1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * NETLINK      Netlink attributes
4  *
5  * 		Authors:	Thomas Graf <tgraf@suug.ch>
6  * 				Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
7  */
8 
9 #include <linux/export.h>
10 #include <linux/kernel.h>
11 #include <linux/errno.h>
12 #include <linux/jiffies.h>
13 #include <linux/nospec.h>
14 #include <linux/skbuff.h>
15 #include <linux/string.h>
16 #include <linux/types.h>
17 #include <net/netlink.h>
18 
19 /* For these data types, attribute length should be exactly the given
20  * size. However, to maintain compatibility with broken commands, if the
21  * attribute length does not match the expected size a warning is emitted
22  * to the user that the command is sending invalid data and needs to be fixed.
23  */
24 static const u8 nla_attr_len[NLA_TYPE_MAX+1] = {
25 	[NLA_U8]	= sizeof(u8),
26 	[NLA_U16]	= sizeof(u16),
27 	[NLA_U32]	= sizeof(u32),
28 	[NLA_U64]	= sizeof(u64),
29 	[NLA_S8]	= sizeof(s8),
30 	[NLA_S16]	= sizeof(s16),
31 	[NLA_S32]	= sizeof(s32),
32 	[NLA_S64]	= sizeof(s64),
33 	[NLA_BE16]	= sizeof(__be16),
34 	[NLA_BE32]	= sizeof(__be32),
35 };
36 
37 static const u8 nla_attr_minlen[NLA_TYPE_MAX+1] = {
38 	[NLA_U8]	= sizeof(u8),
39 	[NLA_U16]	= sizeof(u16),
40 	[NLA_U32]	= sizeof(u32),
41 	[NLA_U64]	= sizeof(u64),
42 	[NLA_MSECS]	= sizeof(u64),
43 	[NLA_NESTED]	= NLA_HDRLEN,
44 	[NLA_S8]	= sizeof(s8),
45 	[NLA_S16]	= sizeof(s16),
46 	[NLA_S32]	= sizeof(s32),
47 	[NLA_S64]	= sizeof(s64),
48 	[NLA_BE16]	= sizeof(__be16),
49 	[NLA_BE32]	= sizeof(__be32),
50 };
51 
52 /*
53  * Nested policies might refer back to the original
54  * policy in some cases, and userspace could try to
55  * abuse that and recurse by nesting in the right
56  * ways. Limit recursion to avoid this problem.
57  */
58 #define MAX_POLICY_RECURSION_DEPTH	10
59 
60 static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype,
61 				const struct nla_policy *policy,
62 				unsigned int validate,
63 				struct netlink_ext_ack *extack,
64 				struct nlattr **tb, unsigned int depth);
65 
validate_nla_bitfield32(const struct nlattr * nla,const u32 valid_flags_mask)66 static int validate_nla_bitfield32(const struct nlattr *nla,
67 				   const u32 valid_flags_mask)
68 {
69 	const struct nla_bitfield32 *bf = nla_data(nla);
70 
71 	if (!valid_flags_mask)
72 		return -EINVAL;
73 
74 	/*disallow invalid bit selector */
75 	if (bf->selector & ~valid_flags_mask)
76 		return -EINVAL;
77 
78 	/*disallow invalid bit values */
79 	if (bf->value & ~valid_flags_mask)
80 		return -EINVAL;
81 
82 	/*disallow valid bit values that are not selected*/
83 	if (bf->value & ~bf->selector)
84 		return -EINVAL;
85 
86 	return 0;
87 }
88 
nla_validate_array(const struct nlattr * head,int len,int maxtype,const struct nla_policy * policy,struct netlink_ext_ack * extack,unsigned int validate,unsigned int depth)89 static int nla_validate_array(const struct nlattr *head, int len, int maxtype,
90 			      const struct nla_policy *policy,
91 			      struct netlink_ext_ack *extack,
92 			      unsigned int validate, unsigned int depth)
93 {
94 	const struct nlattr *entry;
95 	int rem;
96 
97 	nla_for_each_attr(entry, head, len, rem) {
98 		int ret;
99 
100 		if (nla_len(entry) == 0)
101 			continue;
102 
103 		if (nla_len(entry) < NLA_HDRLEN) {
104 			NL_SET_ERR_MSG_ATTR_POL(extack, entry, policy,
105 						"Array element too short");
106 			return -ERANGE;
107 		}
108 
109 		ret = __nla_validate_parse(nla_data(entry), nla_len(entry),
110 					   maxtype, policy, validate, extack,
111 					   NULL, depth + 1);
112 		if (ret < 0)
113 			return ret;
114 	}
115 
116 	return 0;
117 }
118 
nla_get_range_unsigned(const struct nla_policy * pt,struct netlink_range_validation * range)119 void nla_get_range_unsigned(const struct nla_policy *pt,
120 			    struct netlink_range_validation *range)
121 {
122 	WARN_ON_ONCE(pt->validation_type != NLA_VALIDATE_RANGE_PTR &&
123 		     (pt->min < 0 || pt->max < 0));
124 
125 	range->min = 0;
126 
127 	switch (pt->type) {
128 	case NLA_U8:
129 		range->max = U8_MAX;
130 		break;
131 	case NLA_U16:
132 	case NLA_BE16:
133 	case NLA_BINARY:
134 		range->max = U16_MAX;
135 		break;
136 	case NLA_U32:
137 	case NLA_BE32:
138 		range->max = U32_MAX;
139 		break;
140 	case NLA_U64:
141 	case NLA_MSECS:
142 		range->max = U64_MAX;
143 		break;
144 	default:
145 		WARN_ON_ONCE(1);
146 		return;
147 	}
148 
149 	switch (pt->validation_type) {
150 	case NLA_VALIDATE_RANGE:
151 	case NLA_VALIDATE_RANGE_WARN_TOO_LONG:
