1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * NETLINK Netlink attributes 4 * 5 * Authors: Thomas Graf <tgraf@suug.ch> 6 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 7 */ 8 9 #include <linux/export.h> 10 #include <linux/kernel.h> 11 #include <linux/errno.h> 12 #include <linux/jiffies.h> 13 #include <linux/skbuff.h> 14 #include <linux/string.h> 15 #include <linux/types.h> 16 #include <net/netlink.h> 17 18 static const u8 nla_attr_minlen[NLA_TYPE_MAX+1] = { 19 [NLA_U8] = sizeof(u8), 20 [NLA_U16] = sizeof(u16), 21 [NLA_U32] = sizeof(u32), 22 [NLA_U64] = sizeof(u64), 23 [NLA_MSECS] = sizeof(u64), 24 [NLA_NESTED] = NLA_HDRLEN, 25 [NLA_S8] = sizeof(s8), 26 [NLA_S16] = sizeof(s16), 27 [NLA_S32] = sizeof(s32), 28 [NLA_S64] = sizeof(s64), 29 }; 30 31 static int validate_nla_bitfield32(const struct nlattr *nla, 32 u32 *valid_flags_allowed) 33 { 34 const struct nla_bitfield32 *bf = nla_data(nla); 35 u32 *valid_flags_mask = valid_flags_allowed; 36 37 if (!valid_flags_allowed) 38 return -EINVAL; 39 40 /*disallow invalid bit selector */ 41 if (bf->selector & ~*valid_flags_mask) 42 return -EINVAL; 43 44 /*disallow invalid bit values */ 45 if (bf->value & ~*valid_flags_mask) 46 return -EINVAL; 47 48 /*disallow valid bit values that are not selected*/ 49 if (bf->value & ~bf->selector) 50 return -EINVAL; 51 52 return 0; 53 } 54 55 static int validate_nla(const struct nlattr *nla, int maxtype, 56 const struct nla_policy *policy) 57 { 58 const struct nla_policy *pt; 59 int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla); 60 61 if (type <= 0 || type > maxtype) 62 return 0; 63 64 pt = &policy[type]; 65 66 BUG_ON(pt->type > NLA_TYPE_MAX); 67 68 switch (pt->type) { 69 case NLA_FLAG: 70 if (attrlen > 0) 71 return -ERANGE; 72 break; 73 74 case NLA_BITFIELD32: 75 if (attrlen != sizeof(struct nla_bitfield32)) 76 return -ERANGE; 77 78 return validate_nla_bitfield32(nla, pt->validation_data); 79 80 case NLA_NUL_STRING: 81 if (pt->len) 82 minlen = min_t(int, attrlen, pt->len + 1); 83 else 84 minlen = attrlen; 85 86 if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL) 87 return -EINVAL; 88 /* fall through */ 89 90 case NLA_STRING: 91 if (attrlen < 1) 92 return -ERANGE; 93 94 if (pt->len) { 95 char *buf = nla_data(nla); 96 97 if (buf[attrlen - 1] == '\0') 98 attrlen--; 99 100 if (attrlen > pt->len) 101 return -ERANGE; 102 } 103 break; 104 105 case NLA_BINARY: 106 if (pt->len && attrlen > pt->len) 107 return -ERANGE; 108 break; 109 110 case NLA_NESTED_COMPAT: 111 if (attrlen < pt->len) 112 return -ERANGE; 113 if (attrlen < NLA_ALIGN(pt->len)) 114 break; 115 if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN) 116 return -ERANGE; 117 nla = nla_data(nla) + NLA_ALIGN(pt->len); 118 if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN + nla_len(nla)) 119 return -ERANGE; 120 break; 121 case NLA_NESTED: 122 /* a nested attributes is allowed to be empty; if its not, 123 * it must have a size of at least NLA_HDRLEN. 124 */ 125 if (attrlen == 0) 126 break; 127 default: 128 if (pt->len) 129 minlen = pt->len; 130 else if (pt->type != NLA_UNSPEC) 131 minlen = nla_attr_minlen[pt->type]; 132 133 if (attrlen < minlen) 134 return -ERANGE; 135 } 136 137 return 0; 138 } 139 140 /** 141 * nla_validate - Validate a stream of attributes 142 * @head: head of attribute stream 143 * @len: length of attribute stream 144 * @maxtype: maximum attribute type to be expected 145 * @policy: validation policy 146 * @extack: extended ACK report struct 147 * 148 * Validates all attributes in the specified attribute stream against the 149 * specified policy. Attributes with a type exceeding maxtype will be 150 * ignored. See documenation of struct nla_policy for more details. 