1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * NETLINK Netlink attributes |
4 | * |
5 | * Authors: Thomas Graf <tgraf@suug.ch> |
6 | * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> |
7 | */ |
8 | |
9 | #include <linux/export.h> |
10 | #include <linux/kernel.h> |
11 | #include <linux/errno.h> |
12 | #include <linux/jiffies.h> |
13 | #include <linux/nospec.h> |
14 | #include <linux/skbuff.h> |
15 | #include <linux/string.h> |
16 | #include <linux/types.h> |
17 | #include <net/netlink.h> |
18 | |
19 | /* For these data types, attribute length should be exactly the given |
20 | * size. However, to maintain compatibility with broken commands, if the |
21 | * attribute length does not match the expected size a warning is emitted |
22 | * to the user that the command is sending invalid data and needs to be fixed. |
23 | */ |
24 | static const u8 nla_attr_len[NLA_TYPE_MAX+1] = { |
25 | [NLA_U8] = sizeof(u8), |
26 | [NLA_U16] = sizeof(u16), |
27 | [NLA_U32] = sizeof(u32), |
28 | [NLA_U64] = sizeof(u64), |
29 | [NLA_S8] = sizeof(s8), |
30 | [NLA_S16] = sizeof(s16), |
31 | [NLA_S32] = sizeof(s32), |
32 | [NLA_S64] = sizeof(s64), |
33 | }; |
34 | |
35 | static const u8 nla_attr_minlen[NLA_TYPE_MAX+1] = { |
36 | [NLA_U8] = sizeof(u8), |
37 | [NLA_U16] = sizeof(u16), |
38 | [NLA_U32] = sizeof(u32), |
39 | [NLA_U64] = sizeof(u64), |
40 | [NLA_MSECS] = sizeof(u64), |
41 | [NLA_NESTED] = NLA_HDRLEN, |
42 | [NLA_S8] = sizeof(s8), |
43 | [NLA_S16] = sizeof(s16), |
44 | [NLA_S32] = sizeof(s32), |
45 | [NLA_S64] = sizeof(s64), |
46 | }; |
47 | |
48 | /* |
49 | * Nested policies might refer back to the original |
50 | * policy in some cases, and userspace could try to |
51 | * abuse that and recurse by nesting in the right |
52 | * ways. Limit recursion to avoid this problem. |
53 | */ |
54 | #define MAX_POLICY_RECURSION_DEPTH 10 |
55 | |
56 | static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype, |
57 | const struct nla_policy *policy, |
58 | unsigned int validate, |
59 | struct netlink_ext_ack *extack, |
60 | struct nlattr **tb, unsigned int depth); |
61 | |
62 | static int validate_nla_bitfield32(const struct nlattr *nla, |
63 | const u32 valid_flags_mask) |
64 | { |
65 | const struct nla_bitfield32 *bf = nla_data(nla); |
66 | |
67 | if (!valid_flags_mask) |
68 | return -EINVAL; |
69 | |
70 | /*disallow invalid bit selector */ |
71 | if (bf->selector & ~valid_flags_mask) |
72 | return -EINVAL; |
73 | |
74 | /*disallow invalid bit values */ |
75 | if (bf->value & ~valid_flags_mask) |
76 | return -EINVAL; |
77 | |
78 | /*disallow valid bit values that are not selected*/ |
79 | if (bf->value & ~bf->selector) |
80 | return -EINVAL; |
81 | |
82 | return 0; |
83 | } |
84 | |
85 | static int nla_validate_array(const struct nlattr *head, int len, int maxtype, |
86 | const struct nla_policy *policy, |
87 | struct netlink_ext_ack *extack, |
88 | unsigned int validate, unsigned int depth) |
89 | { |
90 | const struct nlattr *entry; |
91 | int rem; |
92 | |
93 | nla_for_each_attr(entry, head, len, rem) { |
94 | int ret; |
95 | |
96 | if (nla_len(nla: entry) == 0) |
97 | continue; |
98 | |
99 | if (nla_len(nla: entry) < NLA_HDRLEN) { |
100 | NL_SET_ERR_MSG_ATTR_POL(extack, entry, policy, |
101 | "Array element too short" ); |
102 | return -ERANGE; |
103 | } |
104 | |
105 | ret = __nla_validate_parse(head: nla_data(nla: entry), len: nla_len(nla: entry), |
106 | maxtype, policy, validate, extack, |
107 | NULL, depth: depth + 1); |
108 | if (ret < 0) |
109 | return ret; |
110 | } |
111 | |
112 | return 0; |
113 | } |
114 | |
115 | void nla_get_range_unsigned(const struct nla_policy *pt, |
116 | struct netlink_range_validation *range) |
117 | { |
118 | WARN_ON_ONCE(pt->validation_type != NLA_VALIDATE_RANGE_PTR && |
119 | (pt->min < 0 || pt->max < 0)); |
120 | |
121 | range->min = 0; |
122 | |
123 | switch (pt->type) { |
124 | case NLA_U8: |
125 | range->max = U8_MAX; |
126 | break; |
127 | case NLA_U16: |
128 | case NLA_BE16: |
129 | case NLA_BINARY: |
130 | range->max = U16_MAX; |
131 | break; |
132 | case NLA_U32: |
133 | case NLA_BE32: |
134 | range->max = U32_MAX; |
135 | break; |
136 | case NLA_U64: |
137 | case NLA_UINT: |
138 | case NLA_MSECS: |
139 | range->max = U64_MAX; |
140 | break; |
141 | default: |
142 | WARN_ON_ONCE(1); |
143 | return; |
144 | } |
145 | |
146 | switch (pt->validation_type) { |
147 | case NLA_VALIDATE_RANGE: |
148 | case NLA_VALIDATE_RANGE_WARN_TOO_LONG: |
149 | range->min = pt->min; |
150 | range->max = pt->max; |
151 | break; |
