1 /* 2 * NETLINK Netlink attributes 3 * 4 * Authors: Thomas Graf <tgraf@suug.ch> 5 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 6 */ 7 8 #include <linux/module.h> 9 #include <linux/kernel.h> 10 #include <linux/errno.h> 11 #include <linux/jiffies.h> 12 #include <linux/netdevice.h> 13 #include <linux/skbuff.h> 14 #include <linux/string.h> 15 #include <linux/types.h> 16 #include <net/netlink.h> 17 18 static u16 nla_attr_minlen[NLA_TYPE_MAX+1] __read_mostly = { 19 [NLA_U8] = sizeof(u8), 20 [NLA_U16] = sizeof(u16), 21 [NLA_U32] = sizeof(u32), 22 [NLA_U64] = sizeof(u64), 23 [NLA_NESTED] = NLA_HDRLEN, 24 }; 25 26 static int validate_nla(struct nlattr *nla, int maxtype, 27 const struct nla_policy *policy) 28 { 29 const struct nla_policy *pt; 30 int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla); 31 32 if (type <= 0 || type > maxtype) 33 return 0; 34 35 pt = &policy[type]; 36 37 BUG_ON(pt->type > NLA_TYPE_MAX); 38 39 switch (pt->type) { 40 case NLA_FLAG: 41 if (attrlen > 0) 42 return -ERANGE; 43 break; 44 45 case NLA_NUL_STRING: 46 if (pt->len) 47 minlen = min_t(int, attrlen, pt->len + 1); 48 else 49 minlen = attrlen; 50 51 if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL) 52 return -EINVAL; 53 /* fall through */ 54 55 case NLA_STRING: 56 if (attrlen < 1) 57 return -ERANGE; 58 59 if (pt->len) { 60 char *buf = nla_data(nla); 61 62 if (buf[attrlen - 1] == '\0') 63 attrlen--; 64 65 if (attrlen > pt->len) 66 return -ERANGE; 67 } 68 break; 69 70 case NLA_BINARY: 71 if (pt->len && attrlen > pt->len) 72 return -ERANGE; 73 break; 74 75 case NLA_NESTED_COMPAT: 76 if (attrlen < pt->len) 77 return -ERANGE; 78 if (attrlen < NLA_ALIGN(pt->len)) 79 break; 80 if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN) 81 return -ERANGE; 82 nla = nla_data(nla) + NLA_ALIGN(pt->len); 83 if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN + nla_len(nla)) 84 return -ERANGE; 85 break; 86 case NLA_NESTED: 87 /* a nested attributes is allowed to be empty; if its not, 88 * it must have a size of at least NLA_HDRLEN. 89 */ 90 if (attrlen == 0) 91 break; 92 default: 93 if (pt->len) 94 minlen = pt->len; 95 else if (pt->type != NLA_UNSPEC) 96 minlen = nla_attr_minlen[pt->type]; 97 98 if (attrlen < minlen) 99 return -ERANGE; 100 } 101 102 return 0; 103 } 104 105 /** 106 * nla_validate - Validate a stream of attributes 107 * @head: head of attribute stream 108 * @len: length of attribute stream 109 * @maxtype: maximum attribute type to be expected 110 * @policy: validation policy 111 * 112 * Validates all attributes in the specified attribute stream against the 113 * specified policy. Attributes with a type exceeding maxtype will be 114 * ignored. See documenation of struct nla_policy for more details. 115 * 116 * Returns 0 on success or a negative error code. 117 */ 118 int nla_validate(struct nlattr *head, int len, int maxtype, 119 const struct nla_policy *policy) 120 { 121 struct nlattr *nla; 122 int rem, err; 123 124 nla_for_each_attr(nla, head, len, rem) { 125 err = validate_nla(nla, maxtype, policy); 126 if (err < 0) 127 goto errout; 128 } 129 130 err = 0; 131 errout: 132 return err; 133 } 134 135 /** 136 * nla_parse - Parse a stream of attributes into a tb buffer 137 * @tb: destination array with maxtype+1 elements 138 * @maxtype: maximum attribute type to be expected 139 * @head: head of attribute stream 140 * @len: length of attribute stream 141 * @policy: validation policy 142 * 143 * Parses a stream of attributes and stores a pointer to each attribute in 144 * the tb array accessable via the attribute type. Attributes with a type 145 * exceeding maxtype will be silently ignored for backwards compatibility 146 * reasons. policy may be set to NULL if no validation is required. 147 * 148 * Returns 0 on success or a negative error code. 149 */ 150 int nla_parse(struct nlattr *tb[], int maxtype, struct nlattr *head, int len, 151 const struct nla_policy *policy) 152 { 153 struct nlattr *nla; 154 int rem, err; 155 156 memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1)); 157 158 nla_for_each_attr(nla, head, len, rem) { 159 u16 type = nla_type(nla); 160 161 if (type > 0 && type <= maxtype) { 162 if (policy) { 163 err = validate_nla(nla, maxtype, policy); 164 if (err < 0) 165 goto errout; 166 } 167 168 tb[type] = nla; 169 } 170 } 171 172 if (unlikely(rem > 0)) 173 printk(KERN_WARNING "netlink: %d bytes leftover after parsing " 174 "attributes.