1 /* 2 * NETLINK Netlink attributes 3 * 4 * Authors: Thomas Graf <tgraf@suug.ch> 5 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 6 */ 7 8 #include <linux/export.h> 9 #include <linux/kernel.h> 10 #include <linux/errno.h> 11 #include <linux/jiffies.h> 12 #include <linux/netdevice.h> 13 #include <linux/skbuff.h> 14 #include <linux/string.h> 15 #include <linux/types.h> 16 #include <net/netlink.h> 17 18 static const u16 nla_attr_minlen[NLA_TYPE_MAX+1] = { 19 [NLA_U8] = sizeof(u8), 20 [NLA_U16] = sizeof(u16), 21 [NLA_U32] = sizeof(u32), 22 [NLA_U64] = sizeof(u64), 23 [NLA_MSECS] = sizeof(u64), 24 [NLA_NESTED] = NLA_HDRLEN, 25 [NLA_S8] = sizeof(s8), 26 [NLA_S16] = sizeof(s16), 27 [NLA_S32] = sizeof(s32), 28 [NLA_S64] = sizeof(s64), 29 }; 30 31 static int validate_nla(const struct nlattr *nla, int maxtype, 32 const struct nla_policy *policy) 33 { 34 const struct nla_policy *pt; 35 int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla); 36 37 if (type <= 0 || type > maxtype) 38 return 0; 39 40 pt = &policy[type]; 41 42 BUG_ON(pt->type > NLA_TYPE_MAX); 43 44 switch (pt->type) { 45 case NLA_FLAG: 46 if (attrlen > 0) 47 return -ERANGE; 48 break; 49 50 case NLA_NUL_STRING: 51 if (pt->len) 52 minlen = min_t(int, attrlen, pt->len + 1); 53 else 54 minlen = attrlen; 55 56 if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL) 57 return -EINVAL; 58 /* fall through */ 59 60 case NLA_STRING: 61 if (attrlen < 1) 62 return -ERANGE; 63 64 if (pt->len) { 65 char *buf = nla_data(nla); 66 67 if (buf[attrlen - 1] == '\0') 68 attrlen--; 69 70 if (attrlen > pt->len) 71 return -ERANGE; 72 } 73 break; 74 75 case NLA_BINARY: 76 if (pt->len && attrlen > pt->len) 77 return -ERANGE; 78 break; 79 80 case NLA_NESTED_COMPAT: 81 if (attrlen < pt->len) 82 return -ERANGE; 83 if (attrlen < NLA_ALIGN(pt->len)) 84 break; 85 if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN) 86 return -ERANGE; 87 nla = nla_data(nla) + NLA_ALIGN(pt->len); 88 if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN + nla_len(nla)) 89 return -ERANGE; 90 break; 91 case NLA_NESTED: 92 /* a nested attributes is allowed to be empty; if its not, 93 * it must have a size of at least NLA_HDRLEN. 94 */ 95 if (attrlen == 0) 96 break; 97 default: 98 if (pt->len) 99 minlen = pt->len; 100 else if (pt->type != NLA_UNSPEC) 101 minlen = nla_attr_minlen[pt->type]; 102 103 if (attrlen < minlen) 104 return -ERANGE; 105 } 106 107 return 0; 108 } 109 110 /** 111 * nla_validate - Validate a stream of attributes 112 * @head: head of attribute stream 113 * @len: length of attribute stream 114 * @maxtype: maximum attribute type to be expected 115 * @policy: validation policy 116 * 117 * Validates all attributes in the specified attribute stream against the 118 * specified policy. Attributes with a type exceeding maxtype will be 119 * ignored. See documenation of struct nla_policy for more details. 120 * 121 * Returns 0 on success or a negative error code. 122 */ 123 int nla_validate(const struct nlattr *head, int len, int maxtype, 124 const struct nla_policy *policy) 125 { 126 const struct nlattr *nla; 127 int rem, err; 128 129 nla_for_each_attr(nla, head, len, rem) { 130 err = validate_nla(nla, maxtype, policy); 131 if (err < 0) 132 goto errout; 133 } 134 135 err = 0; 136 errout: 137 return err; 138 } 139 140 /** 141 * nla_policy_len - Determin the max. length of a policy 142 * @policy: policy to use 143 * @n: number of policies 144 * 145 * Determines the max. length of the policy. It is currently used 146 * to allocated Netlink buffers roughly the size of the actual 147 * message. 