152 | case NLA_VALIDATE_RANGE_PTR: |
153 | *range = *pt->range; |
154 | break; |
155 | case NLA_VALIDATE_MIN: |
156 | range->min = pt->min; |
157 | break; |
158 | case NLA_VALIDATE_MAX: |
159 | range->max = pt->max; |
160 | break; |
161 | default: |
162 | break; |
163 | } |
164 | } |
165 | |
166 | static int nla_validate_range_unsigned(const struct nla_policy *pt, |
167 | const struct nlattr *nla, |
168 | struct netlink_ext_ack *extack, |
169 | unsigned int validate) |
170 | { |
171 | struct netlink_range_validation range; |
172 | u64 value; |
173 | |
174 | switch (pt->type) { |
175 | case NLA_U8: |
176 | value = nla_get_u8(nla); |
177 | break; |
178 | case NLA_U16: |
179 | value = nla_get_u16(nla); |
180 | break; |
181 | case NLA_U32: |
182 | value = nla_get_u32(nla); |
183 | break; |
184 | case NLA_U64: |
185 | value = nla_get_u64(nla); |
186 | break; |
187 | case NLA_UINT: |
188 | value = nla_get_uint(nla); |
189 | break; |
190 | case NLA_MSECS: |
191 | value = nla_get_u64(nla); |
192 | break; |
193 | case NLA_BINARY: |
194 | value = nla_len(nla); |
195 | break; |
196 | case NLA_BE16: |
197 | value = ntohs(nla_get_be16(nla)); |
198 | break; |
199 | case NLA_BE32: |
200 | value = ntohl(nla_get_be32(nla)); |
201 | break; |
202 | default: |
203 | return -EINVAL; |
204 | } |
205 | |
206 | nla_get_range_unsigned(pt, range: &range); |
207 | |
208 | if (pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG && |
209 | pt->type == NLA_BINARY && value > range.max) { |
210 | pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n" , |
211 | current->comm, pt->type); |
212 | if (validate & NL_VALIDATE_STRICT_ATTRS) { |
213 | NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt, |
214 | "invalid attribute length" ); |
215 | return -EINVAL; |
216 | } |
217 | |
218 | /* this assumes min <= max (don't validate against min) */ |
219 | return 0; |
220 | } |
221 | |
222 | if (value < range.min || value > range.max) { |
223 | bool binary = pt->type == NLA_BINARY; |
224 | |
225 | if (binary) |
226 | NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt, |
227 | "binary attribute size out of range" ); |
228 | else |
229 | NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt, |
230 | "integer out of range" ); |
231 | |
232 | return -ERANGE; |
233 | } |
234 | |
235 | return 0; |
236 | } |
237 | |
238 | void nla_get_range_signed(const struct nla_policy *pt, |
239 | struct netlink_range_validation_signed *range) |
240 | { |
241 | switch (pt->type) { |
242 | case NLA_S8: |
243 | range->min = S8_MIN; |
244 | range->max = S8_MAX; |
245 | break; |
246 | case NLA_S16: |
247 | range->min = S16_MIN; |
248 | range->max = S16_MAX; |
249 | break; |
250 | case NLA_S32: |
251 | range->min = S32_MIN; |
252 | range->max = S32_MAX; |
253 | break; |
254 | case NLA_S64: |
255 | case NLA_SINT: |
256 | range->min = S64_MIN; |
257 | range->max = S64_MAX; |
258 | break; |
259 | default: |
260 | WARN_ON_ONCE(1); |
261 | return; |
262 | } |
263 | |
264 | switch (pt->validation_type) { |
265 | case NLA_VALIDATE_RANGE: |
266 | range->min = pt->min; |
267 | range->max = pt->max; |
268 | break; |
269 | case NLA_VALIDATE_RANGE_PTR: |
270 | *range = *pt->range_signed; |
271 | break; |
272 | case NLA_VALIDATE_MIN: |
273 | range->min = pt->min; |
274 | break; |
275 | case NLA_VALIDATE_MAX: |
276 | range->max = pt->max; |
277 | break; |
278 | default: |
279 | break; |
280 | } |
281 | } |
282 | |
283 | static int nla_validate_int_range_signed(const struct nla_policy *pt, |
284 | const struct nlattr *nla, |
285 | struct netlink_ext_ack *extack) |
286 | { |
287 | struct netlink_range_validation_signed range; |
288 | s64 value; |
289 | |
290 | switch (pt->type) { |
291 | case NLA_S8: |
292 | value = nla_get_s8(nla); |
293 | break; |
294 | case NLA_S16: |
295 | value = nla_get_s16(nla); |
296 | break; |
297 | case NLA_S32: |
298 | value = nla_get_s32(nla); |
299 | break; |
300 | case NLA_S64: |
301 | value = nla_get_s64(nla); |
302 | break; |
303 | case NLA_SINT: |
304 | value = nla_get_sint(nla); |
305 | break; |
306 | default: |
307 | return -EINVAL; |
308 | } |
309 | |
310 | nla_get_range_signed(pt, range: &range); |
311 | |
312 | if (value < range.min || value > range.max) { |
313 | NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt, |
314 | "integer out of range" ); |
315 | return -ERANGE; |
316 | } |
317 | |
318 | return 0; |
319 | } |
320 | |
321 | static int nla_validate_int_range(const struct nla_policy *pt, |
322 | const struct nlattr *nla, |
323 | struct netlink_ext_ack *extack, |
