Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
bfa83a9e TG |
2 | /* |
3 | * NETLINK Netlink attributes | |
4 | * | |
5 | * Authors: Thomas Graf <tgraf@suug.ch> | |
6 | * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> | |
7 | */ | |
8 | ||
8bc3bcc9 | 9 | #include <linux/export.h> |
bfa83a9e TG |
10 | #include <linux/kernel.h> |
11 | #include <linux/errno.h> | |
12 | #include <linux/jiffies.h> | |
bfa83a9e TG |
13 | #include <linux/skbuff.h> |
14 | #include <linux/string.h> | |
15 | #include <linux/types.h> | |
16 | #include <net/netlink.h> | |
17 | ||
6e237d09 DA |
18 | /* For these data types, attribute length should be exactly the given |
19 | * size. However, to maintain compatibility with broken commands, if the | |
20 | * attribute length does not match the expected size a warning is emitted | |
21 | * to the user that the command is sending invalid data and needs to be fixed. | |
22 | */ | |
28033ae4 | 23 | static const u8 nla_attr_len[NLA_TYPE_MAX+1] = { |
bfa83a9e TG |
24 | [NLA_U8] = sizeof(u8), |
25 | [NLA_U16] = sizeof(u16), | |
26 | [NLA_U32] = sizeof(u32), | |
27 | [NLA_U64] = sizeof(u64), | |
9eca2eb9 JA |
28 | [NLA_S8] = sizeof(s8), |
29 | [NLA_S16] = sizeof(s16), | |
30 | [NLA_S32] = sizeof(s32), | |
31 | [NLA_S64] = sizeof(s64), | |
bfa83a9e TG |
32 | }; |
33 | ||
28033ae4 | 34 | static const u8 nla_attr_minlen[NLA_TYPE_MAX+1] = { |
6e237d09 DA |
35 | [NLA_U8] = sizeof(u8), |
36 | [NLA_U16] = sizeof(u16), | |
37 | [NLA_U32] = sizeof(u32), | |
38 | [NLA_U64] = sizeof(u64), | |
28033ae4 DA |
39 | [NLA_MSECS] = sizeof(u64), |
40 | [NLA_NESTED] = NLA_HDRLEN, | |
6e237d09 DA |
41 | [NLA_S8] = sizeof(s8), |
42 | [NLA_S16] = sizeof(s16), | |
43 | [NLA_S32] = sizeof(s32), | |
44 | [NLA_S64] = sizeof(s64), | |
28033ae4 DA |
45 | }; |
46 | ||
7690aa1c JB |
47 | /* |
48 | * Nested policies might refer back to the original | |
49 | * policy in some cases, and userspace could try to | |
50 | * abuse that and recurse by nesting in the right | |
51 | * ways. Limit recursion to avoid this problem. | |
52 | */ | |
53 | #define MAX_POLICY_RECURSION_DEPTH 10 | |
54 | ||
55 | static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype, | |
56 | const struct nla_policy *policy, | |
57 | unsigned int validate, | |
58 | struct netlink_ext_ack *extack, | |
59 | struct nlattr **tb, unsigned int depth); | |
60 | ||
64c83d83 | 61 | static int validate_nla_bitfield32(const struct nlattr *nla, |
47a1494b | 62 | const u32 valid_flags_mask) |
64c83d83 JHS |
63 | { |
64 | const struct nla_bitfield32 *bf = nla_data(nla); | |
64c83d83 | 65 | |
48fde90a | 66 | if (!valid_flags_mask) |
64c83d83 JHS |
67 | return -EINVAL; |
68 | ||
69 | /*disallow invalid bit selector */ | |
47a1494b | 70 | if (bf->selector & ~valid_flags_mask) |
64c83d83 JHS |
71 | return -EINVAL; |
72 | ||
73 | /*disallow invalid bit values */ | |
47a1494b | 74 | if (bf->value & ~valid_flags_mask) |
64c83d83 JHS |
75 | return -EINVAL; |
76 | ||
77 | /*disallow valid bit values that are not selected*/ | |
78 | if (bf->value & ~bf->selector) | |
79 | return -EINVAL; | |
80 | ||
81 | return 0; | |
82 | } | |
83 | ||
1501d135 JB |
84 | static int nla_validate_array(const struct nlattr *head, int len, int maxtype, |
85 | const struct nla_policy *policy, | |
8cb08174 | 86 | struct netlink_ext_ack *extack, |
7690aa1c | 87 | unsigned int validate, unsigned int depth) |
1501d135 JB |
88 | { |
89 | const struct nlattr *entry; | |
90 | int rem; | |
91 | ||
92 | nla_for_each_attr(entry, head, len, rem) { | |
93 | int ret; | |
94 | ||
95 | if (nla_len(entry) == 0) | |
96 | continue; | |
97 | ||
98 | if (nla_len(entry) < NLA_HDRLEN) { | |
99 | NL_SET_ERR_MSG_ATTR(extack, entry, | |
100 | "Array element too short"); | |
101 | return -ERANGE; | |
102 | } | |
103 | ||
7690aa1c JB |
104 | ret = __nla_validate_parse(nla_data(entry), nla_len(entry), |
105 | maxtype, policy, validate, extack, | |
106 | NULL, depth + 1); | |
1501d135 JB |
107 | if (ret < 0) |
108 | return ret; | |
109 | } | |
110 | ||
111 | return 0; | |
112 | } | |
113 | ||
2c28ae48 JB |
114 | void nla_get_range_unsigned(const struct nla_policy *pt, |
115 | struct netlink_range_validation *range) | |
3e48be05 | 116 | { |
d06a09b9 JB |
117 | WARN_ON_ONCE(pt->validation_type != NLA_VALIDATE_RANGE_PTR && |
118 | (pt->min < 0 || pt->max < 0)); | |
119 | ||
2c28ae48 JB |
120 | range->min = 0; |
121 | ||
122 | switch (pt->type) { | |
123 | case NLA_U8: | |
124 | range->max = U8_MAX; | |
125 | break; | |
126 | case NLA_U16: | |
8aa26c57 | 127 | case NLA_BINARY: |
2c28ae48 JB |
128 | range->max = U16_MAX; |
129 | break; | |
130 | case NLA_U32: | |
131 | range->max = U32_MAX; | |
132 | break; | |
133 | case NLA_U64: | |
134 | case NLA_MSECS: | |
135 | range->max = U64_MAX; | |
136 | break; | |
137 | default: | |
138 | WARN_ON_ONCE(1); | |
