1 /* 2 * NETLINK Netlink attributes 3 * 4 * Authors: Thomas Graf <tgraf@suug.ch> 5 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 6 */ 7 8 #include <linux/export.h> 9 #include <linux/kernel.h> 10 #include <linux/errno.h> 11 #include <linux/jiffies.h> 12 #include <linux/skbuff.h> 13 #include <linux/string.h> 14 #include <linux/types.h> 15 #include <net/netlink.h> 16 17 static const u8 nla_attr_minlen[NLA_TYPE_MAX+1] = { 18 [NLA_U8] = sizeof(u8), 19 [NLA_U16] = sizeof(u16), 20 [NLA_U32] = sizeof(u32), 21 [NLA_U64] = sizeof(u64), 22 [NLA_MSECS] = sizeof(u64), 23 [NLA_NESTED] = NLA_HDRLEN, 24 [NLA_S8] = sizeof(s8), 25 [NLA_S16] = sizeof(s16), 26 [NLA_S32] = sizeof(s32), 27 [NLA_S64] = sizeof(s64), 28 }; 29 30 static int validate_nla_bitfield32(const struct nlattr *nla, 31 u32 *valid_flags_allowed) 32 { 33 const struct nla_bitfield32 *bf = nla_data(nla); 34 u32 *valid_flags_mask = valid_flags_allowed; 35 36 if (!valid_flags_allowed) 37 return -EINVAL; 38 39 /*disallow invalid bit selector */ 40 if (bf->selector & ~*valid_flags_mask) 41 return -EINVAL; 42 43 /*disallow invalid bit values */ 44 if (bf->value & ~*valid_flags_mask) 45 return -EINVAL; 46 47 /*disallow valid bit values that are not selected*/ 48 if (bf->value & ~bf->selector) 49 return -EINVAL; 50 51 return 0; 52 } 53 54 static int validate_nla(const struct nlattr *nla, int maxtype, 55 const struct nla_policy *policy) 56 { 57 const struct nla_policy *pt; 58 int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla); 59 60 if (type <= 0 || type > maxtype) 61 return 0; 62 63 pt = &policy[type]; 64 65 BUG_ON(pt->type > NLA_TYPE_MAX); 66 67 switch (pt->type) { 68 case NLA_FLAG: 69 if (attrlen > 0) 70 return -ERANGE; 71 break; 72 73 case NLA_BITFIELD32: 74 if (attrlen != sizeof(struct nla_bitfield32)) 75 return -ERANGE; 76 77 return validate_nla_bitfield32(nla, pt->validation_data); 78 79 case NLA_NUL_STRING: 80 if (pt->len) 81 minlen = min_t(int, attrlen, pt->len + 1); 82 else 83 minlen = attrlen; 84 85 if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL) 86 return -EINVAL; 87 /* fall through */ 88 89 case NLA_STRING: 90 if (attrlen < 1) 91 return -ERANGE; 92 93 if (pt->len) { 94 char *buf = nla_data(nla); 95 96 if (buf[attrlen - 1] == '\0') 97 attrlen--; 98 99 if (attrlen > pt->len) 100 return -ERANGE; 101 } 102 break; 103 104 case NLA_BINARY: 105 if (pt->len && attrlen > pt->len) 106 return -ERANGE; 107 break; 108 109 case NLA_NESTED_COMPAT: 110 if (attrlen < pt->len) 111 return -ERANGE; 112 if (attrlen < NLA_ALIGN(pt->len)) 113 break; 114 if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN) 115 return -ERANGE; 116 nla = nla_data(nla) + NLA_ALIGN(pt->len); 117 if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN + nla_len(nla)) 118 return -ERANGE; 119 break; 120 case NLA_NESTED: 121 /* a nested attributes is allowed to be empty; if its not, 122 * it must have a size of at least NLA_HDRLEN. 123 */ 124 if (attrlen == 0) 125 break; 126 default: 127 if (pt->len) 128 minlen = pt->len; 129 else if (pt->type != NLA_UNSPEC) 130 minlen = nla_attr_minlen[pt->type]; 131 132 if (attrlen < minlen) 133 return -ERANGE; 134 } 135 136 return 0; 137 } 138 139 /** 140 * nla_validate - Validate a stream of attributes 141 * @head: head of attribute stream 142 * @len: length of attribute stream 143 * @maxtype: maximum attribute type to be expected 144 * @policy: validation policy 145 * @extack: extended ACK report struct 146 * 147 * Validates all attributes in the specified attribute stream against the 148 * specified policy. Attributes with a type exceeding maxtype will be 149 * ignored. See documenation of struct nla_policy for more details. 