1 /*
2 * NETLINK Netlink attributes
3 *
4 * Authors: Thomas Graf <tgraf@suug.ch>
5 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
6 */
7
8 #include <linux/export.h>
9 #include <linux/kernel.h>
10 #include <linux/errno.h>
11 #include <linux/jiffies.h>
12 #include <linux/skbuff.h>
13 #include <linux/string.h>
14 #include <linux/types.h>
15 #include <net/netlink.h>
16
17 static const u16 nla_attr_minlen[NLA_TYPE_MAX+1] = {
18 [NLA_U8] = sizeof(u8),
19 [NLA_U16] = sizeof(u16),
20 [NLA_U32] = sizeof(u32),
21 [NLA_U64] = sizeof(u64),
22 [NLA_MSECS] = sizeof(u64),
23 [NLA_NESTED] = NLA_HDRLEN,
24 [NLA_S8] = sizeof(s8),
25 [NLA_S16] = sizeof(s16),
26 [NLA_S32] = sizeof(s32),
27 [NLA_S64] = sizeof(s64),
28 };
29
validate_nla(const struct nlattr * nla,int maxtype,const struct nla_policy * policy)30 static int validate_nla(const struct nlattr *nla, int maxtype,
31 const struct nla_policy *policy)
32 {
33 const struct nla_policy *pt;
34 int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla);
35
36 if (type <= 0 || type > maxtype)
37 return 0;
38
39 pt = &policy[type];
40
41 BUG_ON(pt->type > NLA_TYPE_MAX);
42
43 switch (pt->type) {
44 case NLA_FLAG:
45 if (attrlen > 0)
46 return -ERANGE;
47 break;
48
49 case NLA_NUL_STRING:
50 if (pt->len)
51 minlen = min_t(int, attrlen, pt->len + 1);
52 else
53 minlen = attrlen;
54
55 if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL)
56 return -EINVAL;
57 /* fall through */
58
59 case NLA_STRING:
60 if (attrlen < 1)
61 return -ERANGE;
62
63 if (pt->len) {
64 char *buf = nla_data(nla);
65
66 if (buf[attrlen - 1] == '\0')
67 attrlen--;
68
69 if (attrlen > pt->len)
70 return -ERANGE;
71 }
72 break;
73
74 case NLA_BINARY:
75 if (pt->len && attrlen > pt->len)
76 return -ERANGE;
77 break;
78
79 case NLA_NESTED_COMPAT:
80 if (attrlen < pt->len)
81 return -ERANGE;
82 if (attrlen < NLA_ALIGN(pt->len))
83 break;
84 if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN)
85 return -ERANGE;
86 nla = nla_data(nla) + NLA_ALIGN(pt->len);
87 if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN + nla_len(nla))
88 return -ERANGE;
89 break;
90 case NLA_NESTED:
91 /* a nested attributes is allowed to be empty; if its not,
92 * it must have a size of at least NLA_HDRLEN.
93 */
94 if (attrlen == 0)
95 break;
96 default:
97 if (pt->len)
98 minlen = pt->len;
99 else if (pt->type != NLA_UNSPEC)
100 minlen = nla_attr_minlen[pt->type];
101
102 if (attrlen < minlen)
103 return -ERANGE;
104 }
105
106 return 0;
107 }
108
109 /**
110 * nla_validate - Validate a stream of attributes
111 * @head: head of attribute stream
112 * @len: length of attribute stream
113 * @maxtype: maximum attribute type to be expected
114 * @policy: validation policy
115 *
116 * Validates all attributes in the specified attribute stream against the
117 * specified policy. Attributes with a type exceeding maxtype will be
118 * ignored. See documenation of struct nla_policy for more details.
119 *
120 * Returns 0 on success or a negative error code.
121 */
nla_validate(const struct nlattr * head,int len,int maxtype,const struct nla_policy * policy)122 int nla_validate(const struct nlattr *head, int len, int maxtype,
123 const struct nla_policy *policy)
124 {
125 const struct nlattr *nla;
126 int rem, err;
127
128 nla_for_each_attr(nla, head, len, rem) {
129 err = validate_nla(nla, maxtype, policy);
130 if (err < 0)
131 goto errout;
132 }
133
134 err = 0;
135 errout:
136 return err;
137 }
138 EXPORT_SYMBOL(nla_validate);
139
140 /**
141 * nla_policy_len - Determin the max. length of a policy
142 * @policy: policy to use
143 * @n: number of policies
144 *
145 * Determines the max. length of the policy. It is currently used
146 * to allocated Netlink buffers roughly the size of the actual
147 * message.