148 * 149 * Returns 0 on success or a negative error code. 150 */ 151 int 152 nla_policy_len(const struct nla_policy *p, int n) 153 { 154 int i, len = 0; 155 156 for (i = 0; i < n; i++, p++) { 157 if (p->len) 158 len += nla_total_size(p->len); 159 else if (nla_attr_minlen[p->type]) 160 len += nla_total_size(nla_attr_minlen[p->type]); 161 } 162 163 return len; 164 } 165 166 /** 167 * nla_parse - Parse a stream of attributes into a tb buffer 168 * @tb: destination array with maxtype+1 elements 169 * @maxtype: maximum attribute type to be expected 170 * @head: head of attribute stream 171 * @len: length of attribute stream 172 * @policy: validation policy 173 * 174 * Parses a stream of attributes and stores a pointer to each attribute in 175 * the tb array accessible via the attribute type. Attributes with a type 176 * exceeding maxtype will be silently ignored for backwards compatibility 177 * reasons. policy may be set to NULL if no validation is required. 178 * 179 * Returns 0 on success or a negative error code. 180 */ 181 int nla_parse(struct nlattr **tb, int maxtype, const struct nlattr *head, 182 int len, const struct nla_policy *policy) 183 { 184 const struct nlattr *nla; 185 int rem, err; 186 187 memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1)); 188 189 nla_for_each_attr(nla, head, len, rem) { 190 u16 type = nla_type(nla); 191 192 if (type > 0 && type <= maxtype) { 193 if (policy) { 194 err = validate_nla(nla, maxtype, policy); 195 if (err < 0) 196 goto errout; 197 } 198 199 tb[type] = (struct nlattr *)nla; 200 } 201 } 202 203 if (unlikely(rem > 0)) 204 printk(KERN_WARNING "netlink: %d bytes leftover after parsing " 205 "attributes.\n", rem); 206 207 err = 0; 208 errout: 209 return err; 210 } 211 212 /** 213 * nla_find - Find a specific attribute in a stream of attributes 214 * @head: head of attribute stream 215 * @len: length of attribute stream 216 * @attrtype: type of attribute to look for 217 * 218 * Returns the first attribute in the stream matching the specified type. 219 */ 220 struct nlattr *nla_find(const struct nlattr *head, int len, int attrtype) 221 { 222 const struct nlattr *nla; 223 int rem; 224 225 nla_for_each_attr(nla, head, len, rem) 226 if (nla_type(nla) == attrtype) 227 return (struct nlattr *)nla; 228 229 return NULL; 230 } 231 232 /** 233 * nla_strlcpy - Copy string attribute payload into a sized buffer 234 * @dst: where to copy the string to 235 * @nla: attribute to copy the string from 236 * @dstsize: size of destination buffer 237 * 238 * Copies at most dstsize - 1 bytes into the destination buffer. 239 * The result is always a valid NUL-terminated string. Unlike 240 * strlcpy the destination buffer is always padded out. 241 * 242 * Returns the length of the source buffer. 243 */ 244 size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize) 245 { 246 size_t srclen = nla_len(nla); 247 char *src = nla_data(nla); 248 249 if (srclen > 0 && src[srclen - 1] == '\0') 250 srclen--; 251 252 if (dstsize > 0) { 253 size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen; 254 255 memset(dst, 0, dstsize); 256 memcpy(dst, src, len); 257 } 258 259 return srclen; 260 } 261 262 /** 263 * nla_memcpy - Copy a netlink attribute into another memory area 264 * @dest: where to copy to memcpy 265 * @src: netlink attribute to copy from 266 * @count: size of the destination area 267 * 268 * Note: The number of bytes copied is limited by the length of 269 * attribute's payload. memcpy 270 * 271 * Returns the number of bytes copied. 