151 * 152 * Returns 0 on success or a negative error code. 153 */ 154 int nla_validate(const struct nlattr *head, int len, int maxtype, 155 const struct nla_policy *policy, 156 struct netlink_ext_ack *extack) 157 { 158 const struct nlattr *nla; 159 int rem; 160 161 nla_for_each_attr(nla, head, len, rem) { 162 int err = validate_nla(nla, maxtype, policy); 163 164 if (err < 0) { 165 if (extack) 166 extack->bad_attr = nla; 167 return err; 168 } 169 } 170 171 return 0; 172 } 173 EXPORT_SYMBOL(nla_validate); 174 175 /** 176 * nla_policy_len - Determin the max. length of a policy 177 * @policy: policy to use 178 * @n: number of policies 179 * 180 * Determines the max. length of the policy. It is currently used 181 * to allocated Netlink buffers roughly the size of the actual 182 * message. 183 * 184 * Returns 0 on success or a negative error code. 185 */ 186 int 187 nla_policy_len(const struct nla_policy *p, int n) 188 { 189 int i, len = 0; 190 191 for (i = 0; i < n; i++, p++) { 192 if (p->len) 193 len += nla_total_size(p->len); 194 else if (nla_attr_minlen[p->type]) 195 len += nla_total_size(nla_attr_minlen[p->type]); 196 } 197 198 return len; 199 } 200 EXPORT_SYMBOL(nla_policy_len); 201 202 /** 203 * nla_parse - Parse a stream of attributes into a tb buffer 204 * @tb: destination array with maxtype+1 elements 205 * @maxtype: maximum attribute type to be expected 206 * @head: head of attribute stream 207 * @len: length of attribute stream 208 * @policy: validation policy 209 * 210 * Parses a stream of attributes and stores a pointer to each attribute in 211 * the tb array accessible via the attribute type. Attributes with a type 212 * exceeding maxtype will be silently ignored for backwards compatibility 213 * reasons. policy may be set to NULL if no validation is required. 214 * 215 * Returns 0 on success or a negative error code. 216 */ 217 int nla_parse(struct nlattr **tb, int maxtype, const struct nlattr *head, 218 int len, const struct nla_policy *policy, 219 struct netlink_ext_ack *extack) 220 { 221 const struct nlattr *nla; 222 int rem, err; 223 224 memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1)); 225 226 nla_for_each_attr(nla, head, len, rem) { 227 u16 type = nla_type(nla); 228 229 if (type > 0 && type <= maxtype) { 230 if (policy) { 231 err = validate_nla(nla, maxtype, policy); 232 if (err < 0) { 233 if (extack) 234 extack->bad_attr = nla; 235 goto errout; 236 } 237 } 238 239 tb[type] = (struct nlattr *)nla; 240 } 241 } 242 243 if (unlikely(rem > 0)) 244 pr_warn_ratelimited("netlink: %d bytes leftover after parsing attributes in process `%s'.\n", 245 rem, current->comm); 246 247 err = 0; 248 errout: 249 return err; 250 } 251 EXPORT_SYMBOL(nla_parse); 252 253 /** 254 * nla_find - Find a specific attribute in a stream of attributes 255 * @head: head of attribute stream 256 * @len: length of attribute stream 257 * @attrtype: type of attribute to look for 258 * 259 * Returns the first attribute in the stream matching the specified type. 260 */ 261 struct nlattr *nla_find(const struct nlattr *head, int len, int attrtype) 262 { 263 const struct nlattr *nla; 264 int rem; 265 266 nla_for_each_attr(nla, head, len, rem) 267 if (nla_type(nla) == attrtype) 268 return (struct nlattr *)nla; 269 270 return NULL; 271 } 272 EXPORT_SYMBOL(nla_find); 273 274 /** 275 * nla_strlcpy - Copy string attribute payload into a sized buffer 276 * @dst: where to copy the string to 277 * @nla: attribute to copy the string from 278 * @dstsize: size of destination buffer 279 * 280 * Copies at most dstsize - 1 bytes into the destination buffer. 281 * The result is always a valid NUL-terminated string. Unlike 282 * strlcpy the destination buffer is always padded out. 283 * 284 * Returns the length of the source buffer. 