139 | return; | |
140 | } | |
141 | ||
d06a09b9 JB |
142 | switch (pt->validation_type) { |
143 | case NLA_VALIDATE_RANGE: | |
8aa26c57 | 144 | case NLA_VALIDATE_RANGE_WARN_TOO_LONG: |
d06a09b9 JB |
145 | range->min = pt->min; |
146 | range->max = pt->max; | |
147 | break; | |
148 | case NLA_VALIDATE_RANGE_PTR: | |
2c28ae48 | 149 | *range = *pt->range; |
d06a09b9 JB |
150 | break; |
151 | case NLA_VALIDATE_MIN: | |
152 | range->min = pt->min; | |
153 | break; | |
154 | case NLA_VALIDATE_MAX: | |
155 | range->max = pt->max; | |
156 | break; | |
2c28ae48 JB |
157 | default: |
158 | break; | |
d06a09b9 | 159 | } |
2c28ae48 JB |
160 | } |
161 | ||
8aa26c57 JB |
162 | static int nla_validate_range_unsigned(const struct nla_policy *pt, |
163 | const struct nlattr *nla, | |
164 | struct netlink_ext_ack *extack, | |
165 | unsigned int validate) | |
2c28ae48 JB |
166 | { |
167 | struct netlink_range_validation range; | |
168 | u64 value; | |
3e48be05 JB |
169 | |
170 | switch (pt->type) { | |
171 | case NLA_U8: | |
172 | value = nla_get_u8(nla); | |
173 | break; | |
174 | case NLA_U16: | |
175 | value = nla_get_u16(nla); | |
176 | break; | |
177 | case NLA_U32: | |
178 | value = nla_get_u32(nla); | |
179 | break; | |
d06a09b9 | 180 | case NLA_U64: |
da4063bd | 181 | case NLA_MSECS: |
d06a09b9 JB |
182 | value = nla_get_u64(nla); |
183 | break; | |
8aa26c57 JB |
184 | case NLA_BINARY: |
185 | value = nla_len(nla); | |
186 | break; | |
d06a09b9 JB |
187 | default: |
188 | return -EINVAL; | |
189 | } | |
190 | ||
2c28ae48 JB |
191 | nla_get_range_unsigned(pt, &range); |
192 | ||
8aa26c57 JB |
193 | if (pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG && |
194 | pt->type == NLA_BINARY && value > range.max) { | |
195 | pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n", | |
196 | current->comm, pt->type); | |
197 | if (validate & NL_VALIDATE_STRICT_ATTRS) { | |
198 | NL_SET_ERR_MSG_ATTR(extack, nla, | |
199 | "invalid attribute length"); | |
200 | return -EINVAL; | |
201 | } | |
202 | ||
203 | /* this assumes min <= max (don't validate against min) */ | |
204 | return 0; | |
205 | } | |
206 | ||
2c28ae48 | 207 | if (value < range.min || value > range.max) { |
8aa26c57 JB |
208 | bool binary = pt->type == NLA_BINARY; |
209 | ||
210 | if (binary) | |
211 | NL_SET_ERR_MSG_ATTR(extack, nla, | |
212 | "binary attribute size out of range"); | |
213 | else | |
214 | NL_SET_ERR_MSG_ATTR(extack, nla, | |
215 | "integer out of range"); | |
216 | ||
d06a09b9 JB |
217 | return -ERANGE; |
218 | } | |
219 | ||
220 | return 0; | |
221 | } | |
222 | ||
2c28ae48 JB |
223 | void nla_get_range_signed(const struct nla_policy *pt, |
224 | struct netlink_range_validation_signed *range) | |
d06a09b9 | 225 | { |
2c28ae48 JB |
226 | switch (pt->type) { |
227 | case NLA_S8: | |
228 | range->min = S8_MIN; | |
229 | range->max = S8_MAX; | |
230 | break; | |
231 | case NLA_S16: | |
232 | range->min = S16_MIN; | |
233 | range->max = S16_MAX; | |
234 | break; | |
235 | case NLA_S32: | |
236 | range->min = S32_MIN; | |
237 | range->max = S32_MAX; | |
238 | break; | |
239 | case NLA_S64: | |
240 | range->min = S64_MIN; | |
241 | range->max = S64_MAX; | |
242 | break; | |
243 | default: | |
244 | WARN_ON_ONCE(1); | |
245 | return; | |
246 | } | |
d06a09b9 JB |
247 | |
248 | switch (pt->validation_type) { | |
249 | case NLA_VALIDATE_RANGE: | |
250 | range->min = pt->min; | |
251 | range->max = pt->max; | |
252 | break; | |
253 | case NLA_VALIDATE_RANGE_PTR: | |
2c28ae48 | 254 | *range = *pt->range_signed; |
d06a09b9 JB |
255 | break; |
256 | case NLA_VALIDATE_MIN: | |
257 | range->min = pt->min; | |
258 | break; | |
259 | case NLA_VALIDATE_MAX: | |
260 | range->max = pt->max; | |
261 | break; | |
2c28ae48 JB |
262 | default: |
263 | break; | |
d06a09b9 | 264 | } |
2c28ae48 JB |
265 | } |
266 | ||
267 | static int nla_validate_int_range_signed(const struct nla_policy *pt, | |
268 | const struct nlattr *nla, | |
269 | struct netlink_ext_ack *extack) | |
270 | { | |
271 | struct netlink_range_validation_signed range; | |
272 | s64 value; | |
d06a09b9 JB |
273 | |
274 | switch (pt->type) { | |
3e48be05 JB |
275 | case NLA_S8: |
276 | value = nla_get_s8(nla); | |
277 | break; | |
278 | case NLA_S16: | |
279 | value = nla_get_s16(nla); | |
280 | break; | |
281 | case NLA_S32: | |
282 | value = nla_get_s32(nla); | |
283 | break; | |
284 | case NLA_S64: | |
285 | value = nla_get_s64(nla); | |
286 | break; | |
3e48be05 | 287 | default: |
3e48be05 JB |
288 | return -EINVAL; |
289 | } | |
290 | ||
2c28ae48 JB |
291 | nla_get_range_signed(pt, &range); |
292 | ||
293 | if (value < range.min || value > range.max) { | |
3e48be05 JB |
294 | NL_SET_ERR_MSG_ATTR(extack, nla, |
295 | "integer out of range"); | |
296 | return -ERANGE; | |
297 | } | |
298 | ||
299 | return 0; | |
