net/netlink/policy.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * NETLINK      Policy advertisement to userspace
   4  *
   5  *              Authors:        Johannes Berg <johannes@sipsolutions.net>
   6  *
   7  * Copyright 2019 Intel Corporation
   8  */
   9
  10 #include <linux/kernel.h>
  11 #include <linux/errno.h>
  12 #include <linux/types.h>
  13 #include <net/netlink.h>
  14
  15 #define INITIAL_POLICIES_ALLOC  10
  16
  17 struct netlink_policy_dump_state {
  18         unsigned int policy_idx;
  19         unsigned int attr_idx;
  20         unsigned int n_alloc;
  21         struct {
  22                 const struct nla_policy *policy;
  23                 unsigned int maxtype;
  24         } policies[];
  25 };
  26
  27 static int add_policy(struct netlink_policy_dump_state **statep,
  28                       const struct nla_policy *policy,
  29                       unsigned int maxtype)
  30 {
  31         struct netlink_policy_dump_state *state = *statep;
  32         unsigned int n_alloc, i;
  33
  34         if (!policy || !maxtype)
  35                 return 0;
  36
  37         for (i = 0; i < state->n_alloc; i++) {
  38                 if (state->policies[i].policy == policy &&
  39                     state->policies[i].maxtype == maxtype)
  40                         return 0;
  41
  42                 if (!state->policies[i].policy) {
  43                         state->policies[i].policy = policy;
  44                         state->policies[i].maxtype = maxtype;
  45                         return 0;
  46                 }
  47         }
  48
  49         n_alloc = state->n_alloc + INITIAL_POLICIES_ALLOC;
  50         state = krealloc(state, struct_size(state, policies, n_alloc),
  51                          GFP_KERNEL);
  52         if (!state)
  53                 return -ENOMEM;
  54
  55         memset(&state->policies[state->n_alloc], 0,
  56                flex_array_size(state, policies, n_alloc - state->n_alloc));
  57
  58         state->policies[state->n_alloc].policy = policy;
  59         state->policies[state->n_alloc].maxtype = maxtype;
  60         state->n_alloc = n_alloc;
  61         *statep = state;
  62
  63         return 0;
  64 }
  65
  66 /**
  67  * netlink_policy_dump_get_policy_idx - retrieve policy index
  68  * @state: the policy dump state
  69  * @policy: the policy to find
  70  * @maxtype: the policy's maxattr
  71  *
  72  * Returns: the index of the given policy in the dump state
  73  *
  74  * Call this to find a policy index when you've added multiple and e.g.
  75  * need to tell userspace which command has which policy (by index).
  76  *
  77  * Note: this will WARN and return 0 if the policy isn't found, which
  78  *       means it wasn't added in the first place, which would be an
  79  *       internal consistency bug.
  80  */
  81 int netlink_policy_dump_get_policy_idx(struct netlink_policy_dump_state *state,
  82                                        const struct nla_policy *policy,
  83                                        unsigned int maxtype)
  84 {
  85         unsigned int i;
  86
  87         if (WARN_ON(!policy || !maxtype))
  88                 return 0;
  89
  90         for (i = 0; i < state->n_alloc; i++) {
  91                 if (state->policies[i].policy == policy &&
  92                     state->policies[i].maxtype == maxtype)
  93                         return i;
  94         }
  95
  96         WARN_ON(1);
  97         return 0;
  98 }
  99
 100 static struct netlink_policy_dump_state *alloc_state(void)
 101 {
 102         struct netlink_policy_dump_state *state;
 103
 104         state = kzalloc(struct_size(state, policies, INITIAL_POLICIES_ALLOC),
 105                         GFP_KERNEL);
 106         if (!state)
 107                 return ERR_PTR(-ENOMEM);
 108         state->n_alloc = INITIAL_POLICIES_ALLOC;
 109
 110         return state;
 111 }
 112
 113 /**
 114  * netlink_policy_dump_add_policy - add a policy to the dump
 115  * @pstate: state to add to, may be reallocated, must be %NULL the first time
 116  * @policy: the new policy to add to the dump
 117  * @maxtype: the new policy's max attr type
 118  *
 119  * Returns: 0 on success, a negative error code otherwise.
