1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * NETLINK Policy advertisement to userspace 4 * 5 * Authors: Johannes Berg <johannes@sipsolutions.net> 6 * 7 * Copyright 2019 Intel Corporation 8 */ 9 10 #include <linux/kernel.h> 11 #include <linux/errno.h> 12 #include <linux/types.h> 13 #include <net/netlink.h> 14 15 #define INITIAL_POLICIES_ALLOC 10 16 17 struct netlink_policy_dump_state { 18 unsigned int policy_idx; 19 unsigned int attr_idx; 20 unsigned int n_alloc; 21 struct { 22 const struct nla_policy *policy; 23 unsigned int maxtype; 24 } policies[]; 25 }; 26 27 static int add_policy(struct netlink_policy_dump_state **statep, 28 const struct nla_policy *policy, 29 unsigned int maxtype) 30 { 31 struct netlink_policy_dump_state *state = *statep; 32 unsigned int n_alloc, i; 33 34 if (!policy || !maxtype) 35 return 0; 36 37 for (i = 0; i < state->n_alloc; i++) { 38 if (state->policies[i].policy == policy && 39 state->policies[i].maxtype == maxtype) 40 return 0; 41 42 if (!state->policies[i].policy) { 43 state->policies[i].policy = policy; 44 state->policies[i].maxtype = maxtype; 45 return 0; 46 } 47 } 48 49 n_alloc = state->n_alloc + INITIAL_POLICIES_ALLOC; 50 state = krealloc(state, struct_size(state, policies, n_alloc), 51 GFP_KERNEL); 52 if (!state) 53 return -ENOMEM; 54 55 memset(&state->policies[state->n_alloc], 0, 56 flex_array_size(state, policies, n_alloc - state->n_alloc)); 57 58 state->policies[state->n_alloc].policy = policy; 59 state->policies[state->n_alloc].maxtype = maxtype; 60 state->n_alloc = n_alloc; 61 *statep = state; 62 63 return 0; 64 } 65 66 /** 67 * netlink_policy_dump_get_policy_idx - retrieve policy index 68 * @state: the policy dump state 69 * @policy: the policy to find 70 * @maxtype: the policy's maxattr 71 * 72 * Returns: the index of the given policy in the dump state 73 * 74 * Call this to find a policy index when you've added multiple and e.g. 75 * need to tell userspace which command has which policy (by index). 76 * 77 * Note: this will WARN and return 0 if the policy isn't found, which 78 * means it wasn't added in the first place, which would be an 79 * internal consistency bug. 80 */ 81 int netlink_policy_dump_get_policy_idx(struct netlink_policy_dump_state *state, 82 const struct nla_policy *policy, 83 unsigned int maxtype) 84 { 85 unsigned int i; 86 87 if (WARN_ON(!policy || !maxtype)) 88 return 0; 89 90 for (i = 0; i < state->n_alloc; i++) { 91 if (state->policies[i].policy == policy && 92 state->policies[i].maxtype == maxtype) 93 return i; 94 } 95 96 WARN_ON(1); 97 return 0; 98 } 99 100 static struct netlink_policy_dump_state *alloc_state(void) 101 { 102 struct netlink_policy_dump_state *state; 103 104 state = kzalloc(struct_size(state, policies, INITIAL_POLICIES_ALLOC), 105 GFP_KERNEL); 106 if (!state) 107 return ERR_PTR(-ENOMEM); 108 state->n_alloc = INITIAL_POLICIES_ALLOC; 109 110 return state; 111 } 112 113 /** 114 * netlink_policy_dump_add_policy - add a policy to the dump 115 * @pstate: state to add to, may be reallocated, must be %NULL the first time 116 * @policy: the new policy to add to the dump 117 * @maxtype: the new policy's max attr type 118 * 119 * Returns: 0 on success, a negative error code otherwise. 120 * 121 * Call this to allocate a policy dump state, and to add policies to it. This 122 * should be called from the dump start() callback. 123 * 124 * Note: on failures, any previously allocated state is freed. 125 */ 126 int netlink_policy_dump_add_policy(struct netlink_policy_dump_state **pstate, 127 const struct nla_policy *policy, 128 unsigned int maxtype) 129 { 130 struct netlink_policy_dump_state *state = *pstate; 131 unsigned int policy_idx; 132 int err; 133 134 if (!state) { 135 state = alloc_state(); 136 if (IS_ERR(state)) 137 return PTR_ERR(state); 138 } 139 140 /* 141 * walk the policies and nested ones first, and build 142 * a linear list of them. 143 */ 144 145 err = add_policy(&state, policy, maxtype); 146 if (err) 147 goto err_try_undo; 148 149 for (policy_idx = 0; 150 policy_idx < state->n_alloc && state->policies[policy_idx].policy; 151 policy_idx++) { 152 const struct nla_policy *policy; 153 unsigned int type; 154 155 policy = state->policies[policy_idx].policy; 156 157 for (type = 0; 158 type <= state->policies[policy_idx].maxtype; 159 type++) { 160 switch (policy[type].type) { 161 case NLA_NESTED: 162 case NLA_NESTED_ARRAY: 163 err = add_policy(&state, 164 policy[type].nested_policy, 165 policy[type].len); 166 if (err) 167 goto err_try_undo; 168 break; 169 default: 170 break; 171 } 172 } 173 } 174 175 *pstate = state; 176 return 0; 177 178 err_try_undo: 179 /* Try to preserve reasonable unwind semantics - if we're starting from 180 * scratch clean up fully, otherwise record what we got and caller will. 181 */ 182 if (!