285 */ 286 size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize) 287 { 288 size_t srclen = nla_len(nla); 289 char *src = nla_data(nla); 290 291 if (srclen > 0 && src[srclen - 1] == '\0') 292 srclen--; 293 294 if (dstsize > 0) { 295 size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen; 296 297 memset(dst, 0, dstsize); 298 memcpy(dst, src, len); 299 } 300 301 return srclen; 302 } 303 EXPORT_SYMBOL(nla_strlcpy); 304 305 /** 306 * nla_strdup - Copy string attribute payload into a newly allocated buffer 307 * @nla: attribute to copy the string from 308 * @flags: the type of memory to allocate (see kmalloc). 309 * 310 * Returns a pointer to the allocated buffer or NULL on error. 311 */ 312 char *nla_strdup(const struct nlattr *nla, gfp_t flags) 313 { 314 size_t srclen = nla_len(nla); 315 char *src = nla_data(nla), *dst; 316 317 if (srclen > 0 && src[srclen - 1] == '\0') 318 srclen--; 319 320 dst = kmalloc(srclen + 1, flags); 321 if (dst != NULL) { 322 memcpy(dst, src, srclen); 323 dst[srclen] = '\0'; 324 } 325 return dst; 326 } 327 EXPORT_SYMBOL(nla_strdup); 328 329 /** 330 * nla_memcpy - Copy a netlink attribute into another memory area 331 * @dest: where to copy to memcpy 332 * @src: netlink attribute to copy from 333 * @count: size of the destination area 334 * 335 * Note: The number of bytes copied is limited by the length of 336 * attribute's payload. memcpy 337 * 338 * Returns the number of bytes copied. 339 */ 340 int nla_memcpy(void *dest, const struct nlattr *src, int count) 341 { 342 int minlen = min_t(int, count, nla_len(src)); 343 344 memcpy(dest, nla_data(src), minlen); 345 if (count > minlen) 346 memset(dest + minlen, 0, count - minlen); 347 348 return minlen; 349 } 350 EXPORT_SYMBOL(nla_memcpy); 351 352 /** 353 * nla_memcmp - Compare an attribute with sized memory area 354 * @nla: netlink attribute 355 * @data: memory area 356 * @size: size of memory area 357 */ 358 int nla_memcmp(const struct nlattr *nla, const void *data, 359 size_t size) 360 { 361 int d = nla_len(nla) - size; 362 363 if (d == 0) 364 d = memcmp(nla_data(nla), data, size); 365 366 return d; 367 } 368 EXPORT_SYMBOL(nla_memcmp); 369 370 /** 371 * nla_strcmp - Compare a string attribute against a string 372 * @nla: netlink string attribute 373 * @str: another string 374 */ 375 int nla_strcmp(const struct nlattr *nla, const char *str) 376 { 377 int len = strlen(str); 378 char *buf = nla_data(nla); 379 int attrlen = nla_len(nla); 380 int d; 381 382 if (attrlen > 0 && buf[attrlen - 1] == '\0') 383 attrlen--; 384 385 d = attrlen - len; 386 if (d == 0) 387 d = memcmp(nla_data(nla), str, len); 388 389 return d; 390 } 391 EXPORT_SYMBOL(nla_strcmp); 392 393 #ifdef CONFIG_NET 394 /** 395 * __nla_reserve - reserve room for attribute on the skb 396 * @skb: socket buffer to reserve room on 397 * @attrtype: attribute type 398 * @attrlen: length of attribute payload 399 * 400 * Adds a netlink attribute header to a socket buffer and reserves 401 * room for the payload but does not copy it. 402 * 403 * The caller is responsible to ensure that the skb provides enough 404 * tailroom for the attribute header and payload. 405 */ 406 struct nlattr *__nla_reserve(struct sk_buff *skb, int attrtype, int attrlen) 407 { 408 struct nlattr *nla; 409 410 nla = skb_put(skb, nla_total_size(attrlen)); 411 nla->nla_type = attrtype; 412 nla->nla_len = nla_attr_size(attrlen); 413 414 memset((unsigned char *) nla + nla->nla_len, 0, nla_padlen(attrlen)); 415 416 return nla; 417 } 418 EXPORT_SYMBOL(__nla_reserve); 419 420 /** 421 * __nla_reserve_64bit - reserve room for attribute on the skb and align it 422 * @skb: socket buffer to reserve room on 423 * @attrtype: attribute type 424 * @attrlen: length of attribute payload 425 * @padattr: attribute type for the padding 426 * 427 * Adds a netlink attribute header to a socket buffer and reserves 428 * room for the payload but does not copy it. It also ensure that this 429 * attribute will have a 64-bit aligned nla_data() area. 430 * 431 * The caller is responsible to ensure that the skb provides enough 432 * tailroom for the attribute header and payload. 