT		 3308 break;
3309
76975e9c
PE		 3310 case TUNGETFILTER:
3311 ret = -EINVAL;
40630b82 3312 if ((tun->flags & TUN_TYPE_MASK) != IFF_TAP)
76975e9c
PE		 3313 break;
3314 ret = -EFAULT;
3315 if (copy_to_user(argp, &tun->fprog, sizeof(tun->fprog)))
3316 break;
3317 ret = 0;
3318 break;
3319
96f84061 3320 case TUNSETSTEERINGEBPF:
cd5681d7 3321 ret = tun_set_ebpf(tun, &tun->steering_prog, argp);
96f84061
JW		 3322 break;
3323
aff3d70a
JW		 3324 case TUNSETFILTEREBPF:
3325 ret = tun_set_ebpf(tun, &tun->filter_prog, argp);
3326 break;
3327
26d31925
ND		 3328 case TUNSETCARRIER:
3329 ret = -EFAULT;
3330 if (copy_from_user(&carrier, argp, sizeof(carrier)))
3331 goto unlock;
3332
3333 ret = tun_net_change_carrier(tun->dev, (bool)carrier);
3334 break;
3335
0c3e0e3b
KT		 3336 case TUNGETDEVNETNS:
3337 ret = -EPERM;
3338 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
3339 goto unlock;
3340 ret = open_related_ns(&net->ns, get_net_ns);
3341 break;
3342
1da177e4 3343 default:
631ab46b
EB		 3344 ret = -EINVAL;
3345 break;
ee289b64 3346 }
1da177e4 3347
83c1f36f
SD		 3348 if (do_notify)
3349 netdev_state_change(tun->dev);
3350
876bfd4d
HX		 3351unlock:
3352 rtnl_unlock();
3353 if (tun)
3354 tun_put(tun);
631ab46b 3355 return ret;
1da177e4
LT		 3356}
3357
50857e2a
AB		 3358static long tun_chr_ioctl(struct file *file,
3359 unsigned int cmd, unsigned long arg)
3360{
3361 return __tun_chr_ioctl(file, cmd, arg, sizeof (struct ifreq));
3362}
3363
3364#ifdef CONFIG_COMPAT
3365static long tun_chr_compat_ioctl(struct file *file,
3366 unsigned int cmd, unsigned long arg)
3367{
3368 switch (cmd) {
3369 case TUNSETIFF:
3370 case TUNGETIFF:
3371 case TUNSETTXFILTER:
3372 case TUNGETSNDBUF:
3373 case TUNSETSNDBUF:
3374 case SIOCGIFHWADDR:
3375 case SIOCSIFHWADDR:
3376 arg = (unsigned long)compat_ptr(arg);
3377 break;
3378 default:
3379 arg = (compat_ulong_t)arg;
3380 break;
3381 }
3382
3383 /*
3384 * compat_ifreq is shorter than ifreq, so we must not access beyond
3385 * the end of that structure. All fields that are used in this
3386 * driver are compatible though, we don't need to convert the
3387 * contents.
3388 */
3389 return __tun_chr_ioctl(file, cmd, arg, sizeof(struct compat_ifreq));
3390}
3391#endif /* CONFIG_COMPAT */
3392
1da177e4
LT		 3393static int tun_chr_fasync(int fd, struct file *file, int on)
3394{
54f968d6 3395 struct tun_file *tfile = file->private_data;
1da177e4
LT		 3396 int ret;
3397
54f968d6 3398 if ((ret = fasync_helper(fd, file, on, &tfile->fasync)) < 0)
9d319522 3399 goto out;
6aa20a22 3400
1da177e4 3401 if (on) {
01919134 3402 __f_setown(file, task_pid(current), PIDTYPE_TGID, 0);
54f968d6 3403 tfile->flags |= TUN_FASYNC;
6aa20a22 3404 } else
54f968d6 3405 tfile->flags &= ~TUN_FASYNC;
9d319522
JC		 3406 ret = 0;
3407out:
9d319522 3408 return ret;
1da177e4
LT		 3409}
3410
3411static int tun_chr_open(struct inode *inode, struct file * file)
3412{
140e807d 3413 struct net *net = current->nsproxy->net_ns;
631ab46b 3414 struct tun_file *tfile;
deed49fb 3415
6b8a66ee 3416 DBG1(KERN_INFO, "tunX: tun_chr_open\n");
631ab46b 3417
140e807d 3418 tfile = (struct tun_file *)sk_alloc(net, AF_UNSPEC, GFP_KERNEL,
11aa9c28 3419 &tun_proto, 0);
631ab46b
EB		 3420 if (!tfile)
3421 return -ENOMEM;
b196d88a
