This source file includes following definitions.
- validate_nla_bitfield32
- nla_validate_array
- nla_validate_int_range
- validate_nla
- __nla_validate_parse
- __nla_validate
- nla_policy_len
- __nla_parse
- nla_find
- nla_strlcpy
- nla_strdup
- nla_memcpy
- nla_memcmp
- nla_strcmp
- __nla_reserve
- __nla_reserve_64bit
- __nla_reserve_nohdr
- nla_reserve
- nla_reserve_64bit
- nla_reserve_nohdr
- __nla_put
- __nla_put_64bit
- __nla_put_nohdr
- nla_put
- nla_put_64bit
- nla_put_nohdr
- nla_append
1
2
3
4
5
6
7
8
9 #include <linux/export.h>
10 #include <linux/kernel.h>
11 #include <linux/errno.h>
12 #include <linux/jiffies.h>
13 #include <linux/skbuff.h>
14 #include <linux/string.h>
15 #include <linux/types.h>
16 #include <net/netlink.h>
17
18
19
20
21
22
23 static const u8 nla_attr_len[NLA_TYPE_MAX+1] = {
24 [NLA_U8] = sizeof(u8),
25 [NLA_U16] = sizeof(u16),
26 [NLA_U32] = sizeof(u32),
27 [NLA_U64] = sizeof(u64),
28 [NLA_S8] = sizeof(s8),
29 [NLA_S16] = sizeof(s16),
30 [NLA_S32] = sizeof(s32),
31 [NLA_S64] = sizeof(s64),
32 };
33
34 static const u8 nla_attr_minlen[NLA_TYPE_MAX+1] = {
35 [NLA_U8] = sizeof(u8),
36 [NLA_U16] = sizeof(u16),
37 [NLA_U32] = sizeof(u32),
38 [NLA_U64] = sizeof(u64),
39 [NLA_MSECS] = sizeof(u64),
40 [NLA_NESTED] = NLA_HDRLEN,
41 [NLA_S8] = sizeof(s8),
42 [NLA_S16] = sizeof(s16),
43 [NLA_S32] = sizeof(s32),
44 [NLA_S64] = sizeof(s64),
45 };
46
47 static int validate_nla_bitfield32(const struct nlattr *nla,
48 const u32 *valid_flags_mask)
49 {
50 const struct nla_bitfield32 *bf = nla_data(nla);
51
52 if (!valid_flags_mask)
53 return -EINVAL;
54
55
56 if (bf->selector & ~*valid_flags_mask)
57 return -EINVAL;
58
59
60 if (bf->value & ~*valid_flags_mask)
61 return -EINVAL;
62
63
64 if (bf->value & ~bf->selector)
65 return -EINVAL;
66
67 return 0;
68 }
69
70 static int nla_validate_array(const struct nlattr *head, int len, int maxtype,
71 const struct nla_policy *policy,
72 struct netlink_ext_ack *extack,
73 unsigned int validate)
74 {
75 const struct nlattr *entry;
76 int rem;
77
78 nla_for_each_attr(entry, head, len, rem) {
79 int ret;
80
81 if (nla_len(entry) == 0)
82 continue;
83
84 if (nla_len(entry) < NLA_HDRLEN) {
85 NL_SET_ERR_MSG_ATTR(extack, entry,
86 "Array element too short");
87 return -ERANGE;
88 }
89
90 ret = __nla_validate(nla_data(entry), nla_len(entry),
91 maxtype, policy, validate, extack);
92 if (ret < 0)
93 return ret;
94 }
95
96 return 0;
97 }
98
99 static int nla_validate_int_range(const struct nla_policy *pt,
100 const struct nlattr *nla,
101 struct netlink_ext_ack *extack)
102 {
103 bool validate_min, validate_max;
104 s64 value;
105
106 validate_min = pt->validation_type == NLA_VALIDATE_RANGE ||
107 pt->validation_type == NLA_VALIDATE_MIN;
108 validate_max = pt->validation_type == NLA_VALIDATE_RANGE ||
109 pt->validation_type == NLA_VALIDATE_MAX;
110
111 switch (pt->type) {
112 case NLA_U8:
113 value = nla_get_u8(nla);
114 break;
115 case NLA_U16:
116 value = nla_get_u16(nla);
117 break;
118 case NLA_U32:
119 value = nla_get_u32(nla);
120 break;
121 case NLA_S8:
122 value = nla_get_s8(nla);
123 break;
124 case NLA_S16:
125 value = nla_get_s16(nla);
126 break;
127 case NLA_S32:
128 value = nla_get_s32(nla);
129 break;
130 case NLA_S64:
131 value = nla_get_s64(nla);
132 break;
133 case NLA_U64:
134
135 if ((validate_min && nla_get_u64(nla) < pt->min) ||
