• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * NETLINK      Netlink attributes
3  *
4  * 		Authors:	Thomas Graf <tgraf@suug.ch>
5  * 				Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
6  */
7 
8 #include <linux/export.h>
9 #include <linux/kernel.h>
10 #include <linux/errno.h>
11 #include <linux/jiffies.h>
12 #include <linux/skbuff.h>
13 #include <linux/string.h>
14 #include <linux/types.h>
15 #include <net/netlink.h>
16 
17 static const u16 nla_attr_minlen[NLA_TYPE_MAX+1] = {
18 	[NLA_U8]	= sizeof(u8),
19 	[NLA_U16]	= sizeof(u16),
20 	[NLA_U32]	= sizeof(u32),
21 	[NLA_U64]	= sizeof(u64),
22 	[NLA_MSECS]	= sizeof(u64),
23 	[NLA_NESTED]	= NLA_HDRLEN,
24 	[NLA_S8]	= sizeof(s8),
25 	[NLA_S16]	= sizeof(s16),
26 	[NLA_S32]	= sizeof(s32),
27 	[NLA_S64]	= sizeof(s64),
28 };
29 
validate_nla(const struct nlattr * nla,int maxtype,const struct nla_policy * policy)30 static int validate_nla(const struct nlattr *nla, int maxtype,
31 			const struct nla_policy *policy)
32 {
33 	const struct nla_policy *pt;
34 	int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla);
35 
36 	if (type <= 0 || type > maxtype)
37 		return 0;
38 
39 	pt = &policy[type];
40 
41 	BUG_ON(pt->type > NLA_TYPE_MAX);
42 
43 	switch (pt->type) {
44 	case NLA_FLAG:
45 		if (attrlen > 0)
46 			return -ERANGE;
47 		break;
48 
49 	case NLA_NUL_STRING:
50 		if (pt->len)
51 			minlen = min_t(int, attrlen, pt->len + 1);
52 		else
53 			minlen = attrlen;
54 
55 		if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL)
56 			return -EINVAL;
57 		/* fall through */
58 
59 	case NLA_STRING:
60 		if (attrlen < 1)
61 			return -ERANGE;
62 
63 		if (pt->len) {
64 			char *buf = nla_data(nla);
65 
66 			if (buf[attrlen - 1] == '\0')
67 				attrlen--;
68 
69 			if (attrlen > pt->len)
70 				return -ERANGE;
71 		}
72 		break;
73 
74 	case NLA_BINARY:
75 		if (pt->len && attrlen > pt->len)
76 			return -ERANGE;
77 		break;
78 
79 	case NLA_NESTED_COMPAT:
80 		if (attrlen < pt->len)
81 			return -ERANGE;
82 		if (attrlen < NLA_ALIGN(pt->len))
83 			break;
84 		if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN)
85 			return -ERANGE;
86 		nla = nla_data(nla) + NLA_ALIGN(pt->len);
87 		if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN + nla_len(nla))
88 			return -ERANGE;
89 		break;
90 	case NLA_NESTED:
91 		/* a nested attributes is allowed to be empty; if its not,
92 		 * it must have a size of at least NLA_HDRLEN.
93 		 */
94 		if (attrlen == 0)
95 			break;
96 	default:
97 		if (pt->len)
98 			minlen = pt->len;
99 		else if (pt->type != NLA_UNSPEC)
100 			minlen = nla_attr_minlen[pt->type];
101 
102 		if (attrlen < minlen)
103 			return -ERANGE;
104 	}
105 
106 	return 0;
107 }
108 
109 /**
110  * nla_validate - Validate a stream of attributes
111  * @head: head of attribute stream
112  * @len: length of attribute stream
113  * @maxtype: maximum attribute type to be expected
114  * @policy: validation policy
115  *
116  * Validates all attributes in the specified attribute stream against the
117  * specified policy. Attributes with a type exceeding maxtype will be
118  * ignored. See documenation of struct nla_policy for more details.
119  *
120  * Returns 0 on success or a negative error code.
121  */
nla_validate(const struct nlattr * head,int len,int maxtype,const struct nla_policy * policy)122 int nla_validate(const struct nlattr *head, int len, int maxtype,
123 		 const struct nla_policy *policy)
124 {
125 	const struct nlattr *nla;
126 	int rem, err;
127 
128 	nla_for_each_attr(nla, head, len, rem) {
129 		err = validate_nla(nla, maxtype, policy);
130 		if (err < 0)
131 			goto errout;
132 	}
133 
134 	err = 0;
135 errout:
136 	return err;
137 }
138 EXPORT_SYMBOL(nla_validate);
139 
140 /**
141  * nla_policy_len - Determin the max. length of a policy
142  * @policy: policy to use
143  * @n: number of policies
144  *
145  * Determines the max. length of the policy.  It is currently used
146  * to allocated Netlink buffers roughly the size of the actual
147  * message.
