1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * NETLINK Policy advertisement to userspace 4 * 5 * Authors: Johannes Berg <johannes@sipsolutions.net> 6 * 7 * Copyright 2019 Intel Corporation 8 */ 9 10 #include <linux/kernel.h> 11 #include <linux/errno.h> 12 #include <linux/types.h> 13 #include <net/netlink.h> 14 15 #define INITIAL_POLICIES_ALLOC 10 16 17 struct netlink_policy_dump_state { 18 unsigned int policy_idx; 19 unsigned int attr_idx; 20 unsigned int n_alloc; 21 struct { 22 const struct nla_policy *policy; 23 unsigned int maxtype; 24 } policies[] __counted_by(n_alloc); 25 }; 26 27 static int add_policy(struct netlink_policy_dump_state **statep, 28 const struct nla_policy *policy, 29 unsigned int maxtype) 30 { 31 struct netlink_policy_dump_state *state = *statep; 32 unsigned int old_n_alloc, n_alloc, i; 33 34 if (!policy || !maxtype) 35 return 0; 36 37 for (i = 0; i < state->n_alloc; i++) { 38 if (state->policies[i].policy == policy && 39 state->policies[i].maxtype == maxtype) 40 return 0; 41 42 if (!state->policies[i].policy) { 43 state->policies[i].policy = policy; 44 state->policies[i].maxtype = maxtype; 45 return 0; 46 } 47 } 48 49 n_alloc = state->n_alloc + INITIAL_POLICIES_ALLOC; 50 state = krealloc(state, struct_size(state, policies, n_alloc), 51 GFP_KERNEL); 52 if (!state) 53 return -ENOMEM; 54 55 old_n_alloc = state->n_alloc; 56 state->n_alloc = n_alloc; 57 memset(&state->policies[old_n_alloc], 0, 58 flex_array_size(state, policies, n_alloc - old_n_alloc)); 59 60 state->policies[old_n_alloc].policy = policy; 61 state->policies[old_n_alloc].maxtype = maxtype; 62 *statep = state; 63 64 return 0; 65 } 66 67 /** 68 * netlink_policy_dump_get_policy_idx - retrieve policy index 69 * @state: the policy dump state 70 * @policy: the policy to find 71 * @maxtype: the policy's maxattr 72 * 73 * Returns: the index of the given policy in the dump state 74 * 75 * Call this to find a policy index when you've added multiple and e.g. 76 * need to tell userspace which command has which policy (by index). 77 * 78 * Note: this will WARN and return 0 if the policy isn't found, which 79 * means it wasn't added in the first place, which would be an 80 * internal consistency bug. 81 */ 82 int netlink_policy_dump_get_policy_idx(struct netlink_policy_dump_state *state, 83 const struct nla_policy *policy, 84 unsigned int maxtype) 85 { 86 unsigned int i; 87 88 if (WARN_ON(!policy || !maxtype)) 89 return 0; 90 91 for (i = 0; i < state->n_alloc; i++) { 92 if (state->policies[i].policy == policy && 93 state->policies[i].maxtype == maxtype) 94 return i; 95 } 96 97 WARN_ON(1); 98 return 0; 99 } 100 101 static struct netlink_policy_dump_state *alloc_state(void) 102 { 103 struct netlink_policy_dump_state *state; 104 105 state = kzalloc_flex(*state, policies, INITIAL_POLICIES_ALLOC); 106 if (!state) 107 return ERR_PTR(-ENOMEM); 108 state->n_alloc = INITIAL_POLICIES_ALLOC; 109 110 return state; 111 } 112 113 /** 114 * netlink_policy_dump_add_policy - add a policy to the dump 115 * @pstate: state to add to, may be reallocated, must be %NULL the first time 116 * @policy: the new policy to add to the dump 117 * @maxtype: the new policy's max attr type 118 * 119 * Returns: 0 on success, a negative error code otherwise. 