148 *
149 * Returns 0 on success or a negative error code.
150 */
151 int
nla_policy_len(const struct nla_policy * p,int n)152 nla_policy_len(const struct nla_policy *p, int n)
153 {
154 int i, len = 0;
155
156 for (i = 0; i < n; i++, p++) {
157 if (p->len)
158 len += nla_total_size(p->len);
159 else if (nla_attr_minlen[p->type])
160 len += nla_total_size(nla_attr_minlen[p->type]);
161 }
162
163 return len;
164 }
165 EXPORT_SYMBOL(nla_policy_len);
166
167 /**
168 * nla_parse - Parse a stream of attributes into a tb buffer
169 * @tb: destination array with maxtype+1 elements
170 * @maxtype: maximum attribute type to be expected
171 * @head: head of attribute stream
172 * @len: length of attribute stream
173 * @policy: validation policy
174 *
175 * Parses a stream of attributes and stores a pointer to each attribute in
176 * the tb array accessible via the attribute type. Attributes with a type
177 * exceeding maxtype will be silently ignored for backwards compatibility
178 * reasons. policy may be set to NULL if no validation is required.
179 *
180 * Returns 0 on success or a negative error code.
181 */
nla_parse(struct nlattr ** tb,int maxtype,const struct nlattr * head,int len,const struct nla_policy * policy)182 int nla_parse(struct nlattr **tb, int maxtype, const struct nlattr *head,
183 int len, const struct nla_policy *policy)
184 {
185 const struct nlattr *nla;
186 int rem, err;
187
188 memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1));
189
190 nla_for_each_attr(nla, head, len, rem) {
191 u16 type = nla_type(nla);
192
193 if (type > 0 && type <= maxtype) {
194 if (policy) {
195 err = validate_nla(nla, maxtype, policy);
196 if (err < 0)
197 goto errout;
198 }
199
200 tb[type] = (struct nlattr *)nla;
201 }
202 }
203
204 if (unlikely(rem > 0))
205 pr_warn_ratelimited("netlink: %d bytes leftover after parsing attributes in process `%s'.\n",
206 rem, current->comm);
207
208 err = 0;
209 errout:
210 return err;
211 }
212 EXPORT_SYMBOL(nla_parse);
213
214 /**
215 * nla_find - Find a specific attribute in a stream of attributes
216 * @head: head of attribute stream
217 * @len: length of attribute stream
218 * @attrtype: type of attribute to look for
219 *
220 * Returns the first attribute in the stream matching the specified type.
221 */
nla_find(const struct nlattr * head,int len,int attrtype)222 struct nlattr *nla_find(const struct nlattr *head, int len, int attrtype)
223 {
224 const struct nlattr *nla;
225 int rem;
226
227 nla_for_each_attr(nla, head, len, rem)
228 if (nla_type(nla) == attrtype)
229 return (struct nlattr *)nla;
230
231 return NULL;
232 }
233 EXPORT_SYMBOL(nla_find);
234
235 /**
236 * nla_strlcpy - Copy string attribute payload into a sized buffer
237 * @dst: where to copy the string to
238 * @nla: attribute to copy the string from
239 * @dstsize: size of destination buffer
240 *
241 * Copies at most dstsize - 1 bytes into the destination buffer.
242 * The result is always a valid NUL-terminated string. Unlike
243 * strlcpy the destination buffer is always padded out.
244 *
245 * Returns the length of the source buffer.
246 */
nla_strlcpy(char * dst,const struct nlattr * nla,size_t dstsize)247 size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize)
248 {
249 size_t srclen = nla_len(nla);
250 char *src = nla_data(nla);
251
252 if (srclen > 0 && src[srclen - 1] == '\0')
253 srclen--;
254
255 if (dstsize > 0) {
256 size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen;
257
258 memset(dst, 0, dstsize);
259 memcpy(dst, src, len);
260 }
261
262 return srclen;
263 }
264 EXPORT_SYMBOL(nla_strlcpy);
265
266 /**
267 * nla_memcpy - Copy a netlink attribute into another memory area
268 * @dest: where to copy to memcpy
269 * @src: netlink attribute to copy from
270 * @count: size of the destination area
271 *
272 * Note: The number of bytes copied is limited by the length of
273 * attribute's payload. memcpy
274 *
275 * Returns the number of bytes copied.