152 		range->min = pt->min;
153 		range->max = pt->max;
154 		break;
155 	case NLA_VALIDATE_RANGE_PTR:
156 		*range = *pt->range;
157 		break;
158 	case NLA_VALIDATE_MIN:
159 		range->min = pt->min;
160 		break;
161 	case NLA_VALIDATE_MAX:
162 		range->max = pt->max;
163 		break;
164 	default:
165 		break;
166 	}
167 }
168 
nla_validate_range_unsigned(const struct nla_policy * pt,const struct nlattr * nla,struct netlink_ext_ack * extack,unsigned int validate)169 static int nla_validate_range_unsigned(const struct nla_policy *pt,
170 				       const struct nlattr *nla,
171 				       struct netlink_ext_ack *extack,
172 				       unsigned int validate)
173 {
174 	struct netlink_range_validation range;
175 	u64 value;
176 
177 	switch (pt->type) {
178 	case NLA_U8:
179 		value = nla_get_u8(nla);
180 		break;
181 	case NLA_U16:
182 		value = nla_get_u16(nla);
183 		break;
184 	case NLA_U32:
185 		value = nla_get_u32(nla);
186 		break;
187 	case NLA_U64:
188 		value = nla_get_u64(nla);
189 		break;
190 	case NLA_MSECS:
191 		value = nla_get_u64(nla);
192 		break;
193 	case NLA_BINARY:
194 		value = nla_len(nla);
195 		break;
196 	case NLA_BE16:
197 		value = ntohs(nla_get_be16(nla));
198 		break;
199 	case NLA_BE32:
200 		value = ntohl(nla_get_be32(nla));
201 		break;
202 	default:
203 		return -EINVAL;
204 	}
205 
206 	nla_get_range_unsigned(pt, &range);
207 
208 	if (pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG &&
209 	    pt->type == NLA_BINARY && value > range.max) {
210 		pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n",
211 				    current->comm, pt->type);
212 		if (validate & NL_VALIDATE_STRICT_ATTRS) {
213 			NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
214 						"invalid attribute length");
215 			return -EINVAL;
216 		}
217 
218 		/* this assumes min <= max (don't validate against min) */
219 		return 0;
220 	}
221 
222 	if (value < range.min || value > range.max) {
223 		bool binary = pt->type == NLA_BINARY;
224 
225 		if (binary)
226 			NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
227 						"binary attribute size out of range");
228 		else
229 			NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
230 						"integer out of range");
231 
232 		return -ERANGE;
233 	}
234 
235 	return 0;
236 }
237 
nla_get_range_signed(const struct nla_policy * pt,struct netlink_range_validation_signed * range)238 void nla_get_range_signed(const struct nla_policy *pt,
239 			  struct netlink_range_validation_signed *range)
240 {
241 	switch (pt->type) {
242 	case NLA_S8:
243 		range->min = S8_MIN;
244 		range->max = S8_MAX;
245 		break;
246 	case NLA_S16:
247 		range->min = S16_MIN;
248 		range->max = S16_MAX;
249 		break;
250 	case NLA_S32:
251 		range->min = S32_MIN;
252 		range->max = S32_MAX;
253 		break;
254 	case NLA_S64:
255 		range->min = S64_MIN;
256 		range->max = S64_MAX;
257 		break;
258 	default:
259 		WARN_ON_ONCE(1);
260 		return;
261 	}
262 
263 	switch (pt->validation_type) {
264 	case NLA_VALIDATE_RANGE:
265 		range->min = pt->min;
266 		range->max = pt->max;
267 		break;
268 	case NLA_VALIDATE_RANGE_PTR:
269 		*range = *pt->range_signed;
270 		break;
271 	case NLA_VALIDATE_MIN:
272 		range->min = pt->min;
273 		break;
274 	case NLA_VALIDATE_MAX:
275 		range->max = pt->max;
276 		break;
277 	default:
278 		break;
279 	}
280 }
281 
nla_validate_int_range_signed(const struct nla_policy * pt,const struct nlattr * nla,struct netlink_ext_ack * extack)282 static int nla_validate_int_range_signed(const struct nla_policy *pt,
283 					 const struct nlattr *nla,
284 					 struct netlink_ext_ack *extack)
285 {
286 	struct netlink_range_validation_signed range;
287 	s64 value;
288 
289 	switch (pt->type) {
290 	case NLA_S8:
291 		value = nla_get_s8(nla);
292 		break;
293 	case NLA_S16:
294 		value = nla_get_s16(nla);
295 		break;
296 	case NLA_S32:
297 		value = nla_get_s32(nla);
298 		break;
299 	case NLA_S64:
300 		value = nla_get_s64(nla);
301 		break;
302 	default:
303 		return -EINVAL;
304 	}
305 
306 	nla_get_range_signed(pt, &range);
307 
308 	if (value < range.min || value > range.max) {
309 		NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
310 					"integer out of range");
311 		return -ERANGE;
312 	}
313 
314 	return 0;
315 }
316 
nla_validate_int_range(const struct nla_policy * pt,const struct nlattr * nla,struct netlink_ext_ack * extack,unsigned int validate)317 static int nla_validate_int_range(const struct nla_policy *pt,
318 				  const struct nlattr *nla,