120 * 121 * Call this to allocate a policy dump state, and to add policies to it. This 122 * should be called from the dump start() callback. 123 * 124 * Note: on failures, any previously allocated state is freed. 125 */ 126 int netlink_policy_dump_add_policy(struct netlink_policy_dump_state **pstate, 127 const struct nla_policy *policy, 128 unsigned int maxtype) 129 { 130 struct netlink_policy_dump_state *state = *pstate; 131 unsigned int policy_idx; 132 int err; 133 134 if (!state) { 135 state = alloc_state(); 136 if (IS_ERR(state)) 137 return PTR_ERR(state); 138 } 139 140 /* 141 * walk the policies and nested ones first, and build 142 * a linear list of them. 143 */ 144 145 err = add_policy(&state, policy, maxtype); 146 if (err) 147 goto err_try_undo; 148 149 for (policy_idx = 0; 150 policy_idx < state->n_alloc && state->policies[policy_idx].policy; 151 policy_idx++) { 152 const struct nla_policy *policy; 153 unsigned int type; 154 155 policy = state->policies[policy_idx].policy; 156 157 for (type = 0; 158 type <= state->policies[policy_idx].maxtype; 159 type++) { 160 switch (policy[type].type) { 161 case NLA_NESTED: 162 case NLA_NESTED_ARRAY: 163 err = add_policy(&state, 164 policy[type].nested_policy, 165 policy[type].len); 166 if (err) 167 goto err_try_undo; 168 break; 169 default: 170 break; 171 } 172 } 173 } 174 175 *pstate = state; 176 return 0; 177 178 err_try_undo: 179 /* Try to preserve reasonable unwind semantics - if we're starting from 180 * scratch clean up fully, otherwise record what we got and caller will. 181 */ 182 if (!*pstate) 183 netlink_policy_dump_free(state); 184 else 185 *pstate = state; 186 return err; 187 } 188 189 static bool 190 netlink_policy_dump_finished(struct netlink_policy_dump_state *state) 191 { 192 return state->policy_idx >= state->n_alloc || 193 !state->policies[state->policy_idx].policy; 194 } 195 196 /** 197 * netlink_policy_dump_loop - dumping loop indicator 198 * @state: the policy dump state 199 * 200 * Returns: %true if the dump continues, %false otherwise 201 * 202 * Note: this frees the dump state when finishing 203 */ 204 bool netlink_policy_dump_loop(struct netlink_policy_dump_state *state) 205 { 206 return !netlink_policy_dump_finished(state); 207 } 208 209 int netlink_policy_dump_attr_size_estimate(const struct nla_policy *pt) 210 { 211 /* nested + type */ 212 int common = 2 * nla_attr_size(sizeof(u32)); 213 214 switch (pt->type) { 215 case NLA_UNSPEC: 216 case NLA_REJECT: 217 /* these actually don't need any space */ 218 return 0; 219 case NLA_NESTED: 220 case NLA_NESTED_ARRAY: 221 /* common, policy idx, policy maxattr */ 222 return common + 2 * nla_attr_size(sizeof(u32)); 223 case NLA_U8: 224 case NLA_U16: 225 case NLA_U32: 226 case NLA_U64: 227 case NLA_MSECS: 228 case NLA_S8: 229 case NLA_S16: 230 case NLA_S32: 231 case NLA_S64: 232 case NLA_SINT: 233 case NLA_UINT: 234 /* maximum is common, u64 min/max with padding */ 235 return common + 236 2 * (nla_attr_size(0) + nla_attr_size(sizeof(u64))); 237 case NLA_BITFIELD32: 238 return common + nla_attr_size(sizeof(u32)); 239 case NLA_STRING: 240 case NLA_NUL_STRING: 241 case NLA_BINARY: 242 /* maximum is common, u32 min-length/max-length */ 243 return common + 2 * nla_attr_size(sizeof(u32)); 244 case NLA_FLAG: 245 return common; 246 } 247 248 /* this