150 * 151 * Returns 0 on success or a negative error code. 152 */ 153 int nla_validate(const struct nlattr *head, int len, int maxtype, 154 const struct nla_policy *policy, 155 struct netlink_ext_ack *extack) 156 { 157 const struct nlattr *nla; 158 int rem; 159 160 nla_for_each_attr(nla, head, len, rem) { 161 int err = validate_nla(nla, maxtype, policy); 162 163 if (err < 0) { 164 if (extack) 165 extack->bad_attr = nla; 166 return err; 167 } 168 } 169 170 return 0; 171 } 172 EXPORT_SYMBOL(nla_validate); 173 174 /** 175 * nla_policy_len - Determin the max. length of a policy 176 * @policy: policy to use 177 * @n: number of policies 178 * 179 * Determines the max. length of the policy. It is currently used 180 * to allocated Netlink buffers roughly the size of the actual 181 * message. 182 * 183 * Returns 0 on success or a negative error code. 184 */ 185 int 186 nla_policy_len(const struct nla_policy *p, int n) 187 { 188 int i, len = 0; 189 190 for (i = 0; i < n; i++, p++) { 191 if (p->len) 192 len += nla_total_size(p->len); 193 else if (nla_attr_minlen[p->type]) 194 len += nla_total_size(nla_attr_minlen[p->type]); 195 } 196 197 return len; 198 } 199 EXPORT_SYMBOL(nla_policy_len); 200 201 /** 202 * nla_parse - Parse a stream of attributes into a tb buffer 203 * @tb: destination array with maxtype+1 elements 204 * @maxtype: maximum attribute type to be expected 205 * @head: head of attribute stream 206 * @len: length of attribute stream 207 * @policy: validation policy 208 * 209 * Parses a stream of attributes and stores a pointer to each attribute in 210 * the tb array accessible via the attribute type. Attributes with a type 211 * exceeding maxtype will be silently ignored for backwards compatibility 212 * reasons. policy may be set to NULL if no validation is required. 213 * 214 * Returns 0 on success or a negative error code. 215 */ 216 int nla_parse(struct nlattr **tb, int maxtype, const struct nlattr *head, 217 int len, const struct nla_policy *policy, 218 struct netlink_ext_ack *extack) 219 { 220 const struct nlattr *nla; 221 int rem, err; 222 223 memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1)); 224 225 nla_for_each_attr(nla, head, len, rem) { 226 u16 type = nla_type(nla); 227 228 if (type > 0 && type <= maxtype) { 229 if (policy) { 230 err = validate_nla(nla, maxtype, policy); 231 if (err < 0) { 232 if (extack) 233 extack->bad_attr = nla; 234 goto errout; 235 } 236 } 237 238 tb[type] = (struct nlattr *)nla; 239 } 240 } 241 242 if (unlikely(rem > 0)) 243 pr_warn_ratelimited("netlink: %d bytes leftover after parsing attributes in process `%s'.\n", 244 rem, current->comm); 245 246 err = 0; 247 errout: 248 return err; 249 } 250 EXPORT_SYMBOL(nla_parse); 251 252 /** 253 * nla_find - Find a specific attribute in a stream of attributes 254 * @head: head of attribute stream 255 * @len: length of attribute stream 256 * @attrtype: type of attribute to look for 257 * 258 * Returns the first attribute in the stream matching the specified type. 259 */ 260 struct nlattr *nla_find(const struct nlattr *head, int len, int attrtype) 261 { 262 const struct nlattr *nla; 263 int rem; 264 265 nla_for_each_attr(nla, head, len, rem) 266 if (nla_type(nla) == attrtype) 267 return (struct nlattr *)nla; 268 269 return NULL; 270 } 271 EXPORT_SYMBOL(nla_find); 272 273 /** 274 * nla_strlcpy - Copy string attribute payload into a sized buffer 275 * @dst: where to copy the string to 276 * @nla: attribute to copy the string from 277 * @dstsize: size of destination buffer 278 * 279 * Copies at most dstsize - 1 bytes into the destination buffer. 280 * The result is always a valid NUL-terminated string. Unlike 281 * strlcpy the destination buffer is always padded out. 282 * 283 * Returns the length of the source buffer. 