319 				  struct netlink_ext_ack *extack,
320 				  unsigned int validate)
321 {
322 	switch (pt->type) {
323 	case NLA_U8:
324 	case NLA_U16:
325 	case NLA_U32:
326 	case NLA_U64:
327 	case NLA_MSECS:
328 	case NLA_BINARY:
329 	case NLA_BE16:
330 	case NLA_BE32:
331 		return nla_validate_range_unsigned(pt, nla, extack, validate);
332 	case NLA_S8:
333 	case NLA_S16:
334 	case NLA_S32:
335 	case NLA_S64:
336 		return nla_validate_int_range_signed(pt, nla, extack);
337 	default:
338 		WARN_ON(1);
339 		return -EINVAL;
340 	}
341 }
342 
nla_validate_mask(const struct nla_policy * pt,const struct nlattr * nla,struct netlink_ext_ack * extack)343 static int nla_validate_mask(const struct nla_policy *pt,
344 			     const struct nlattr *nla,
345 			     struct netlink_ext_ack *extack)
346 {
347 	u64 value;
348 
349 	switch (pt->type) {
350 	case NLA_U8:
351 		value = nla_get_u8(nla);
352 		break;
353 	case NLA_U16:
354 		value = nla_get_u16(nla);
355 		break;
356 	case NLA_U32:
357 		value = nla_get_u32(nla);
358 		break;
359 	case NLA_U64:
360 		value = nla_get_u64(nla);
361 		break;
362 	case NLA_BE16:
363 		value = ntohs(nla_get_be16(nla));
364 		break;
365 	case NLA_BE32:
366 		value = ntohl(nla_get_be32(nla));
367 		break;
368 	default:
369 		return -EINVAL;
370 	}
371 
372 	if (value & ~(u64)pt->mask) {
373 		NL_SET_ERR_MSG_ATTR(extack, nla, "reserved bit set");
374 		return -EINVAL;
375 	}
376 
377 	return 0;
378 }
379 
validate_nla(const struct nlattr * nla,int maxtype,const struct nla_policy * policy,unsigned int validate,struct netlink_ext_ack * extack,unsigned int depth)380 static int validate_nla(const struct nlattr *nla, int maxtype,
381 			const struct nla_policy *policy, unsigned int validate,
382 			struct netlink_ext_ack *extack, unsigned int depth)
383 {
384 	u16 strict_start_type = policy[0].strict_start_type;
385 	const struct nla_policy *pt;
386 	int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla);
387 	int err = -ERANGE;
388 
389 	if (strict_start_type && type >= strict_start_type)
390 		validate |= NL_VALIDATE_STRICT;
391 
392 	if (type <= 0 || type > maxtype)
393 		return 0;
394 
395 	type = array_index_nospec(type, maxtype + 1);
396 	pt = &policy[type];
397 
398 	BUG_ON(pt->type > NLA_TYPE_MAX);
399 
400 	if (nla_attr_len[pt->type] && attrlen != nla_attr_len[pt->type]) {
401 		pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n",
402 				    current->comm, type);
403 		if (validate & NL_VALIDATE_STRICT_ATTRS) {
404 			NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
405 						"invalid attribute length");
406 			return -EINVAL;
407 		}
408 	}
409 
410 	if (validate & NL_VALIDATE_NESTED) {
411 		if ((pt->type == NLA_NESTED || pt->type == NLA_NESTED_ARRAY) &&
412 		    !(nla->nla_type & NLA_F_NESTED)) {
413 			NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
414 						"NLA_F_NESTED is missing");
415 			return -EINVAL;
416 		}
417 		if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY &&
418 		    pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) {
419 			NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
420 						"NLA_F_NESTED not expected");
421 			return -EINVAL;
422 		}
423 	}
424 
425 	switch (pt->type) {
426 	case NLA_REJECT:
427 		if (extack && pt->reject_message) {
428 			NL_SET_BAD_ATTR(extack, nla);
429 			extack->_msg = pt->reject_message;
430 			return -EINVAL;
431 		}
432 		err = -EINVAL;
433 		goto out_err;
434 
435 	case NLA_FLAG:
436 		if (attrlen > 0)
437 			goto out_err;
438 		break;
439 
440 	case NLA_BITFIELD32:
441 		if (attrlen != sizeof(struct nla_bitfield32))
442 			goto out_err;
443 
444 		err = validate_nla_bitfield32(nla, pt->bitfield32_valid);
445 		if (err)
446 			goto out_err;
447 		break;
448 
449 	case NLA_NUL_STRING:
450 		if (pt->len)
451 			minlen = min_t(int, attrlen, pt->len + 1);
452 		else
453 			minlen = attrlen;
454 
455 		if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL) {
456 			err = -EINVAL;
457 			goto out_err;
458 		}
459 		fallthrough;
460 
461 	case NLA_STRING:
462 		if (attrlen < 1)
463 			goto out_err;
464 
465 		if (pt->len) {
466 			char *buf = nla_data(nla);
467 
468 			if (buf[attrlen - 1] == '\0')
469 				attrlen--;
470 
471 			if (attrlen > pt->len)
472 				goto out_err;
473 		}
474 		break;
475 
476 	case NLA_BINARY:
477 		if (pt->len && attrlen > pt->len)
478 			goto out_err;
479 		break;
480 
481 	case NLA_NESTED:
482 		/* a nested attributes is allowed to be empty; if its not,
483 		 * it must have a size of at least NLA_HDRLEN.