 120  *
 121  * Call this to allocate a policy dump state, and to add policies to it. This
 122  * should be called from the dump start() callback.
 123  *
 124  * Note: on failures, any previously allocated state is freed.
 125  */
 126 int netlink_policy_dump_add_policy(struct netlink_policy_dump_state **pstate,
 127                                    const struct nla_policy *policy,
 128                                    unsigned int maxtype)
 129 {
 130         struct netlink_policy_dump_state *state = *pstate;
 131         unsigned int policy_idx;
 132         int err;
 133
 134         if (!state) {
 135                 state = alloc_state();
 136                 if (IS_ERR(state))
 137                         return PTR_ERR(state);
 138         }
 139
 140         /*
 141          * walk the policies and nested ones first, and build
 142          * a linear list of them.
 143          */
 144
 145         err = add_policy(&state, policy, maxtype);
 146         if (err)
 147                 goto err_try_undo;
 148
 149         for (policy_idx = 0;
 150              policy_idx < state->n_alloc && state->policies[policy_idx].policy;
 151              policy_idx++) {
 152                 const struct nla_policy *policy;
 153                 unsigned int type;
 154
 155                 policy = state->policies[policy_idx].policy;
 156
 157                 for (type = 0;
 158                      type <= state->policies[policy_idx].maxtype;
 159                      type++) {
 160                         switch (policy[type].type) {
 161                         case NLA_NESTED:
 162                         case NLA_NESTED_ARRAY:
 163                                 err = add_policy(&state,
 164                                                  policy[type].nested_policy,
 165                                                  policy[type].len);
 166                                 if (err)
 167                                         goto err_try_undo;
 168                                 break;
 169                         default:
 170                                 break;
 171                         }
 172                 }
 173         }
 174
 175         *pstate = state;
 176         return 0;
 177
 178 err_try_undo:
 179         /* Try to preserve reasonable unwind semantics - if we're starting from
 180          * scratch clean up fully, otherwise record what we got and caller will.
 181          */
 182         if (!*pstate)
 183                 netlink_policy_dump_free(state);
 184         else
 185                 *pstate = state;
 186         return err;
 187 }
 188
 189 static bool
 190 netlink_policy_dump_finished(struct netlink_policy_dump_state *state)
 191 {
 192         return state->policy_idx >= state->n_alloc ||
 193                !state->policies[state->policy_idx].policy;
 194 }
 195
 196 /**
 197  * netlink_policy_dump_loop - dumping loop indicator
 198  * @state: the policy dump state
 199  *
 200  * Returns: %true if the dump continues, %false otherwise
 201  *
 202  * Note: this frees the dump state when finishing
 203  */
 204 bool netlink_policy_dump_loop(struct netlink_policy_dump_state *state)
 205 {
 206         return !netlink_policy_dump_finished(state);
 207 }
 208
 209 int netlink_policy_dump_attr_size_estimate(const struct nla_policy *pt)
 210 {
 211         /* nested + type */
 212         int common = 2 * nla_attr_size(sizeof(u32));
 213
 214         switch (pt->type) {
 215         case NLA_UNSPEC:
 216         case NLA_REJECT:
 217                 /* these actually don't need any space */
 218                 return 0;
 219         case NLA_NESTED:
 220         case NLA_NESTED_ARRAY:
 221                 /* common, policy idx, policy maxattr */
 222                 return common + 2 * nla_attr_size(sizeof(u32));
 223         case NLA_U8:
 224         case NLA_U16:
 225         case NLA_U32:
 226         case NLA_U64:
 227         case NLA_MSECS:
 228         case NLA_S8:
 229         case NLA_S16:
 230         case NLA_S32:
 231         case NLA_S64:
 232                 /* maximum is common, u64 min/max with padding */
 233                 return common +
 234                        2 * (nla_attr_size(0) + nla_attr_size(sizeof(u64)));
 235         case NLA_BITFIELD32:
 236                 return common + nla_attr_size(sizeof(u32));
 237         case NLA_STRING:
 238         case NLA_NUL_STRING:
 239         case NLA_BINARY:
 240                 /* maximum is common, u32 min-length/max-length */
 241                 return common + 2 * nla_attr_size(sizeof(u32));
 242         case NLA_FLAG:
 243                 return common;
 244         }
 245
 246         /* this should then cause a warning later */