284 */ 285 size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize) 286 { 287 size_t srclen = nla_len(nla); 288 char *src = nla_data(nla); 289 290 if (srclen > 0 && src[srclen - 1] == '\0') 291 srclen--; 292 293 if (dstsize > 0) { 294 size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen; 295 296 memset(dst, 0, dstsize); 297 memcpy(dst, src, len); 298 } 299 300 return srclen; 301 } 302 EXPORT_SYMBOL(nla_strlcpy); 303 304 /** 305 * nla_memcpy - Copy a netlink attribute into another memory area 306 * @dest: where to copy to memcpy 307 * @src: netlink attribute to copy from 308 * @count: size of the destination area 309 * 310 * Note: The number of bytes copied is limited by the length of 311 * attribute's payload. memcpy 312 * 313 * Returns the number of bytes copied. 314 */ 315 int nla_memcpy(void *dest, const struct nlattr *src, int count) 316 { 317 int minlen = min_t(int, count, nla_len(src)); 318 319 memcpy(dest, nla_data(src), minlen); 320 if (count > minlen) 321 memset(dest + minlen, 0, count - minlen); 322 323 return minlen; 324 } 325 EXPORT_SYMBOL(nla_memcpy); 326 327 /** 328 * nla_memcmp - Compare an attribute with sized memory area 329 * @nla: netlink attribute 330 * @data: memory area 331 * @size: size of memory area 332 */ 333 int nla_memcmp(const struct nlattr *nla, const void *data, 334 size_t size) 335 { 336 int d = nla_len(nla) - size; 337 338 if (d == 0) 339 d = memcmp(nla_data(nla), data, size); 340 341 return d; 342 } 343 EXPORT_SYMBOL(nla_memcmp); 344 345 /** 346 * nla_strcmp - Compare a string attribute against a string 347 * @nla: netlink string attribute 348 * @str: another string 349 */ 350 int nla_strcmp(const struct nlattr *nla, const char *str) 351 { 352 int len = strlen(str); 353 char *buf = nla_data(nla); 354 int attrlen = nla_len(nla); 355 int d; 356 357 if (attrlen > 0 && buf[attrlen - 1] == '\0') 358 attrlen--; 359 360 d = attrlen - len; 361 if (d == 0) 362 d = memcmp(nla_data(nla), str, len); 363 364 return d; 365 } 366 EXPORT_SYMBOL(nla_strcmp); 367 368 #ifdef CONFIG_NET 369 /** 370 * __nla_reserve - reserve room for attribute on the skb 371 * @skb: socket buffer to reserve room on 372 * @attrtype: attribute type 373 * @attrlen: length of attribute payload 374 * 375 * Adds a netlink attribute header to a socket buffer and reserves 376 * room for the payload but does not copy it. 377 * 378 * The caller is responsible to ensure that the skb provides enough 379 * tailroom for the attribute header and payload. 380 */ 381 struct nlattr *__nla_reserve(struct sk_buff *skb, int attrtype, int attrlen) 382 { 383 struct nlattr *nla; 384 385 nla = skb_put(skb, nla_total_size(attrlen)); 386 nla->nla_type = attrtype; 387 nla->nla_len = nla_attr_size(attrlen); 388 389 memset((unsigned char *) nla + nla->nla_len, 0, nla_padlen(attrlen)); 390 391 return nla; 392 } 393 EXPORT_SYMBOL(__nla_reserve); 394 395 /** 396 * __nla_reserve_64bit - reserve room for attribute on the skb and align it 397 * @skb: socket buffer to reserve room on 398 * @attrtype: attribute type 399 * @attrlen: length of attribute payload 400 * @padattr: attribute type for the padding 401 * 402 * Adds a netlink attribute header to a socket buffer and reserves 403 * room for the payload but does not copy it. It also ensure that this 404 * attribute will have a 64-bit aligned nla_data() area. 405 * 406 * The caller is responsible to ensure that the skb provides enough 407 * tailroom for the attribute header and payload. 