1 /* 2 * NETLINK Netlink attributes 3 * 4 * Authors: Thomas Graf <tgraf@suug.ch> 5 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 6 */ 7 8 #include <linux/module.h> 9 #include <linux/kernel.h> 10 #include <linux/errno.h> 11 #include <linux/jiffies.h> 12 #include <linux/netdevice.h> 13 #include <linux/skbuff.h> 14 #include <linux/string.h> 15 #include <linux/types.h> 16 #include <net/netlink.h> 17 18 static const u16 nla_attr_minlen[NLA_TYPE_MAX+1] = { 19 [NLA_U8] = sizeof(u8), 20 [NLA_U16] = sizeof(u16), 21 [NLA_U32] = sizeof(u32), 22 [NLA_U64] = sizeof(u64), 23 [NLA_NESTED] = NLA_HDRLEN, 24 }; 25 26 static int validate_nla(const struct nlattr *nla, int maxtype, 27 const struct nla_policy *policy) 28 { 29 const struct nla_policy *pt; 30 int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla); 31 32 if (type <= 0 || type > maxtype) 33 return 0; 34 35 pt = &policy[type]; 36 37 BUG_ON(pt->type > NLA_TYPE_MAX); 38 39 switch (pt->type) { 40 case NLA_FLAG: 41 if (attrlen > 0) 42 return -ERANGE; 43 break; 44 45 case NLA_NUL_STRING: 46 if (pt->len) 47 minlen = min_t(int, attrlen, pt->len + 1); 48 else 49 minlen = attrlen; 50 51 if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL) 52 return -EINVAL; 53 /* fall through */ 54 55 case NLA_STRING: 56 if (attrlen < 1) 57 return -ERANGE; 58 59 if (pt->len) { 60 char *buf = nla_data(nla); 61 62 if (buf[attrlen - 1] == '\0') 63 attrlen--; 64 65 if (attrlen > pt->len) 66 return -ERANGE; 67 } 68 break; 69 70 case NLA_BINARY: 71 if (pt->len && attrlen > pt->len) 72 return -ERANGE; 73 break; 74 75 case NLA_NESTED_COMPAT: 76 if (attrlen < pt->len) 77 return -ERANGE; 78 if (attrlen < NLA_ALIGN(pt->len)) 79 break; 80 if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN) 81 return -ERANGE; 82 nla = nla_data(nla) + NLA_ALIGN(pt->len); 83 if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN + nla_len(nla)) 84 return -ERANGE; 85 break; 86 case NLA_NESTED: 87 /* a nested attributes is allowed to be empty; if its not, 88 * it must have a size of at least NLA_HDRLEN. 89 */ 90 if (attrlen == 0) 91 break; 92 default: 93 if (pt->len) 94 minlen = pt->len; 95 else if (pt->type != NLA_UNSPEC) 96 minlen = nla_attr_minlen[pt->type]; 97 98 if (attrlen < minlen) 99 return -ERANGE; 100 } 101 102 return 0; 103 } 104 105 /** 106 * nla_validate - Validate a stream of attributes 107 * @head: head of attribute stream 108 * @len: length of attribute stream 109 * @maxtype: maximum attribute type to be expected 110 * @policy: validation policy 111 * 112 * Validates all attributes in the specified attribute stream against the 113 * specified policy. Attributes with a type exceeding maxtype will be 114 * ignored. See documenation of struct nla_policy for more details. 115 * 116 * Returns 0 on success or a negative error code. 117 */ 118 int nla_validate(const struct nlattr *head, int len, int maxtype, 119 const struct nla_policy *policy) 120 { 121 const struct nlattr *nla; 122 int rem, err; 123 124 nla_for_each_attr(nla, head, len, rem) { 125 err = validate_nla(nla, maxtype, policy); 126 if (err < 0) 127 goto errout; 128 } 129 130 err = 0; 131 errout: 132 return err; 133 } 134 135 /** 136 * nla_policy_len - Determin the max. length of a policy 137 * @policy: policy to use 138 * @n: number of policies 139 * 140 * Determines the max. length of the policy. It is currently used 141 * to allocated Netlink buffers roughly the size of the actual 142 * message. 143 * 144 * Returns 0 on success or a negative error code. 145 */ 146 int 147 nla_policy_len(const struct nla_policy *p, int n) 148 { 149 int i, len = 0; 150 151 for (i = 0; i < n; i++) { 152 if (p->len) 153 len += nla_total_size(p->len); 154 else if (nla_attr_minlen[p->type]) 155 len += nla_total_size(nla_attr_minlen[p->type]); 156 } 157 158 return len; 159 } 160 161 /** 162 * nla_parse - Parse a stream of attributes into a tb buffer 163 * @tb: destination array with maxtype+1 elements 164 * @maxtype: maximum attribute type to be expected 165 * @head: head of attribute stream 166 * @len: length of attribute stream 167 * @policy: validation policy 168 * 169 * Parses a stream of attributes and stores a pointer to each attribute in 170 * the tb array accessable via the attribute type. Attributes with a type 171 * exceeding maxtype will be silently ignored for backwards compatibility 172 * reasons. policy may be set to NULL if no validation is required. 