324 | unsigned int validate) |
325 | { |
326 | switch (pt->type) { |
327 | case NLA_U8: |
328 | case NLA_U16: |
329 | case NLA_U32: |
330 | case NLA_U64: |
331 | case NLA_UINT: |
332 | case NLA_MSECS: |
333 | case NLA_BINARY: |
334 | case NLA_BE16: |
335 | case NLA_BE32: |
336 | return nla_validate_range_unsigned(pt, nla, extack, validate); |
337 | case NLA_S8: |
338 | case NLA_S16: |
339 | case NLA_S32: |
340 | case NLA_S64: |
341 | case NLA_SINT: |
342 | return nla_validate_int_range_signed(pt, nla, extack); |
343 | default: |
344 | WARN_ON(1); |
345 | return -EINVAL; |
346 | } |
347 | } |
348 | |
349 | static int nla_validate_mask(const struct nla_policy *pt, |
350 | const struct nlattr *nla, |
351 | struct netlink_ext_ack *extack) |
352 | { |
353 | u64 value; |
354 | |
355 | switch (pt->type) { |
356 | case NLA_U8: |
357 | value = nla_get_u8(nla); |
358 | break; |
359 | case NLA_U16: |
360 | value = nla_get_u16(nla); |
361 | break; |
362 | case NLA_U32: |
363 | value = nla_get_u32(nla); |
364 | break; |
365 | case NLA_U64: |
366 | value = nla_get_u64(nla); |
367 | break; |
368 | case NLA_UINT: |
369 | value = nla_get_uint(nla); |
370 | break; |
371 | case NLA_BE16: |
372 | value = ntohs(nla_get_be16(nla)); |
373 | break; |
374 | case NLA_BE32: |
375 | value = ntohl(nla_get_be32(nla)); |
376 | break; |
377 | default: |
378 | return -EINVAL; |
379 | } |
380 | |
381 | if (value & ~(u64)pt->mask) { |
382 | NL_SET_ERR_MSG_ATTR(extack, nla, "reserved bit set" ); |
383 | return -EINVAL; |
384 | } |
385 | |
386 | return 0; |
387 | } |
388 | |
389 | static int validate_nla(const struct nlattr *nla, int maxtype, |
390 | const struct nla_policy *policy, unsigned int validate, |
391 | struct netlink_ext_ack *extack, unsigned int depth) |
392 | { |
393 | u16 strict_start_type = policy[0].strict_start_type; |
394 | const struct nla_policy *pt; |
395 | int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla); |
396 | int err = -ERANGE; |
397 | |
398 | if (strict_start_type && type >= strict_start_type) |
399 | validate |= NL_VALIDATE_STRICT; |
400 | |
401 | if (type <= 0 || type > maxtype) |
402 | return 0; |
403 | |
404 | type = array_index_nospec(type, maxtype + 1); |
405 | pt = &policy[type]; |
406 | |
407 | BUG_ON(pt->type > NLA_TYPE_MAX); |
408 | |
409 | if (nla_attr_len[pt->type] && attrlen != nla_attr_len[pt->type]) { |
410 | pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n" , |
411 | current->comm, type); |
412 | if (validate & NL_VALIDATE_STRICT_ATTRS) { |
413 | NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt, |
414 | "invalid attribute length" ); |
415 | return -EINVAL; |
416 | } |
417 | } |
418 | |
419 | if (validate & NL_VALIDATE_NESTED) { |
420 | if ((pt->type == NLA_NESTED || pt->type == NLA_NESTED_ARRAY) && |
421 | !(nla->nla_type & NLA_F_NESTED)) { |
422 | NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt, |
423 | "NLA_F_NESTED is missing" ); |
424 | return -EINVAL; |
425 | } |
426 | if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY && |
427 | pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) { |
428 | NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt, |
429 | "NLA_F_NESTED not expected" ); |
430 | return -EINVAL; |
431 | } |
432 | } |
433 | |
434 | switch (pt->type) { |
435 | case NLA_REJECT: |
436 | if (extack && pt->reject_message) { |
437 | NL_SET_BAD_ATTR(extack, nla); |
438 | extack->_msg = pt->reject_message; |
439 | return -EINVAL; |
440 | } |
441 | err = -EINVAL; |
442 | goto out_err; |
443 | |
444 | case NLA_FLAG: |
445 | if (attrlen > 0) |
446 | goto out_err; |
447 | break; |
448 | |
449 | case NLA_SINT: |
450 | case NLA_UINT: |
451 | if (attrlen != sizeof(u32) && attrlen != sizeof(u64)) { |
452 | NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt, |
453 | "invalid attribute length" ); |
454 | return -EINVAL; |
455 | } |
456 | break; |
457 | |
458 | case NLA_BITFIELD32: |
459 | if (attrlen != sizeof(struct nla_bitfield32)) |
460 | goto out_err; |
461 | |
462 | err = validate_nla_bitfield32(nla, valid_flags_mask: pt->bitfield32_valid); |
463 | if (err) |
464 | goto out_err; |
465 | break; |
466 | |
467 | case NLA_NUL_STRING: |
468 | if (pt->len) |
469 | minlen = min_t(int, attrlen, pt->len + 1); |
470 | else |
471 | minlen = attrlen; |
472 | |
473 | if (!minlen || memchr(p: nla_data(nla), c: '\0', size: minlen) == NULL) { |
474 | err = -EINVAL; |
475 | goto out_err; |
476 | } |
477 | fallthrough; |
478 | |
479 | case NLA_STRING: |
480 | if (attrlen < 1) |
481 | goto out_err; |
482 | |
483 | if (pt->len) { |