\n", rem); 175 176 err = 0; 177 errout: 178 return err; 179 } 180 181 /** 182 * nla_find - Find a specific attribute in a stream of attributes 183 * @head: head of attribute stream 184 * @len: length of attribute stream 185 * @attrtype: type of attribute to look for 186 * 187 * Returns the first attribute in the stream matching the specified type. 188 */ 189 struct nlattr *nla_find(struct nlattr *head, int len, int attrtype) 190 { 191 struct nlattr *nla; 192 int rem; 193 194 nla_for_each_attr(nla, head, len, rem) 195 if (nla_type(nla) == attrtype) 196 return nla; 197 198 return NULL; 199 } 200 201 /** 202 * nla_strlcpy - Copy string attribute payload into a sized buffer 203 * @dst: where to copy the string to 204 * @nla: attribute to copy the string from 205 * @dstsize: size of destination buffer 206 * 207 * Copies at most dstsize - 1 bytes into the destination buffer. 208 * The result is always a valid NUL-terminated string. Unlike 209 * strlcpy the destination buffer is always padded out. 210 * 211 * Returns the length of the source buffer. 212 */ 213 size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize) 214 { 215 size_t srclen = nla_len(nla); 216 char *src = nla_data(nla); 217 218 if (srclen > 0 && src[srclen - 1] == '\0') 219 srclen--; 220 221 if (dstsize > 0) { 222 size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen; 223 224 memset(dst, 0, dstsize); 225 memcpy(dst, src, len); 226 } 227 228 return srclen; 229 } 230 231 /** 232 * nla_memcpy - Copy a netlink attribute into another memory area 233 * @dest: where to copy to memcpy 234 * @src: netlink attribute to copy from 235 * @count: size of the destination area 236 * 237 * Note: The number of bytes copied is limited by the length of 238 * attribute's payload. memcpy 239 * 240 * Returns the number of bytes copied. 241 */ 242 int nla_memcpy(void *dest, const struct nlattr *src, int count) 243 { 244 int minlen = min_t(int, count, nla_len(src)); 245 246 memcpy(dest, nla_data(src), minlen); 247 248 return minlen; 249 } 250 251 /** 252 * nla_memcmp - Compare an attribute with sized memory area 253 * @nla: netlink attribute 254 * @data: memory area 255 * @size: size of memory area 256 */ 257 int nla_memcmp(const struct nlattr *nla, const void *data, 258 size_t size) 259 { 260 int d = nla_len(nla) - size; 261 262 if (d == 0) 263 d = memcmp(nla_data(nla), data, size); 264 265 return d; 266 } 267 268 /** 269 * nla_strcmp - Compare a string attribute against a string 270 * @nla: netlink string attribute 271 * @str: another string 272 */ 273 int nla_strcmp(const struct nlattr *nla, const char *str) 274 { 275 int len = strlen(str) + 1; 276 int d = nla_len(nla) - len; 277 278 if (d == 0) 279 d = memcmp(nla_data(nla), str, len); 280 281 return d; 282 } 283 284 #ifdef CONFIG_NET 285 /** 286 * __nla_reserve - reserve room for attribute on the skb 287 * @skb: socket buffer to reserve room on 288 * @attrtype: attribute type 289 * @attrlen: length of attribute payload 290 * 291 * Adds a netlink attribute header to a socket buffer and reserves 292 * room for the payload but does not copy it. 293 * 294 * The caller is responsible to ensure that the skb provides enough 295 * tailroom for the attribute header and payload. 296 */ 297 struct nlattr *__nla_reserve(struct sk_buff *skb, int attrtype, int attrlen) 298 { 299 struct nlattr *nla; 300 301 nla = (struct nlattr *) skb_put(skb, nla_total_size(attrlen)); 302 nla->nla_type = attrtype; 303 nla->nla_len = nla_attr_size(attrlen); 304 305 memset((unsigned char *) nla + nla->nla_len, 0, nla_padlen(attrlen)); 306 307 return nla; 308 } 309 EXPORT_SYMBOL(__nla_reserve); 310 311 /** 312 * __nla_reserve_nohdr - reserve room for attribute without header 313 * @skb: socket buffer to reserve room on 314 * @attrlen: length of attribute payload 315 * 316 * Reserves room for attribute payload without a header. 317 * 318 * The caller is responsible to ensure that the skb provides enough 319 * tailroom for the payload. 