policy.c (11498B)
1// SPDX-License-Identifier: GPL-2.0 2/* 3 * NETLINK Policy advertisement to userspace 4 * 5 * Authors: Johannes Berg <johannes@sipsolutions.net> 6 * 7 * Copyright 2019 Intel Corporation 8 */ 9 10#include <linux/kernel.h> 11#include <linux/errno.h> 12#include <linux/types.h> 13#include <net/netlink.h> 14 15#define INITIAL_POLICIES_ALLOC 10 16 17struct netlink_policy_dump_state { 18 unsigned int policy_idx; 19 unsigned int attr_idx; 20 unsigned int n_alloc; 21 struct { 22 const struct nla_policy *policy; 23 unsigned int maxtype; 24 } policies[]; 25}; 26 27static int add_policy(struct netlink_policy_dump_state **statep, 28 const struct nla_policy *policy, 29 unsigned int maxtype) 30{ 31 struct netlink_policy_dump_state *state = *statep; 32 unsigned int n_alloc, i; 33 34 if (!policy || !maxtype) 35 return 0; 36 37 for (i = 0; i < state->n_alloc; i++) { 38 if (state->policies[i].policy == policy && 39 state->policies[i].maxtype == maxtype) 40 return 0; 41 42 if (!state->policies[i].policy) { 43 state->policies[i].policy = policy; 44 state->policies[i].maxtype = maxtype; 45 return 0; 46 } 47 } 48 49 n_alloc = state->n_alloc + INITIAL_POLICIES_ALLOC; 50 state = krealloc(state, struct_size(state, policies, n_alloc), 51 GFP_KERNEL); 52 if (!state) 53 return -ENOMEM; 54 55 memset(&state->policies[state->n_alloc], 0, 56 flex_array_size(state, policies, n_alloc - state->n_alloc)); 57 58 state->policies[state->n_alloc].policy = policy; 59 state->policies[state->n_alloc].maxtype = maxtype; 60 state->n_alloc = n_alloc; 61 *statep = state; 62 63 return 0; 64} 65 66/** 67 * netlink_policy_dump_get_policy_idx - retrieve policy index 68 * @state: the policy dump state 69 * @policy: the policy to find 70 * @maxtype: the policy's maxattr 71 * 72 * Returns: the index of the given policy in the dump state 73 * 74 * Call this to find a policy index when you've added multiple and e.g. 75 * need to tell userspace which command has which policy (by index). 76 * 77 * Note: this will WARN and return 0 if the policy isn't found, which 78 * means it wasn't added in the first place, which would be an 79 * internal consistency bug. 80 */ 81int netlink_policy_dump_get_policy_idx(struct netlink_policy_dump_state *state, 82 const struct nla_policy *policy, 83 unsigned int maxtype) 84{ 85 unsigned int i; 86 87 if (WARN_ON(!policy || !maxtype)) 88 return 0; 89 90 for (i = 0; i < state->n_alloc; i++) { 91 if (state->policies[i].policy == policy && 92 state->policies[i].maxtype == maxtype) 93 return i; 94 } 95 96 WARN_ON(1); 97 return 0; 98} 99 100static struct netlink_policy_dump_state *alloc_state(void) 101{ 102 struct netlink_policy_dump_state *state; 103 104 state = kzalloc(struct_size(state, policies, INITIAL_POLICIES_ALLOC), 105 GFP_KERNEL); 106 if (!state) 107 return ERR_PTR(-ENOMEM); 108 state->n_alloc = INITIAL_POLICIES_ALLOC; 109 110 return state; 111} 112 113/** 114 * netlink_policy_dump_add_policy - add a policy to the dump 115 * @pstate: state to add to, may be reallocated, must be %NULL the first time 116 * @policy: the new policy to add to the dump 117 * @maxtype: the new policy's max attr type 118 * 119 * Returns: 0 on success, a negative error code otherwise. 120 * 121 * Call this to allocate a policy dump state, and to add policies to it. This 122 * should be called from the dump start() callback. 123 * 124 * Note: on failures, any previously allocated state is freed. 125 */ 126int netlink_policy_dump_add_policy(struct netlink_policy_dump_state **pstate, 127 const struct nla_policy *policy, 128 unsigned int maxtype) 129{ 130 struct netlink_policy_dump_state *state = *pstate; 131 unsigned int policy_idx; 132 int err; 133 134 if (!state) { 135 state = alloc_state(); 136 if (IS_ERR(state)) 137 return PTR_ERR(state); 138 } 139 140 /* 141 * walk the policies and nested ones first, and build 142 * a linear list of them. 143 */ 144 145 err = add_policy(&state, policy, maxtype); 146 if (err) 147 return err; 148 149 for (policy_idx = 0; 150 policy_idx < state->n_alloc && state->policies[policy_idx].policy; 151 policy_idx++) { 152 const struct nla_policy *policy; 153 unsigned