*pstate) 183 netlink_policy_dump_free(state); 184 else 185 *pstate = state; 186 return err; 187 } 188 189 static bool 190 netlink_policy_dump_finished(struct netlink_policy_dump_state *state) 191 { 192 return state->policy_idx >= state->n_alloc || 193 !state->policies[state->policy_idx].policy; 194 } 195 196 /** 197 * netlink_policy_dump_loop - dumping loop indicator 198 * @state: the policy dump state 199 * 200 * Returns: %true if the dump continues, %false otherwise 201 * 202 * Note: this frees the dump state when finishing 203 */ 204 bool netlink_policy_dump_loop(struct netlink_policy_dump_state *state) 205 { 206 return !netlink_policy_dump_finished(state); 207 } 208 209 int netlink_policy_dump_attr_size_estimate(const struct nla_policy *pt) 210 { 211 /* nested + type */ 212 int common = 2 * nla_attr_size(sizeof(u32)); 213 214 switch (pt->type) { 215 case NLA_UNSPEC: 216 case NLA_REJECT: 217 /* these actually don't need any space */ 218 return 0; 219 case NLA_NESTED: 220 case NLA_NESTED_ARRAY: 221 /* common, policy idx, policy maxattr */ 222 return common + 2 * nla_attr_size(sizeof(u32)); 223 case NLA_U8: 224 case NLA_U16: 225 case NLA_U32: 226 case NLA_U64: 227 case NLA_MSECS: 228 case NLA_S8: 229 case NLA_S16: 230 case NLA_S32: 231 case NLA_S64: 232 /* maximum is common, u64 min/max with padding */ 233 return common + 234 2 * (nla_attr_size(0) + nla_attr_size(sizeof(u64))); 235 case NLA_BITFIELD32: 236 return common + nla_attr_size(sizeof(u32)); 237 case NLA_STRING: 238 case NLA_NUL_STRING: 239 case NLA_BINARY: 240 /* maximum is common, u32 min-length/max-length */ 241 return common + 2 * nla_attr_size(sizeof(u32)); 242 case NLA_FLAG: 243 return common; 244 } 245 246 /* this should then cause a warning later */ 247 return 0; 248 } 249 250 static int 251 __netlink_policy_dump_write_attr(struct netlink_policy_dump_state *state, 252 struct sk_buff *skb, 253 const struct nla_policy *pt, 254 int nestattr) 255 { 256 int estimate = netlink_policy_dump_attr_size_estimate(pt); 257 enum netlink_attribute_type type; 258 struct nlattr *attr; 259 260 attr = nla_nest_start(skb, nestattr); 261 if (!attr) 262 return -ENOBUFS; 263 264 switch (pt->type) { 265 default: 266 case NLA_UNSPEC: 267 case NLA_REJECT: 268 /* skip - use NLA_MIN_LEN to advertise such */ 269 nla_nest_cancel(skb, attr); 270 return -ENODATA; 271 case NLA_NESTED: 272 type = NL_ATTR_TYPE_NESTED; 273 fallthrough; 274 case NLA_NESTED_ARRAY: 275 if (pt->type == NLA_NESTED_ARRAY) 276 type = NL_ATTR_TYPE_NESTED_ARRAY; 277 if (state && pt->nested_policy && pt->len && 278 (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_IDX, 279 netlink_policy_dump_get_policy_idx(state, 280 pt->nested_policy, 281 pt->len)) || 282 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_MAXTYPE, 283 pt->len))) 284 goto nla_put_failure; 285 break; 286 case NLA_U8: 287 case NLA_U16: 288 case NLA_U32: 289 case NLA_U64: 290 case NLA_MSECS: { 291 struct netlink_range_validation range; 292 293 if (pt->type == NLA_U8) 294 type = NL_ATTR_TYPE_U8; 295 else if (pt->type == NLA_U16) 296 type = NL_ATTR_TYPE_U16; 297 else if (pt->type == NLA_U32) 298 type = NL_ATTR_TYPE_U32; 299 else 300 type = NL_ATTR_TYPE_U64; 301 302 if (pt->validation_type == NLA_VALIDATE_MASK) { 303 if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MASK, 304 pt->mask, 305 NL_POLICY_TYPE_ATTR_PAD)) 306 goto nla_put_failure; 307 break; 308 } 309 310 nla_get_range_unsigned(pt, &range); 311 312 if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_U, 313 range.min, NL_POLICY_TYPE_ATTR_PAD) || 314 nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_U, 315 range.max, NL_POLICY_TYPE_ATTR_PAD)) 316 goto nla_put_failure; 317 break; 318 } 319 case NLA_S8: 320 