1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * NETLINK Policy advertisement to userspace 4 * 5 * Authors: Johannes Berg <johannes@sipsolutions.net> 6 * 7 * Copyright 2019 Intel Corporation 8 */ 9 10 #include <linux/kernel.h> 11 #include <linux/errno.h> 12 #include <linux/types.h> 13 #include <net/netlink.h> 14 15 #define INITIAL_POLICIES_ALLOC 10 16 17 struct netlink_policy_dump_state { 18 unsigned int policy_idx; 19 unsigned int attr_idx; 20 unsigned int n_alloc; 21 struct { 22 const struct nla_policy *policy; 23 unsigned int maxtype; 24 } policies[] __counted_by(n_alloc); 25 }; 26 27 static int add_policy(struct netlink_policy_dump_state **statep, 28 const struct nla_policy *policy, 29 unsigned int maxtype) 30 { 31 struct netlink_policy_dump_state *state = *statep; 32 unsigned int old_n_alloc, n_alloc, i; 33 34 if (!policy || !maxtype) 35 return 0; 36 37 for (i = 0; i < state->n_alloc; i++) { 38 if (state->policies[i].policy == policy && 39 state->policies[i].maxtype == maxtype) 40 return 0; 41 42 if (!state->policies[i].policy) { 43 state->policies[i].policy = policy; 44 state->policies[i].maxtype = maxtype; 45 return 0; 46 } 47 } 48 49 n_alloc = state->n_alloc + INITIAL_POLICIES_ALLOC; 50 state = krealloc(state, struct_size(state, policies, n_alloc), 51 GFP_KERNEL); 52 if (!state) 53 return -ENOMEM; 54 55 old_n_alloc = state->n_alloc; 56 state->n_alloc = n_alloc; 57 memset(&state->policies[old_n_alloc], 0, 58 flex_array_size(state, policies, n_alloc - old_n_alloc)); 59 60 state->policies[old_n_alloc].policy = policy; 61 state->policies[old_n_alloc].maxtype = maxtype; 62 *statep = state; 63 64 return 0; 65 } 66 67 /** 68 * netlink_policy_dump_get_policy_idx - retrieve policy index 69 * @state: the policy dump state 70 * @policy: the policy to find 71 * @maxtype: the policy's maxattr 72 * 73 * Returns: the index of the given policy in the dump state 74 * 75 * Call this to find a policy index when you've added multiple and e.g. 76 * need to tell userspace which command has which policy (by index). 77 * 78 * Note: this will WARN and return 0 if the policy isn't found, which 79 * means it wasn't added in the first place, which would be an 80 * internal consistency bug. 81 */ 82 int netlink_policy_dump_get_policy_idx(struct netlink_policy_dump_state *state, 83 const struct nla_policy *policy, 84 unsigned int maxtype) 85 { 86 unsigned int i; 87 88 if (WARN_ON(!policy || !maxtype)) 89 return 0; 90 91 for (i = 0; i < state->n_alloc; i++) { 92 if (state->policies[i].policy == policy && 93 state->policies[i].maxtype == maxtype) 94 return i; 95 } 96 97 WARN_ON(1); 98 return 0; 99 } 100 101 static struct netlink_policy_dump_state *alloc_state(void) 102 { 103 struct netlink_policy_dump_state *state; 104 105 state = kzalloc(struct_size(state, policies, INITIAL_POLICIES_ALLOC), 106 GFP_KERNEL); 107 if (!state) 108 return ERR_PTR(-ENOMEM); 109 state->n_alloc = INITIAL_POLICIES_ALLOC; 110 111 return state; 112 } 113 114 /** 115 * netlink_policy_dump_add_policy - add a policy to the dump 116 * @pstate: state to add to, may be reallocated, must be %NULL the first time 117 * @policy: the new policy to add to the dump 118 * @maxtype: the new policy's max attr type 119 * 120 * Returns: 0 on success, a negative error code otherwise. 121 * 122 * Call this to allocate a policy dump state, and to add policies to it. This 123 * should be called from the dump start() callback. 124 * 125 * Note: on failures, any previously allocated state is freed. 126 */ 127 int netlink_policy_dump_add_policy(struct netlink_policy_dump_state **pstate, 128 const struct nla_policy *policy, 129 unsigned int maxtype) 130 { 131 struct netlink_policy_dump_state *state = *pstate; 132 unsigned int policy_idx; 133 int err; 134 135 if (!state) { 136 state = alloc_state(); 137 if (IS_ERR(state)) 138 return PTR_ERR(state); 139 } 140 141 /* 142 * walk the policies and nested ones first, and build 143 * a linear list of them. 144 */ 145 146 err = add_policy(&state, policy, maxtype); 147 if (err) 148 goto err_try_undo; 149 150 for (policy_idx = 0; 151 policy_idx < state->n_alloc && state->policies[policy_idx].policy; 152 policy_idx++) { 153 const struct nla_policy *policy; 154 unsigned int type; 155 156 policy = state->policies[policy_idx].policy; 157 158 for (type = 0; 159 type <= state->policies[policy_idx].maxtype; 160 type++) { 161 switch (policy[type].type) { 162 case NLA_NESTED: 163 case NLA_NESTED_ARRAY: 164 err = add_policy(&state, 165 policy[type].nested_policy, 166 policy[type].len); 167 if (err) 168 goto err_try_undo; 169 break; 170 default: 171 break; 172 } 173 } 174 } 175 176 *pstate = state; 177 return 0; 178 179 err_try_undo: 180 /* Try to preserve reasonable unwind semantics - if we're starting from 181 * scratch clean up fully, otherwise record what we got and caller will. 182 */ 183 if (!