int type; 154 155 policy = state->policies[policy_idx].policy; 156 157 for (type = 0; 158 type <= state->policies[policy_idx].maxtype; 159 type++) { 160 switch (policy[type].type) { 161 case NLA_NESTED: 162 case NLA_NESTED_ARRAY: 163 err = add_policy(&state, 164 policy[type].nested_policy, 165 policy[type].len); 166 if (err) 167 return err; 168 break; 169 default: 170 break; 171 } 172 } 173 } 174 175 *pstate = state; 176 return 0; 177} 178 179static bool 180netlink_policy_dump_finished(struct netlink_policy_dump_state *state) 181{ 182 return state->policy_idx >= state->n_alloc || 183 !state->policies[state->policy_idx].policy; 184} 185 186/** 187 * netlink_policy_dump_loop - dumping loop indicator 188 * @state: the policy dump state 189 * 190 * Returns: %true if the dump continues, %false otherwise 191 * 192 * Note: this frees the dump state when finishing 193 */ 194bool netlink_policy_dump_loop(struct netlink_policy_dump_state *state) 195{ 196 return !netlink_policy_dump_finished(state); 197} 198 199int netlink_policy_dump_attr_size_estimate(const struct nla_policy *pt) 200{ 201 /* nested + type */ 202 int common = 2 * nla_attr_size(sizeof(u32)); 203 204 switch (pt->type) { 205 case NLA_UNSPEC: 206 case NLA_REJECT: 207 /* these actually don't need any space */ 208 return 0; 209 case NLA_NESTED: 210 case NLA_NESTED_ARRAY: 211 /* common, policy idx, policy maxattr */ 212 return common + 2 * nla_attr_size(sizeof(u32)); 213 case NLA_U8: 214 case NLA_U16: 215 case NLA_U32: 216 case NLA_U64: 217 case NLA_MSECS: 218 case NLA_S8: 219 case NLA_S16: 220 case NLA_S32: 221 case NLA_S64: 222 /* maximum is common, u64 min/max with padding */ 223 return common + 224 2 * (nla_attr_size(0) + nla_attr_size(sizeof(u64))); 225 case NLA_BITFIELD32: 226 return common + nla_attr_size(sizeof(u32)); 227 case NLA_STRING: 228 case NLA_NUL_STRING: 229 case NLA_BINARY: 230 /* maximum is common, u32 min-length/max-length */ 231 return common + 2 * nla_attr_size(sizeof(u32)); 232 case NLA_FLAG: 233 return common; 234 } 235 236 /* this should then cause a warning later */ 237 return 0; 238} 239 240static int 241__netlink_policy_dump_write_attr(struct netlink_policy_dump_state *state, 242 struct sk_buff *skb, 243 const struct nla_policy *pt, 244 int nestattr) 245{ 246 int estimate = netlink_policy_dump_attr_size_estimate(pt); 247 enum netlink_attribute_type type; 248 struct nlattr *attr; 249 250 attr = nla_nest_start(skb, nestattr); 251 if (!attr) 252 return -ENOBUFS; 253 254 switch (pt->type) { 255 default: 256 case NLA_UNSPEC: 257 case NLA_REJECT: 258 /* skip - use NLA_MIN_LEN to advertise such */ 259 nla_nest_cancel(skb, attr); 260 return -ENODATA; 261 case NLA_NESTED: 262 type = NL_ATTR_TYPE_NESTED; 263 fallthrough; 264 case NLA_NESTED_ARRAY: 265 if (pt->type == NLA_NESTED_ARRAY) 266 type = NL_ATTR_TYPE_NESTED_ARRAY; 267 if (state && pt->nested_policy && pt->len && 268 (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_IDX, 269 netlink_policy_dump_get_policy_idx(state, 270 pt->nested_policy, 271 pt->len)) || 272 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_MAXTYPE, 273 pt->len))) 274 goto nla_put_failure; 275 break; 276 case NLA_U8: 277 case NLA_U16: 278 case NLA_U32: 279 case NLA_U64: 280 case NLA_MSECS: { 281 struct netlink_range_validation range; 282 283 if (pt->type == NLA_U8) 284 type = NL_ATTR_TYPE_U8; 285 else if (pt->type == NLA_U16) 286 type = NL_ATTR_TYPE_U16; 287 else if (pt->type == NLA_U32) 288 type = NL_ATTR_TYPE_U32; 289 else 290 type = NL_ATTR_TYPE_U64; 291 292 if (pt->validation_type == NLA_VALIDATE_MASK) { 293 if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MASK, 294 pt->mask, 295 NL_POLICY_TYPE_ATTR_PAD)) 296 goto nla_put_failure; 297 break; 298 } 299 300 nla_get_range_unsigned(pt, &range); 301 302 if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_U, 303 range.min, NL_POLICY_TYPE_ATTR_PAD) || 304 nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_U, 305 range.max, NL_POLICY_TYPE_ATTR_PAD)) 306 goto nla_put_failure; 307 break; 308 } 309 case NLA_S8: 310 case NLA_S16: 311 case NLA_S32: 312 case NLA_S64: { 313 struct netlink_range_validation_signed