484 		 */
485 		if (attrlen == 0)
486 			break;
487 		if (attrlen < NLA_HDRLEN)
488 			goto out_err;
489 		if (pt->nested_policy) {
490 			err = __nla_validate_parse(nla_data(nla), nla_len(nla),
491 						   pt->len, pt->nested_policy,
492 						   validate, extack, NULL,
493 						   depth + 1);
494 			if (err < 0) {
495 				/*
496 				 * return directly to preserve the inner
497 				 * error message/attribute pointer
498 				 */
499 				return err;
500 			}
501 		}
502 		break;
503 	case NLA_NESTED_ARRAY:
504 		/* a nested array attribute is allowed to be empty; if its not,
505 		 * it must have a size of at least NLA_HDRLEN.
506 		 */
507 		if (attrlen == 0)
508 			break;
509 		if (attrlen < NLA_HDRLEN)
510 			goto out_err;
511 		if (pt->nested_policy) {
512 			int err;
513 
514 			err = nla_validate_array(nla_data(nla), nla_len(nla),
515 						 pt->len, pt->nested_policy,
516 						 extack, validate, depth);
517 			if (err < 0) {
518 				/*
519 				 * return directly to preserve the inner
520 				 * error message/attribute pointer
521 				 */
522 				return err;
523 			}
524 		}
525 		break;
526 
527 	case NLA_UNSPEC:
528 		if (validate & NL_VALIDATE_UNSPEC) {
529 			NL_SET_ERR_MSG_ATTR(extack, nla,
530 					    "Unsupported attribute");
531 			return -EINVAL;
532 		}
533 		if (attrlen < pt->len)
534 			goto out_err;
535 		break;
536 
537 	default:
538 		if (pt->len)
539 			minlen = pt->len;
540 		else
541 			minlen = nla_attr_minlen[pt->type];
542 
543 		if (attrlen < minlen)
544 			goto out_err;
545 	}
546 
547 	/* further validation */
548 	switch (pt->validation_type) {
549 	case NLA_VALIDATE_NONE:
550 		/* nothing to do */
551 		break;
552 	case NLA_VALIDATE_RANGE_PTR:
553 	case NLA_VALIDATE_RANGE:
554 	case NLA_VALIDATE_RANGE_WARN_TOO_LONG:
555 	case NLA_VALIDATE_MIN:
556 	case NLA_VALIDATE_MAX:
557 		err = nla_validate_int_range(pt, nla, extack, validate);
558 		if (err)
559 			return err;
560 		break;
561 	case NLA_VALIDATE_MASK:
562 		err = nla_validate_mask(pt, nla, extack);
563 		if (err)
564 			return err;
565 		break;
566 	case NLA_VALIDATE_FUNCTION:
567 		if (pt->validate) {
568 			err = pt->validate(nla, extack);
569 			if (err)
570 				return err;
571 		}
572 		break;
573 	}
574 
575 	return 0;
576 out_err:
577 	NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
578 				"Attribute failed policy validation");
579 	return err;
580 }
581 
__nla_validate_parse(const struct nlattr * head,int len,int maxtype,const struct nla_policy * policy,unsigned int validate,struct netlink_ext_ack * extack,struct nlattr ** tb,unsigned int depth)582 static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype,
583 				const struct nla_policy *policy,
584 				unsigned int validate,
585 				struct netlink_ext_ack *extack,
586 				struct nlattr **tb, unsigned int depth)
587 {
588 	const struct nlattr *nla;
589 	int rem;
590 
591 	if (depth >= MAX_POLICY_RECURSION_DEPTH) {
592 		NL_SET_ERR_MSG(extack,
593 			       "allowed policy recursion depth exceeded");
594 		return -EINVAL;
595 	}
596 
597 	if (tb)
598 		memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1));
599 
600 	nla_for_each_attr(nla, head, len, rem) {
601 		u16 type = nla_type(nla);
602 
603 		if (type == 0 || type > maxtype) {
604 			if (validate & NL_VALIDATE_MAXTYPE) {
605 				NL_SET_ERR_MSG_ATTR(extack, nla,
606 						    "Unknown attribute type");
607 				return -EINVAL;
608 			}
609 			continue;
610 		}
611 		type = array_index_nospec(type, maxtype + 1);
612 		if (policy) {
613 			int err = validate_nla(nla, maxtype, policy,
614 					       validate, extack, depth);
615 
616 			if (err < 0)
617 				return err;
618 		}
619 
620 		if (tb)
621 			tb[type] = (struct nlattr *)nla;
622 	}
623 
624 	if (unlikely(rem > 0)) {
625 		pr_warn_ratelimited("netlink: %d bytes leftover after parsing attributes in process `%s'.\n",
626 				    rem, current->comm);
627 		NL_SET_ERR_MSG(extack, "bytes leftover after parsing attributes");
628 		if (validate & NL_VALIDATE_TRAILING)
629 			return -EINVAL;
630 	}
631 
632 	return 0;
633 }
634 
635 /**
636  * __nla_validate - Validate a stream of attributes
637  * @head: head of attribute stream
638  * @len: length of attribute stream
639  * @maxtype: maximum attribute type to be expected
640  * @policy: validation policy
641  * @validate: validation strictness
642  * @extack: extended ACK report struct
643  *
644  * Validates all attributes in the specified attribute stream against the
645  * specified policy. Validation depends on the validate flags passed, see
646  * &enum netlink_validation for more details on that.