case NLA_S16: 321 case NLA_S32: 322 case NLA_S64: { 323 struct netlink_range_validation_signed range; 324 325 if (pt->type == NLA_S8) 326 type = NL_ATTR_TYPE_S8; 327 else if (pt->type == NLA_S16) 328 type = NL_ATTR_TYPE_S16; 329 else if (pt->type == NLA_S32) 330 type = NL_ATTR_TYPE_S32; 331 else 332 type = NL_ATTR_TYPE_S64; 333 334 nla_get_range_signed(pt, &range); 335 336 if (nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_S, 337 range.min, NL_POLICY_TYPE_ATTR_PAD) || 338 nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_S, 339 range.max, NL_POLICY_TYPE_ATTR_PAD)) 340 goto nla_put_failure; 341 break; 342 } 343 case NLA_BITFIELD32: 344 type = NL_ATTR_TYPE_BITFIELD32; 345 if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_BITFIELD32_MASK, 346 pt->bitfield32_valid)) 347 goto nla_put_failure; 348 break; 349 case NLA_STRING: 350 case NLA_NUL_STRING: 351 case NLA_BINARY: 352 if (pt->type == NLA_STRING) 353 type = NL_ATTR_TYPE_STRING; 354 else if (pt->type == NLA_NUL_STRING) 355 type = NL_ATTR_TYPE_NUL_STRING; 356 else 357 type = NL_ATTR_TYPE_BINARY; 358 359 if (pt->validation_type == NLA_VALIDATE_RANGE || 360 pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG) { 361 struct netlink_range_validation range; 362 363 nla_get_range_unsigned(pt, &range); 364 365 if (range.min && 366 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MIN_LENGTH, 367 range.min)) 368 goto nla_put_failure; 369 370 if (range.max < U16_MAX && 371 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH, 372 range.max)) 373 goto nla_put_failure; 374 } else if (pt->len && 375 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH, 376 pt->len)) { 377 goto nla_put_failure; 378 } 379 break; 380 case NLA_FLAG: 381 type = NL_ATTR_TYPE_FLAG; 382 break; 383 } 384 385 if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_TYPE, type)) 386 goto nla_put_failure; 387 388 nla_nest_end(skb, attr); 389 WARN_ON(attr->nla_len > estimate); 390 391 return 0; 392 nla_put_failure: 393 nla_nest_cancel(skb, attr); 394 return -ENOBUFS; 395 } 396 397 /** 398 * netlink_policy_dump_write_attr - write a given attribute policy 399 * @skb: the message skb to write to 400 * @pt: the attribute's policy 401 * @nestattr: the nested attribute ID to use 402 * 403 * Returns: 0 on success, an error code otherwise; -%ENODATA is 404 * special, indicating that there's no policy data and 405 * the attribute is generally rejected. 406 */ 407 int netlink_policy_dump_write_attr(struct sk_buff *skb, 408 const struct nla_policy *pt, 409 int nestattr) 410 { 411 return __netlink_policy_dump_write_attr(NULL, skb, pt, nestattr); 412 } 413 414 /** 415 * netlink_policy_dump_write - write current policy dump attributes 416 * @skb: the message skb to write to 417 * @state: the policy dump state 418 * 419 * Returns: 0 on success, an error code otherwise 420 */ 421 int netlink_policy_dump_write(struct sk_buff *skb, 422 struct netlink_policy_dump_state *state) 423 { 424 const struct nla_policy *pt; 425 struct nlattr *policy; 426 bool again; 427 int err; 428 429 send_attribute: 430 again = false; 431 432 pt = &state->policies[state->policy_idx].policy[state->attr_idx]; 433 434 policy = nla_nest_start(skb, state->policy_idx); 435 if (!policy) 436 return -ENOBUFS; 437 438 err = __netlink_policy_dump_write_attr(state, skb, pt, state->attr_idx); 439 if (err == -ENODATA) { 440 nla_nest_cancel(skb, policy); 441 again = true; 442 goto next; 443 } else if (err) { 444 goto nla_put_failure; 445 } 446 447 /* finish and move state to next attribute */ 448 nla_nest_end(skb, policy); 449 450 next: 451 state->attr_idx += 1; 452 if (state->attr_idx > state->policies[state->policy_idx].maxtype) { 453 state->attr_idx = 0; 454 state->policy_idx++; 455 } 456 457 if (again) { 458 if (netlink_policy_dump_finished(state)) 459 return -ENODATA; 460 goto send_attribute; 461 } 462 463 return 0; 464 465 nla_put_failure: 466 nla_nest_cancel(skb, policy); 467 return -ENOBUFS; 468 } 469 470 /** 471 * netlink_policy_dump_free - free policy dump state 472 * @state: the policy dump state to free 473 * 474 * Call this from the done() method to ensure dump state is freed. 475 */ 476 void netlink_policy_dump_free(struct netlink_policy_dump_state *state) 477 { 478 kfree(state); 479 } 480