272 */ 273 int nla_memcpy(void *dest, const struct nlattr *src, int count) 274 { 275 int minlen = min_t(int, count, nla_len(src)); 276 277 memcpy(dest, nla_data(src), minlen); 278 279 return minlen; 280 } 281 282 /** 283 * nla_memcmp - Compare an attribute with sized memory area 284 * @nla: netlink attribute 285 * @data: memory area 286 * @size: size of memory area 287 */ 288 int nla_memcmp(const struct nlattr *nla, const void *data, 289 size_t size) 290 { 291 int d = nla_len(nla) - size; 292 293 if (d == 0) 294 d = memcmp(nla_data(nla), data, size); 295 296 return d; 297 } 298 299 /** 300 * nla_strcmp - Compare a string attribute against a string 301 * @nla: netlink string attribute 302 * @str: another string 303 */ 304 int nla_strcmp(const struct nlattr *nla, const char *str) 305 { 306 int len = strlen(str); 307 char *buf = nla_data(nla); 308 int attrlen = nla_len(nla); 309 int d; 310 311 if (attrlen > 0 && buf[attrlen - 1] == '\0') 312 attrlen--; 313 314 d = attrlen - len; 315 if (d == 0) 316 d = memcmp(nla_data(nla), str, len); 317 318 return d; 319 } 320 321 #ifdef CONFIG_NET 322 /** 323 * __nla_reserve - reserve room for attribute on the skb 324 * @skb: socket buffer to reserve room on 325 * @attrtype: attribute type 326 * @attrlen: length of attribute payload 327 * 328 * Adds a netlink attribute header to a socket buffer and reserves 329 * room for the payload but does not copy it. 330 * 331 * The caller is responsible to ensure that the skb provides enough 332 * tailroom for the attribute header and payload. 333 */ 334 struct nlattr *__nla_reserve(struct sk_buff *skb, int attrtype, int attrlen) 335 { 336 struct nlattr *nla; 337 338 nla = (struct nlattr *) skb_put(skb, nla_total_size(attrlen)); 339 nla->nla_type = attrtype; 340 nla->nla_len = nla_attr_size(attrlen); 341 342 memset((unsigned char *) nla + nla->nla_len, 0, nla_padlen(attrlen)); 343 344 return nla; 345 } 346 EXPORT_SYMBOL(__nla_reserve); 347 348 /** 349 * __nla_reserve_nohdr - reserve room for attribute without header 350 * @skb: socket buffer to reserve room on 351 * @attrlen: length of attribute payload 352 * 353 * Reserves room for attribute payload without a header. 354 * 355 * The caller is responsible to ensure that the skb provides enough 356 * tailroom for the payload. 357 */ 358 void *__nla_reserve_nohdr(struct sk_buff *skb, int attrlen) 359 { 360 void *start; 361 362 start = skb_put(skb, NLA_ALIGN(attrlen)); 363 memset(start, 0, NLA_ALIGN(attrlen)); 364 365 return start; 366 } 367 EXPORT_SYMBOL(__nla_reserve_nohdr); 368 369 /** 370 * nla_reserve - reserve room for attribute on the skb 371 * @skb: socket buffer to reserve room on 372 * @attrtype: attribute type 373 * @attrlen: length of attribute payload 374 * 375 * Adds a netlink attribute header to a socket buffer and reserves 376 * room for the payload but does not copy it. 377 * 378 * Returns NULL if the tailroom of the skb is insufficient to store 379 * the attribute header and payload. 380 */ 381 struct nlattr *nla_reserve(struct sk_buff *skb, int attrtype, int attrlen) 382 { 383 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) 384 return NULL; 385 386 return __nla_reserve(skb, attrtype, attrlen); 387 } 388 EXPORT_SYMBOL(nla_reserve); 389 390 /** 391 * nla_reserve_nohdr - reserve room for attribute without header 392 * @skb: socket buffer to reserve room on 393 * @attrlen: length of attribute payload 394 * 395 * Reserves room for attribute payload without a header. 