647  * See documentation of struct nla_policy for more details.
648  *
649  * Returns 0 on success or a negative error code.
650  */
__nla_validate(const struct nlattr * head,int len,int maxtype,const struct nla_policy * policy,unsigned int validate,struct netlink_ext_ack * extack)651 int __nla_validate(const struct nlattr *head, int len, int maxtype,
652 		   const struct nla_policy *policy, unsigned int validate,
653 		   struct netlink_ext_ack *extack)
654 {
655 	return __nla_validate_parse(head, len, maxtype, policy, validate,
656 				    extack, NULL, 0);
657 }
658 EXPORT_SYMBOL(__nla_validate);
659 
660 /**
661  * nla_policy_len - Determine the max. length of a policy
662  * @p: policy to use
663  * @n: number of policies
664  *
665  * Determines the max. length of the policy.  It is currently used
666  * to allocated Netlink buffers roughly the size of the actual
667  * message.
668  *
669  * Returns 0 on success or a negative error code.
670  */
671 int
nla_policy_len(const struct nla_policy * p,int n)672 nla_policy_len(const struct nla_policy *p, int n)
673 {
674 	int i, len = 0;
675 
676 	for (i = 0; i < n; i++, p++) {
677 		if (p->len)
678 			len += nla_total_size(p->len);
679 		else if (nla_attr_len[p->type])
680 			len += nla_total_size(nla_attr_len[p->type]);
681 		else if (nla_attr_minlen[p->type])
682 			len += nla_total_size(nla_attr_minlen[p->type]);
683 	}
684 
685 	return len;
686 }
687 EXPORT_SYMBOL(nla_policy_len);
688 
689 /**
690  * __nla_parse - Parse a stream of attributes into a tb buffer
691  * @tb: destination array with maxtype+1 elements
692  * @maxtype: maximum attribute type to be expected
693  * @head: head of attribute stream
694  * @len: length of attribute stream
695  * @policy: validation policy
696  * @validate: validation strictness
697  * @extack: extended ACK pointer
698  *
699  * Parses a stream of attributes and stores a pointer to each attribute in
700  * the tb array accessible via the attribute type.
701  * Validation is controlled by the @validate parameter.
702  *
703  * Returns 0 on success or a negative error code.
704  */
__nla_parse(struct nlattr ** tb,int maxtype,const struct nlattr * head,int len,const struct nla_policy * policy,unsigned int validate,struct netlink_ext_ack * extack)705 int __nla_parse(struct nlattr **tb, int maxtype,
706 		const struct nlattr *head, int len,
707 		const struct nla_policy *policy, unsigned int validate,
708 		struct netlink_ext_ack *extack)
709 {
710 	return __nla_validate_parse(head, len, maxtype, policy, validate,
711 				    extack, tb, 0);
712 }
713 EXPORT_SYMBOL(__nla_parse);
714 
715 /**
716  * nla_find - Find a specific attribute in a stream of attributes
717  * @head: head of attribute stream
718  * @len: length of attribute stream
719  * @attrtype: type of attribute to look for
720  *
721  * Returns the first attribute in the stream matching the specified type.
722  */
nla_find(const struct nlattr * head,int len,int attrtype)723 struct nlattr *nla_find(const struct nlattr *head, int len, int attrtype)
724 {
725 	const struct nlattr *nla;
726 	int rem;
727 
728 	nla_for_each_attr(nla, head, len, rem)
729 		if (nla_type(nla) == attrtype)
730 			return (struct nlattr *)nla;
731 
732 	return NULL;
733 }
734 EXPORT_SYMBOL(nla_find);
735 
736 /**
737  * nla_strscpy - Copy string attribute payload into a sized buffer
738  * @dst: Where to copy the string to.
739  * @nla: Attribute to copy the string from.
740  * @dstsize: Size of destination buffer.
741  *
742  * Copies at most dstsize - 1 bytes into the destination buffer.
743  * Unlike strlcpy the destination buffer is always padded out.