320 */ 321 void *__nla_reserve_nohdr(struct sk_buff *skb, int attrlen) 322 { 323 void *start; 324 325 start = skb_put(skb, NLA_ALIGN(attrlen)); 326 memset(start, 0, NLA_ALIGN(attrlen)); 327 328 return start; 329 } 330 EXPORT_SYMBOL(__nla_reserve_nohdr); 331 332 /** 333 * nla_reserve - reserve room for attribute on the skb 334 * @skb: socket buffer to reserve room on 335 * @attrtype: attribute type 336 * @attrlen: length of attribute payload 337 * 338 * Adds a netlink attribute header to a socket buffer and reserves 339 * room for the payload but does not copy it. 340 * 341 * Returns NULL if the tailroom of the skb is insufficient to store 342 * the attribute header and payload. 343 */ 344 struct nlattr *nla_reserve(struct sk_buff *skb, int attrtype, int attrlen) 345 { 346 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) 347 return NULL; 348 349 return __nla_reserve(skb, attrtype, attrlen); 350 } 351 EXPORT_SYMBOL(nla_reserve); 352 353 /** 354 * nla_reserve_nohdr - reserve room for attribute without header 355 * @skb: socket buffer to reserve room on 356 * @attrlen: length of attribute payload 357 * 358 * Reserves room for attribute payload without a header. 359 * 360 * Returns NULL if the tailroom of the skb is insufficient to store 361 * the attribute payload. 362 */ 363 void *nla_reserve_nohdr(struct sk_buff *skb, int attrlen) 364 { 365 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 366 return NULL; 367 368 return __nla_reserve_nohdr(skb, attrlen); 369 } 370 EXPORT_SYMBOL(nla_reserve_nohdr); 371 372 /** 373 * __nla_put - Add a netlink attribute to a socket buffer 374 * @skb: socket buffer to add attribute to 375 * @attrtype: attribute type 376 * @attrlen: length of attribute payload 377 * @data: head of attribute payload 378 * 379 * The caller is responsible to ensure that the skb provides enough 380 * tailroom for the attribute header and payload. 381 */ 382 void __nla_put(struct sk_buff *skb, int attrtype, int attrlen, 383 const void *data) 384 { 385 struct nlattr *nla; 386 387 nla = __nla_reserve(skb, attrtype, attrlen); 388 memcpy(nla_data(nla), data, attrlen); 389 } 390 EXPORT_SYMBOL(__nla_put); 391 392 /** 393 * __nla_put_nohdr - Add a netlink attribute without header 394 * @skb: socket buffer to add attribute to 395 * @attrlen: length of attribute payload 396 * @data: head of attribute payload 397 * 398 * The caller is responsible to ensure that the skb provides enough 399 * tailroom for the attribute payload. 400 */ 401 void __nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) 402 { 403 void *start; 404 405 start = __nla_reserve_nohdr(skb, attrlen); 406 memcpy(start, data, attrlen); 407 } 408 EXPORT_SYMBOL(__nla_put_nohdr); 409 410 /** 411 * nla_put - Add a netlink attribute to a socket buffer 412 * @skb: socket buffer to add attribute to 413 * @attrtype: attribute type 414 * @attrlen: length of attribute payload 415 * @data: head of attribute payload 416 * 417 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 418 * the attribute header and payload. 419 */ 420 int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data) 421 { 422 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) 423 return -EMSGSIZE; 424 425 __nla_put(skb, attrtype, attrlen, data); 426 return 0; 427 } 428 EXPORT_SYMBOL(nla_put); 429 430 /** 431 * nla_put_nohdr - Add a netlink attribute without header 432 * @skb: socket buffer to add attribute to 433 * @attrlen: length of attribute payload 434 * @data: head of attribute payload 435 * 436 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 437 * the attribute payload. 438 */ 439 int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) 440 { 441 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 442 return -EMSGSIZE; 443 444 __nla_put_nohdr(skb, attrlen, data); 445 return 0; 446 } 447 EXPORT_SYMBOL(nla_put_nohdr); 448 449 /** 450 * nla_append - Add a netlink attribute without header or padding 451 * @skb: socket buffer to add attribute to 452 * @attrlen: length of attribute payload 453 * @data: head of attribute payload 454 * 455 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 456 * the attribute payload. 457 */ 458 int nla_append(struct sk_buff *skb, int attrlen, const void *data) 459 { 460 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 461 return -EMSGSIZE; 462 463 memcpy(skb_put(skb, attrlen), data, attrlen); 464 return 0; 465 } 466 EXPORT_SYMBOL(nla_append); 467 #endif 468 469 EXPORT_SYMBOL(nla_validate); 470 EXPORT_SYMBOL(nla_parse); 471 EXPORT_SYMBOL(nla_find); 472 EXPORT_SYMBOL(nla_strlcpy); 473 EXPORT_SYMBOL(nla_memcpy); 474 EXPORT_SYMBOL(nla_memcmp); 475 EXPORT_SYMBOL(nla_strcmp); 476