396 * 397 * Returns NULL if the tailroom of the skb is insufficient to store 398 * the attribute payload. 399 */ 400 void *nla_reserve_nohdr(struct sk_buff *skb, int attrlen) 401 { 402 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 403 return NULL; 404 405 return __nla_reserve_nohdr(skb, attrlen); 406 } 407 EXPORT_SYMBOL(nla_reserve_nohdr); 408 409 /** 410 * __nla_put - Add a netlink attribute to a socket buffer 411 * @skb: socket buffer to add attribute to 412 * @attrtype: attribute type 413 * @attrlen: length of attribute payload 414 * @data: head of attribute payload 415 * 416 * The caller is responsible to ensure that the skb provides enough 417 * tailroom for the attribute header and payload. 418 */ 419 void __nla_put(struct sk_buff *skb, int attrtype, int attrlen, 420 const void *data) 421 { 422 struct nlattr *nla; 423 424 nla = __nla_reserve(skb, attrtype, attrlen); 425 memcpy(nla_data(nla), data, attrlen); 426 } 427 EXPORT_SYMBOL(__nla_put); 428 429 /** 430 * __nla_put_nohdr - Add a netlink attribute without header 431 * @skb: socket buffer to add attribute to 432 * @attrlen: length of attribute payload 433 * @data: head of attribute payload 434 * 435 * The caller is responsible to ensure that the skb provides enough 436 * tailroom for the attribute payload. 437 */ 438 void __nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) 439 { 440 void *start; 441 442 start = __nla_reserve_nohdr(skb, attrlen); 443 memcpy(start, data, attrlen); 444 } 445 EXPORT_SYMBOL(__nla_put_nohdr); 446 447 /** 448 * nla_put - Add a netlink attribute to a socket buffer 449 * @skb: socket buffer to add attribute to 450 * @attrtype: attribute type 451 * @attrlen: length of attribute payload 452 * @data: head of attribute payload 453 * 454 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 455 * the attribute header and payload. 456 */ 457 int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data) 458 { 459 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) 460 return -EMSGSIZE; 461 462 __nla_put(skb, attrtype, attrlen, data); 463 return 0; 464 } 465 EXPORT_SYMBOL(nla_put); 466 467 /** 468 * nla_put_nohdr - Add a netlink attribute without header 469 * @skb: socket buffer to add attribute to 470 * @attrlen: length of attribute payload 471 * @data: head of attribute payload 472 * 473 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 474 * the attribute payload. 475 */ 476 int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) 477 { 478 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 479 return -EMSGSIZE; 480 481 __nla_put_nohdr(skb, attrlen, data); 482 return 0; 483 } 484 EXPORT_SYMBOL(nla_put_nohdr); 485 486 /** 487 * nla_append - Add a netlink attribute without header or padding 488 * @skb: socket buffer to add attribute to 489 * @attrlen: length of attribute payload 490 * @data: head of attribute payload 491 * 492 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store 493 * the attribute payload. 494 */ 495 int nla_append(struct sk_buff *skb, int attrlen, const void *data) 496 { 497 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 498 return -EMSGSIZE; 499 500 memcpy(skb_put(skb, attrlen), data, attrlen); 501 return 0; 502 } 503 EXPORT_SYMBOL(nla_append); 504 #endif 505 506 EXPORT_SYMBOL(nla_validate); 507 EXPORT_SYMBOL(nla_policy_len); 508 EXPORT_SYMBOL(nla_parse); 509 EXPORT_SYMBOL(nla_find); 510 EXPORT_SYMBOL(nla_strlcpy); 511 EXPORT_SYMBOL(nla_memcpy); 512 EXPORT_SYMBOL(nla_memcmp); 513 EXPORT_SYMBOL(nla_strcmp); 514