744  *
745  * Return:
746  * * srclen - Returns @nla length (not including the trailing %NUL).
747  * * -E2BIG - If @dstsize is 0 or greater than U16_MAX or @nla length greater
748  *            than @dstsize.
749  */
nla_strscpy(char * dst,const struct nlattr * nla,size_t dstsize)750 ssize_t nla_strscpy(char *dst, const struct nlattr *nla, size_t dstsize)
751 {
752 	size_t srclen = nla_len(nla);
753 	char *src = nla_data(nla);
754 	ssize_t ret;
755 	size_t len;
756 
757 	if (dstsize == 0 || WARN_ON_ONCE(dstsize > U16_MAX))
758 		return -E2BIG;
759 
760 	if (srclen > 0 && src[srclen - 1] == '\0')
761 		srclen--;
762 
763 	if (srclen >= dstsize) {
764 		len = dstsize - 1;
765 		ret = -E2BIG;
766 	} else {
767 		len = srclen;
768 		ret = len;
769 	}
770 
771 	memcpy(dst, src, len);
772 	/* Zero pad end of dst. */
773 	memset(dst + len, 0, dstsize - len);
774 
775 	return ret;
776 }
777 EXPORT_SYMBOL(nla_strscpy);
778 
779 /**
780  * nla_strdup - Copy string attribute payload into a newly allocated buffer
781  * @nla: attribute to copy the string from
782  * @flags: the type of memory to allocate (see kmalloc).
783  *
784  * Returns a pointer to the allocated buffer or NULL on error.
785  */
nla_strdup(const struct nlattr * nla,gfp_t flags)786 char *nla_strdup(const struct nlattr *nla, gfp_t flags)
787 {
788 	size_t srclen = nla_len(nla);
789 	char *src = nla_data(nla), *dst;
790 
791 	if (srclen > 0 && src[srclen - 1] == '\0')
792 		srclen--;
793 
794 	dst = kmalloc(srclen + 1, flags);
795 	if (dst != NULL) {
796 		memcpy(dst, src, srclen);
797 		dst[srclen] = '\0';
798 	}
799 	return dst;
800 }
801 EXPORT_SYMBOL(nla_strdup);
802 
803 /**
804  * nla_memcpy - Copy a netlink attribute into another memory area
805  * @dest: where to copy to memcpy
806  * @src: netlink attribute to copy from
807  * @count: size of the destination area
808  *
809  * Note: The number of bytes copied is limited by the length of
810  *       attribute's payload. memcpy
811  *
812  * Returns the number of bytes copied.
813  */
nla_memcpy(void * dest,const struct nlattr * src,int count)814 int nla_memcpy(void *dest, const struct nlattr *src, int count)
815 {
816 	int minlen = min_t(int, count, nla_len(src));
817 
818 	memcpy(dest, nla_data(src), minlen);
819 	if (count > minlen)
820 		memset(dest + minlen, 0, count - minlen);
821 
822 	return minlen;
823 }
824 EXPORT_SYMBOL(nla_memcpy);
825 
826 /**
827  * nla_memcmp - Compare an attribute with sized memory area
828  * @nla: netlink attribute
829  * @data: memory area
830  * @size: size of memory area
831  */
nla_memcmp(const struct nlattr * nla,const void * data,size_t size)832 int nla_memcmp(const struct nlattr *nla, const void *data,
833 			     size_t size)
834 {
835 	int d = nla_len(nla) - size;
836 
837 	if (d == 0)
838 		d = memcmp(nla_data(nla), data, size);
839 
840 	return d;
841 }
842 EXPORT_SYMBOL(nla_memcmp);
843 
844 /**
845  * nla_strcmp - Compare a string attribute against a string
846  * @nla: netlink string attribute
847  * @str: another string
848  */
nla_strcmp(const struct nlattr * nla,const char * str)849 int nla_strcmp(const struct nlattr *nla, const char *str)
850 {
851 	int len = strlen(str);
852 	char *buf = nla_data(nla);
853 	int attrlen = nla_len(nla);
854 	int d;
855 
856 	while (attrlen > 0 && buf[attrlen - 1] == '\0')
857 		attrlen--;
858 
859 	d = attrlen - len;
860 	if (d == 0)
861 		d = memcmp(nla_data(nla), str, len);
862 
863 	return d;
864 }
865 EXPORT_SYMBOL(nla_strcmp);
866 
867 #ifdef CONFIG_NET
868 /**
869  * __nla_reserve - reserve room for attribute on the skb
870  * @skb: socket buffer to reserve room on
871  * @attrtype: attribute type
872  * @attrlen: length of attribute payload
873  *
874  * Adds a netlink attribute header to a socket buffer and reserves
875  * room for the payload but does not copy it.
876  *
877  * The caller is responsible to ensure that the skb provides enough
878  * tailroom for the attribute header and payload.
