1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * NETLINK Policy advertisement to userspace
4 *
5 * Authors: Johannes Berg <johannes@sipsolutions.net>
6 *
7 * Copyright 2019 Intel Corporation
8 */
9
10 #include <linux/kernel.h>
11 #include <linux/errno.h>
12 #include <linux/types.h>
13 #include <net/netlink.h>
14
15 #define INITIAL_POLICIES_ALLOC 10
16
17 struct netlink_policy_dump_state {
18 unsigned int policy_idx;
19 unsigned int attr_idx;
20 unsigned int n_alloc;
21 struct {
22 const struct nla_policy *policy;
23 unsigned int maxtype;
24 } policies[] __counted_by(n_alloc);
25 };
26
add_policy(struct netlink_policy_dump_state ** statep,const struct nla_policy * policy,unsigned int maxtype)27 static int add_policy(struct netlink_policy_dump_state **statep,
28 const struct nla_policy *policy,
29 unsigned int maxtype)
30 {
31 struct netlink_policy_dump_state *state = *statep;
32 unsigned int old_n_alloc, n_alloc, i;
33
34 if (!policy || !maxtype)
35 return 0;
36
37 for (i = 0; i < state->n_alloc; i++) {
38 if (state->policies[i].policy == policy &&
39 state->policies[i].maxtype == maxtype)
40 return 0;
41
42 if (!state->policies[i].policy) {
43 state->policies[i].policy = policy;
44 state->policies[i].maxtype = maxtype;
45 return 0;
46 }
47 }
48
49 n_alloc = state->n_alloc + INITIAL_POLICIES_ALLOC;
50 state = krealloc(state, struct_size(state, policies, n_alloc),
51 GFP_KERNEL);
52 if (!state)
53 return -ENOMEM;
54
55 old_n_alloc = state->n_alloc;
56 state->n_alloc = n_alloc;
57 memset(&state->policies[old_n_alloc], 0,
58 flex_array_size(state, policies, n_alloc - old_n_alloc));
59
60 state->policies[old_n_alloc].policy = policy;
61 state->policies[old_n_alloc].maxtype = maxtype;
62 *statep = state;
63
64 return 0;
65 }
66
67 /**
68 * netlink_policy_dump_get_policy_idx - retrieve policy index
69 * @state: the policy dump state
70 * @policy: the policy to find
71 * @maxtype: the policy's maxattr
72 *
73 * Returns: the index of the given policy in the dump state
74 *
75 * Call this to find a policy index when you've added multiple and e.g.
76 * need to tell userspace which command has which policy (by index).
77 *
78 * Note: this will WARN and return 0 if the policy isn't found, which
79 * means it wasn't added in the first place, which would be an
80 * internal consistency bug.
81 */
netlink_policy_dump_get_policy_idx(struct netlink_policy_dump_state * state,const struct nla_policy * policy,unsigned int maxtype)82 int netlink_policy_dump_get_policy_idx(struct netlink_policy_dump_state *state,
83 const struct nla_policy *policy,
84 unsigned int maxtype)
85 {
86 unsigned int i;
87
88 if (WARN_ON(!policy || !maxtype))
89 return 0;
90
91 for (i = 0; i < state->n_alloc; i++) {
92 if (state->policies[i].policy == policy &&
93 state->policies[i].maxtype == maxtype)
94 return i;
95 }
96
97 WARN_ON(1);
98 return 0;
99 }
100
alloc_state(void)101 static struct netlink_policy_dump_state *alloc_state(void)
102 {
103 struct netlink_policy_dump_state *state;
104
105 state = kzalloc_flex(*state, policies, INITIAL_POLICIES_ALLOC);
106 if (!state)
107 return ERR_PTR(-ENOMEM);
108 state->n_alloc = INITIAL_POLICIES_ALLOC;
109
110 return state;
111 }
112
113 /**
114 * netlink_policy_dump_add_policy - add a policy to the dump
115 * @pstate: state to add to, may be reallocated, must be %NULL the first time
116 * @policy: the new policy to add to the dump
117 * @maxtype: the new policy's max attr type
118 *
119 * Returns: 0 on success, a negative error code otherwise.