276 */
nla_memcpy(void * dest,const struct nlattr * src,int count)277 int nla_memcpy(void *dest, const struct nlattr *src, int count)
278 {
279 int minlen = min_t(int, count, nla_len(src));
280
281 memcpy(dest, nla_data(src), minlen);
282 if (count > minlen)
283 memset(dest + minlen, 0, count - minlen);
284
285 return minlen;
286 }
287 EXPORT_SYMBOL(nla_memcpy);
288
289 /**
290 * nla_memcmp - Compare an attribute with sized memory area
291 * @nla: netlink attribute
292 * @data: memory area
293 * @size: size of memory area
294 */
nla_memcmp(const struct nlattr * nla,const void * data,size_t size)295 int nla_memcmp(const struct nlattr *nla, const void *data,
296 size_t size)
297 {
298 int d = nla_len(nla) - size;
299
300 if (d == 0)
301 d = memcmp(nla_data(nla), data, size);
302
303 return d;
304 }
305 EXPORT_SYMBOL(nla_memcmp);
306
307 /**
308 * nla_strcmp - Compare a string attribute against a string
309 * @nla: netlink string attribute
310 * @str: another string
311 */
nla_strcmp(const struct nlattr * nla,const char * str)312 int nla_strcmp(const struct nlattr *nla, const char *str)
313 {
314 int len = strlen(str);
315 char *buf = nla_data(nla);
316 int attrlen = nla_len(nla);
317 int d;
318
319 if (attrlen > 0 && buf[attrlen - 1] == '\0')
320 attrlen--;
321
322 d = attrlen - len;
323 if (d == 0)
324 d = memcmp(nla_data(nla), str, len);
325
326 return d;
327 }
328 EXPORT_SYMBOL(nla_strcmp);
329
330 #ifdef CONFIG_NET
331 /**
332 * __nla_reserve - reserve room for attribute on the skb
333 * @skb: socket buffer to reserve room on
334 * @attrtype: attribute type
335 * @attrlen: length of attribute payload
336 *
337 * Adds a netlink attribute header to a socket buffer and reserves
338 * room for the payload but does not copy it.
339 *
340 * The caller is responsible to ensure that the skb provides enough
341 * tailroom for the attribute header and payload.
342 */
__nla_reserve(struct sk_buff * skb,int attrtype,int attrlen)343 struct nlattr *__nla_reserve(struct sk_buff *skb, int attrtype, int attrlen)
344 {
345 struct nlattr *nla;
346
347 nla = (struct nlattr *) skb_put(skb, nla_total_size(attrlen));
348 nla->nla_type = attrtype;
349 nla->nla_len = nla_attr_size(attrlen);
350
351 memset((unsigned char *) nla + nla->nla_len, 0, nla_padlen(attrlen));
352
353 return nla;
354 }
355 EXPORT_SYMBOL(__nla_reserve);
356
357 /**
358 * __nla_reserve_nohdr - reserve room for attribute without header
359 * @skb: socket buffer to reserve room on
360 * @attrlen: length of attribute payload
361 *
362 * Reserves room for attribute payload without a header.
363 *
364 * The caller is responsible to ensure that the skb provides enough
365 * tailroom for the payload.
366 */
__nla_reserve_nohdr(struct sk_buff * skb,int attrlen)367 void *__nla_reserve_nohdr(struct sk_buff *skb, int attrlen)
368 {
369 void *start;
370
371 start = skb_put(skb, NLA_ALIGN(attrlen));
372 memset(start, 0, NLA_ALIGN(attrlen));
373
374 return start;
375 }
376 EXPORT_SYMBOL(__nla_reserve_nohdr);
377
378 /**
379 * nla_reserve - reserve room for attribute on the skb
380 * @skb: socket buffer to reserve room on
381 * @attrtype: attribute type
382 * @attrlen: length of attribute payload
383 *
384 * Adds a netlink attribute header to a socket buffer and reserves
385 * room for the payload but does not copy it.
386 *
387 * Returns NULL if the tailroom of the skb is insufficient to store
388 * the attribute header and payload.