879  */
__nla_reserve(struct sk_buff * skb,int attrtype,int attrlen)880 struct nlattr *__nla_reserve(struct sk_buff *skb, int attrtype, int attrlen)
881 {
882 	struct nlattr *nla;
883 
884 	nla = skb_put(skb, nla_total_size(attrlen));
885 	nla->nla_type = attrtype;
886 	nla->nla_len = nla_attr_size(attrlen);
887 
888 	memset((unsigned char *) nla + nla->nla_len, 0, nla_padlen(attrlen));
889 
890 	return nla;
891 }
892 EXPORT_SYMBOL(__nla_reserve);
893 
894 /**
895  * __nla_reserve_64bit - reserve room for attribute on the skb and align it
896  * @skb: socket buffer to reserve room on
897  * @attrtype: attribute type
898  * @attrlen: length of attribute payload
899  * @padattr: attribute type for the padding
900  *
901  * Adds a netlink attribute header to a socket buffer and reserves
902  * room for the payload but does not copy it. It also ensure that this
903  * attribute will have a 64-bit aligned nla_data() area.
904  *
905  * The caller is responsible to ensure that the skb provides enough
906  * tailroom for the attribute header and payload.
907  */
__nla_reserve_64bit(struct sk_buff * skb,int attrtype,int attrlen,int padattr)908 struct nlattr *__nla_reserve_64bit(struct sk_buff *skb, int attrtype,
909 				   int attrlen, int padattr)
910 {
911 	nla_align_64bit(skb, padattr);
912 
913 	return __nla_reserve(skb, attrtype, attrlen);
914 }
915 EXPORT_SYMBOL(__nla_reserve_64bit);
916 
917 /**
918  * __nla_reserve_nohdr - reserve room for attribute without header
919  * @skb: socket buffer to reserve room on
920  * @attrlen: length of attribute payload
921  *
922  * Reserves room for attribute payload without a header.
923  *
924  * The caller is responsible to ensure that the skb provides enough
925  * tailroom for the payload.
926  */
__nla_reserve_nohdr(struct sk_buff * skb,int attrlen)927 void *__nla_reserve_nohdr(struct sk_buff *skb, int attrlen)
928 {
929 	return skb_put_zero(skb, NLA_ALIGN(attrlen));
930 }
931 EXPORT_SYMBOL(__nla_reserve_nohdr);
932 
933 /**
934  * nla_reserve - reserve room for attribute on the skb
935  * @skb: socket buffer to reserve room on
936  * @attrtype: attribute type
937  * @attrlen: length of attribute payload
938  *
939  * Adds a netlink attribute header to a socket buffer and reserves
940  * room for the payload but does not copy it.
941  *
942  * Returns NULL if the tailroom of the skb is insufficient to store
943  * the attribute header and payload.
944  */
nla_reserve(struct sk_buff * skb,int attrtype,int attrlen)945 struct nlattr *nla_reserve(struct sk_buff *skb, int attrtype, int attrlen)
946 {
947 	if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen)))
948 		return NULL;
949 
950 	return __nla_reserve(skb, attrtype, attrlen);
951 }
952 EXPORT_SYMBOL(nla_reserve);
953 
954 /**
955  * nla_reserve_64bit - reserve room for attribute on the skb and align it
956  * @skb: socket buffer to reserve room on
957  * @attrtype: attribute type
958  * @attrlen: length of attribute payload
959  * @padattr: attribute type for the padding
960  *
961  * Adds a netlink attribute header to a socket buffer and reserves
962  * room for the payload but does not copy it. It also ensure that this
963  * attribute will have a 64-bit aligned nla_data() area.
964  *
965  * Returns NULL if the tailroom of the skb is insufficient to store
966  * the attribute header and payload.
967  */
nla_reserve_64bit(struct sk_buff * skb,int attrtype,int attrlen,int padattr)968 struct nlattr *nla_reserve_64bit(struct sk_buff *skb, int attrtype, int attrlen,
969 				 int padattr)
970 {
971 	size_t len;
972 
973 	if (nla_need_padding_for_64bit(skb))
974 		len = nla_total_size_64bit(attrlen);
975 	else
976 		len = nla_total_size(attrlen);
977 	if (unlikely(skb_tailroom(skb) < len))
978 		return NULL;
979 
980 	return __nla_reserve_64bit(skb, attrtype, attrlen, padattr);
981 }
982 EXPORT_SYMBOL(nla_reserve_64bit);
983 
984 /**
985  * nla_reserve_nohdr - reserve room for attribute without header
986  * @skb: socket buffer to reserve room on
987  * @attrlen: length of attribute payload
988  *
989  * Reserves room for attribute payload without a header.
990  *
991  * Returns NULL if the tailroom of the skb is insufficient to store
992  * the attribute payload.
993  */
nla_reserve_nohdr(struct sk_buff * skb,int attrlen)994 void *nla_reserve_nohdr(struct sk_buff *skb, int attrlen)
995 {
996 	if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
997 		return NULL;
998 
999 	return __nla_reserve_nohdr(skb, attrlen);
1000 }
1001 EXPORT_SYMBOL(nla_reserve_nohdr);
1002 
1003 /**
1004  * __nla_put - Add a netlink attribute to a socket buffer
1005  * @skb: socket buffer to add attribute to
1006  * @attrtype: attribute type
1007  * @attrlen: length of attribute payload
1008  * @data: head of attribute payload
1009  *
1010  * The caller is responsible to ensure that the skb provides enough
1011  * tailroom for the attribute header and payload.