300 | } | |
301 | ||
d06a09b9 JB |
302 | static int nla_validate_int_range(const struct nla_policy *pt, |
303 | const struct nlattr *nla, | |
8aa26c57 JB |
304 | struct netlink_ext_ack *extack, |
305 | unsigned int validate) | |
d06a09b9 JB |
306 | { |
307 | switch (pt->type) { | |
308 | case NLA_U8: | |
309 | case NLA_U16: | |
310 | case NLA_U32: | |
311 | case NLA_U64: | |
da4063bd | 312 | case NLA_MSECS: |
8aa26c57 JB |
313 | case NLA_BINARY: |
314 | return nla_validate_range_unsigned(pt, nla, extack, validate); | |
d06a09b9 JB |
315 | case NLA_S8: |
316 | case NLA_S16: | |
317 | case NLA_S32: | |
318 | case NLA_S64: | |
319 | return nla_validate_int_range_signed(pt, nla, extack); | |
320 | default: | |
321 | WARN_ON(1); | |
322 | return -EINVAL; | |
323 | } | |
324 | } | |
325 | ||
3654654f | 326 | static int validate_nla(const struct nlattr *nla, int maxtype, |
8cb08174 | 327 | const struct nla_policy *policy, unsigned int validate, |
7690aa1c | 328 | struct netlink_ext_ack *extack, unsigned int depth) |
bfa83a9e | 329 | { |
56738f46 | 330 | u16 strict_start_type = policy[0].strict_start_type; |
ef7c79ed | 331 | const struct nla_policy *pt; |
8f4c1f9b | 332 | int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla); |
c29f1845 | 333 | int err = -ERANGE; |
bfa83a9e | 334 | |
56738f46 JB |
335 | if (strict_start_type && type >= strict_start_type) |
336 | validate |= NL_VALIDATE_STRICT; | |
337 | ||
8f4c1f9b | 338 | if (type <= 0 || type > maxtype) |
bfa83a9e TG |
339 | return 0; |
340 | ||
8f4c1f9b | 341 | pt = &policy[type]; |
bfa83a9e TG |
342 | |
343 | BUG_ON(pt->type > NLA_TYPE_MAX); | |
344 | ||
8aa26c57 | 345 | if (nla_attr_len[pt->type] && attrlen != nla_attr_len[pt->type]) { |
6e237d09 DA |
346 | pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n", |
347 | current->comm, type); | |
8cb08174 JB |
348 | if (validate & NL_VALIDATE_STRICT_ATTRS) { |
349 | NL_SET_ERR_MSG_ATTR(extack, nla, | |
350 | "invalid attribute length"); | |
351 | return -EINVAL; | |
352 | } | |
28033ae4 DA |
353 | } |
354 | ||
b424e432 MK |
355 | if (validate & NL_VALIDATE_NESTED) { |
356 | if ((pt->type == NLA_NESTED || pt->type == NLA_NESTED_ARRAY) && | |
357 | !(nla->nla_type & NLA_F_NESTED)) { | |
358 | NL_SET_ERR_MSG_ATTR(extack, nla, | |
359 | "NLA_F_NESTED is missing"); | |
360 | return -EINVAL; | |
361 | } | |
362 | if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY && | |
363 | pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) { | |
364 | NL_SET_ERR_MSG_ATTR(extack, nla, | |
365 | "NLA_F_NESTED not expected"); | |
366 | return -EINVAL; | |
367 | } | |
368 | } | |
369 | ||
a5531a5d | 370 | switch (pt->type) { |
568b742a | 371 | case NLA_REJECT: |
47a1494b | 372 | if (extack && pt->reject_message) { |
c29f1845 | 373 | NL_SET_BAD_ATTR(extack, nla); |
47a1494b | 374 | extack->_msg = pt->reject_message; |
c29f1845 JB |
375 | return -EINVAL; |
376 | } | |
377 | err = -EINVAL; | |
378 | goto out_err; | |
568b742a | 379 | |
a5531a5d TG |
380 | case NLA_FLAG: |
381 | if (attrlen > 0) | |
c29f1845 | 382 | goto out_err; |
a5531a5d | 383 | break; |
bfa83a9e | 384 | |
64c83d83 JHS |
385 | case NLA_BITFIELD32: |
386 | if (attrlen != sizeof(struct nla_bitfield32)) | |
c29f1845 | 387 | goto out_err; |
64c83d83 | 388 | |
47a1494b | 389 | err = validate_nla_bitfield32(nla, pt->bitfield32_valid); |
c29f1845 JB |
390 | if (err) |
391 | goto out_err; | |
392 | break; | |
64c83d83 | 393 | |
a5531a5d TG |
394 | case NLA_NUL_STRING: |
395 | if (pt->len) | |
396 | minlen = min_t(int, attrlen, pt->len + 1); | |
397 | else | |
398 | minlen = attrlen; | |
bfa83a9e | 399 | |
c29f1845 JB |
400 | if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL) { |
401 | err = -EINVAL; | |
402 | goto out_err; | |
403 | } | |
a5531a5d TG |
404 | /* fall through */ |
405 | ||
406 | case NLA_STRING: | |
407 | if (attrlen < 1) | |
c29f1845 | 408 | goto out_err; |
a5531a5d TG |
409 | |
410 | if (pt->len) { | |
411 | char *buf = nla_data(nla); | |
412 | ||
413 | if (buf[attrlen - 1] == '\0') | |
414 | attrlen--; | |
415 | ||
416 | if (attrlen > pt->len) | |
c29f1845 | 417 | goto out_err; |
a5531a5d TG |
418 | } |
419 | break; | |
420 | ||
d30045a0 JB |
421 | case NLA_BINARY: |
422 | if (pt->len && attrlen > pt->len) | |
c29f1845 | 423 | goto out_err; |
d30045a0 JB |
424 | break; |
425 | ||
ea5693cc PM |
426 | case NLA_NESTED: |
427 | /* a nested attributes is allowed to be empty; if its not, | |
428 | * it must have a size of at least NLA_HDRLEN. | |
429 | */ | |
430 | if (attrlen == 0) | |
431 | break; | |
9a659a35 JB |
432 | if (attrlen < NLA_HDRLEN) |
433 | goto out_err; | |
47a1494b | 434 | if (pt->nested_policy) { |
7690aa1c JB |
435 | err = __nla_validate_parse(nla_data(nla), nla_len(nla), |
436 | pt->len, pt->nested_policy, | |
437 | validate, extack, NULL, | |