*pstate) 184 netlink_policy_dump_free(state); 185 else 186 *pstate = state; 187 return err; 188 } 189 190 static bool 191 netlink_policy_dump_finished(struct netlink_policy_dump_state *state) 192 { 193 return state->policy_idx >= state->n_alloc || 194 !state->policies[state->policy_idx].policy; 195 } 196 197 /** 198 * netlink_policy_dump_loop - dumping loop indicator 199 * @state: the policy dump state 200 * 201 * Returns: %true if the dump continues, %false otherwise 202 * 203 * Note: this frees the dump state when finishing 204 */ 205 bool netlink_policy_dump_loop(struct netlink_policy_dump_state *state) 206 { 207 return !netlink_policy_dump_finished(state); 208 } 209 210 int netlink_policy_dump_attr_size_estimate(const struct nla_policy *pt) 211 { 212 /* nested + type */ 213 int common = 2 * nla_attr_size(sizeof(u32)); 214 215 switch (pt->type) { 216 case NLA_UNSPEC: 217 case NLA_REJECT: 218 /* these actually don't need any space */ 219 return 0; 220 case NLA_NESTED: 221 case NLA_NESTED_ARRAY: 222 /* common, policy idx, policy maxattr */ 223 return common + 2 * nla_attr_size(sizeof(u32)); 224 case NLA_U8: 225 case NLA_U16: 226 case NLA_U32: 227 case NLA_U64: 228 case NLA_MSECS: 229 case NLA_S8: 230 case NLA_S16: 231 case NLA_S32: 232 case NLA_S64: 233 /* maximum is common, u64 min/max with padding */ 234 return common + 235 2 * (nla_attr_size(0) + nla_attr_size(sizeof(u64))); 236 case NLA_BITFIELD32: 237 return common + nla_attr_size(sizeof(u32)); 238 case NLA_STRING: 239 case NLA_NUL_STRING: 240 case NLA_BINARY: 241 /* maximum is common, u32 min-length/max-length */ 242 return common + 2 * nla_attr_size(sizeof(u32)); 243 case NLA_FLAG: 244 return common; 245 } 246 247 /* this should then cause a warning later */ 248 return 0; 249 } 250 251 static int 252 __netlink_policy_dump_write_attr(struct netlink_policy_dump_state *state, 253 struct sk_buff *skb, 254 const struct nla_policy *pt, 255 int nestattr) 256 { 257 int estimate = netlink_policy_dump_attr_size_estimate(pt); 258 enum netlink_attribute_type type; 259 struct nlattr *attr; 260 261 attr = nla_nest_start(skb, nestattr); 262 if (!attr) 263 return -ENOBUFS; 264 265 switch (pt->type) { 266 default: 267 case NLA_UNSPEC: 268 case NLA_REJECT: 269 /* skip - use NLA_MIN_LEN to advertise such */ 270 nla_nest_cancel(skb, attr); 271 return -ENODATA; 272 case NLA_NESTED: 273 type = NL_ATTR_TYPE_NESTED; 274 fallthrough; 275 case NLA_NESTED_ARRAY: 276 if (pt->type == NLA_NESTED_ARRAY) 277 type = NL_ATTR_TYPE_NESTED_ARRAY; 278 if (state && pt->nested_policy && pt->len && 279 (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_IDX, 280 netlink_policy_dump_get_policy_idx(state, 281 pt->nested_policy, 282 pt->len)) || 283 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_MAXTYPE, 284 pt->len))) 285 goto nla_put_failure; 286 break; 287 case NLA_U8: 288 case NLA_U16: 289 case NLA_U32: 290 case NLA_U64: 291 case NLA_MSECS: { 292 struct netlink_range_validation range; 293 294 if (pt->type == NLA_U8) 295 type = NL_ATTR_TYPE_U8; 296 else if (pt->type == NLA_U16) 297 type = NL_ATTR_TYPE_U16; 298 else if (pt->type == NLA_U32) 299 type = NL_ATTR_TYPE_U32; 300 else 301 type = NL_ATTR_TYPE_U64; 302 303 if (pt->validation_type == NLA_VALIDATE_MASK) { 304 if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MASK, 305 pt->mask, 306 NL_POLICY_TYPE_ATTR_PAD)) 307 goto nla_put_failure; 308 break; 309 } 310 311 nla_get_range_unsigned(pt, &range); 312 313 if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_U, 314 range.min, NL_POLICY_TYPE_ATTR_PAD) || 315 nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_U, 316 range.max, NL_POLICY_TYPE_ATTR_PAD)) 317 goto nla_put_failure; 318 break; 319 } 320 