136 (validate_max && nla_get_u64(nla) > pt->max)) {
137 NL_SET_ERR_MSG_ATTR(extack, nla,
138 "integer out of range");
139 return -ERANGE;
140 }
141 return 0;
142 default:
143 WARN_ON(1);
144 return -EINVAL;
145 }
146
147 if ((validate_min && value < pt->min) ||
148 (validate_max && value > pt->max)) {
149 NL_SET_ERR_MSG_ATTR(extack, nla,
150 "integer out of range");
151 return -ERANGE;
152 }
153
154 return 0;
155 }
156
157 static int validate_nla(const struct nlattr *nla, int maxtype,
158 const struct nla_policy *policy, unsigned int validate,
159 struct netlink_ext_ack *extack)
160 {
161 u16 strict_start_type = policy[0].strict_start_type;
162 const struct nla_policy *pt;
163 int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla);
164 int err = -ERANGE;
165
166 if (strict_start_type && type >= strict_start_type)
167 validate |= NL_VALIDATE_STRICT;
168
169 if (type <= 0 || type > maxtype)
170 return 0;
171
172 pt = &policy[type];
173
174 BUG_ON(pt->type > NLA_TYPE_MAX);
175
176 if ((nla_attr_len[pt->type] && attrlen != nla_attr_len[pt->type]) ||
177 (pt->type == NLA_EXACT_LEN_WARN && attrlen != pt->len)) {
178 pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n",
179 current->comm, type);
180 if (validate & NL_VALIDATE_STRICT_ATTRS) {
181 NL_SET_ERR_MSG_ATTR(extack, nla,
182 "invalid attribute length");
183 return -EINVAL;
184 }
185 }
186
187 if (validate & NL_VALIDATE_NESTED) {
188 if ((pt->type == NLA_NESTED || pt->type == NLA_NESTED_ARRAY) &&
189 !(nla->nla_type & NLA_F_NESTED)) {
190 NL_SET_ERR_MSG_ATTR(extack, nla,
191 "NLA_F_NESTED is missing");
192 return -EINVAL;
193 }
194 if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY &&
195 pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) {
196 NL_SET_ERR_MSG_ATTR(extack, nla,
197 "NLA_F_NESTED not expected");
198 return -EINVAL;
199 }
200 }
201
202 switch (pt->type) {
203 case NLA_EXACT_LEN:
204 if (attrlen != pt->len)
205 goto out_err;
206 break;
207
208 case NLA_REJECT:
209 if (extack && pt->validation_data) {
210 NL_SET_BAD_ATTR(extack, nla);
211 extack->_msg = pt->validation_data;
212 return -EINVAL;
213 }
214 err = -EINVAL;
215 goto out_err;
216
217 case NLA_FLAG:
218 if (attrlen > 0)
219 goto out_err;
220 break;
221
222 case NLA_BITFIELD32:
223 if (attrlen != sizeof(struct nla_bitfield32))
224 goto out_err;
225
226 err = validate_nla_bitfield32(nla, pt->validation_data);
227 if (err)
228 goto out_err;
229 break;
230
231 case NLA_NUL_STRING:
232 if (pt->len)
233 minlen = min_t(int, attrlen, pt->len + 1);
234 else
235 minlen = attrlen;
236
237 if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL) {
238 err = -EINVAL;
239 goto out_err;
240 }
241
242
243 case NLA_STRING:
244 if (attrlen < 1)
245 goto out_err;
246
247 if (pt->len) {
248 char *buf = nla_data(nla);
249
250 if (buf[attrlen - 1] == '\0')
251 attrlen--;
252
253 if (attrlen > pt->len)
254 goto out_err;
255 }
256 break;
257
258 case NLA_BINARY:
259 if (pt->len && attrlen > pt->len)
260 goto out_err;
261 break;
262
263 case NLA_NESTED:
264
265
266
267 if (attrlen == 0)
268 break;
269 if (attrlen < NLA_HDRLEN)
270 goto out_err;
271 if (pt->validation_data) {
272 err = __nla_validate(nla_data(nla), nla_len(nla), pt->len,
273 pt->validation_data, validate,
274 extack);
275 if (err < 0) {
276
277
278
279
280 return err;
281 }
282 }
283 break;
284 case NLA_NESTED_ARRAY:
285
286
287