484 | char *buf = nla_data(nla); |
485 | |
486 | if (buf[attrlen - 1] == '\0') |
487 | attrlen--; |
488 | |
489 | if (attrlen > pt->len) |
490 | goto out_err; |
491 | } |
492 | break; |
493 | |
494 | case NLA_BINARY: |
495 | if (pt->len && attrlen > pt->len) |
496 | goto out_err; |
497 | break; |
498 | |
499 | case NLA_NESTED: |
500 | /* a nested attributes is allowed to be empty; if its not, |
501 | * it must have a size of at least NLA_HDRLEN. |
502 | */ |
503 | if (attrlen == 0) |
504 | break; |
505 | if (attrlen < NLA_HDRLEN) |
506 | goto out_err; |
507 | if (pt->nested_policy) { |
508 | err = __nla_validate_parse(head: nla_data(nla), len: nla_len(nla), |
509 | maxtype: pt->len, policy: pt->nested_policy, |
510 | validate, extack, NULL, |
511 | depth: depth + 1); |
512 | if (err < 0) { |
513 | /* |
514 | * return directly to preserve the inner |
515 | * error message/attribute pointer |
516 | */ |
517 | return err; |
518 | } |
519 | } |
520 | break; |
521 | case NLA_NESTED_ARRAY: |
522 | /* a nested array attribute is allowed to be empty; if its not, |
523 | * it must have a size of at least NLA_HDRLEN. |
524 | */ |
525 | if (attrlen == 0) |
526 | break; |
527 | if (attrlen < NLA_HDRLEN) |
528 | goto out_err; |
529 | if (pt->nested_policy) { |
530 | int err; |
531 | |
532 | err = nla_validate_array(head: nla_data(nla), len: nla_len(nla), |
533 | maxtype: pt->len, policy: pt->nested_policy, |
534 | extack, validate, depth); |
535 | if (err < 0) { |
536 | /* |
537 | * return directly to preserve the inner |
538 | * error message/attribute pointer |
539 | */ |
540 | return err; |
541 | } |
542 | } |
543 | break; |
544 | |
545 | case NLA_UNSPEC: |
546 | if (validate & NL_VALIDATE_UNSPEC) { |
547 | NL_SET_ERR_MSG_ATTR(extack, nla, |
548 | "Unsupported attribute" ); |
549 | return -EINVAL; |
550 | } |
551 | if (attrlen < pt->len) |
552 | goto out_err; |
553 | break; |
554 | |
555 | default: |
556 | if (pt->len) |
557 | minlen = pt->len; |
558 | else |
559 | minlen = nla_attr_minlen[pt->type]; |
560 | |
561 | if (attrlen < minlen) |
562 | goto out_err; |
563 | } |
564 | |
565 | /* further validation */ |
566 | switch (pt->validation_type) { |
567 | case NLA_VALIDATE_NONE: |
568 | /* nothing to do */ |
569 | break; |
570 | case NLA_VALIDATE_RANGE_PTR: |
571 | case NLA_VALIDATE_RANGE: |
572 | case NLA_VALIDATE_RANGE_WARN_TOO_LONG: |
573 | case NLA_VALIDATE_MIN: |
574 | case NLA_VALIDATE_MAX: |
575 | err = nla_validate_int_range(pt, nla, extack, validate); |
576 | if (err) |
577 | return err; |
578 | break; |
579 | case NLA_VALIDATE_MASK: |
580 | err = nla_validate_mask(pt, nla, extack); |
581 | if (err) |
582 | return err; |
583 | break; |
584 | case NLA_VALIDATE_FUNCTION: |
585 | if (pt->validate) { |
586 | err = pt->validate(nla, extack); |
587 | if (err) |
588 | return err; |
589 | } |
590 | break; |
591 | } |
592 | |
593 | return 0; |
594 | out_err: |
595 | NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt, |
596 | "Attribute failed policy validation" ); |
597 | return err; |
598 | } |
599 | |
600 | static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype, |
601 | const struct nla_policy *policy, |
602 | unsigned int validate, |
603 | struct netlink_ext_ack *extack, |
604 | struct nlattr **tb, unsigned int depth) |
605 | { |
606 | const struct nlattr *nla; |
607 | int rem; |
608 | |
609 | if (depth >= MAX_POLICY_RECURSION_DEPTH) { |
610 | NL_SET_ERR_MSG(extack, |
611 | "allowed policy recursion depth exceeded" ); |
612 | return -EINVAL; |
613 | } |
614 | |
615 | if (tb) |
616 | memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1)); |
617 | |
618 | nla_for_each_attr(nla, head, len, rem) { |
619 | u16 type = nla_type(nla); |
620 | |
621 | if (type == 0 || type > maxtype) { |
622 | if (validate & NL_VALIDATE_MAXTYPE) { |
623 | NL_SET_ERR_MSG_ATTR(extack, nla, |
624 | "Unknown attribute type" ); |
625 | return -EINVAL; |
626 | } |
627 | continue; |
628 | } |
629 | type = array_index_nospec(type, maxtype + 1); |
630 | if (policy) { |
631 | int err = validate_nla(nla, maxtype, policy, |
632 | validate, extack, depth); |
633 | |
634 | if (err < 0) |
635 | return err; |
636 | } |
637 | |
638 | if (tb) |
639 | tb[type] = (struct nlattr *)nla; |
640 | } |
641 | |
642 | if (unlikely(rem > 0)) { |
643 | pr_warn_ratelimited("netlink: %d bytes leftover after parsing attributes in process `%s'.\n" , |
644 | rem, current->comm); |
645 | NL_SET_ERR_MSG(extack, "bytes leftover after parsing attributes" ); |
646 | if (validate & NL_VALIDATE_TRAILING) |