433 */ 434 struct nlattr *__nla_reserve_64bit(struct sk_buff *skb, int attrtype, 435 int attrlen, int padattr) 436 { 437 if (nla_need_padding_for_64bit(skb)) 438 nla_align_64bit(skb, padattr); 439 440 return __nla_reserve(skb, attrtype, attrlen); 441 } 442 EXPORT_SYMBOL(__nla_reserve_64bit); 443 444 /** 445 * __nla_reserve_nohdr - reserve room for attribute without header 446 * @skb: socket buffer to reserve room on 447 * @attrlen: length of attribute payload 448 * 449 * Reserves room for attribute payload without a header. 450 * 451 * The caller is responsible to ensure that the skb provides enough 452 * tailroom for the payload. 453 */ 454 void *__nla_reserve_nohdr(struct sk_buff *skb, int attrlen) 455 { 456 return skb_put_zero(skb, NLA_ALIGN(attrlen)); 457 } 458 EXPORT_SYMBOL(__nla_reserve_nohdr); 459 460 /** 461 * nla_reserve - reserve room for attribute on the skb 462 * @skb: socket buffer to reserve room on 463 * @attrtype: attribute type 464 * @attrlen: length of attribute payload 465 * 466 * Adds a netlink attribute header to a socket buffer and reserves 467 * room for the payload but does not copy it. 468 * 469 * Returns NULL if the tailroom of the skb is insufficient to store 470 * the attribute header and payload. 471 */ 472 struct nlattr *nla_reserve(struct sk_buff *skb, int attrtype, int attrlen) 473 { 474 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) 475 return NULL; 476 477 return __nla_reserve(skb, attrtype, attrlen); 478 } 479 EXPORT_SYMBOL(nla_reserve); 480 481 /** 482 * nla_reserve_64bit - reserve room for attribute on the skb and align it 483 * @skb: socket buffer to reserve room on 484 * @attrtype: attribute type 485 * @attrlen: length of attribute payload 486 * @padattr: attribute type for the padding 487 * 488 * Adds a netlink attribute header to a socket buffer and reserves 489 * room for the payload but does not copy it. It also ensure that this 490 * attribute will have a 64-bit aligned nla_data() area. 491 * 492 * Returns NULL if the tailroom of the skb is insufficient to store 493 * the attribute header and payload. 494 */ 495 struct nlattr *nla_reserve_64bit(struct sk_buff *skb, int attrtype, int attrlen, 496 int padattr) 497 { 498 size_t len; 499 500 if (nla_need_padding_for_64bit(skb)) 501 len = nla_total_size_64bit(attrlen); 502 else 503 len = nla_total_size(attrlen); 504 if (unlikely(skb_tailroom(skb) < len)) 505 return NULL; 506 507 return __nla_reserve_64bit(skb, attrtype, attrlen, padattr); 508 } 509 EXPORT_SYMBOL(nla_reserve_64bit); 510 511 /** 512 * nla_reserve_nohdr - reserve room for attribute without header 513 * @skb: socket buffer to reserve room on 514 * @attrlen: length of attribute payload 515 * 516 * Reserves room for attribute payload without a header. 517 * 518 * Returns NULL if the tailroom of the skb is insufficient to store 519 * the attribute payload. 520 */ 521 void *nla_reserve_nohdr(struct sk_buff *skb, int attrlen) 522 { 523 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 524 return NULL; 525 526 return __nla_reserve_nohdr(skb, attrlen); 527 } 528 EXPORT_SYMBOL(nla_reserve_nohdr); 529 530 /** 531 * __nla_put - Add a netlink attribute to a socket buffer 532 * @skb: socket buffer to add attribute to 533 * @attrtype: attribute type 534 * @attrlen: length of attribute payload 535 * @data: head of attribute payload 536 * 537 * The caller is responsible to ensure that the skb provides enough 538 * tailroom for the attribute header and payload. 