range; 314 315 if (pt->type == NLA_S8) 316 type = NL_ATTR_TYPE_S8; 317 else if (pt->type == NLA_S16) 318 type = NL_ATTR_TYPE_S16; 319 else if (pt->type == NLA_S32) 320 type = NL_ATTR_TYPE_S32; 321 else 322 type = NL_ATTR_TYPE_S64; 323 324 nla_get_range_signed(pt, &range); 325 326 if (nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_S, 327 range.min, NL_POLICY_TYPE_ATTR_PAD) || 328 nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_S, 329 range.max, NL_POLICY_TYPE_ATTR_PAD)) 330 goto nla_put_failure; 331 break; 332 } 333 case NLA_BITFIELD32: 334 type = NL_ATTR_TYPE_BITFIELD32; 335 if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_BITFIELD32_MASK, 336 pt->bitfield32_valid)) 337 goto nla_put_failure; 338 break; 339 case NLA_STRING: 340 case NLA_NUL_STRING: 341 case NLA_BINARY: 342 if (pt->type == NLA_STRING) 343 type = NL_ATTR_TYPE_STRING; 344 else if (pt->type == NLA_NUL_STRING) 345 type = NL_ATTR_TYPE_NUL_STRING; 346 else 347 type = NL_ATTR_TYPE_BINARY; 348 349 if (pt->validation_type == NLA_VALIDATE_RANGE || 350 pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG) { 351 struct netlink_range_validation range; 352 353 nla_get_range_unsigned(pt, &range); 354 355 if (range.min && 356 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MIN_LENGTH, 357 range.min)) 358 goto nla_put_failure; 359 360 if (range.max < U16_MAX && 361 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH, 362 range.max)) 363 goto nla_put_failure; 364 } else if (pt->len && 365 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH, 366 pt->len)) { 367 goto nla_put_failure; 368 } 369 break; 370 case NLA_FLAG: 371 type = NL_ATTR_TYPE_FLAG; 372 break; 373 } 374 375 if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_TYPE, type)) 376 goto nla_put_failure; 377 378 nla_nest_end(skb, attr); 379 WARN_ON(attr->nla_len > estimate); 380 381 return 0; 382nla_put_failure: 383 nla_nest_cancel(skb, attr); 384 return -ENOBUFS; 385} 386 387/** 388 * netlink_policy_dump_write_attr - write a given attribute policy 389 * @skb: the message skb to write to 390 * @pt: the attribute's policy 391 * @nestattr: the nested attribute ID to use 392 * 393 * Returns: 0 on success, an error code otherwise; -%ENODATA is 394 * special, indicating that there's no policy data and 395 * the attribute is generally rejected. 396 */ 397int netlink_policy_dump_write_attr(struct sk_buff *skb, 398 const struct nla_policy *pt, 399 int nestattr) 400{ 401 return __netlink_policy_dump_write_attr(NULL, skb, pt, nestattr); 402} 403 404/** 405 * netlink_policy_dump_write - write current policy dump attributes 406 * @skb: the message skb to write to 407 * @state: the policy dump state 408 * 409 * Returns: 0 on success, an error code otherwise 410 */ 411int netlink_policy_dump_write(struct sk_buff *skb, 412 struct netlink_policy_dump_state *state) 413{ 414 const struct nla_policy *pt; 415 struct nlattr *policy; 416 bool again; 417 int err; 418 419send_attribute: 420 again = false; 421 422 pt = &state->policies[state->policy_idx].policy[state->attr_idx]; 423 424 policy = nla_nest_start(skb, state->policy_idx); 425 if (!policy) 426 return -ENOBUFS; 427 428 err = __netlink_policy_dump_write_attr(state, skb, pt, state->attr_idx); 429 if (err == -ENODATA) { 430 nla_nest_cancel(skb, policy); 431 again = true; 432 goto next; 433 } else if (err) { 434 goto nla_put_failure; 435 } 436 437 /* finish and move state to next attribute */ 438 nla_nest_end(skb, policy); 439 440next: 441 state->attr_idx += 1; 442 if (state->attr_idx > state->policies[state->policy_idx].maxtype) { 443 state->attr_idx = 0; 444 state->policy_idx++; 445 } 446 447 if (again) { 448 if (netlink_policy_dump_finished(state)) 449 return -ENODATA; 450 goto send_attribute; 451 } 452 453 return 0; 454 455nla_put_failure: 456 nla_nest_cancel(skb, policy); 457 return -ENOBUFS; 458} 459 460/** 461 * netlink_policy_dump_free - free policy dump state 462 * @state: the policy dump state to free 463 * 464 * Call this from the done() method to ensure dump state is freed. 465 */ 466void netlink_policy_dump_free(struct netlink_policy_dump_state *state) 467{ 468 kfree(state); 469}