288 if (attrlen == 0)
289 break;
290 if (attrlen < NLA_HDRLEN)
291 goto out_err;
292 if (pt->validation_data) {
293 int err;
294
295 err = nla_validate_array(nla_data(nla), nla_len(nla),
296 pt->len, pt->validation_data,
297 extack, validate);
298 if (err < 0) {
299
300
301
302
303 return err;
304 }
305 }
306 break;
307
308 case NLA_UNSPEC:
309 if (validate & NL_VALIDATE_UNSPEC) {
310 NL_SET_ERR_MSG_ATTR(extack, nla,
311 "Unsupported attribute");
312 return -EINVAL;
313 }
314
315 case NLA_MIN_LEN:
316 if (attrlen < pt->len)
317 goto out_err;
318 break;
319
320 default:
321 if (pt->len)
322 minlen = pt->len;
323 else
324 minlen = nla_attr_minlen[pt->type];
325
326 if (attrlen < minlen)
327 goto out_err;
328 }
329
330
331 switch (pt->validation_type) {
332 case NLA_VALIDATE_NONE:
333
334 break;
335 case NLA_VALIDATE_RANGE:
336 case NLA_VALIDATE_MIN:
337 case NLA_VALIDATE_MAX:
338 err = nla_validate_int_range(pt, nla, extack);
339 if (err)
340 return err;
341 break;
342 case NLA_VALIDATE_FUNCTION:
343 if (pt->validate) {
344 err = pt->validate(nla, extack);
345 if (err)
346 return err;
347 }
348 break;
349 }
350
351 return 0;
352 out_err:
353 NL_SET_ERR_MSG_ATTR(extack, nla, "Attribute failed policy validation");
354 return err;
355 }
356
357 static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype,
358 const struct nla_policy *policy,
359 unsigned int validate,
360 struct netlink_ext_ack *extack,
361 struct nlattr **tb)
362 {
363 const struct nlattr *nla;
364 int rem;
365
366 if (tb)
367 memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1));
368
369 nla_for_each_attr(nla, head, len, rem) {
370 u16 type = nla_type(nla);
371
372 if (type == 0 || type > maxtype) {
373 if (validate & NL_VALIDATE_MAXTYPE) {
374 NL_SET_ERR_MSG_ATTR(extack, nla,
375 "Unknown attribute type");
376 return -EINVAL;
377 }
378 continue;
379 }
380 if (policy) {
381 int err = validate_nla(nla, maxtype, policy,
382 validate, extack);
383
384 if (err < 0)
385 return err;
386 }
387
388 if (tb)
389 tb[type] = (struct nlattr *)nla;
390 }
391
392 if (unlikely(rem > 0)) {
393 pr_warn_ratelimited("netlink: %d bytes leftover after parsing attributes in process `%s'.\n",
394 rem, current->comm);
395 NL_SET_ERR_MSG(extack, "bytes leftover after parsing attributes");
396 if (validate & NL_VALIDATE_TRAILING)
397 return -EINVAL;
398 }
399
400 return 0;
401 }
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419 int __nla_validate(const struct nlattr *head, int len, int maxtype,
420 const struct nla_policy *policy, unsigned int validate,
421 struct netlink_ext_ack *extack)
422 {
423 return __nla_validate_parse(head, len, maxtype, policy, validate,
424 extack, NULL);
425 }
426 EXPORT_SYMBOL(__nla_validate);
427
428
429
430
431
432
433
434
435
436
437
438
439 int
440 nla_policy_len(const struct nla_policy *p, int n)
441 {
442 int i, len = 0;
443
444 for (i = 0; i < n; i++, p++) {
445 if (p->len)
446 len += nla_total_size(p->len);
447 else if (nla_attr_len[p->type])
448 len += nla_total_size(nla_attr_len[p->type]);
449 else if (nla_attr_minlen[p->type])
450 len += nla_total_size(nla_attr_minlen[p->type]);
451 }
452
453 return len;
454 }
455 EXPORT_SYMBOL(nla_policy_len);
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473 int __nla_parse(struct nlattr **tb, int maxtype,
474 const struct nlattr *head, int len,
475 const struct nla_policy *policy, unsigned int validate,