148  *
149  * Returns 0 on success or a negative error code.
150  */
151 int
nla_policy_len(const struct nla_policy * p,int n)152 nla_policy_len(const struct nla_policy *p, int n)
153 {
154 	int i, len = 0;
155 
156 	for (i = 0; i < n; i++, p++) {
157 		if (p->len)
158 			len += nla_total_size(p->len);
159 		else if (nla_attr_minlen[p->type])
160 			len += nla_total_size(nla_attr_minlen[p->type]);
161 	}
162 
163 	return len;
164 }
165 EXPORT_SYMBOL(nla_policy_len);
166 
167 /**
168  * nla_parse - Parse a stream of attributes into a tb buffer
169  * @tb: destination array with maxtype+1 elements
170  * @maxtype: maximum attribute type to be expected
171  * @head: head of attribute stream
172  * @len: length of attribute stream
173  * @policy: validation policy
174  *
175  * Parses a stream of attributes and stores a pointer to each attribute in
176  * the tb array accessible via the attribute type. Attributes with a type
177  * exceeding maxtype will be silently ignored for backwards compatibility
178  * reasons. policy may be set to NULL if no validation is required.
179  *
180  * Returns 0 on success or a negative error code.
181  */
nla_parse(struct nlattr ** tb,int maxtype,const struct nlattr * head,int len,const struct nla_policy * policy)182 int nla_parse(struct nlattr **tb, int maxtype, const struct nlattr *head,
183 	      int len, const struct nla_policy *policy)
184 {
185 	const struct nlattr *nla;
186 	int rem, err;
187 
188 	memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1));
189 
190 	nla_for_each_attr(nla, head, len, rem) {
191 		u16 type = nla_type(nla);
192 
193 		if (type > 0 && type <= maxtype) {
194 			if (policy) {
195 				err = validate_nla(nla, maxtype, policy);
196 				if (err < 0)
197 					goto errout;
198 			}
199 
200 			tb[type] = (struct nlattr *)nla;
201 		}
202 	}
203 
204 	if (unlikely(rem > 0))
205 		pr_warn_ratelimited("netlink: %d bytes leftover after parsing attributes in process `%s'.\n",
206 				    rem, current->comm);
207 
208 	err = 0;
209 errout:
210 	return err;
211 }
212 EXPORT_SYMBOL(nla_parse);
213 
214 /**
215  * nla_find - Find a specific attribute in a stream of attributes
216  * @head: head of attribute stream
217  * @len: length of attribute stream
218  * @attrtype: type of attribute to look for
219  *
220  * Returns the first attribute in the stream matching the specified type.
221  */
nla_find(const struct nlattr * head,int len,int attrtype)222 struct nlattr *nla_find(const struct nlattr *head, int len, int attrtype)
223 {
224 	const struct nlattr *nla;
225 	int rem;
226 
227 	nla_for_each_attr(nla, head, len, rem)
228 		if (nla_type(nla) == attrtype)
229 			return (struct nlattr *)nla;
230 
231 	return NULL;
232 }
233 EXPORT_SYMBOL(nla_find);
234 
235 /**
236  * nla_strlcpy - Copy string attribute payload into a sized buffer
237  * @dst: where to copy the string to
238  * @nla: attribute to copy the string from
239  * @dstsize: size of destination buffer
240  *
241  * Copies at most dstsize - 1 bytes into the destination buffer.
242  * The result is always a valid NUL-terminated string. Unlike
243  * strlcpy the destination buffer is always padded out.
244  *
245  * Returns the length of the source buffer.
246  */
nla_strlcpy(char * dst,const struct nlattr * nla,size_t dstsize)247 size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize)
248 {
249 	size_t srclen = nla_len(nla);
250 	char *src = nla_data(nla);
251 
252 	if (srclen > 0 && src[srclen - 1] == '\0')
253 		srclen--;
254 
255 	if (dstsize > 0) {
256 		size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen;
257 
258 		memset(dst, 0, dstsize);
259 		memcpy(dst, src, len);
260 	}
261 
262 	return srclen;
263 }
264 EXPORT_SYMBOL(nla_strlcpy);
265 
266 /**
267  * nla_memcpy - Copy a netlink attribute into another memory area
268  * @dest: where to copy to memcpy
269  * @src: netlink attribute to copy from
270  * @count: size of the destination area
271  *
272  * Note: The number of bytes copied is limited by the length of
273  *       attribute's payload. memcpy
274  *
275  * Returns the number of bytes copied.