539 */ 540 void __nla_put(struct sk_buff *skb, int attrtype, int attrlen, 541 const void *data) 542 { 543 struct nlattr *nla; 544 545 nla = __nla_reserve(skb, attrtype, attrlen); 546 memcpy(nla_data(nla), data, attrlen); 547 } 548 EXPORT_SYMBOL(__nla_put); 549 550 /** 551 * __nla_put_64bit - Add a netlink attribute to a socket buffer and align it 552 * @skb: socket buffer to add attribute to 553 * @attrtype: attribute type 554 * @attrlen: length of attribute payload 555 * @data: head of attribute payload 556 * @padattr: attribute type for the padding 557 * 558 * The caller is responsible to ensure that the skb provides enough 559 * tailroom for the attribute header and payload. 560 */ 561 void __nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen, 562 const void *data, int padattr) 563 { 564 struct nlattr *nla; 565 566 nla = __nla_reserve_64bit(skb, attrtype, attrlen, padattr); 567 memcpy(nla_data(nla), data, attrlen); 568 } 569 EXPORT_SYMBOL(__nla_put_64bit); 570 571 /** 572 * __nla_put_nohdr - Add a netlink attribute without header 573 * @skb: socket buffer to add attribute to 574 * @attrlen: length of attribute payload 575 * @data: head of attribute payload 576 * 577 * The caller is responsible to ensure that the skb provides enough 578 * tailroom for the attribute payload. 579 */ 580 void __nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) 581 { 582 void *start; 583 584 start = __nla_reserve_nohdr(skb, attrlen); 585 memcpy(start, data, attrlen); 586 } 587 EXPORT_SYMBOL(__nla_put_nohdr); 588 589 /** 590 * nla_put - Add a netlink attribute to a socket buffer 591 * @skb: socket buffer to add attribute to 592 * @attrtype: attribute type 593 * @attrlen: length of attribute payload 594 * @data: head of attribute payload 595 * 596 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 597 * the attribute header and payload. 598 */ 599 int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data) 600 { 601 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) 602 return -EMSGSIZE; 603 604 __nla_put(skb, attrtype, attrlen, data); 605 return 0; 606 } 607 EXPORT_SYMBOL(nla_put); 608 609 /** 610 * nla_put_64bit - Add a netlink attribute to a socket buffer and align it 611 * @skb: socket buffer to add attribute to 612 * @attrtype: attribute type 613 * @attrlen: length of attribute payload 614 * @data: head of attribute payload 615 * @padattr: attribute type for the padding 616 * 617 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 618 * the attribute header and payload. 619 */ 620 int nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen, 621 const void *data, int padattr) 622 { 623 size_t len; 624 625 if (nla_need_padding_for_64bit(skb)) 626 len = nla_total_size_64bit(attrlen); 627 else 628 len = nla_total_size(attrlen); 629 if (unlikely(skb_tailroom(skb) < len)) 630 return -EMSGSIZE; 631 632 __nla_put_64bit(skb, attrtype, attrlen, data, padattr); 633 return 0; 634 } 635 EXPORT_SYMBOL(nla_put_64bit); 636 637 /** 638 * nla_put_nohdr - Add a netlink attribute without header 639 * @skb: socket buffer to add attribute to 640 * @attrlen: length of attribute payload 641 * @data: head of attribute payload 642 * 643 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 644 * the attribute payload. 645 */ 646 int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) 647 { 648 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 649 return -EMSGSIZE; 650 651 __nla_put_nohdr(skb, attrlen, data); 652 return 0; 653 } 654 EXPORT_SYMBOL(nla_put_nohdr); 655 656 /** 657 * nla_append - Add a netlink attribute without header or padding 658 * @skb: socket buffer to add attribute to 659 * @attrlen: length of attribute payload 660 * @data: head of attribute payload 661 * 662 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 663 * the attribute payload. 664 */ 665 int nla_append(struct sk_buff *skb, int attrlen, const void *data) 666 { 667 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 668 return -EMSGSIZE; 669 670 skb_put_data(skb, data, attrlen); 671 return 0; 672 } 673 EXPORT_SYMBOL(nla_append); 674 #endif 675