647 | return -EINVAL; |
648 | } |
649 | |
650 | return 0; |
651 | } |
652 | |
653 | /** |
654 | * __nla_validate - Validate a stream of attributes |
655 | * @head: head of attribute stream |
656 | * @len: length of attribute stream |
657 | * @maxtype: maximum attribute type to be expected |
658 | * @policy: validation policy |
659 | * @validate: validation strictness |
660 | * @extack: extended ACK report struct |
661 | * |
662 | * Validates all attributes in the specified attribute stream against the |
663 | * specified policy. Validation depends on the validate flags passed, see |
664 | * &enum netlink_validation for more details on that. |
665 | * See documentation of struct nla_policy for more details. |
666 | * |
667 | * Returns 0 on success or a negative error code. |
668 | */ |
669 | int __nla_validate(const struct nlattr *head, int len, int maxtype, |
670 | const struct nla_policy *policy, unsigned int validate, |
671 | struct netlink_ext_ack *extack) |
672 | { |
673 | return __nla_validate_parse(head, len, maxtype, policy, validate, |
674 | extack, NULL, depth: 0); |
675 | } |
676 | EXPORT_SYMBOL(__nla_validate); |
677 | |
678 | /** |
679 | * nla_policy_len - Determine the max. length of a policy |
680 | * @p: policy to use |
681 | * @n: number of policies |
682 | * |
683 | * Determines the max. length of the policy. It is currently used |
684 | * to allocated Netlink buffers roughly the size of the actual |
685 | * message. |
686 | * |
687 | * Returns 0 on success or a negative error code. |
688 | */ |
689 | int |
690 | nla_policy_len(const struct nla_policy *p, int n) |
691 | { |
692 | int i, len = 0; |
693 | |
694 | for (i = 0; i < n; i++, p++) { |
695 | if (p->len) |
696 | len += nla_total_size(payload: p->len); |
697 | else if (nla_attr_len[p->type]) |
698 | len += nla_total_size(payload: nla_attr_len[p->type]); |
699 | else if (nla_attr_minlen[p->type]) |
700 | len += nla_total_size(payload: nla_attr_minlen[p->type]); |
701 | } |
702 | |
703 | return len; |
704 | } |
705 | EXPORT_SYMBOL(nla_policy_len); |
706 | |
707 | /** |
708 | * __nla_parse - Parse a stream of attributes into a tb buffer |
709 | * @tb: destination array with maxtype+1 elements |
710 | * @maxtype: maximum attribute type to be expected |
711 | * @head: head of attribute stream |
712 | * @len: length of attribute stream |
713 | * @policy: validation policy |
714 | * @validate: validation strictness |
715 | * @extack: extended ACK pointer |
716 | * |
717 | * Parses a stream of attributes and stores a pointer to each attribute in |
718 | * the tb array accessible via the attribute type. |
719 | * Validation is controlled by the @validate parameter. |
720 | * |
721 | * Returns 0 on success or a negative error code. |
722 | */ |
723 | int __nla_parse(struct nlattr **tb, int maxtype, |
724 | const struct nlattr *head, int len, |
725 | const struct nla_policy *policy, unsigned int validate, |
726 | struct netlink_ext_ack *extack) |
727 | { |
728 | return __nla_validate_parse(head, len, maxtype, policy, validate, |
729 | extack, tb, depth: 0); |
730 | } |
731 | EXPORT_SYMBOL(__nla_parse); |
732 | |
733 | /** |
734 | * nla_find - Find a specific attribute in a stream of attributes |
735 | * @head: head of attribute stream |
736 | * @len: length of attribute stream |
737 | * @attrtype: type of attribute to look for |
738 | * |
739 | * Returns the first attribute in the stream matching the specified type. |
740 | */ |
741 | struct nlattr *nla_find(const struct nlattr *head, int len, int attrtype) |
742 | { |
743 | const struct nlattr *nla; |
744 | int rem; |
745 | |
746 | nla_for_each_attr(nla, head, len, rem) |
747 | if (nla_type(nla) == attrtype) |
748 | return (struct nlattr *)nla; |
749 | |
750 | return NULL; |
751 | } |
752 | EXPORT_SYMBOL(nla_find); |
753 | |
754 | /** |
755 | * nla_strscpy - Copy string attribute payload into a sized buffer |
756 | * @dst: Where to copy the string to. |
757 | * @nla: Attribute to copy the string from. |
758 | * @dstsize: Size of destination buffer. |
759 | * |
760 | * Copies at most dstsize - 1 bytes into the destination buffer. |
761 | * Unlike strlcpy the destination buffer is always padded out. |
762 | * |
763 | * Return: |
764 | * * srclen - Returns @nla length (not including the trailing %NUL). |
765 | * * -E2BIG - If @dstsize is 0 or greater than U16_MAX or @nla length greater |
766 | * than @dstsize. |
767 | */ |
768 | ssize_t nla_strscpy(char *dst, const struct nlattr *nla, size_t dstsize) |
769 | { |
770 | size_t srclen = nla_len(nla); |