389 */
nla_reserve(struct sk_buff * skb,int attrtype,int attrlen)390 struct nlattr *nla_reserve(struct sk_buff *skb, int attrtype, int attrlen)
391 {
392 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen)))
393 return NULL;
394
395 return __nla_reserve(skb, attrtype, attrlen);
396 }
397 EXPORT_SYMBOL(nla_reserve);
398
399 /**
400 * nla_reserve_nohdr - reserve room for attribute without header
401 * @skb: socket buffer to reserve room on
402 * @attrlen: length of attribute payload
403 *
404 * Reserves room for attribute payload without a header.
405 *
406 * Returns NULL if the tailroom of the skb is insufficient to store
407 * the attribute payload.
408 */
nla_reserve_nohdr(struct sk_buff * skb,int attrlen)409 void *nla_reserve_nohdr(struct sk_buff *skb, int attrlen)
410 {
411 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
412 return NULL;
413
414 return __nla_reserve_nohdr(skb, attrlen);
415 }
416 EXPORT_SYMBOL(nla_reserve_nohdr);
417
418 /**
419 * __nla_put - Add a netlink attribute to a socket buffer
420 * @skb: socket buffer to add attribute to
421 * @attrtype: attribute type
422 * @attrlen: length of attribute payload
423 * @data: head of attribute payload
424 *
425 * The caller is responsible to ensure that the skb provides enough
426 * tailroom for the attribute header and payload.
427 */
__nla_put(struct sk_buff * skb,int attrtype,int attrlen,const void * data)428 void __nla_put(struct sk_buff *skb, int attrtype, int attrlen,
429 const void *data)
430 {
431 struct nlattr *nla;
432
433 nla = __nla_reserve(skb, attrtype, attrlen);
434 memcpy(nla_data(nla), data, attrlen);
435 }
436 EXPORT_SYMBOL(__nla_put);
437
438 /**
439 * __nla_put_nohdr - Add a netlink attribute without header
440 * @skb: socket buffer to add attribute to
441 * @attrlen: length of attribute payload
442 * @data: head of attribute payload
443 *
444 * The caller is responsible to ensure that the skb provides enough
445 * tailroom for the attribute payload.
446 */
__nla_put_nohdr(struct sk_buff * skb,int attrlen,const void * data)447 void __nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
448 {
449 void *start;
450
451 start = __nla_reserve_nohdr(skb, attrlen);
452 memcpy(start, data, attrlen);
453 }
454 EXPORT_SYMBOL(__nla_put_nohdr);
455
456 /**
457 * nla_put - Add a netlink attribute to a socket buffer
458 * @skb: socket buffer to add attribute to
459 * @attrtype: attribute type
460 * @attrlen: length of attribute payload
461 * @data: head of attribute payload
462 *
463 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
464 * the attribute header and payload.
465 */
nla_put(struct sk_buff * skb,int attrtype,int attrlen,const void * data)466 int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data)
467 {
468 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen)))
469 return -EMSGSIZE;
470
471 __nla_put(skb, attrtype, attrlen, data);
472 return 0;
473 }
474 EXPORT_SYMBOL(nla_put);
475
476 /**
477 * nla_put_nohdr - Add a netlink attribute without header
478 * @skb: socket buffer to add attribute to
479 * @attrlen: length of attribute payload
480 * @data: head of attribute payload
481 *
482 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
483 * the attribute payload.
484 */
nla_put_nohdr(struct sk_buff * skb,int attrlen,const void * data)485 int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
486 {
487 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
488 return -EMSGSIZE;
489
490 __nla_put_nohdr(skb, attrlen, data);
491 return 0;
492 }
493 EXPORT_SYMBOL(nla_put_nohdr);
494
495 /**
496 * nla_append - Add a netlink attribute without header or padding
497 * @skb: socket buffer to add attribute to
498 * @attrlen: length of attribute payload
499 * @data: head of attribute payload
500 *
501 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
502 * the attribute payload.
503 */
nla_append(struct sk_buff * skb,int attrlen,const void * data)504 int nla_append(struct sk_buff *skb, int attrlen, const void *data)
505 {
506 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
507 return -EMSGSIZE;
508
509 memcpy(skb_put(skb, attrlen), data, attrlen);
510 return 0;
511 }
512 EXPORT_SYMBOL(nla_append);
513 #endif
514