276  */
nla_memcpy(void * dest,const struct nlattr * src,int count)277 int nla_memcpy(void *dest, const struct nlattr *src, int count)
278 {
279 	int minlen = min_t(int, count, nla_len(src));
280 
281 	memcpy(dest, nla_data(src), minlen);
282 	if (count > minlen)
283 		memset(dest + minlen, 0, count - minlen);
284 
285 	return minlen;
286 }
287 EXPORT_SYMBOL(nla_memcpy);
288 
289 /**
290  * nla_memcmp - Compare an attribute with sized memory area
291  * @nla: netlink attribute
292  * @data: memory area
293  * @size: size of memory area
294  */
nla_memcmp(const struct nlattr * nla,const void * data,size_t size)295 int nla_memcmp(const struct nlattr *nla, const void *data,
296 			     size_t size)
297 {
298 	int d = nla_len(nla) - size;
299 
300 	if (d == 0)
301 		d = memcmp(nla_data(nla), data, size);
302 
303 	return d;
304 }
305 EXPORT_SYMBOL(nla_memcmp);
306 
307 /**
308  * nla_strcmp - Compare a string attribute against a string
309  * @nla: netlink string attribute
310  * @str: another string
311  */
nla_strcmp(const struct nlattr * nla,const char * str)312 int nla_strcmp(const struct nlattr *nla, const char *str)
313 {
314 	int len = strlen(str);
315 	char *buf = nla_data(nla);
316 	int attrlen = nla_len(nla);
317 	int d;
318 
319 	if (attrlen > 0 && buf[attrlen - 1] == '\0')
320 		attrlen--;
321 
322 	d = attrlen - len;
323 	if (d == 0)
324 		d = memcmp(nla_data(nla), str, len);
325 
326 	return d;
327 }
328 EXPORT_SYMBOL(nla_strcmp);
329 
330 #ifdef CONFIG_NET
331 /**
332  * __nla_reserve - reserve room for attribute on the skb
333  * @skb: socket buffer to reserve room on
334  * @attrtype: attribute type
335  * @attrlen: length of attribute payload
336  *
337  * Adds a netlink attribute header to a socket buffer and reserves
338  * room for the payload but does not copy it.
339  *
340  * The caller is responsible to ensure that the skb provides enough
341  * tailroom for the attribute header and payload.
342  */
__nla_reserve(struct sk_buff * skb,int attrtype,int attrlen)343 struct nlattr *__nla_reserve(struct sk_buff *skb, int attrtype, int attrlen)
344 {
345 	struct nlattr *nla;
346 
347 	nla = (struct nlattr *) skb_put(skb, nla_total_size(attrlen));
348 	nla->nla_type = attrtype;
349 	nla->nla_len = nla_attr_size(attrlen);
350 
351 	memset((unsigned char *) nla + nla->nla_len, 0, nla_padlen(attrlen));
352 
353 	return nla;
354 }
355 EXPORT_SYMBOL(__nla_reserve);
356 
357 /**
358  * __nla_reserve_nohdr - reserve room for attribute without header
359  * @skb: socket buffer to reserve room on
360  * @attrlen: length of attribute payload
361  *
362  * Reserves room for attribute payload without a header.
363  *
364  * The caller is responsible to ensure that the skb provides enough
365  * tailroom for the payload.
366  */
__nla_reserve_nohdr(struct sk_buff * skb,int attrlen)367 void *__nla_reserve_nohdr(struct sk_buff *skb, int attrlen)
368 {
369 	void *start;
370 
371 	start = skb_put(skb, NLA_ALIGN(attrlen));
372 	memset(start, 0, NLA_ALIGN(attrlen));
373 
374 	return start;
375 }
376 EXPORT_SYMBOL(__nla_reserve_nohdr);
377 
378 /**
379  * nla_reserve - reserve room for attribute on the skb
380  * @skb: socket buffer to reserve room on
381  * @attrtype: attribute type
382  * @attrlen: length of attribute payload
383  *
384  * Adds a netlink attribute header to a socket buffer and reserves
385  * room for the payload but does not copy it.
386  *
387  * Returns NULL if the tailroom of the skb is insufficient to store
388  * the attribute header and payload.