771 | char *src = nla_data(nla); |
772 | ssize_t ret; |
773 | size_t len; |
774 | |
775 | if (dstsize == 0 || WARN_ON_ONCE(dstsize > U16_MAX)) |
776 | return -E2BIG; |
777 | |
778 | if (srclen > 0 && src[srclen - 1] == '\0') |
779 | srclen--; |
780 | |
781 | if (srclen >= dstsize) { |
782 | len = dstsize - 1; |
783 | ret = -E2BIG; |
784 | } else { |
785 | len = srclen; |
786 | ret = len; |
787 | } |
788 | |
789 | memcpy(dst, src, len); |
790 | /* Zero pad end of dst. */ |
791 | memset(dst + len, 0, dstsize - len); |
792 | |
793 | return ret; |
794 | } |
795 | EXPORT_SYMBOL(nla_strscpy); |
796 | |
797 | /** |
798 | * nla_strdup - Copy string attribute payload into a newly allocated buffer |
799 | * @nla: attribute to copy the string from |
800 | * @flags: the type of memory to allocate (see kmalloc). |
801 | * |
802 | * Returns a pointer to the allocated buffer or NULL on error. |
803 | */ |
804 | char *nla_strdup(const struct nlattr *nla, gfp_t flags) |
805 | { |
806 | size_t srclen = nla_len(nla); |
807 | char *src = nla_data(nla), *dst; |
808 | |
809 | if (srclen > 0 && src[srclen - 1] == '\0') |
810 | srclen--; |
811 | |
812 | dst = kmalloc(size: srclen + 1, flags); |
813 | if (dst != NULL) { |
814 | memcpy(dst, src, srclen); |
815 | dst[srclen] = '\0'; |
816 | } |
817 | return dst; |
818 | } |
819 | EXPORT_SYMBOL(nla_strdup); |
820 | |
821 | /** |
822 | * nla_memcpy - Copy a netlink attribute into another memory area |
823 | * @dest: where to copy to memcpy |
824 | * @src: netlink attribute to copy from |
825 | * @count: size of the destination area |
826 | * |
827 | * Note: The number of bytes copied is limited by the length of |
828 | * attribute's payload. memcpy |
829 | * |
830 | * Returns the number of bytes copied. |
831 | */ |
832 | int nla_memcpy(void *dest, const struct nlattr *src, int count) |
833 | { |
834 | int minlen = min_t(int, count, nla_len(src)); |
835 | |
836 | memcpy(dest, nla_data(src), minlen); |
837 | if (count > minlen) |
838 | memset(dest + minlen, 0, count - minlen); |
839 | |
840 | return minlen; |
841 | } |
842 | EXPORT_SYMBOL(nla_memcpy); |
843 | |
844 | /** |
845 | * nla_memcmp - Compare an attribute with sized memory area |
846 | * @nla: netlink attribute |
847 | * @data: memory area |
848 | * @size: size of memory area |
849 | */ |
850 | int nla_memcmp(const struct nlattr *nla, const void *data, |
851 | size_t size) |
852 | { |
853 | int d = nla_len(nla) - size; |
854 | |
855 | if (d == 0) |
856 | d = memcmp(p: nla_data(nla), q: data, size); |
857 | |
858 | return d; |
859 | } |
860 | EXPORT_SYMBOL(nla_memcmp); |
861 | |
862 | /** |
863 | * nla_strcmp - Compare a string attribute against a string |
864 | * @nla: netlink string attribute |
865 | * @str: another string |
866 | */ |
867 | int nla_strcmp(const struct nlattr *nla, const char *str) |
868 | { |
869 | int len = strlen(str); |
870 | char *buf = nla_data(nla); |
871 | int attrlen = nla_len(nla); |
872 | int d; |
873 | |
874 | while (attrlen > 0 && buf[attrlen - 1] == '\0') |
875 | attrlen--; |
876 | |
877 | d = attrlen - len; |
878 | if (d == 0) |
879 | d = memcmp(p: nla_data(nla), q: str, size: len); |
880 | |
881 | return d; |
882 | } |
883 | EXPORT_SYMBOL(nla_strcmp); |
884 | |
885 | #ifdef CONFIG_NET |
886 | /** |
887 | * __nla_reserve - reserve room for attribute on the skb |
888 | * @skb: socket buffer to reserve room on |
889 | * @attrtype: attribute type |
890 | * @attrlen: length of attribute payload |
891 | * |
892 | * Adds a netlink attribute header to a socket buffer and reserves |
893 | * room for the payload but does not copy it. |
894 | * |
895 | * The caller is responsible to ensure that the skb provides enough |
896 | * tailroom for the attribute header and payload. |
897 | */ |
898 | struct nlattr *__nla_reserve(struct sk_buff *skb, int attrtype, int attrlen) |
899 | { |
900 | struct nlattr *nla; |
901 | |
902 | nla = skb_put(skb, len: nla_total_size(payload: attrlen)); |
903 | nla->nla_type = attrtype; |
904 | nla->nla_len = nla_attr_size(payload: attrlen); |
905 | |
906 | memset((unsigned char *) nla + nla->nla_len, 0, nla_padlen(attrlen)); |
907 | |
908 | return nla; |
909 | } |
910 | EXPORT_SYMBOL(__nla_reserve); |
911 | |
912 | /** |
913 | * __nla_reserve_64bit - reserve room for attribute on the skb and align it |
914 | * @skb: socket buffer to reserve room on |
915 | * @attrtype: attribute type |
916 | * @attrlen: length of attribute payload |
917 | * @padattr: attribute type for the padding |
918 | * |