438 | depth + 1); | |
9a659a35 JB |
439 | if (err < 0) { |
440 | /* | |
441 | * return directly to preserve the inner | |
442 | * error message/attribute pointer | |
443 | */ | |
444 | return err; | |
445 | } | |
446 | } | |
447 | break; | |
1501d135 JB |
448 | case NLA_NESTED_ARRAY: |
449 | /* a nested array attribute is allowed to be empty; if its not, | |
450 | * it must have a size of at least NLA_HDRLEN. | |
451 | */ | |
452 | if (attrlen == 0) | |
453 | break; | |
454 | if (attrlen < NLA_HDRLEN) | |
455 | goto out_err; | |
47a1494b | 456 | if (pt->nested_policy) { |
1501d135 JB |
457 | int err; |
458 | ||
459 | err = nla_validate_array(nla_data(nla), nla_len(nla), | |
47a1494b | 460 | pt->len, pt->nested_policy, |
7690aa1c | 461 | extack, validate, depth); |
1501d135 JB |
462 | if (err < 0) { |
463 | /* | |
464 | * return directly to preserve the inner | |
465 | * error message/attribute pointer | |
466 | */ | |
467 | return err; | |
468 | } | |
469 | } | |
470 | break; | |
6f455f5f JB |
471 | |
472 | case NLA_UNSPEC: | |
8cb08174 JB |
473 | if (validate & NL_VALIDATE_UNSPEC) { |
474 | NL_SET_ERR_MSG_ATTR(extack, nla, | |
475 | "Unsupported attribute"); | |
476 | return -EINVAL; | |
477 | } | |
6f455f5f JB |
478 | if (attrlen < pt->len) |
479 | goto out_err; | |
480 | break; | |
481 | ||
a5531a5d TG |
482 | default: |
483 | if (pt->len) | |
484 | minlen = pt->len; | |
6f455f5f | 485 | else |
a5531a5d TG |
486 | minlen = nla_attr_minlen[pt->type]; |
487 | ||
488 | if (attrlen < minlen) | |
c29f1845 | 489 | goto out_err; |
a5531a5d | 490 | } |
bfa83a9e | 491 | |
3e48be05 JB |
492 | /* further validation */ |
493 | switch (pt->validation_type) { | |
494 | case NLA_VALIDATE_NONE: | |
495 | /* nothing to do */ | |
496 | break; | |
d06a09b9 | 497 | case NLA_VALIDATE_RANGE_PTR: |
3e48be05 | 498 | case NLA_VALIDATE_RANGE: |
8aa26c57 | 499 | case NLA_VALIDATE_RANGE_WARN_TOO_LONG: |
3e48be05 JB |
500 | case NLA_VALIDATE_MIN: |
501 | case NLA_VALIDATE_MAX: | |
8aa26c57 | 502 | err = nla_validate_int_range(pt, nla, extack, validate); |
3e48be05 JB |
503 | if (err) |
504 | return err; | |
505 | break; | |
33188bd6 JB |
506 | case NLA_VALIDATE_FUNCTION: |
507 | if (pt->validate) { | |
508 | err = pt->validate(nla, extack); | |
509 | if (err) | |
510 | return err; | |
511 | } | |
512 | break; | |
3e48be05 JB |
513 | } |
514 | ||
bfa83a9e | 515 | return 0; |
c29f1845 JB |
516 | out_err: |
517 | NL_SET_ERR_MSG_ATTR(extack, nla, "Attribute failed policy validation"); | |
518 | return err; | |
bfa83a9e TG |
519 | } |
520 | ||
8cb08174 JB |
521 | static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype, |
522 | const struct nla_policy *policy, | |
523 | unsigned int validate, | |
524 | struct netlink_ext_ack *extack, | |
7690aa1c | 525 | struct nlattr **tb, unsigned int depth) |
8cb08174 JB |
526 | { |
527 | const struct nlattr *nla; | |
528 | int rem; | |
529 | ||
7690aa1c JB |
530 | if (depth >= MAX_POLICY_RECURSION_DEPTH) { |
531 | NL_SET_ERR_MSG(extack, | |
532 | "allowed policy recursion depth exceeded"); | |
533 | return -EINVAL; | |
534 | } | |
535 | ||
8cb08174 JB |
536 | if (tb) |
537 | memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1)); | |
538 | ||
539 | nla_for_each_attr(nla, head, len, rem) { | |
540 | u16 type = nla_type(nla); | |
541 | ||
542 | if (type == 0 || type > maxtype) { | |
543 | if (validate & NL_VALIDATE_MAXTYPE) { | |
d54a16b2 MK |
544 | NL_SET_ERR_MSG_ATTR(extack, nla, |
545 | "Unknown attribute type"); | |
8cb08174 JB |
546 | return -EINVAL; |
547 | } | |
548 | continue; | |
549 | } | |
550 | if (policy) { | |
551 | int err = validate_nla(nla, maxtype, policy, | |
7690aa1c | 552 | validate, extack, depth); |
8cb08174 JB |
553 | |
554 | if (err < 0) | |
555 | return err; | |
556 | } | |
557 | ||
558 | if (tb) | |
559 | tb[type] = (struct nlattr *)nla; | |
560 | } | |
561 | ||
562 | if (unlikely(rem > 0)) { | |
563 | pr_warn_ratelimited("netlink: %d bytes leftover after parsing attributes in process `%s'.\n", | |
564 | rem, current->comm); | |
565 | NL_SET_ERR_MSG(extack, "bytes leftover after parsing attributes"); | |
566 | if (validate & NL_VALIDATE_TRAILING) | |
567 | return -EINVAL; | |
568 | } | |
569 | ||
570 | return 0; | |
571 | } | |
572 | ||
bfa83a9e | 573 | /** |
8cb08174 | 574 | * __nla_validate - Validate a stream of attributes |
bfa83a9e TG |
575 | * @head: head of attribute stream |
576 | * @len: length of attribute stream | |
577 | * @maxtype: maximum attribute type to be expected | |
578 | * @policy: validation policy | |
8cb08174 | 579 | * @validate: validation strictness |
fceb6435 | 580 | * @extack: extended ACK report struct |
bfa83a9e TG |
581 | * |
582 | * Validates all attributes in the specified attribute stream against the | |
8cb08174 JB |