JW		 3422 if (ptr_ring_init(&tfile->tx_ring, 0, GFP_KERNEL)) {
3423 sk_free(&tfile->sk);
3424 return -ENOMEM;
3425 }
3426
c7256f57 3427 mutex_init(&tfile->napi_mutex);
c956674b 3428 RCU_INIT_POINTER(tfile->tun, NULL);
54f968d6 3429 tfile->flags = 0;
fb7589a1 3430 tfile->ifindex = 0;
54f968d6 3431
54f968d6 3432 init_waitqueue_head(&tfile->wq.wait);
9e641bdc 3433 RCU_INIT_POINTER(tfile->socket.wq, &tfile->wq);
54f968d6
JW		 3434
3435 tfile->socket.file = file;
3436 tfile->socket.ops = &tun_socket_ops;
3437
3438 sock_init_data(&tfile->socket, &tfile->sk);
54f968d6
JW		 3439
3440 tfile->sk.sk_write_space = tun_sock_write_space;
3441 tfile->sk.sk_sndbuf = INT_MAX;
3442
631ab46b 3443 file->private_data = tfile;
4008e97f 3444 INIT_LIST_HEAD(&tfile->next);
54f968d6 3445
19a6afb2
JW		 3446 sock_set_flag(&tfile->sk, SOCK_ZEROCOPY);
3447
1da177e4
LT		 3448 return 0;
3449}
3450
3451static int tun_chr_close(struct inode *inode, struct file *file)
3452{
631ab46b 3453 struct tun_file *tfile = file->private_data;
1da177e4 3454
c8d68e6b 3455 tun_detach(tfile, true);
1da177e4
LT		 3456
3457 return 0;
3458}
3459
93e14b6d 3460#ifdef CONFIG_PROC_FS
9484dc74 3461static void tun_chr_show_fdinfo(struct seq_file *m, struct file *file)
93e14b6d 3462{
9484dc74 3463 struct tun_file *tfile = file->private_data;
93e14b6d
MY		 3464 struct tun_struct *tun;
3465 struct ifreq ifr;
3466
3467 memset(&ifr, 0, sizeof(ifr));
3468
3469 rtnl_lock();
9484dc74 3470 tun = tun_get(tfile);
93e14b6d 3471 if (tun)
12132768 3472 tun_get_iff(tun, &ifr);
93e14b6d
MY		 3473 rtnl_unlock();
3474
3475 if (tun)
3476 tun_put(tun);
3477
a3816ab0 3478 seq_printf(m, "iff:\t%s\n", ifr.ifr_name);
93e14b6d
MY		 3479}
3480#endif
3481
d54b1fdb 3482static const struct file_operations tun_fops = {
6aa20a22 3483 .owner = THIS_MODULE,
1da177e4 3484 .llseek = no_llseek,
9b067034 3485 .read_iter = tun_chr_read_iter,
f5ff53b4 3486 .write_iter = tun_chr_write_iter,
1da177e4 3487 .poll = tun_chr_poll,
50857e2a
AB		 3488 .unlocked_ioctl = tun_chr_ioctl,
3489#ifdef CONFIG_COMPAT
3490 .compat_ioctl = tun_chr_compat_ioctl,
3491#endif
1da177e4
LT		 3492 .open = tun_chr_open,
3493 .release = tun_chr_close,
93e14b6d
MY		 3494 .fasync = tun_chr_fasync,
3495#ifdef CONFIG_PROC_FS
3496 .show_fdinfo = tun_chr_show_fdinfo,
3497#endif
1da177e4
LT		 3498};
3499
3500static struct miscdevice tun_miscdev = {
3501 .minor = TUN_MINOR,
3502 .name = "tun",
e454cea2 3503 .nodename = "net/tun",
1da177e4 3504 .fops = &tun_fops,
1da177e4
LT		 3505};
3506
3507/* ethtool interface */
3508
4e24f2dd
CW		 3509static void tun_default_link_ksettings(struct net_device *dev,
3510 struct ethtool_link_ksettings *cmd)
29ccc49d
PR		 3511{
3512 ethtool_link_ksettings_zero_link_mode(cmd, supported);
3513 ethtool_link_ksettings_zero_link_mode(cmd, advertising);
3514 cmd->base.speed = SPEED_10;
3515 cmd->base.duplex = DUPLEX_FULL;
3516 cmd->base.port = PORT_TP;
3517 cmd->base.phy_address = 0;
3518 cmd->base.autoneg = AUTONEG_DISABLE;
4e24f2dd
CW		 3519}
3520
3521static int tun_get_link_ksettings(struct net_device *dev,
3522 struct ethtool_link_ksettings *cmd)
3523{
3524 struct tun_struct *tun = netdev_priv(dev);
3525
3526 memcpy(cmd, &tun->link_ksettings, sizeof(*cmd));
3527 return 0;
3528}
3529