120 *
121 * Call this to allocate a policy dump state, and to add policies to it. This
122 * should be called from the dump start() callback.
123 *
124 * Note: on failures, any previously allocated state is freed.
125 */
netlink_policy_dump_add_policy(struct netlink_policy_dump_state ** pstate,const struct nla_policy * policy,unsigned int maxtype)126 int netlink_policy_dump_add_policy(struct netlink_policy_dump_state **pstate,
127 const struct nla_policy *policy,
128 unsigned int maxtype)
129 {
130 struct netlink_policy_dump_state *state = *pstate;
131 unsigned int policy_idx;
132 int err;
133
134 if (!state) {
135 state = alloc_state();
136 if (IS_ERR(state))
137 return PTR_ERR(state);
138 }
139
140 /*
141 * walk the policies and nested ones first, and build
142 * a linear list of them.
143 */
144
145 err = add_policy(&state, policy, maxtype);
146 if (err)
147 goto err_try_undo;
148
149 for (policy_idx = 0;
150 policy_idx < state->n_alloc && state->policies[policy_idx].policy;
151 policy_idx++) {
152 const struct nla_policy *policy;
153 unsigned int type;
154
155 policy = state->policies[policy_idx].policy;
156
157 for (type = 0;
158 type <= state->policies[policy_idx].maxtype;
159 type++) {
160 switch (policy[type].type) {
161 case NLA_NESTED:
162 case NLA_NESTED_ARRAY:
163 err = add_policy(&state,
164 policy[type].nested_policy,
165 policy[type].len);
166 if (err)
167 goto err_try_undo;
168 break;
169 default:
170 break;
171 }
172 }
173 }
174
175 *pstate = state;
176 return 0;
177
178 err_try_undo:
179 /* Try to preserve reasonable unwind semantics - if we're starting from
180 * scratch clean up fully, otherwise record what we got and caller will.
181 */
182 if (!*pstate)
183 netlink_policy_dump_free(state);
184 else
185 *pstate = state;
186 return err;
187 }
188
189 static bool
netlink_policy_dump_finished(struct netlink_policy_dump_state * state)190 netlink_policy_dump_finished(struct netlink_policy_dump_state *state)
191 {
192 return state->policy_idx >= state->n_alloc ||
193 !state->policies[state->policy_idx].policy;
194 }
195
196 /**
197 * netlink_policy_dump_loop - dumping loop indicator
198 * @state: the policy dump state
199 *
200 * Returns: %true if the dump continues, %false otherwise
201 *
202 * Note: this frees the dump state when finishing
203 */
netlink_policy_dump_loop(struct netlink_policy_dump_state * state)204 bool netlink_policy_dump_loop(struct netlink_policy_dump_state *state)
205 {
206 return !netlink_policy_dump_finished(state);
207 }
208
netlink_policy_dump_attr_size_estimate(const struct nla_policy * pt)209 int netlink_policy_dump_attr_size_estimate(const struct nla_policy *pt)
210 {
211 /* nested + type */
212 int common = 2 * nla_attr_size(sizeof(u32));
213
214 switch (pt->type) {
215 case NLA_UNSPEC:
216 case NLA_REJECT:
217 /* these actually don't need any space */
218 return 0;
219 case NLA_NESTED:
220 case NLA_NESTED_ARRAY:
221 /* common, policy idx, policy maxattr */
222 return common + 2 * nla_attr_size(sizeof(u32));
223 case NLA_U8:
224 case NLA_U16:
225 case NLA_U32:
226 case NLA_U64:
227 case NLA_MSECS:
228 case NLA_S8:
229 case NLA_S16:
230 case NLA_S32:
231 case NLA_S64:
232 case NLA_SINT:
233 case NLA_UINT:
234 /* maximum is common, u64 min/max with padding */
235 return common +
236 2 * (nla_attr_size(0) + nla_attr_size(sizeof(u64)));
237 case NLA_BITFIELD32:
238 return common + nla_attr_size(sizeof(u32));
239 case NLA_STRING:
240 case NLA_NUL_STRING:
241 case NLA_BINARY:
242 /* maximum is common, u32 min-length/max-length */