583 | * specified policy. Validation depends on the validate flags passed, see |
584 | * &enum netlink_validation for more details on that. | |
585 | * See documenation of struct nla_policy for more details. | |
bfa83a9e TG |
586 | * |
587 | * Returns 0 on success or a negative error code. | |
588 | */ | |
8cb08174 JB |
589 | int __nla_validate(const struct nlattr *head, int len, int maxtype, |
590 | const struct nla_policy *policy, unsigned int validate, | |
591 | struct netlink_ext_ack *extack) | |
bfa83a9e | 592 | { |
8cb08174 | 593 | return __nla_validate_parse(head, len, maxtype, policy, validate, |
7690aa1c | 594 | extack, NULL, 0); |
bfa83a9e | 595 | } |
8cb08174 | 596 | EXPORT_SYMBOL(__nla_validate); |
bfa83a9e | 597 | |
e487eb99 HE |
598 | /** |
599 | * nla_policy_len - Determin the max. length of a policy | |
600 | * @policy: policy to use | |
601 | * @n: number of policies | |
602 | * | |
603 | * Determines the max. length of the policy. It is currently used | |
604 | * to allocated Netlink buffers roughly the size of the actual | |
605 | * message. | |
606 | * | |
607 | * Returns 0 on success or a negative error code. | |
608 | */ | |
609 | int | |
610 | nla_policy_len(const struct nla_policy *p, int n) | |
611 | { | |
612 | int i, len = 0; | |
613 | ||
e3fa3aff | 614 | for (i = 0; i < n; i++, p++) { |
e487eb99 HE |
615 | if (p->len) |
616 | len += nla_total_size(p->len); | |
28033ae4 DA |
617 | else if (nla_attr_len[p->type]) |
618 | len += nla_total_size(nla_attr_len[p->type]); | |
e487eb99 HE |
619 | else if (nla_attr_minlen[p->type]) |
620 | len += nla_total_size(nla_attr_minlen[p->type]); | |
621 | } | |
622 | ||
623 | return len; | |
624 | } | |
6d6a138f | 625 | EXPORT_SYMBOL(nla_policy_len); |
e487eb99 | 626 | |
bfa83a9e | 627 | /** |
8cb08174 | 628 | * __nla_parse - Parse a stream of attributes into a tb buffer |
bfa83a9e TG |
629 | * @tb: destination array with maxtype+1 elements |
630 | * @maxtype: maximum attribute type to be expected | |
631 | * @head: head of attribute stream | |
632 | * @len: length of attribute stream | |
10b595af | 633 | * @policy: validation policy |
8cb08174 JB |
634 | * @validate: validation strictness |
635 | * @extack: extended ACK pointer | |
bfa83a9e TG |
636 | * |
637 | * Parses a stream of attributes and stores a pointer to each attribute in | |
8cb08174 JB |
638 | * the tb array accessible via the attribute type. |
639 | * Validation is controlled by the @validate parameter. | |
bfa83a9e TG |
640 | * |
641 | * Returns 0 on success or a negative error code. | |
642 | */ | |
8cb08174 JB |
643 | int __nla_parse(struct nlattr **tb, int maxtype, |
644 | const struct nlattr *head, int len, | |
645 | const struct nla_policy *policy, unsigned int validate, | |
646 | struct netlink_ext_ack *extack) | |
a5f6cba2 | 647 | { |
8cb08174 | 648 | return __nla_validate_parse(head, len, maxtype, policy, validate, |
7690aa1c | 649 | extack, tb, 0); |
a5f6cba2 | 650 | } |
8cb08174 | 651 | EXPORT_SYMBOL(__nla_parse); |
a5f6cba2 | 652 | |
bfa83a9e TG |
653 | /** |
654 | * nla_find - Find a specific attribute in a stream of attributes | |
655 | * @head: head of attribute stream | |
656 | * @len: length of attribute stream | |
657 | * @attrtype: type of attribute to look for | |
658 | * | |
659 | * Returns the first attribute in the stream matching the specified type. | |
660 | */ | |
3654654f | 661 | struct nlattr *nla_find(const struct nlattr *head, int len, int attrtype) |
bfa83a9e | 662 | { |
3654654f | 663 | const struct nlattr *nla; |
bfa83a9e TG |
664 | int rem; |
665 | ||
666 | nla_for_each_attr(nla, head, len, rem) | |
8f4c1f9b | 667 | if (nla_type(nla) == attrtype) |
3654654f | 668 | return (struct nlattr *)nla; |
bfa83a9e TG |
669 | |
670 | return NULL; | |
671 | } | |
6d6a138f | 672 | EXPORT_SYMBOL(nla_find); |
bfa83a9e TG |
673 | |
674 | /** | |
675 | * nla_strlcpy - Copy string attribute payload into a sized buffer | |
676 | * @dst: where to copy the string to | |
10b595af | 677 | * @nla: attribute to copy the string from |
bfa83a9e TG |
678 | * @dstsize: size of destination buffer |
679 | * | |
680 | * Copies at most dstsize - 1 bytes into the destination buffer. | |
681 | * The result is always a valid NUL-terminated string. Unlike | |
682 | * strlcpy the destination buffer is always padded out. | |
683 | * | |
684 | * Returns the length of the source buffer. | |
685 | */ | |
686 | size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize) | |
687 | { | |
688 | size_t srclen = nla_len(nla); | |
689 | char *src = nla_data(nla); | |
690 | ||
691 | if (srclen > 0 && src[srclen - 1] == '\0') | |
692 | srclen--; | |
693 | ||
694 | if (dstsize > 0) { | |
695 | size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen; | |
696 | ||
697 | memset(dst, 0, dstsize); | |
698 | memcpy(dst, src, len); | |
699 | } | |
700 | ||