389  */
nla_reserve(struct sk_buff * skb,int attrtype,int attrlen)390 struct nlattr *nla_reserve(struct sk_buff *skb, int attrtype, int attrlen)
391 {
392 	if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen)))
393 		return NULL;
394 
395 	return __nla_reserve(skb, attrtype, attrlen);
396 }
397 EXPORT_SYMBOL(nla_reserve);
398 
399 /**
400  * nla_reserve_nohdr - reserve room for attribute without header
401  * @skb: socket buffer to reserve room on
402  * @attrlen: length of attribute payload
403  *
404  * Reserves room for attribute payload without a header.
405  *
406  * Returns NULL if the tailroom of the skb is insufficient to store
407  * the attribute payload.
408  */
nla_reserve_nohdr(struct sk_buff * skb,int attrlen)409 void *nla_reserve_nohdr(struct sk_buff *skb, int attrlen)
410 {
411 	if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
412 		return NULL;
413 
414 	return __nla_reserve_nohdr(skb, attrlen);
415 }
416 EXPORT_SYMBOL(nla_reserve_nohdr);
417 
418 /**
419  * __nla_put - Add a netlink attribute to a socket buffer
420  * @skb: socket buffer to add attribute to
421  * @attrtype: attribute type
422  * @attrlen: length of attribute payload
423  * @data: head of attribute payload
424  *
425  * The caller is responsible to ensure that the skb provides enough
426  * tailroom for the attribute header and payload.
427  */
__nla_put(struct sk_buff * skb,int attrtype,int attrlen,const void * data)428 void __nla_put(struct sk_buff *skb, int attrtype, int attrlen,
429 			     const void *data)
430 {
431 	struct nlattr *nla;
432 
433 	nla = __nla_reserve(skb, attrtype, attrlen);
434 	memcpy(nla_data(nla), data, attrlen);
435 }
436 EXPORT_SYMBOL(__nla_put);
437 
438 /**
439  * __nla_put_nohdr - Add a netlink attribute without header
440  * @skb: socket buffer to add attribute to
441  * @attrlen: length of attribute payload
442  * @data: head of attribute payload
443  *
444  * The caller is responsible to ensure that the skb provides enough
445  * tailroom for the attribute payload.
446  */
__nla_put_nohdr(struct sk_buff * skb,int attrlen,const void * data)447 void __nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
448 {
449 	void *start;
450 
451 	start = __nla_reserve_nohdr(skb, attrlen);
452 	memcpy(start, data, attrlen);
453 }
454 EXPORT_SYMBOL(__nla_put_nohdr);
455 
456 /**
457  * nla_put - Add a netlink attribute to a socket buffer
458  * @skb: socket buffer to add attribute to
459  * @attrtype: attribute type
460  * @attrlen: length of attribute payload
461  * @data: head of attribute payload
462  *
463  * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
464  * the attribute header and payload.
465  */
nla_put(struct sk_buff * skb,int attrtype,int attrlen,const void * data)466 int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data)
467 {
468 	if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen)))
469 		return -EMSGSIZE;
470 
471 	__nla_put(skb, attrtype, attrlen, data);
472 	return 0;
473 }
474 EXPORT_SYMBOL(nla_put);
475 
476 /**
477  * nla_put_nohdr - Add a netlink attribute without header
478  * @skb: socket buffer to add attribute to
479  * @attrlen: length of attribute payload
480  * @data: head of attribute payload
481  *
482  * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
483  * the attribute payload.
484  */
nla_put_nohdr(struct sk_buff * skb,int attrlen,const void * data)485 int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
486 {
487 	if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
488 		return -EMSGSIZE;
489 
490 	__nla_put_nohdr(skb, attrlen, data);
491 	return 0;
492 }
493 EXPORT_SYMBOL(nla_put_nohdr);
494 
495 /**
496  * nla_append - Add a netlink attribute without header or padding
497  * @skb: socket buffer to add attribute to
498  * @attrlen: length of attribute payload
499  * @data: head of attribute payload
500  *
501  * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
502  * the attribute payload.
503  */
nla_append(struct sk_buff * skb,int attrlen,const void * data)504 int nla_append(struct sk_buff *skb, int attrlen, const void *data)
505 {
506 	if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
507 		return -EMSGSIZE;
508 
509 	memcpy(skb_put(skb, attrlen), data, attrlen);
510 	return 0;
511 }
512 EXPORT_SYMBOL(nla_append);
513 #endif
514