408 */ 409 struct nlattr *__nla_reserve_64bit(struct sk_buff *skb, int attrtype, 410 int attrlen, int padattr) 411 { 412 if (nla_need_padding_for_64bit(skb)) 413 nla_align_64bit(skb, padattr); 414 415 return __nla_reserve(skb, attrtype, attrlen); 416 } 417 EXPORT_SYMBOL(__nla_reserve_64bit); 418 419 /** 420 * __nla_reserve_nohdr - reserve room for attribute without header 421 * @skb: socket buffer to reserve room on 422 * @attrlen: length of attribute payload 423 * 424 * Reserves room for attribute payload without a header. 425 * 426 * The caller is responsible to ensure that the skb provides enough 427 * tailroom for the payload. 428 */ 429 void *__nla_reserve_nohdr(struct sk_buff *skb, int attrlen) 430 { 431 return skb_put_zero(skb, NLA_ALIGN(attrlen)); 432 } 433 EXPORT_SYMBOL(__nla_reserve_nohdr); 434 435 /** 436 * nla_reserve - reserve room for attribute on the skb 437 * @skb: socket buffer to reserve room on 438 * @attrtype: attribute type 439 * @attrlen: length of attribute payload 440 * 441 * Adds a netlink attribute header to a socket buffer and reserves 442 * room for the payload but does not copy it. 443 * 444 * Returns NULL if the tailroom of the skb is insufficient to store 445 * the attribute header and payload. 446 */ 447 struct nlattr *nla_reserve(struct sk_buff *skb, int attrtype, int attrlen) 448 { 449 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) 450 return NULL; 451 452 return __nla_reserve(skb, attrtype, attrlen); 453 } 454 EXPORT_SYMBOL(nla_reserve); 455 456 /** 457 * nla_reserve_64bit - reserve room for attribute on the skb and align it 458 * @skb: socket buffer to reserve room on 459 * @attrtype: attribute type 460 * @attrlen: length of attribute payload 461 * @padattr: attribute type for the padding 462 * 463 * Adds a netlink attribute header to a socket buffer and reserves 464 * room for the payload but does not copy it. It also ensure that this 465 * attribute will have a 64-bit aligned nla_data() area. 466 * 467 * Returns NULL if the tailroom of the skb is insufficient to store 468 * the attribute header and payload. 469 */ 470 struct nlattr *nla_reserve_64bit(struct sk_buff *skb, int attrtype, int attrlen, 471 int padattr) 472 { 473 size_t len; 474 475 if (nla_need_padding_for_64bit(skb)) 476 len = nla_total_size_64bit(attrlen); 477 else 478 len = nla_total_size(attrlen); 479 if (unlikely(skb_tailroom(skb) < len)) 480 return NULL; 481 482 return __nla_reserve_64bit(skb, attrtype, attrlen, padattr); 483 } 484 EXPORT_SYMBOL(nla_reserve_64bit); 485 486 /** 487 * nla_reserve_nohdr - reserve room for attribute without header 488 * @skb: socket buffer to reserve room on 489 * @attrlen: length of attribute payload 490 * 491 * Reserves room for attribute payload without a header. 492 * 493 * Returns NULL if the tailroom of the skb is insufficient to store 494 * the attribute payload. 495 */ 496 void *nla_reserve_nohdr(struct sk_buff *skb, int attrlen) 497 { 498 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 499 return NULL; 500 501 return __nla_reserve_nohdr(skb, attrlen); 502 } 503 EXPORT_SYMBOL(nla_reserve_nohdr); 504 505 /** 506 * __nla_put - Add a netlink attribute to a socket buffer 507 * @skb: socket buffer to add attribute to 508 * @attrtype: attribute type 509 * @attrlen: length of attribute payload 510 * @data: head of attribute payload 511 * 512 * The caller is responsible to ensure that the skb provides enough 513 * tailroom for the attribute header and payload. 514 */ 515 void __nla_put(struct sk_buff *skb, int attrtype, int attrlen, 516 const void *data) 517 { 518 struct nlattr *nla; 519 520 nla = __nla_reserve(skb, attrtype, attrlen); 521 memcpy(nla_data(nla), data, attrlen); 522 } 523 EXPORT_SYMBOL(__nla_put); 524 525 /** 526 * __nla_put_64bit - Add a netlink attribute to a socket buffer and align it 527 * @skb: socket buffer to add attribute to 528 * @attrtype: attribute type 529 * @attrlen: length of attribute payload 530 * @data: head of attribute payload 531 * @padattr: attribute type for the padding 532 * 533 * The caller is responsible to ensure that the skb provides enough 534 * tailroom for the attribute header and payload. 