701 | return srclen; | |
702 | } | |
6d6a138f | 703 | EXPORT_SYMBOL(nla_strlcpy); |
bfa83a9e | 704 | |
2cf0c8b3 PS |
705 | /** |
706 | * nla_strdup - Copy string attribute payload into a newly allocated buffer | |
707 | * @nla: attribute to copy the string from | |
708 | * @flags: the type of memory to allocate (see kmalloc). | |
709 | * | |
710 | * Returns a pointer to the allocated buffer or NULL on error. | |
711 | */ | |
712 | char *nla_strdup(const struct nlattr *nla, gfp_t flags) | |
713 | { | |
714 | size_t srclen = nla_len(nla); | |
715 | char *src = nla_data(nla), *dst; | |
716 | ||
717 | if (srclen > 0 && src[srclen - 1] == '\0') | |
718 | srclen--; | |
719 | ||
720 | dst = kmalloc(srclen + 1, flags); | |
721 | if (dst != NULL) { | |
722 | memcpy(dst, src, srclen); | |
723 | dst[srclen] = '\0'; | |
724 | } | |
725 | return dst; | |
726 | } | |
727 | EXPORT_SYMBOL(nla_strdup); | |
728 | ||
bfa83a9e TG |
729 | /** |
730 | * nla_memcpy - Copy a netlink attribute into another memory area | |
731 | * @dest: where to copy to memcpy | |
732 | * @src: netlink attribute to copy from | |
733 | * @count: size of the destination area | |
734 | * | |
735 | * Note: The number of bytes copied is limited by the length of | |
736 | * attribute's payload. memcpy | |
737 | * | |
738 | * Returns the number of bytes copied. | |
739 | */ | |
b057efd4 | 740 | int nla_memcpy(void *dest, const struct nlattr *src, int count) |
bfa83a9e TG |
741 | { |
742 | int minlen = min_t(int, count, nla_len(src)); | |
743 | ||
744 | memcpy(dest, nla_data(src), minlen); | |
5899f047 JB |
745 | if (count > minlen) |
746 | memset(dest + minlen, 0, count - minlen); | |
bfa83a9e TG |
747 | |
748 | return minlen; | |
749 | } | |
6d6a138f | 750 | EXPORT_SYMBOL(nla_memcpy); |
bfa83a9e TG |
751 | |
752 | /** | |
753 | * nla_memcmp - Compare an attribute with sized memory area | |
754 | * @nla: netlink attribute | |
755 | * @data: memory area | |
756 | * @size: size of memory area | |
757 | */ | |
758 | int nla_memcmp(const struct nlattr *nla, const void *data, | |
759 | size_t size) | |
760 | { | |
761 | int d = nla_len(nla) - size; | |
762 | ||
763 | if (d == 0) | |
764 | d = memcmp(nla_data(nla), data, size); | |
765 | ||
766 | return d; | |
767 | } | |
6d6a138f | 768 | EXPORT_SYMBOL(nla_memcmp); |
bfa83a9e TG |
769 | |
770 | /** | |
771 | * nla_strcmp - Compare a string attribute against a string | |
772 | * @nla: netlink string attribute | |
773 | * @str: another string | |
774 | */ | |
775 | int nla_strcmp(const struct nlattr *nla, const char *str) | |
776 | { | |
8b7b9324 PN |
777 | int len = strlen(str); |
778 | char *buf = nla_data(nla); | |
779 | int attrlen = nla_len(nla); | |
780 | int d; | |
bfa83a9e | 781 | |
8b7b9324 PN |
782 | if (attrlen > 0 && buf[attrlen - 1] == '\0') |
783 | attrlen--; | |
784 | ||
785 | d = attrlen - len; | |
bfa83a9e TG |
786 | if (d == 0) |
787 | d = memcmp(nla_data(nla), str, len); | |
788 | ||
789 | return d; | |
790 | } | |
6d6a138f | 791 | EXPORT_SYMBOL(nla_strcmp); |
bfa83a9e | 792 | |
90800216 | 793 | #ifdef CONFIG_NET |
bfa83a9e TG |
794 | /** |
795 | * __nla_reserve - reserve room for attribute on the skb | |
796 | * @skb: socket buffer to reserve room on | |
797 | * @attrtype: attribute type | |
798 | * @attrlen: length of attribute payload | |
799 | * | |
800 | * Adds a netlink attribute header to a socket buffer and reserves | |
801 | * room for the payload but does not copy it. | |
802 | * | |
803 | * The caller is responsible to ensure that the skb provides enough | |
804 | * tailroom for the attribute header and payload. | |
805 | */ | |
806 | struct nlattr *__nla_reserve(struct sk_buff *skb, int attrtype, int attrlen) | |
807 | { | |
808 | struct nlattr *nla; | |
809 | ||
4df864c1 | 810 | nla = skb_put(skb, nla_total_size(attrlen)); |
bfa83a9e TG |
811 | nla->nla_type = attrtype; |
812 | nla->nla_len = nla_attr_size(attrlen); | |
813 | ||
814 | memset((unsigned char *) nla + nla->nla_len, 0, nla_padlen(attrlen)); | |
815 | ||
816 | return nla; | |
817 | } | |
90800216 | 818 | EXPORT_SYMBOL(__nla_reserve); |
bfa83a9e | 819 | |
089bf1a6 ND |
820 | /** |
821 | * __nla_reserve_64bit - reserve room for attribute on the skb and align it | |
822 | * @skb: socket buffer to reserve room on | |
823 | * @attrtype: attribute type | |
824 | * @attrlen: length of attribute payload | |
11a99573 | 825 | * @padattr: attribute type for the padding |
089bf1a6 ND |
826 | * |
827 | * Adds a netlink attribute header to a socket buffer and reserves | |
828 | * room for the payload but does not copy it. It also ensure that this | |
11a99573 | 829 | * attribute will have a 64-bit aligned nla_data() area. |
089bf1a6 ND |
830 | * |
831 | * The caller is responsible to ensure that the skb provides enough | |
832 | * tailroom for the attribute header and payload. | |