173 * 174 * Returns 0 on success or a negative error code. 175 */ 176 int nla_parse(struct nlattr **tb, int maxtype, const struct nlattr *head, 177 int len, const struct nla_policy *policy) 178 { 179 const struct nlattr *nla; 180 int rem, err; 181 182 memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1)); 183 184 nla_for_each_attr(nla, head, len, rem) { 185 u16 type = nla_type(nla); 186 187 if (type > 0 && type <= maxtype) { 188 if (policy) { 189 err = validate_nla(nla, maxtype, policy); 190 if (err < 0) 191 goto errout; 192 } 193 194 tb[type] = (struct nlattr *)nla; 195 } 196 } 197 198 if (unlikely(rem > 0)) 199 printk(KERN_WARNING "netlink: %d bytes leftover after parsing " 200 "attributes.\n", rem); 201 202 err = 0; 203 errout: 204 return err; 205 } 206 207 /** 208 * nla_find - Find a specific attribute in a stream of attributes 209 * @head: head of attribute stream 210 * @len: length of attribute stream 211 * @attrtype: type of attribute to look for 212 * 213 * Returns the first attribute in the stream matching the specified type. 214 */ 215 struct nlattr *nla_find(const struct nlattr *head, int len, int attrtype) 216 { 217 const struct nlattr *nla; 218 int rem; 219 220 nla_for_each_attr(nla, head, len, rem) 221 if (nla_type(nla) == attrtype) 222 return (struct nlattr *)nla; 223 224 return NULL; 225 } 226 227 /** 228 * nla_strlcpy - Copy string attribute payload into a sized buffer 229 * @dst: where to copy the string to 230 * @nla: attribute to copy the string from 231 * @dstsize: size of destination buffer 232 * 233 * Copies at most dstsize - 1 bytes into the destination buffer. 234 * The result is always a valid NUL-terminated string. Unlike 235 * strlcpy the destination buffer is always padded out. 236 * 237 * Returns the length of the source buffer. 238 */ 239 size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize) 240 { 241 size_t srclen = nla_len(nla); 242 char *src = nla_data(nla); 243 244 if (srclen > 0 && src[srclen - 1] == '\0') 245 srclen--; 246 247 if (dstsize > 0) { 248 size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen; 249 250 memset(dst, 0, dstsize); 251 memcpy(dst, src, len); 252 } 253 254 return srclen; 255 } 256 257 /** 258 * nla_memcpy - Copy a netlink attribute into another memory area 259 * @dest: where to copy to memcpy 260 * @src: netlink attribute to copy from 261 * @count: size of the destination area 262 * 263 * Note: The number of bytes copied is limited by the length of 264 * attribute's payload. memcpy 265 * 266 * Returns the number of bytes copied. 267 */ 268 int nla_memcpy(void *dest, const struct nlattr *src, int count) 269 { 270 int minlen = min_t(int, count, nla_len(src)); 271 272 memcpy(dest, nla_data(src), minlen); 273 274 return minlen; 275 } 276 277 /** 278 * nla_memcmp - Compare an attribute with sized memory area 279 * @nla: netlink attribute 280 * @data: memory area 281 * @size: size of memory area 282 */ 283 int nla_memcmp(const struct nlattr *nla, const void *data, 284 size_t size) 285 { 286 int d = nla_len(nla) - size; 287 288 if (d == 0) 289 d = memcmp(nla_data(nla), data, size); 290 291 return d; 292 } 293 294 /** 295 * nla_strcmp - Compare a string attribute against a string 296 * @nla: netlink string attribute 297 * @str: another string 298 */ 299 int nla_strcmp(const struct nlattr *nla, const char *str) 300 { 301 int len = strlen(str) + 1; 302 int d = nla_len(nla) - len; 303 304 if (d == 0) 305 d = memcmp(nla_data(nla), str, len); 306 307 return d; 308 } 309 310 #ifdef CONFIG_NET 311 /** 312 * __nla_reserve - reserve room for attribute on the skb 313 * @skb: socket buffer to reserve room on 314 * @attrtype: attribute type 315 * @attrlen: length of attribute payload 316 * 317 * Adds a netlink attribute header to a socket buffer and reserves 318 * room for the payload but does not copy it. 319 * 320 * The caller is responsible to ensure that the skb provides enough 321 * tailroom for the attribute header and payload. 322 */ 323 struct nlattr *__nla_reserve(struct sk_buff *skb, int attrtype, int attrlen) 324 { 325 struct nlattr *nla; 326 327 nla = (struct nlattr *) skb_put(skb, nla_total_size(attrlen)); 328 nla->nla_type = attrtype; 329 nla->nla_len = nla_attr_size(attrlen); 330 331 memset((unsigned char *) nla + nla->nla_len, 0, nla_padlen(attrlen)); 332 333 return nla; 334 } 335 EXPORT_SYMBOL(__nla_reserve); 336 337 /** 338 * __nla_reserve_nohdr - reserve room for attribute without header 339 * @skb: socket buffer to reserve room on 340 * @attrlen: length of attribute payload 341 * 342 * Reserves room for attribute payload without a header. 343 * 344 * The caller is responsible to ensure that the skb provides enough 345 * tailroom for the payload. 