919 | * Adds a netlink attribute header to a socket buffer and reserves |
920 | * room for the payload but does not copy it. It also ensure that this |
921 | * attribute will have a 64-bit aligned nla_data() area. |
922 | * |
923 | * The caller is responsible to ensure that the skb provides enough |
924 | * tailroom for the attribute header and payload. |
925 | */ |
926 | struct nlattr *__nla_reserve_64bit(struct sk_buff *skb, int attrtype, |
927 | int attrlen, int padattr) |
928 | { |
929 | nla_align_64bit(skb, padattr); |
930 | |
931 | return __nla_reserve(skb, attrtype, attrlen); |
932 | } |
933 | EXPORT_SYMBOL(__nla_reserve_64bit); |
934 | |
935 | /** |
936 | * __nla_reserve_nohdr - reserve room for attribute without header |
937 | * @skb: socket buffer to reserve room on |
938 | * @attrlen: length of attribute payload |
939 | * |
940 | * Reserves room for attribute payload without a header. |
941 | * |
942 | * The caller is responsible to ensure that the skb provides enough |
943 | * tailroom for the payload. |
944 | */ |
945 | void *__nla_reserve_nohdr(struct sk_buff *skb, int attrlen) |
946 | { |
947 | return skb_put_zero(skb, NLA_ALIGN(attrlen)); |
948 | } |
949 | EXPORT_SYMBOL(__nla_reserve_nohdr); |
950 | |
951 | /** |
952 | * nla_reserve - reserve room for attribute on the skb |
953 | * @skb: socket buffer to reserve room on |
954 | * @attrtype: attribute type |
955 | * @attrlen: length of attribute payload |
956 | * |
957 | * Adds a netlink attribute header to a socket buffer and reserves |
958 | * room for the payload but does not copy it. |
959 | * |
960 | * Returns NULL if the tailroom of the skb is insufficient to store |
961 | * the attribute header and payload. |
962 | */ |
963 | struct nlattr *nla_reserve(struct sk_buff *skb, int attrtype, int attrlen) |
964 | { |
965 | if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) |
966 | return NULL; |
967 | |
968 | return __nla_reserve(skb, attrtype, attrlen); |
969 | } |
970 | EXPORT_SYMBOL(nla_reserve); |
971 | |
972 | /** |
973 | * nla_reserve_64bit - reserve room for attribute on the skb and align it |
974 | * @skb: socket buffer to reserve room on |
975 | * @attrtype: attribute type |
976 | * @attrlen: length of attribute payload |
977 | * @padattr: attribute type for the padding |
978 | * |
979 | * Adds a netlink attribute header to a socket buffer and reserves |
980 | * room for the payload but does not copy it. It also ensure that this |
981 | * attribute will have a 64-bit aligned nla_data() area. |
982 | * |
983 | * Returns NULL if the tailroom of the skb is insufficient to store |
984 | * the attribute header and payload. |
985 | */ |
986 | struct nlattr *nla_reserve_64bit(struct sk_buff *skb, int attrtype, int attrlen, |
987 | int padattr) |
988 | { |
989 | size_t len; |
990 | |
991 | if (nla_need_padding_for_64bit(skb)) |
992 | len = nla_total_size_64bit(payload: attrlen); |
993 | else |
994 | len = nla_total_size(payload: attrlen); |
995 | if (unlikely(skb_tailroom(skb) < len)) |
996 | return NULL; |
997 | |
998 | return __nla_reserve_64bit(skb, attrtype, attrlen, padattr); |
999 | } |
1000 | EXPORT_SYMBOL(nla_reserve_64bit); |
1001 | |
1002 | /** |
1003 | * nla_reserve_nohdr - reserve room for attribute without header |
1004 | * @skb: socket buffer to reserve room on |
1005 | * @attrlen: length of attribute payload |
1006 | * |
1007 | * Reserves room for attribute payload without a header. |
1008 | * |
1009 | * Returns NULL if the tailroom of the skb is insufficient to store |
1010 | * the attribute payload. |
1011 | */ |
1012 | void *nla_reserve_nohdr(struct sk_buff *skb, int attrlen) |
1013 | { |
1014 | if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) |
1015 | return NULL; |
1016 | |
1017 | return __nla_reserve_nohdr(skb, attrlen); |
1018 | } |
1019 | EXPORT_SYMBOL(nla_reserve_nohdr); |
1020 | |
1021 | /** |
1022 | * __nla_put - Add a netlink attribute to a socket buffer |
1023 | * @skb: socket buffer to add attribute to |
1024 | * @attrtype: attribute type |
1025 | * @attrlen: length of attribute payload |
1026 | * @data: head of attribute payload |
1027 | * |
1028 | * The caller is responsible to ensure that the skb provides enough |
1029 | * tailroom for the attribute header and payload. |
1030 | */ |
1031 | void __nla_put(struct sk_buff *skb, int attrtype, int attrlen, |
1032 | const void *data) |
1033 | { |
1034 | struct nlattr *nla; |
1035 | |
1036 | nla = __nla_reserve(skb, attrtype, attrlen); |
1037 | memcpy(nla_data(nla), data, attrlen); |
1038 | } |
1039 | EXPORT_SYMBOL(__nla_put); |