833 | */ | |
834 | struct nlattr *__nla_reserve_64bit(struct sk_buff *skb, int attrtype, | |
835 | int attrlen, int padattr) | |
836 | { | |
4718a471 | 837 | nla_align_64bit(skb, padattr); |
089bf1a6 ND |
838 | |
839 | return __nla_reserve(skb, attrtype, attrlen); | |
840 | } | |
841 | EXPORT_SYMBOL(__nla_reserve_64bit); | |
842 | ||
fe4944e5 TG |
843 | /** |
844 | * __nla_reserve_nohdr - reserve room for attribute without header | |
845 | * @skb: socket buffer to reserve room on | |
846 | * @attrlen: length of attribute payload | |
847 | * | |
848 | * Reserves room for attribute payload without a header. | |
849 | * | |
850 | * The caller is responsible to ensure that the skb provides enough | |
851 | * tailroom for the payload. | |
852 | */ | |
853 | void *__nla_reserve_nohdr(struct sk_buff *skb, int attrlen) | |
854 | { | |
b952f4df | 855 | return skb_put_zero(skb, NLA_ALIGN(attrlen)); |
fe4944e5 | 856 | } |
90800216 | 857 | EXPORT_SYMBOL(__nla_reserve_nohdr); |
fe4944e5 | 858 | |
bfa83a9e TG |
859 | /** |
860 | * nla_reserve - reserve room for attribute on the skb | |
861 | * @skb: socket buffer to reserve room on | |
862 | * @attrtype: attribute type | |
863 | * @attrlen: length of attribute payload | |
864 | * | |
865 | * Adds a netlink attribute header to a socket buffer and reserves | |
866 | * room for the payload but does not copy it. | |
867 | * | |
868 | * Returns NULL if the tailroom of the skb is insufficient to store | |
869 | * the attribute header and payload. | |
870 | */ | |
871 | struct nlattr *nla_reserve(struct sk_buff *skb, int attrtype, int attrlen) | |
872 | { | |
873 | if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) | |
874 | return NULL; | |
875 | ||
876 | return __nla_reserve(skb, attrtype, attrlen); | |
877 | } | |
90800216 | 878 | EXPORT_SYMBOL(nla_reserve); |
bfa83a9e | 879 | |
089bf1a6 ND |
880 | /** |
881 | * nla_reserve_64bit - reserve room for attribute on the skb and align it | |
882 | * @skb: socket buffer to reserve room on | |
883 | * @attrtype: attribute type | |
884 | * @attrlen: length of attribute payload | |
11a99573 | 885 | * @padattr: attribute type for the padding |
089bf1a6 ND |
886 | * |
887 | * Adds a netlink attribute header to a socket buffer and reserves | |
888 | * room for the payload but does not copy it. It also ensure that this | |
11a99573 | 889 | * attribute will have a 64-bit aligned nla_data() area. |
089bf1a6 ND |
890 | * |
891 | * Returns NULL if the tailroom of the skb is insufficient to store | |
892 | * the attribute header and payload. | |
893 | */ | |
894 | struct nlattr *nla_reserve_64bit(struct sk_buff *skb, int attrtype, int attrlen, | |
895 | int padattr) | |
896 | { | |
897 | size_t len; | |
898 | ||
899 | if (nla_need_padding_for_64bit(skb)) | |
900 | len = nla_total_size_64bit(attrlen); | |
901 | else | |
902 | len = nla_total_size(attrlen); | |
903 | if (unlikely(skb_tailroom(skb) < len)) | |
904 | return NULL; | |
905 | ||
906 | return __nla_reserve_64bit(skb, attrtype, attrlen, padattr); | |
907 | } | |
908 | EXPORT_SYMBOL(nla_reserve_64bit); | |
909 | ||
fe4944e5 | 910 | /** |
10b595af | 911 | * nla_reserve_nohdr - reserve room for attribute without header |
fe4944e5 | 912 | * @skb: socket buffer to reserve room on |
10b595af | 913 | * @attrlen: length of attribute payload |
fe4944e5 TG |
914 | * |
915 | * Reserves room for attribute payload without a header. | |
916 | * | |
917 | * Returns NULL if the tailroom of the skb is insufficient to store | |
918 | * the attribute payload. | |
919 | */ | |
920 | void *nla_reserve_nohdr(struct sk_buff *skb, int attrlen) | |
921 | { | |
922 | if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) | |
923 | return NULL; | |
924 | ||
925 | return __nla_reserve_nohdr(skb, attrlen); | |
926 | } | |
90800216 | 927 | EXPORT_SYMBOL(nla_reserve_nohdr); |
fe4944e5 | 928 | |
bfa83a9e TG |
929 | /** |
930 | * __nla_put - Add a netlink attribute to a socket buffer | |
931 | * @skb: socket buffer to add attribute to | |
932 | * @attrtype: attribute type | |
933 | * @attrlen: length of attribute payload | |
934 | * @data: head of attribute payload | |
935 | * | |
936 | * The caller is responsible to ensure that the skb provides enough | |
937 | * tailroom for the attribute header and payload. | |
938 | */ | |
939 | void __nla_put(struct sk_buff *skb, int attrtype, int attrlen, | |
940 | const void *data) | |
941 | { | |
942 | struct nlattr *nla; | |
943 | ||
944 | nla = __nla_reserve(skb, attrtype, attrlen); | |
945 | memcpy(nla_data(nla), data, attrlen); | |
946 | } | |
90800216 | 947 | EXPORT_SYMBOL(__nla_put); |
bfa83a9e | 948 | |
089bf1a6 ND |
949 | /** |
950 | * __nla_put_64bit - Add a netlink attribute to a socket buffer and align it | |
951 | * @skb: socket buffer to add attribute to | |