243 return common + 2 * nla_attr_size(sizeof(u32));
244 case NLA_FLAG:
245 return common;
246 }
247
248 /* this should then cause a warning later */
249 return 0;
250 }
251
252 static int
__netlink_policy_dump_write_attr(struct netlink_policy_dump_state * state,struct sk_buff * skb,const struct nla_policy * pt,int nestattr)253 __netlink_policy_dump_write_attr(struct netlink_policy_dump_state *state,
254 struct sk_buff *skb,
255 const struct nla_policy *pt,
256 int nestattr)
257 {
258 int estimate = netlink_policy_dump_attr_size_estimate(pt);
259 enum netlink_attribute_type type;
260 struct nlattr *attr;
261
262 attr = nla_nest_start(skb, nestattr);
263 if (!attr)
264 return -ENOBUFS;
265
266 switch (pt->type) {
267 default:
268 case NLA_UNSPEC:
269 case NLA_REJECT:
270 /* skip - use NLA_MIN_LEN to advertise such */
271 nla_nest_cancel(skb, attr);
272 return -ENODATA;
273 case NLA_NESTED:
274 type = NL_ATTR_TYPE_NESTED;
275 fallthrough;
276 case NLA_NESTED_ARRAY:
277 if (pt->type == NLA_NESTED_ARRAY)
278 type = NL_ATTR_TYPE_NESTED_ARRAY;
279 if (state && pt->nested_policy && pt->len &&
280 (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_IDX,
281 netlink_policy_dump_get_policy_idx(state,
282 pt->nested_policy,
283 pt->len)) ||
284 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_MAXTYPE,
285 pt->len)))
286 goto nla_put_failure;
287 break;
288 case NLA_U8:
289 case NLA_U16:
290 case NLA_U32:
291 case NLA_U64:
292 case NLA_UINT:
293 case NLA_MSECS: {
294 struct netlink_range_validation range;
295
296 if (pt->type == NLA_U8)
297 type = NL_ATTR_TYPE_U8;
298 else if (pt->type == NLA_U16)
299 type = NL_ATTR_TYPE_U16;
300 else if (pt->type == NLA_U32)
301 type = NL_ATTR_TYPE_U32;
302 else if (pt->type == NLA_U64)
303 type = NL_ATTR_TYPE_U64;
304 else
305 type = NL_ATTR_TYPE_UINT;
306
307 if (pt->validation_type == NLA_VALIDATE_MASK) {
308 if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MASK,
309 pt->mask,
310 NL_POLICY_TYPE_ATTR_PAD))
311 goto nla_put_failure;
312 break;
313 } else if (pt->validation_type == NLA_VALIDATE_FUNCTION) {
314 break;
315 }
316
317 nla_get_range_unsigned(pt, &range);
318
319 if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_U,
320 range.min, NL_POLICY_TYPE_ATTR_PAD) ||
321 nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_U,
322 range.max, NL_POLICY_TYPE_ATTR_PAD))
323 goto nla_put_failure;
324 break;
325 }
326 case NLA_S8:
327 case NLA_S16:
328 case NLA_S32:
329 case NLA_S64:
330 case NLA_SINT: {
331 struct netlink_range_validation_signed range;
332
333 if (pt->type == NLA_S8)
334 type = NL_ATTR_TYPE_S8;
335 else if (pt->type == NLA_S16)
336 type = NL_ATTR_TYPE_S16;
337 else if (pt->type == NLA_S32)
338 type = NL_ATTR_TYPE_S32;
339 else if (pt->type == NLA_S64)
340 type = NL_ATTR_TYPE_S64;
341 else
342 type = NL_ATTR_TYPE_SINT;
343
344 if (pt->validation_type == NLA_VALIDATE_FUNCTION)
345 break;
346
347 nla_get_range_signed(pt, &range);
348
349 if (nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_S,
350 range.min, NL_POLICY_TYPE_ATTR_PAD) ||
351 nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_S,
352 range.max, NL_POLICY_TYPE_ATTR_PAD))
353 goto nla_put_failure;
354 break;
355 }
356 case NLA_BITFIELD32:
357 type = NL_ATTR_TYPE_BITFIELD32;
358 if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_BITFIELD32_MASK,
359 pt->bitfield32_valid))
360 goto nla_put_failure;
361 break;
362 case NLA_STRING:
363 case NLA_NUL_STRING:
364 case NLA_BINARY:
365 if (pt->type == NLA_STRING)
366 type = NL_ATTR_TYPE_STRING;