should then cause a warning later */ 249 return 0; 250 } 251 252 static int 253 __netlink_policy_dump_write_attr(struct netlink_policy_dump_state *state, 254 struct sk_buff *skb, 255 const struct nla_policy *pt, 256 int nestattr) 257 { 258 int estimate = netlink_policy_dump_attr_size_estimate(pt); 259 enum netlink_attribute_type type; 260 struct nlattr *attr; 261 262 attr = nla_nest_start(skb, nestattr); 263 if (!attr) 264 return -ENOBUFS; 265 266 switch (pt->type) { 267 default: 268 case NLA_UNSPEC: 269 case NLA_REJECT: 270 /* skip - use NLA_MIN_LEN to advertise such */ 271 nla_nest_cancel(skb, attr); 272 return -ENODATA; 273 case NLA_NESTED: 274 type = NL_ATTR_TYPE_NESTED; 275 fallthrough; 276 case NLA_NESTED_ARRAY: 277 if (pt->type == NLA_NESTED_ARRAY) 278 type = NL_ATTR_TYPE_NESTED_ARRAY; 279 if (state && pt->nested_policy && pt->len && 280 (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_IDX, 281 netlink_policy_dump_get_policy_idx(state, 282 pt->nested_policy, 283 pt->len)) || 284 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_MAXTYPE, 285 pt->len))) 286 goto nla_put_failure; 287 break; 288 case NLA_U8: 289 case NLA_U16: 290 case NLA_U32: 291 case NLA_U64: 292 case NLA_UINT: 293 case NLA_MSECS: { 294 struct netlink_range_validation range; 295 296 if (pt->type == NLA_U8) 297 type = NL_ATTR_TYPE_U8; 298 else if (pt->type == NLA_U16) 299 type = NL_ATTR_TYPE_U16; 300 else if (pt->type == NLA_U32) 301 type = NL_ATTR_TYPE_U32; 302 else if (pt->type == NLA_U64) 303 type = NL_ATTR_TYPE_U64; 304 else 305 type = NL_ATTR_TYPE_UINT; 306 307 if (pt->validation_type == NLA_VALIDATE_MASK) { 308 if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MASK, 309 pt->mask, 310 NL_POLICY_TYPE_ATTR_PAD)) 311 goto nla_put_failure; 312 break; 313 } else if (pt->validation_type == NLA_VALIDATE_FUNCTION) { 314 break; 315 } 316 317 nla_get_range_unsigned(pt, &range); 318 319 if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_U, 320 range.min, NL_POLICY_TYPE_ATTR_PAD) || 321 nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_U, 322 range.max, NL_POLICY_TYPE_ATTR_PAD)) 323 goto nla_put_failure; 324 break; 325 } 326 case NLA_S8: 327 case NLA_S16: 328 case NLA_S32: 329 case NLA_S64: 330 case NLA_SINT: { 331 struct netlink_range_validation_signed range; 332 333 if (pt->type == NLA_S8) 334 type = NL_ATTR_TYPE_S8; 335 else if (pt->type == NLA_S16) 336 type = NL_ATTR_TYPE_S16; 337 else if (pt->type == NLA_S32) 338 type = NL_ATTR_TYPE_S32; 339 else if (pt->type == NLA_S64) 340 type = NL_ATTR_TYPE_S64; 341 else 342 type = NL_ATTR_TYPE_SINT; 343 344 if (pt->validation_type == NLA_VALIDATE_FUNCTION) 345 break; 346 347 nla_get_range_signed(pt, &range); 348 349 if (nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_S, 350 range.min, NL_POLICY_TYPE_ATTR_PAD) || 351 nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_S, 352 range.max, NL_POLICY_TYPE_ATTR_PAD)) 353 goto nla_put_failure; 354 break; 355 } 356 case NLA_BITFIELD32: 357 type = NL_ATTR_TYPE_BITFIELD32; 358 if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_BITFIELD32_MASK, 359 pt->bitfield32_valid)) 360 goto nla_put_failure; 361 break; 362 case NLA_STRING: 363 case NLA_NUL_STRING: 364 case NLA_BINARY: 365 if (pt->type == NLA_STRING) 366 type = NL_ATTR_TYPE_STRING; 367 else if (pt->type == NLA_NUL_STRING) 368 type = NL_ATTR_TYPE_NUL_STRING; 369 else 370 type = NL_ATTR_TYPE_BINARY; 371 372 if (pt->validation_type == NLA_VALIDATE_RANGE || 373 pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG) { 374 struct netlink_range_validation range; 375 376 nla_get_range_unsigned(pt, &range); 377 378 if (range.min && 379 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MIN_LENGTH, 380 range.min)) 381 goto nla_put_failure; 382 383 if (range.max < U16_MAX && 384 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH, 385 range.max)) 386 goto nla_put_failure; 387 } else if (pt->len && 388 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH, 389 pt->len)) { 390 goto nla_put_failure; 391 } 392 break; 393 case NLA_FLAG: 394 type = NL_ATTR_TYPE_FLAG; 395 break; 396 } 397 398 if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_TYPE, type)) 399 goto nla_put_failure; 400 401 nla_nest_end(skb, attr); 402 WARN_ON(attr->nla_len > estimate); 403 404 return 0; 405 nla_put_failure: 406 nla_nest_cancel(skb, attr); 407 return -ENOBUFS; 408 } 409 410 /** 411 * netlink_policy_dump_write_attr - write a given attribute policy 412 * @skb: the message skb to write to 413 * @pt: the attribute's policy 414 * @nestattr: the nested attribute ID to use 415 * 416 * Returns: 0 on success, an error code otherwise; -%ENODATA is 417 * special, indicating that there's no policy data and 418 * the attribute is generally rejected. 419 */ 420 int netlink_policy_dump_write_attr(struct sk_buff *skb, 421 const struct nla_policy *pt, 422 int nestattr) 423 { 424 return __netlink_policy_dump_write_attr(NULL, skb, pt, nestattr); 425 } 426 427 /** 428 * netlink_policy_dump_write - write current policy dump attributes 429 * @skb: the message skb to write to 430 * @state: the policy dump state 431 * 432 * Returns: 0 on success, an error code otherwise 433 */ 434 int netlink_policy_dump_write(struct sk_buff *skb, 435 struct netlink_policy_dump_state *state) 436 { 437 const struct nla_policy *pt; 438 struct nlattr *policy; 439 bool again; 440 int err; 441 442 send_attribute: 443 again = false; 444 445 pt = &state->policies[state->policy_idx].policy[state->attr_idx]; 446 447 policy = nla_nest_start(skb, state->policy_idx); 448 if (!policy) 449 return -ENOBUFS; 450 451 err = __netlink_policy_dump_write_attr(state, skb, pt, state->attr_idx); 452 if (err == -ENODATA) { 453 nla_nest_cancel(skb, policy); 454 again = true; 455 goto next; 456 } else if (err) { 457 goto nla_put_failure; 458 } 459 460 /* finish and move state to next attribute */ 461 nla_nest_end(skb, policy); 462 463 next: 464 state->attr_idx += 1; 465 if (state->attr_idx > state->policies[state->policy_idx].maxtype) { 466 state->attr_idx = 0; 467 state->policy_idx++; 468 } 469 470 if (again) { 471 if (netlink_policy_dump_finished(state)) 472 return -ENODATA; 473 goto send_attribute; 474 } 475 476 return 0; 477 478 nla_put_failure: 479 nla_nest_cancel(skb, policy); 480 return -ENOBUFS; 481 } 482 483 /** 484 * netlink_policy_dump_free - free policy dump state 485 * @state: the policy dump state to free 486 * 487 * Call this from the done() method to ensure dump state is freed. 488 */ 489 void netlink_policy_dump_free(struct netlink_policy_dump_state *state) 490 { 491 kfree(state); 492 } 493