952 | * @attrtype: attribute type | |
953 | * @attrlen: length of attribute payload | |
954 | * @data: head of attribute payload | |
11a99573 | 955 | * @padattr: attribute type for the padding |
089bf1a6 ND |
956 | * |
957 | * The caller is responsible to ensure that the skb provides enough | |
958 | * tailroom for the attribute header and payload. | |
959 | */ | |
960 | void __nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen, | |
961 | const void *data, int padattr) | |
962 | { | |
963 | struct nlattr *nla; | |
964 | ||
965 | nla = __nla_reserve_64bit(skb, attrtype, attrlen, padattr); | |
966 | memcpy(nla_data(nla), data, attrlen); | |
967 | } | |
968 | EXPORT_SYMBOL(__nla_put_64bit); | |
969 | ||
fe4944e5 TG |
970 | /** |
971 | * __nla_put_nohdr - Add a netlink attribute without header | |
972 | * @skb: socket buffer to add attribute to | |
973 | * @attrlen: length of attribute payload | |
974 | * @data: head of attribute payload | |
975 | * | |
976 | * The caller is responsible to ensure that the skb provides enough | |
977 | * tailroom for the attribute payload. | |
978 | */ | |
979 | void __nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) | |
980 | { | |
981 | void *start; | |
982 | ||
983 | start = __nla_reserve_nohdr(skb, attrlen); | |
984 | memcpy(start, data, attrlen); | |
985 | } | |
90800216 | 986 | EXPORT_SYMBOL(__nla_put_nohdr); |
bfa83a9e TG |
987 | |
988 | /** | |
989 | * nla_put - Add a netlink attribute to a socket buffer | |
990 | * @skb: socket buffer to add attribute to | |
991 | * @attrtype: attribute type | |
992 | * @attrlen: length of attribute payload | |
993 | * @data: head of attribute payload | |
994 | * | |
bc3ed28c | 995 | * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store |
bfa83a9e TG |
996 | * the attribute header and payload. |
997 | */ | |
998 | int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data) | |
999 | { | |
1000 | if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) | |
bc3ed28c | 1001 | return -EMSGSIZE; |
bfa83a9e TG |
1002 | |
1003 | __nla_put(skb, attrtype, attrlen, data); | |
1004 | return 0; | |
1005 | } | |
90800216 | 1006 | EXPORT_SYMBOL(nla_put); |
bfa83a9e | 1007 | |
089bf1a6 ND |
1008 | /** |
1009 | * nla_put_64bit - Add a netlink attribute to a socket buffer and align it | |
1010 | * @skb: socket buffer to add attribute to | |
1011 | * @attrtype: attribute type | |
1012 | * @attrlen: length of attribute payload | |
1013 | * @data: head of attribute payload | |
11a99573 | 1014 | * @padattr: attribute type for the padding |
089bf1a6 ND |
1015 | * |
1016 | * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store | |
1017 | * the attribute header and payload. | |
1018 | */ | |
1019 | int nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen, | |
1020 | const void *data, int padattr) | |
1021 | { | |
1022 | size_t len; | |
1023 | ||
1024 | if (nla_need_padding_for_64bit(skb)) | |
1025 | len = nla_total_size_64bit(attrlen); | |
1026 | else | |
1027 | len = nla_total_size(attrlen); | |
1028 | if (unlikely(skb_tailroom(skb) < len)) | |
1029 | return -EMSGSIZE; | |
1030 | ||
1031 | __nla_put_64bit(skb, attrtype, attrlen, data, padattr); | |
1032 | return 0; | |
1033 | } | |
1034 | EXPORT_SYMBOL(nla_put_64bit); | |
1035 | ||
fe4944e5 TG |
1036 | /** |
1037 | * nla_put_nohdr - Add a netlink attribute without header | |
1038 | * @skb: socket buffer to add attribute to | |
1039 | * @attrlen: length of attribute payload | |
1040 | * @data: head of attribute payload | |
1041 | * | |
bc3ed28c | 1042 | * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store |
fe4944e5 TG |
1043 | * the attribute payload. |
1044 | */ | |
1045 | int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) | |
1046 | { | |
1047 | if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) | |
bc3ed28c | 1048 | return -EMSGSIZE; |
fe4944e5 TG |
1049 | |
1050 | __nla_put_nohdr(skb, attrlen, data); | |
1051 | return 0; | |
1052 | } | |
90800216 | 1053 | EXPORT_SYMBOL(nla_put_nohdr); |
bfa83a9e | 1054 | |
01480e1c PM |
1055 | /** |
1056 | * nla_append - Add a netlink attribute without header or padding | |
1057 | * @skb: socket buffer to add attribute to | |
1058 | * @attrlen: length of attribute payload | |
1059 | * @data: head of attribute payload | |
1060 | * | |
bc3ed28c | 1061 | * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store |
01480e1c PM |
1062 | * the attribute payload. |
1063 | */ | |
1064 | int nla_append(struct sk_buff *skb, int attrlen, const void *data) | |
1065 | { | |
1066 | if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) | |
bc3ed28c | 1067 | return -EMSGSIZE; |
01480e1c | 1068 | |
59ae1d12 | 1069 | skb_put_data(skb, data, attrlen); |
01480e1c PM |
1070 | return 0; |
1071 | } | |
90800216 HX |
1072 | EXPORT_SYMBOL(nla_append); |
1073 | #endif |