1012  */
__nla_put(struct sk_buff * skb,int attrtype,int attrlen,const void * data)1013 void __nla_put(struct sk_buff *skb, int attrtype, int attrlen,
1014 			     const void *data)
1015 {
1016 	struct nlattr *nla;
1017 
1018 	nla = __nla_reserve(skb, attrtype, attrlen);
1019 	memcpy(nla_data(nla), data, attrlen);
1020 }
1021 EXPORT_SYMBOL(__nla_put);
1022 
1023 /**
1024  * __nla_put_64bit - Add a netlink attribute to a socket buffer and align it
1025  * @skb: socket buffer to add attribute to
1026  * @attrtype: attribute type
1027  * @attrlen: length of attribute payload
1028  * @data: head of attribute payload
1029  * @padattr: attribute type for the padding
1030  *
1031  * The caller is responsible to ensure that the skb provides enough
1032  * tailroom for the attribute header and payload.
1033  */
__nla_put_64bit(struct sk_buff * skb,int attrtype,int attrlen,const void * data,int padattr)1034 void __nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen,
1035 		     const void *data, int padattr)
1036 {
1037 	struct nlattr *nla;
1038 
1039 	nla = __nla_reserve_64bit(skb, attrtype, attrlen, padattr);
1040 	memcpy(nla_data(nla), data, attrlen);
1041 }
1042 EXPORT_SYMBOL(__nla_put_64bit);
1043 
1044 /**
1045  * __nla_put_nohdr - Add a netlink attribute without header
1046  * @skb: socket buffer to add attribute to
1047  * @attrlen: length of attribute payload
1048  * @data: head of attribute payload
1049  *
1050  * The caller is responsible to ensure that the skb provides enough
1051  * tailroom for the attribute payload.
1052  */
__nla_put_nohdr(struct sk_buff * skb,int attrlen,const void * data)1053 void __nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
1054 {
1055 	void *start;
1056 
1057 	start = __nla_reserve_nohdr(skb, attrlen);
1058 	memcpy(start, data, attrlen);
1059 }
1060 EXPORT_SYMBOL(__nla_put_nohdr);
1061 
1062 /**
1063  * nla_put - Add a netlink attribute to a socket buffer
1064  * @skb: socket buffer to add attribute to
1065  * @attrtype: attribute type
1066  * @attrlen: length of attribute payload
1067  * @data: head of attribute payload
1068  *
1069  * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
1070  * the attribute header and payload.
1071  */
nla_put(struct sk_buff * skb,int attrtype,int attrlen,const void * data)1072 int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data)
1073 {
1074 	if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen)))
1075 		return -EMSGSIZE;
1076 
1077 	__nla_put(skb, attrtype, attrlen, data);
1078 	return 0;
1079 }
1080 EXPORT_SYMBOL(nla_put);
1081 
1082 /**
1083  * nla_put_64bit - Add a netlink attribute to a socket buffer and align it
1084  * @skb: socket buffer to add attribute to
1085  * @attrtype: attribute type
1086  * @attrlen: length of attribute payload
1087  * @data: head of attribute payload
1088  * @padattr: attribute type for the padding
1089  *
1090  * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
1091  * the attribute header and payload.
1092  */
nla_put_64bit(struct sk_buff * skb,int attrtype,int attrlen,const void * data,int padattr)1093 int nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen,
1094 		  const void *data, int padattr)
1095 {
1096 	size_t len;
1097 
1098 	if (nla_need_padding_for_64bit(skb))
1099 		len = nla_total_size_64bit(attrlen);
1100 	else
1101 		len = nla_total_size(attrlen);
1102 	if (unlikely(skb_tailroom(skb) < len))
1103 		return -EMSGSIZE;
1104 
1105 	__nla_put_64bit(skb, attrtype, attrlen, data, padattr);
1106 	return 0;
1107 }
1108 EXPORT_SYMBOL(nla_put_64bit);
1109 
1110 /**
1111  * nla_put_nohdr - Add a netlink attribute without header
1112  * @skb: socket buffer to add attribute to
1113  * @attrlen: length of attribute payload
1114  * @data: head of attribute payload
1115  *
1116  * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
1117  * the attribute payload.
1118  */
nla_put_nohdr(struct sk_buff * skb,int attrlen,const void * data)1119 int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
1120 {
1121 	if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
1122 		return -EMSGSIZE;
1123 
1124 	__nla_put_nohdr(skb, attrlen, data);
1125 	return 0;
1126 }
1127 EXPORT_SYMBOL(nla_put_nohdr);
1128 
1129 /**
1130  * nla_append - Add a netlink attribute without header or padding
1131  * @skb: socket buffer to add attribute to
1132  * @attrlen: length of attribute payload
1133  * @data: head of attribute payload
1134  *
1135  * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
1136  * the attribute payload.
1137  */
nla_append(struct sk_buff * skb,int attrlen,const void * data)1138 int nla_append(struct sk_buff *skb, int attrlen, const void *data)
1139 {
1140 	if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
1141 		return -EMSGSIZE;
1142 
1143 	skb_put_data(skb, data, attrlen);
1144 	return 0;
1145 }
1146 EXPORT_SYMBOL(nla_append);
1147 #endif
1148