3530static int tun_set_link_ksettings(struct net_device *dev,
3531 const struct ethtool_link_ksettings *cmd)
3532{
3533 struct tun_struct *tun = netdev_priv(dev);
3534
3535 memcpy(&tun->link_ksettings, cmd, sizeof(*cmd));
1da177e4
LT		 3536 return 0;
3537}
3538
3539static void tun_get_drvinfo(struct net_device *dev, struct ethtool_drvinfo *info)
3540{
3541 struct tun_struct *tun = netdev_priv(dev);
3542
33a5ba14
RJ		 3543 strlcpy(info->driver, DRV_NAME, sizeof(info->driver));
3544 strlcpy(info->version, DRV_VERSION, sizeof(info->version));
1da177e4
LT		 3545
3546 switch (tun->flags & TUN_TYPE_MASK) {
40630b82 3547 case IFF_TUN:
33a5ba14 3548 strlcpy(info->bus_info, "tun", sizeof(info->bus_info));
1da177e4 3549 break;
40630b82 3550 case IFF_TAP:
33a5ba14 3551 strlcpy(info->bus_info, "tap", sizeof(info->bus_info));
1da177e4
LT		 3552 break;
3553 }
3554}
3555
3556static u32 tun_get_msglevel(struct net_device *dev)
3557{
3558#ifdef TUN_DEBUG
3559 struct tun_struct *tun = netdev_priv(dev);
3560 return tun->debug;
3561#else
3562 return -EOPNOTSUPP;
3563#endif
3564}
3565
3566static void tun_set_msglevel(struct net_device *dev, u32 value)
3567{
3568#ifdef TUN_DEBUG
3569 struct tun_struct *tun = netdev_priv(dev);
3570 tun->debug = value;
3571#endif
3572}
3573
5503fcec
JW		 3574static int tun_get_coalesce(struct net_device *dev,
3575 struct ethtool_coalesce *ec)
3576{
3577 struct tun_struct *tun = netdev_priv(dev);
3578
3579 ec->rx_max_coalesced_frames = tun->rx_batched;
3580
3581 return 0;
3582}
3583
3584static int tun_set_coalesce(struct net_device *dev,
3585 struct ethtool_coalesce *ec)
3586{
3587 struct tun_struct *tun = netdev_priv(dev);
3588
3589 if (ec->rx_max_coalesced_frames > NAPI_POLL_WEIGHT)
3590 tun->rx_batched = NAPI_POLL_WEIGHT;
3591 else
3592 tun->rx_batched = ec->rx_max_coalesced_frames;
3593
3594 return 0;
3595}
3596
7282d491 3597static const struct ethtool_ops tun_ethtool_ops = {
1da177e4
LT		 3598 .get_drvinfo = tun_get_drvinfo,
3599 .get_msglevel = tun_get_msglevel,
3600 .set_msglevel = tun_set_msglevel,
bee31369 3601 .get_link = ethtool_op_get_link,
eda29772 3602 .get_ts_info = ethtool_op_get_ts_info,
5503fcec
JW		 3603 .get_coalesce = tun_get_coalesce,
3604 .set_coalesce = tun_set_coalesce,
29ccc49d 3605 .get_link_ksettings = tun_get_link_ksettings,
4e24f2dd 3606 .set_link_ksettings = tun_set_link_ksettings,
1da177e4
LT		 3607};
3608
1576d986
JW		 3609static int tun_queue_resize(struct tun_struct *tun)
3610{
3611 struct net_device *dev = tun->dev;
3612 struct tun_file *tfile;
5990a305 3613 struct ptr_ring **rings;
1576d986
JW		 3614 int n = tun->numqueues + tun->numdisabled;
3615 int ret, i;
3616
5990a305
JW		 3617 rings = kmalloc_array(n, sizeof(*rings), GFP_KERNEL);
3618 if (!rings)
1576d986
JW		 3619 return -ENOMEM;
3620
3621 for (i = 0; i < tun->numqueues; i++) {
3622 tfile = rtnl_dereference(tun->tfiles[i]);
5990a305 3623 rings[i] = &tfile->tx_ring;
1576d986
JW		 3624 }
3625 list_for_each_entry(tfile, &tun->disabled, next)
5990a305 3626 rings[i++] = &tfile->tx_ring;
1576d986 3627
5990a305
JW		 3628 ret = ptr_ring_resize_multiple(rings, n,
3629 dev->tx_queue_len, GFP_KERNEL,
fc72d1d5 3630 tun_ptr_free);
1576d986 3631
5990a305 3632 kfree(rings);
1576d986
JW		 3633 return ret;