1040 | |
1041 | /** |
1042 | * __nla_put_64bit - Add a netlink attribute to a socket buffer and align it |
1043 | * @skb: socket buffer to add attribute to |
1044 | * @attrtype: attribute type |
1045 | * @attrlen: length of attribute payload |
1046 | * @data: head of attribute payload |
1047 | * @padattr: attribute type for the padding |
1048 | * |
1049 | * The caller is responsible to ensure that the skb provides enough |
1050 | * tailroom for the attribute header and payload. |
1051 | */ |
1052 | void __nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen, |
1053 | const void *data, int padattr) |
1054 | { |
1055 | struct nlattr *nla; |
1056 | |
1057 | nla = __nla_reserve_64bit(skb, attrtype, attrlen, padattr); |
1058 | memcpy(nla_data(nla), data, attrlen); |
1059 | } |
1060 | EXPORT_SYMBOL(__nla_put_64bit); |
1061 | |
1062 | /** |
1063 | * __nla_put_nohdr - Add a netlink attribute without header |
1064 | * @skb: socket buffer to add attribute to |
1065 | * @attrlen: length of attribute payload |
1066 | * @data: head of attribute payload |
1067 | * |
1068 | * The caller is responsible to ensure that the skb provides enough |
1069 | * tailroom for the attribute payload. |
1070 | */ |
1071 | void __nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) |
1072 | { |
1073 | void *start; |
1074 | |
1075 | start = __nla_reserve_nohdr(skb, attrlen); |
1076 | memcpy(start, data, attrlen); |
1077 | } |
1078 | EXPORT_SYMBOL(__nla_put_nohdr); |
1079 | |
1080 | /** |
1081 | * nla_put - Add a netlink attribute to a socket buffer |
1082 | * @skb: socket buffer to add attribute to |
1083 | * @attrtype: attribute type |
1084 | * @attrlen: length of attribute payload |
1085 | * @data: head of attribute payload |
1086 | * |
1087 | * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store |
1088 | * the attribute header and payload. |
1089 | */ |
1090 | int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data) |
1091 | { |
1092 | if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) |
1093 | return -EMSGSIZE; |
1094 | |
1095 | __nla_put(skb, attrtype, attrlen, data); |
1096 | return 0; |
1097 | } |
1098 | EXPORT_SYMBOL(nla_put); |
1099 | |
1100 | /** |
1101 | * nla_put_64bit - Add a netlink attribute to a socket buffer and align it |
1102 | * @skb: socket buffer to add attribute to |
1103 | * @attrtype: attribute type |
1104 | * @attrlen: length of attribute payload |
1105 | * @data: head of attribute payload |
1106 | * @padattr: attribute type for the padding |
1107 | * |
1108 | * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store |
1109 | * the attribute header and payload. |
1110 | */ |
1111 | int nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen, |
1112 | const void *data, int padattr) |
1113 | { |
1114 | size_t len; |
1115 | |
1116 | if (nla_need_padding_for_64bit(skb)) |
1117 | len = nla_total_size_64bit(payload: attrlen); |
1118 | else |
1119 | len = nla_total_size(payload: attrlen); |
1120 | if (unlikely(skb_tailroom(skb) < len)) |
1121 | return -EMSGSIZE; |
1122 | |
1123 | __nla_put_64bit(skb, attrtype, attrlen, data, padattr); |
1124 | return 0; |
1125 | } |
1126 | EXPORT_SYMBOL(nla_put_64bit); |
1127 | |
1128 | /** |
1129 | * nla_put_nohdr - Add a netlink attribute without header |
1130 | * @skb: socket buffer to add attribute to |
1131 | * @attrlen: length of attribute payload |
1132 | * @data: head of attribute payload |
1133 | * |
1134 | * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store |
1135 | * the attribute payload. |
1136 | */ |
1137 | int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) |
1138 | { |
1139 | if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) |
1140 | return -EMSGSIZE; |
1141 | |
1142 | __nla_put_nohdr(skb, attrlen, data); |
1143 | return 0; |
1144 | } |
1145 | EXPORT_SYMBOL(nla_put_nohdr); |
1146 | |
1147 | /** |
1148 | * nla_append - Add a netlink attribute without header or padding |
1149 | * @skb: socket buffer to add attribute to |
1150 | * @attrlen: length of attribute payload |
1151 | * @data: head of attribute payload |
1152 | * |
1153 | * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store |
1154 | * the attribute payload. |
1155 | */ |
1156 | int nla_append(struct sk_buff *skb, int attrlen, const void *data) |
1157 | { |
1158 | if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) |
1159 | return -EMSGSIZE; |
1160 | |
1161 | skb_put_data(skb, data, len: attrlen); |
1162 | return 0; |
1163 | } |
1164 | EXPORT_SYMBOL(nla_append); |
1165 | #endif |
1166 | |