case NLA_S8: 321 case NLA_S16: 322 case NLA_S32: 323 case NLA_S64: { 324 struct netlink_range_validation_signed range; 325 326 if (pt->type == NLA_S8) 327 type = NL_ATTR_TYPE_S8; 328 else if (pt->type == NLA_S16) 329 type = NL_ATTR_TYPE_S16; 330 else if (pt->type == NLA_S32) 331 type = NL_ATTR_TYPE_S32; 332 else 333 type = NL_ATTR_TYPE_S64; 334 335 nla_get_range_signed(pt, &range); 336 337 if (nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_S, 338 range.min, NL_POLICY_TYPE_ATTR_PAD) || 339 nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_S, 340 range.max, NL_POLICY_TYPE_ATTR_PAD)) 341 goto nla_put_failure; 342 break; 343 } 344 case NLA_BITFIELD32: 345 type = NL_ATTR_TYPE_BITFIELD32; 346 if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_BITFIELD32_MASK, 347 pt->bitfield32_valid)) 348 goto nla_put_failure; 349 break; 350 case NLA_STRING: 351 case NLA_NUL_STRING: 352 case NLA_BINARY: 353 if (pt->type == NLA_STRING) 354 type = NL_ATTR_TYPE_STRING; 355 else if (pt->type == NLA_NUL_STRING) 356 type = NL_ATTR_TYPE_NUL_STRING; 357 else 358 type = NL_ATTR_TYPE_BINARY; 359 360 if (pt->validation_type == NLA_VALIDATE_RANGE || 361 pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG) { 362 struct netlink_range_validation range; 363 364 nla_get_range_unsigned(pt, &range); 365 366 if (range.min && 367 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MIN_LENGTH, 368 range.min)) 369 goto nla_put_failure; 370 371 if (range.max < U16_MAX && 372 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH, 373 range.max)) 374 goto nla_put_failure; 375 } else if (pt->len && 376 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH, 377 pt->len)) { 378 goto nla_put_failure; 379 } 380 break; 381 case NLA_FLAG: 382 type = NL_ATTR_TYPE_FLAG; 383 break; 384 } 385 386 if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_TYPE, type)) 387 goto nla_put_failure; 388 389 nla_nest_end(skb, attr); 390 WARN_ON(attr->nla_len > estimate); 391 392 return 0; 393 nla_put_failure: 394 nla_nest_cancel(skb, attr); 395 return -ENOBUFS; 396 } 397 398 /** 399 * netlink_policy_dump_write_attr - write a given attribute policy 400 * @skb: the message skb to write to 401 * @pt: the attribute's policy 402 * @nestattr: the nested attribute ID to use 403 * 404 * Returns: 0 on success, an error code otherwise; -%ENODATA is 405 * special, indicating that there's no policy data and 406 * the attribute is generally rejected. 407 */ 408 int netlink_policy_dump_write_attr(struct sk_buff *skb, 409 const struct nla_policy *pt, 410 int nestattr) 411 { 412 return __netlink_policy_dump_write_attr(NULL, skb, pt, nestattr); 413 } 414 415 /** 416 * netlink_policy_dump_write - write current policy dump attributes 417 * @skb: the message skb to write to 418 * @state: the policy dump state 419 * 420 * Returns: 0 on success, an error code otherwise 421 */ 422 int netlink_policy_dump_write(struct sk_buff *skb, 423 struct netlink_policy_dump_state *state) 424 { 425 const struct nla_policy *pt; 426 struct nlattr *policy; 427 bool again; 428 int err; 429 430 send_attribute: 431 again = false; 432 433 pt = &state->policies[state->policy_idx].policy[state->attr_idx]; 434 435 policy = nla_nest_start(skb, state->policy_idx); 436 if (!policy) 437 return -ENOBUFS; 438 439 err = __netlink_policy_dump_write_attr(state, skb, pt, state->attr_idx); 440 if (err == -ENODATA) { 441 nla_nest_cancel(skb, policy); 442 again = true; 443 goto next; 444 } else if (err) { 445 goto nla_put_failure; 446 } 447 448 /* finish and move state to next attribute */ 449 nla_nest_end(skb, policy); 450 451 next: 452 state->attr_idx += 1; 453 if (state->attr_idx > state->policies[state->policy_idx].maxtype) { 454 state->attr_idx = 0; 455 state->policy_idx++; 456 } 457 458 if (again) { 459 if (netlink_policy_dump_finished(state)) 460 return -ENODATA; 461 goto send_attribute; 462 } 463 464 return 0; 465 466 nla_put_failure: 467 nla_nest_cancel(skb, policy); 468 return -ENOBUFS; 469 } 470 471 /** 472 * netlink_policy_dump_free - free policy dump state 473 * @state: the policy dump state to free 474 * 475 * Call this from the done() method to ensure dump state is freed. 476 */ 477 void netlink_policy_dump_free(struct netlink_policy_dump_state *state) 478 { 479 kfree(state); 480 } 481