476 struct netlink_ext_ack *extack)
477 {
478 return __nla_validate_parse(head, len, maxtype, policy, validate,
479 extack, tb);
480 }
481 EXPORT_SYMBOL(__nla_parse);
482
483
484
485
486
487
488
489
490
491 struct nlattr *nla_find(const struct nlattr *head, int len, int attrtype)
492 {
493 const struct nlattr *nla;
494 int rem;
495
496 nla_for_each_attr(nla, head, len, rem)
497 if (nla_type(nla) == attrtype)
498 return (struct nlattr *)nla;
499
500 return NULL;
501 }
502 EXPORT_SYMBOL(nla_find);
503
504
505
506
507
508
509
510
511
512
513
514
515
516 size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize)
517 {
518 size_t srclen = nla_len(nla);
519 char *src = nla_data(nla);
520
521 if (srclen > 0 && src[srclen - 1] == '\0')
522 srclen--;
523
524 if (dstsize > 0) {
525 size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen;
526
527 memset(dst, 0, dstsize);
528 memcpy(dst, src, len);
529 }
530
531 return srclen;
532 }
533 EXPORT_SYMBOL(nla_strlcpy);
534
535
536
537
538
539
540
541
542 char *nla_strdup(const struct nlattr *nla, gfp_t flags)
543 {
544 size_t srclen = nla_len(nla);
545 char *src = nla_data(nla), *dst;
546
547 if (srclen > 0 && src[srclen - 1] == '\0')
548 srclen--;
549
550 dst = kmalloc(srclen + 1, flags);
551 if (dst != NULL) {
552 memcpy(dst, src, srclen);
553 dst[srclen] = '\0';
554 }
555 return dst;
556 }
557 EXPORT_SYMBOL(nla_strdup);
558
559
560
561
562
563
564
565
566
567
568
569
570 int nla_memcpy(void *dest, const struct nlattr *src, int count)
571 {
572 int minlen = min_t(int, count, nla_len(src));
573
574 memcpy(dest, nla_data(src), minlen);
575 if (count > minlen)
576 memset(dest + minlen, 0, count - minlen);
577
578 return minlen;
579 }
580 EXPORT_SYMBOL(nla_memcpy);
581
582
583
584
585
586
587
588 int nla_memcmp(const struct nlattr *nla, const void *data,
589 size_t size)
590 {
591 int d = nla_len(nla) - size;
592
593 if (d == 0)
594 d = memcmp(nla_data(nla), data, size);
595
596 return d;
597 }
598 EXPORT_SYMBOL(nla_memcmp);
599
600
601
602
603
604
605 int nla_strcmp(const struct nlattr *nla, const char *str)
606 {
607 int len = strlen(str);
608 char *buf = nla_data(nla);
609 int attrlen = nla_len(nla);
610 int d;
611
612 if (attrlen > 0 && buf[attrlen - 1] == '\0')
613 attrlen--;
614
615 d = attrlen - len;
616 if (d == 0)
617 d = memcmp(nla_data(nla), str, len);
618
619 return d;
620 }
621 EXPORT_SYMBOL(nla_strcmp);
622
623 #ifdef CONFIG_NET
624
625
626
627
628
629
630
631
632
633
634
635
636 struct nlattr *__nla_reserve(struct sk_buff *skb, int attrtype, int attrlen)
637 {
638 struct nlattr *nla;
639
640 nla = skb_put(skb, nla_total_size(attrlen));
641 nla->nla_type = attrtype;
642 nla->nla_len = nla_attr_size(attrlen);
643
644 memset((unsigned char *) nla + nla->nla_len, 0, nla_padlen(attrlen));
645
646 return nla;
647 }
648 EXPORT_SYMBOL(__nla_reserve);
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664 struct nlattr *__nla_reserve_64bit(struct sk_buff *skb, int attrtype,
665 int attrlen, int padattr)
666 {
667 if (nla_need_padding_for_64bit(skb))
668 nla_align_64bit(skb, padattr);
669
670 return __nla_reserve(skb, attrtype, attrlen);
671 }
672 EXPORT_SYMBOL(__nla_reserve_64bit);
673
674
675
676
677
678
679
680
681
682
683
684 void *__nla_reserve_nohdr(struct sk_buff *skb, int attrlen)
685 {
686 return skb_put_zero(skb, NLA_ALIGN(attrlen));