535 */ 536 void __nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen, 537 const void *data, int padattr) 538 { 539 struct nlattr *nla; 540 541 nla = __nla_reserve_64bit(skb, attrtype, attrlen, padattr); 542 memcpy(nla_data(nla), data, attrlen); 543 } 544 EXPORT_SYMBOL(__nla_put_64bit); 545 546 /** 547 * __nla_put_nohdr - Add a netlink attribute without header 548 * @skb: socket buffer to add attribute to 549 * @attrlen: length of attribute payload 550 * @data: head of attribute payload 551 * 552 * The caller is responsible to ensure that the skb provides enough 553 * tailroom for the attribute payload. 554 */ 555 void __nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) 556 { 557 void *start; 558 559 start = __nla_reserve_nohdr(skb, attrlen); 560 memcpy(start, data, attrlen); 561 } 562 EXPORT_SYMBOL(__nla_put_nohdr); 563 564 /** 565 * nla_put - Add a netlink attribute to a socket buffer 566 * @skb: socket buffer to add attribute to 567 * @attrtype: attribute type 568 * @attrlen: length of attribute payload 569 * @data: head of attribute payload 570 * 571 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 572 * the attribute header and payload. 573 */ 574 int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data) 575 { 576 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) 577 return -EMSGSIZE; 578 579 __nla_put(skb, attrtype, attrlen, data); 580 return 0; 581 } 582 EXPORT_SYMBOL(nla_put); 583 584 /** 585 * nla_put_64bit - Add a netlink attribute to a socket buffer and align it 586 * @skb: socket buffer to add attribute to 587 * @attrtype: attribute type 588 * @attrlen: length of attribute payload 589 * @data: head of attribute payload 590 * @padattr: attribute type for the padding 591 * 592 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 593 * the attribute header and payload. 594 */ 595 int nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen, 596 const void *data, int padattr) 597 { 598 size_t len; 599 600 if (nla_need_padding_for_64bit(skb)) 601 len = nla_total_size_64bit(attrlen); 602 else 603 len = nla_total_size(attrlen); 604 if (unlikely(skb_tailroom(skb) < len)) 605 return -EMSGSIZE; 606 607 __nla_put_64bit(skb, attrtype, attrlen, data, padattr); 608 return 0; 609 } 610 EXPORT_SYMBOL(nla_put_64bit); 611 612 /** 613 * nla_put_nohdr - Add a netlink attribute without header 614 * @skb: socket buffer to add attribute to 615 * @attrlen: length of attribute payload 616 * @data: head of attribute payload 617 * 618 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 619 * the attribute payload. 620 */ 621 int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) 622 { 623 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 624 return -EMSGSIZE; 625 626 __nla_put_nohdr(skb, attrlen, data); 627 return 0; 628 } 629 EXPORT_SYMBOL(nla_put_nohdr); 630 631 /** 632 * nla_append - Add a netlink attribute without header or padding 633 * @skb: socket buffer to add attribute to 634 * @attrlen: length of attribute payload 635 * @data: head of attribute payload 636 * 637 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 638 * the attribute payload. 639 */ 640 int nla_append(struct sk_buff *skb, int attrlen, const void *data) 641 { 642 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 643 return -EMSGSIZE; 644 645 skb_put_data(skb, data, attrlen); 646 return 0; 647 } 648 EXPORT_SYMBOL(nla_append); 649 #endif 650