346 */ 347 void *__nla_reserve_nohdr(struct sk_buff *skb, int attrlen) 348 { 349 void *start; 350 351 start = skb_put(skb, NLA_ALIGN(attrlen)); 352 memset(start, 0, NLA_ALIGN(attrlen)); 353 354 return start; 355 } 356 EXPORT_SYMBOL(__nla_reserve_nohdr); 357 358 /** 359 * nla_reserve - reserve room for attribute on the skb 360 * @skb: socket buffer to reserve room on 361 * @attrtype: attribute type 362 * @attrlen: length of attribute payload 363 * 364 * Adds a netlink attribute header to a socket buffer and reserves 365 * room for the payload but does not copy it. 366 * 367 * Returns NULL if the tailroom of the skb is insufficient to store 368 * the attribute header and payload. 369 */ 370 struct nlattr *nla_reserve(struct sk_buff *skb, int attrtype, int attrlen) 371 { 372 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) 373 return NULL; 374 375 return __nla_reserve(skb, attrtype, attrlen); 376 } 377 EXPORT_SYMBOL(nla_reserve); 378 379 /** 380 * nla_reserve_nohdr - reserve room for attribute without header 381 * @skb: socket buffer to reserve room on 382 * @attrlen: length of attribute payload 383 * 384 * Reserves room for attribute payload without a header. 385 * 386 * Returns NULL if the tailroom of the skb is insufficient to store 387 * the attribute payload. 388 */ 389 void *nla_reserve_nohdr(struct sk_buff *skb, int attrlen) 390 { 391 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 392 return NULL; 393 394 return __nla_reserve_nohdr(skb, attrlen); 395 } 396 EXPORT_SYMBOL(nla_reserve_nohdr); 397 398 /** 399 * __nla_put - Add a netlink attribute to a socket buffer 400 * @skb: socket buffer to add attribute to 401 * @attrtype: attribute type 402 * @attrlen: length of attribute payload 403 * @data: head of attribute payload 404 * 405 * The caller is responsible to ensure that the skb provides enough 406 * tailroom for the attribute header and payload. 407 */ 408 void __nla_put(struct sk_buff *skb, int attrtype, int attrlen, 409 const void *data) 410 { 411 struct nlattr *nla; 412 413 nla = __nla_reserve(skb, attrtype, attrlen); 414 memcpy(nla_data(nla), data, attrlen); 415 } 416 EXPORT_SYMBOL(__nla_put); 417 418 /** 419 * __nla_put_nohdr - Add a netlink attribute without header 420 * @skb: socket buffer to add attribute to 421 * @attrlen: length of attribute payload 422 * @data: head of attribute payload 423 * 424 * The caller is responsible to ensure that the skb provides enough 425 * tailroom for the attribute payload. 426 */ 427 void __nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) 428 { 429 void *start; 430 431 start = __nla_reserve_nohdr(skb, attrlen); 432 memcpy(start, data, attrlen); 433 } 434 EXPORT_SYMBOL(__nla_put_nohdr); 435 436 /** 437 * nla_put - Add a netlink attribute to a socket buffer 438 * @skb: socket buffer to add attribute to 439 * @attrtype: attribute type 440 * @attrlen: length of attribute payload 441 * @data: head of attribute payload 442 * 443 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 444 * the attribute header and payload. 445 */ 446 int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data) 447 { 448 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) 449 return -EMSGSIZE; 450 451 __nla_put(skb, attrtype, attrlen, data); 452 return 0; 453 } 454 EXPORT_SYMBOL(nla_put); 455 456 /** 457 * nla_put_nohdr - Add a netlink attribute without header 458 * @skb: socket buffer to add attribute to 459 * @attrlen: length of attribute payload 460 * @data: head of attribute payload 461 * 462 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 463 * the attribute payload. 464 */ 465 int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) 466 { 467 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 468 return -EMSGSIZE; 469 470 __nla_put_nohdr(skb, attrlen, data); 471 return 0; 472 } 473 EXPORT_SYMBOL(nla_put_nohdr); 474 475 /** 476 * nla_append - Add a netlink attribute without header or padding 477 * @skb: socket buffer to add attribute to 478 * @attrlen: length of attribute payload 479 * @data: head of attribute payload 480 * 481 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 482 * the attribute payload. 483 */ 484 int nla_append(struct sk_buff *skb, int attrlen, const void *data) 485 { 486 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 487 return -EMSGSIZE; 488 489 memcpy(skb_put(skb, attrlen), data, attrlen); 490 return 0; 491 } 492 EXPORT_SYMBOL(nla_append); 493 #endif 494 495 EXPORT_SYMBOL(nla_validate); 496 EXPORT_SYMBOL(nla_policy_len); 497 EXPORT_SYMBOL(nla_parse); 498 EXPORT_SYMBOL(nla_find); 499 EXPORT_SYMBOL(nla_strlcpy); 500 EXPORT_SYMBOL(nla_memcpy); 501 EXPORT_SYMBOL(nla_memcmp); 502 EXPORT_SYMBOL(nla_strcmp); 503