3634}
3635
3636static int tun_device_event(struct notifier_block *unused,
3637 unsigned long event, void *ptr)
3638{
3639 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
3640 struct tun_struct *tun = netdev_priv(dev);
3641
86dfb4ac
CG		 3642 if (dev->rtnl_link_ops != &tun_link_ops)
3643 return NOTIFY_DONE;
3644
1576d986
JW		 3645 switch (event) {
3646 case NETDEV_CHANGE_TX_QUEUE_LEN:
3647 if (tun_queue_resize(tun))
3648 return NOTIFY_BAD;
3649 break;
3650 default:
3651 break;
3652 }
3653
3654 return NOTIFY_DONE;
3655}
3656
3657static struct notifier_block tun_notifier_block __read_mostly = {
3658 .notifier_call = tun_device_event,
3659};
79d17604 3660
1da177e4
LT		 3661static int __init tun_init(void)
3662{
3663 int ret = 0;
3664
6b8a66ee 3665 pr_info("%s, %s\n", DRV_DESCRIPTION, DRV_VERSION);
1da177e4 3666
f019a7a5 3667 ret = rtnl_link_register(&tun_link_ops);
79d17604 3668 if (ret) {
6b8a66ee 3669 pr_err("Can't register link_ops\n");
f019a7a5 3670 goto err_linkops;
79d17604
PE		 3671 }
3672
1da177e4 3673 ret = misc_register(&tun_miscdev);
79d17604 3674 if (ret) {
6b8a66ee 3675 pr_err("Can't register misc device %d\n", TUN_MINOR);
79d17604
PE		 3676 goto err_misc;
3677 }
1576d986 3678
5edfbd3c
TZ		 3679 ret = register_netdevice_notifier(&tun_notifier_block);
3680 if (ret) {
3681 pr_err("Can't register netdevice notifier\n");
3682 goto err_notifier;
3683 }
3684
f019a7a5 3685 return 0;
5edfbd3c
TZ		 3686
3687err_notifier:
3688 misc_deregister(&tun_miscdev);
79d17604 3689err_misc:
f019a7a5
EB		 3690 rtnl_link_unregister(&tun_link_ops);
3691err_linkops:
1da177e4
LT		 3692 return ret;
3693}
3694
3695static void tun_cleanup(void)
3696{
6aa20a22 3697 misc_deregister(&tun_miscdev);
f019a7a5 3698 rtnl_link_unregister(&tun_link_ops);
1576d986 3699 unregister_netdevice_notifier(&tun_notifier_block);
1da177e4
LT		 3700}
3701
05c2828c
MT		 3702/* Get an underlying socket object from tun file. Returns error unless file is
3703 * attached to a device. The returned object works like a packet socket, it
3704 * can be used for sock_sendmsg/sock_recvmsg. The caller is responsible for
3705 * holding a reference to the file for as long as the socket is in use. */
3706struct socket *tun_get_socket(struct file *file)
3707{
6e914fc7 3708 struct tun_file *tfile;
05c2828c
MT		 3709 if (file->f_op != &tun_fops)
3710 return ERR_PTR(-EINVAL);
6e914fc7
JW		 3711 tfile = file->private_data;
3712 if (!tfile)
05c2828c 3713 return ERR_PTR(-EBADFD);
54f968d6 3714 return &tfile->socket;
05c2828c
MT		 3715}
3716EXPORT_SYMBOL_GPL(tun_get_socket);
3717
5990a305 3718struct ptr_ring *tun_get_tx_ring(struct file *file)
83339c6b
JW		 3719{
3720 struct tun_file *tfile;
3721
3722 if (file->f_op != &tun_fops)
3723 return ERR_PTR(-EINVAL);
3724 tfile = file->private_data;
3725 if (!tfile)
3726 return ERR_PTR(-EBADFD);
5990a305 3727 return &tfile->tx_ring;
83339c6b 3728}
5990a305 3729EXPORT_SYMBOL_GPL(tun_get_tx_ring);
83339c6b 3730
1da177e4
LT		 3731module_init(tun_init);
3732module_exit(tun_cleanup);
3733MODULE_DESCRIPTION(DRV_DESCRIPTION);
3734MODULE_AUTHOR(DRV_COPYRIGHT);
3735MODULE_LICENSE("GPL");
3736MODULE_ALIAS_MISCDEV(TUN_MINOR);
578454ff 3737MODULE_ALIAS("devname:net/tun");
A mirror of Linus' kernel repository