687 }
688 EXPORT_SYMBOL(__nla_reserve_nohdr);
689
690
691
692
693
694
695
696
697
698
699
700
701
702 struct nlattr *nla_reserve(struct sk_buff *skb, int attrtype, int attrlen)
703 {
704 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen)))
705 return NULL;
706
707 return __nla_reserve(skb, attrtype, attrlen);
708 }
709 EXPORT_SYMBOL(nla_reserve);
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725 struct nlattr *nla_reserve_64bit(struct sk_buff *skb, int attrtype, int attrlen,
726 int padattr)
727 {
728 size_t len;
729
730 if (nla_need_padding_for_64bit(skb))
731 len = nla_total_size_64bit(attrlen);
732 else
733 len = nla_total_size(attrlen);
734 if (unlikely(skb_tailroom(skb) < len))
735 return NULL;
736
737 return __nla_reserve_64bit(skb, attrtype, attrlen, padattr);
738 }
739 EXPORT_SYMBOL(nla_reserve_64bit);
740
741
742
743
744
745
746
747
748
749
750
751 void *nla_reserve_nohdr(struct sk_buff *skb, int attrlen)
752 {
753 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
754 return NULL;
755
756 return __nla_reserve_nohdr(skb, attrlen);
757 }
758 EXPORT_SYMBOL(nla_reserve_nohdr);
759
760
761
762
763
764
765
766
767
768
769
770 void __nla_put(struct sk_buff *skb, int attrtype, int attrlen,
771 const void *data)
772 {
773 struct nlattr *nla;
774
775 nla = __nla_reserve(skb, attrtype, attrlen);
776 memcpy(nla_data(nla), data, attrlen);
777 }
778 EXPORT_SYMBOL(__nla_put);
779
780
781
782
783
784
785
786
787
788
789
790
791 void __nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen,
792 const void *data, int padattr)
793 {
794 struct nlattr *nla;
795
796 nla = __nla_reserve_64bit(skb, attrtype, attrlen, padattr);
797 memcpy(nla_data(nla), data, attrlen);
798 }
799 EXPORT_SYMBOL(__nla_put_64bit);
800
801
802
803
804
805
806
807
808
809
810 void __nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
811 {
812 void *start;
813
814 start = __nla_reserve_nohdr(skb, attrlen);
815 memcpy(start, data, attrlen);
816 }
817 EXPORT_SYMBOL(__nla_put_nohdr);
818
819
820
821
822
823
824
825
826
827
828
829 int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data)
830 {
831 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen)))
832 return -EMSGSIZE;
833
834 __nla_put(skb, attrtype, attrlen, data);
835 return 0;
836 }
837 EXPORT_SYMBOL(nla_put);
838
839
840
841
842
843
844
845
846
847
848
849
850 int nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen,
851 const void *data, int padattr)
852 {
853 size_t len;
854
855 if (nla_need_padding_for_64bit(skb))
856 len = nla_total_size_64bit(attrlen);
857 else
858 len = nla_total_size(attrlen);
859 if (unlikely(skb_tailroom(skb) < len))
860 return -EMSGSIZE;
861
862 __nla_put_64bit(skb, attrtype, attrlen, data, padattr);
863 return 0;
864 }
865 EXPORT_SYMBOL(nla_put_64bit);
866
867
868
869
870
871
872
873
874
875
876 int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
877 {
878 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
879 return -EMSGSIZE;
880
881 __nla_put_nohdr(skb, attrlen, data);
882 return 0;
883 }
884 EXPORT_SYMBOL(nla_put_nohdr);
885
886
887
888
889
890
891
892
893
894
895 int nla_append(struct sk_buff *skb, int attrlen, const void *data)
896 {
897 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
898 return -EMSGSIZE;
899
900 skb_put_data(skb, data, attrlen);
901 return 0;
902 }
903 EXPORT_SYMBOL(nla_append);
904 #endif