 247         return 0;
 248 }
 249
 250 static int
 251 __netlink_policy_dump_write_attr(struct netlink_policy_dump_state *state,
 252                                  struct sk_buff *skb,
 253                                  const struct nla_policy *pt,
 254                                  int nestattr)
 255 {
 256         int estimate = netlink_policy_dump_attr_size_estimate(pt);
 257         enum netlink_attribute_type type;
 258         struct nlattr *attr;
 259
 260         attr = nla_nest_start(skb, nestattr);
 261         if (!attr)
 262                 return -ENOBUFS;
 263
 264         switch (pt->type) {
 265         default:
 266         case NLA_UNSPEC:
 267         case NLA_REJECT:
 268                 /* skip - use NLA_MIN_LEN to advertise such */
 269                 nla_nest_cancel(skb, attr);
 270                 return -ENODATA;
 271         case NLA_NESTED:
 272                 type = NL_ATTR_TYPE_NESTED;
 273                 fallthrough;
 274         case NLA_NESTED_ARRAY:
 275                 if (pt->type == NLA_NESTED_ARRAY)
 276                         type = NL_ATTR_TYPE_NESTED_ARRAY;
 277                 if (state && pt->nested_policy && pt->len &&
 278                     (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_IDX,
 279                                  netlink_policy_dump_get_policy_idx(state,
 280                                                                     pt->nested_policy,
 281                                                                     pt->len)) ||
 282                      nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_MAXTYPE,
 283                                  pt->len)))
 284                         goto nla_put_failure;
 285                 break;
 286         case NLA_U8:
 287         case NLA_U16:
 288         case NLA_U32:
 289         case NLA_U64:
 290         case NLA_MSECS: {
 291                 struct netlink_range_validation range;
 292
 293                 if (pt->type == NLA_U8)
 294                         type = NL_ATTR_TYPE_U8;
 295                 else if (pt->type == NLA_U16)
 296                         type = NL_ATTR_TYPE_U16;
 297                 else if (pt->type == NLA_U32)
 298                         type = NL_ATTR_TYPE_U32;
 299                 else
 300                         type = NL_ATTR_TYPE_U64;
 301
 302                 if (pt->validation_type == NLA_VALIDATE_MASK) {
 303                         if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MASK,
 304                                               pt->mask,
 305                                               NL_POLICY_TYPE_ATTR_PAD))
 306                                 goto nla_put_failure;
 307                         break;
 308                 }
 309
 310                 nla_get_range_unsigned(pt, &range);
 311
 312                 if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_U,
 313                                       range.min, NL_POLICY_TYPE_ATTR_PAD) ||
 314                     nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_U,
 315                                       range.max, NL_POLICY_TYPE_ATTR_PAD))
 316                         goto nla_put_failure;
 317                 break;
 318         }
 319         case NLA_S8:
 320         case NLA_S16:
 321         case NLA_S32:
 322         case NLA_S64: {
 323                 struct netlink_range_validation_signed range;
 324
 325                 if (pt->type == NLA_S8)
 326                         type = NL_ATTR_TYPE_S8;
 327                 else if (pt->type == NLA_S16)
 328                         type = NL_ATTR_TYPE_S16;
 329                 else if (pt->type == NLA_S32)
 330                         type = NL_ATTR_TYPE_S32;
 331                 else
 332                         type = NL_ATTR_TYPE_S64;
 333
 334                 nla_get_range_signed(pt, &range);
 335
 336                 if (nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_S,
 337                                 range.min, NL_POLICY_TYPE_ATTR_PAD) ||
 338                     nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_S,
 339                                 range.max, NL_POLICY_TYPE_ATTR_PAD))
 340                         goto nla_put_failure;
 341                 break;
 342         }
 343         case NLA_BITFIELD32:
 344                 type = NL_ATTR_TYPE_BITFIELD32;
 345                 if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_BITFIELD32_MASK,
 346                                 pt->bitfield32_valid))
 347                         goto nla_put_failure;
 348                 break;
 349         case NLA_STRING:
 350         case NLA_NUL_STRING:
 351         case NLA_BINARY:
 352                 if (pt->type == NLA_STRING)
 353                         type = NL_ATTR_TYPE_STRING;
 354                 else if (pt->type == NLA_NUL_STRING)
 355                         type = NL_ATTR_TYPE_NUL_STRING;
 356                 else
 357                         type = NL_ATTR_TYPE_BINARY;
 358
 359                 if (pt->validation_type == NLA_VALIDATE_RANGE ||
 360                     pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG) {
 361                         struct netlink_range_validation range;
 362
 363                         nla_get_range_unsigned(pt, &range);
 364
 365                         if (range.min &&
 366                             nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MIN_LENGTH,
 367                                         range.min))
 368                                 goto nla_put_failure;
 369
 370                         if (range.max < U16_MAX &&
 371                             nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH,
 372                                         range.max))
 373                                 goto nla_put_failure;
 374                 } else if (pt->len &&
 375                            nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH,
 376                                        pt->len)) {
 377                         goto nla_put_failure;
 378                 }
 379                 break;
 380         case NLA_FLAG:
 381                 type = NL_ATTR_TYPE_FLAG;
 382                 break;
 383         }
 384
 385         if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_TYPE, type))
 386                 goto nla_put_failure;
 387
 388         nla_nest_end(skb, attr);
 389         WARN_ON(attr->nla_len > estimate);
 390
 391         return 0;
 392 nla_put_failure:
 393         nla_nest_cancel(skb, attr);
 394         return -ENOBUFS;
 395 }
 396
 397 /**
 398  * netlink_policy_dump_write_attr - write a given attribute policy
 399  * @skb: the message skb to write to
 400  * @pt: the attribute's policy
 401  * @nestattr: the nested attribute ID to use
 402  *
 403  * Returns: 0 on success, an error code otherwise; -%ENODATA is
 404  *          special, indicating that there's no policy data and
 405  *          the attribute is generally rejected.
 406  */
 407 int netlink_policy_dump_write_attr(struct sk_buff *skb,
 408                                    const struct nla_policy *pt,
 409                                    int nestattr)
 410 {
 411         return __netlink_policy_dump_write_attr(NULL, skb, pt, nestattr);
 412 }
 413
 414 /**
 415  * netlink_policy_dump_write - write current policy dump attributes
 416  * @skb: the message skb to write to
 417  * @state: the policy dump state
 418  *
 419  * Returns: 0 on success, an error code otherwise
 420  */
 421 int netlink_policy_dump_write(struct sk_buff *skb,
 422                               struct netlink_policy_dump_state *state)
 423 {
 424         const struct nla_policy *pt;
 425         struct nlattr *policy;
 426         bool again;
 427         int err;
 428
 429 send_attribute:
 430         again = false;
 431
 432         pt = &state->policies[state->policy_idx].policy[state->attr_idx];
 433
 434         policy = nla_nest_start(skb, state->policy_idx);
 435         if (!policy)
 436                 return -ENOBUFS;
 437
 438         err = __netlink_policy_dump_write_attr(state, skb, pt, state->attr_idx);
 439         if (err == -ENODATA) {
 440                 nla_nest_cancel(skb, policy);
 441                 again = true;
 442                 goto next;
 443         } else if (err) {
 444                 goto nla_put_failure;
 445         }
 446
 447         /* finish and move state to next attribute */
 448         nla_nest_end(skb, policy);
 449
 450 next:
 451         state->attr_idx += 1;
 452         if (state->attr_idx > state->policies[state->policy_idx].maxtype) {
 453                 state->attr_idx = 0;
 454                 state->policy_idx++;
 455         }
 456
 457         if (again) {
 458                 if (netlink_policy_dump_finished(state))
 459                         return -ENODATA;
 460                 goto send_attribute;
 461         }
 462
 463         return 0;
 464
 465 nla_put_failure:
 466         nla_nest_cancel(skb, policy);
 467         return -ENOBUFS;
 468 }
 469
 470 /**
 471  * netlink_policy_dump_free - free policy dump state
 472  * @state: the policy dump state to free
 473  *
 474  * Call this from the done() method to ensure dump state is freed.
 475  */
 476 void netlink_policy_dump_free(struct netlink_policy_dump_state *state)
 477 {
 478         kfree(state);
 479 }