367 else if (pt->type == NLA_NUL_STRING)
368 type = NL_ATTR_TYPE_NUL_STRING;
369 else
370 type = NL_ATTR_TYPE_BINARY;
371
372 if (pt->validation_type == NLA_VALIDATE_RANGE ||
373 pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG) {
374 struct netlink_range_validation range;
375
376 nla_get_range_unsigned(pt, &range);
377
378 if (range.min &&
379 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MIN_LENGTH,
380 range.min))
381 goto nla_put_failure;
382
383 if (range.max < U16_MAX &&
384 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH,
385 range.max))
386 goto nla_put_failure;
387 } else if (pt->len &&
388 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH,
389 pt->len)) {
390 goto nla_put_failure;
391 }
392 break;
393 case NLA_FLAG:
394 type = NL_ATTR_TYPE_FLAG;
395 break;
396 }
397
398 if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_TYPE, type))
399 goto nla_put_failure;
400
401 nla_nest_end(skb, attr);
402 WARN_ON(attr->nla_len > estimate);
403
404 return 0;
405 nla_put_failure:
406 nla_nest_cancel(skb, attr);
407 return -ENOBUFS;
408 }
409
410 /**
411 * netlink_policy_dump_write_attr - write a given attribute policy
412 * @skb: the message skb to write to
413 * @pt: the attribute's policy
414 * @nestattr: the nested attribute ID to use
415 *
416 * Returns: 0 on success, an error code otherwise; -%ENODATA is
417 * special, indicating that there's no policy data and
418 * the attribute is generally rejected.
419 */
netlink_policy_dump_write_attr(struct sk_buff * skb,const struct nla_policy * pt,int nestattr)420 int netlink_policy_dump_write_attr(struct sk_buff *skb,
421 const struct nla_policy *pt,
422 int nestattr)
423 {
424 return __netlink_policy_dump_write_attr(NULL, skb, pt, nestattr);
425 }
426
427 /**
428 * netlink_policy_dump_write - write current policy dump attributes
429 * @skb: the message skb to write to
430 * @state: the policy dump state
431 *
432 * Returns: 0 on success, an error code otherwise
433 */
netlink_policy_dump_write(struct sk_buff * skb,struct netlink_policy_dump_state * state)434 int netlink_policy_dump_write(struct sk_buff *skb,
435 struct netlink_policy_dump_state *state)
436 {
437 const struct nla_policy *pt;
438 struct nlattr *policy;
439 bool again;
440 int err;
441
442 send_attribute:
443 again = false;
444
445 pt = &state->policies[state->policy_idx].policy[state->attr_idx];
446
447 policy = nla_nest_start(skb, state->policy_idx);
448 if (!policy)
449 return -ENOBUFS;
450
451 err = __netlink_policy_dump_write_attr(state, skb, pt, state->attr_idx);
452 if (err == -ENODATA) {
453 nla_nest_cancel(skb, policy);
454 again = true;
455 goto next;
456 } else if (err) {
457 goto nla_put_failure;
458 }
459
460 /* finish and move state to next attribute */
461 nla_nest_end(skb, policy);
462
463 next:
464 state->attr_idx += 1;
465 if (state->attr_idx > state->policies[state->policy_idx].maxtype) {
466 state->attr_idx = 0;
467 state->policy_idx++;
468 }
469
470 if (again) {
471 if (netlink_policy_dump_finished(state))
472 return -ENODATA;
473 goto send_attribute;
474 }
475
476 return 0;
477
478 nla_put_failure:
479 nla_nest_cancel(skb, policy);
480 return -ENOBUFS;
481 }
482
483 /**
484 * netlink_policy_dump_free - free policy dump state
485 * @state: the policy dump state to free
486 *
487 * Call this from the done() method to ensure dump state is freed.
488 */
netlink_policy_dump_free(struct netlink_policy_dump_state * state)489 void netlink_policy_dump_free(struct netlink_policy_dump_state *state)
490 {
491 kfree(state);
492 }
493