1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * NETLINK Policy advertisement to userspace
4 *
5 * Authors: Johannes Berg <johannes@sipsolutions.net>
6 *
7 * Copyright 2019 Intel Corporation
8 */
9
10 #include <linux/kernel.h>
11 #include <linux/errno.h>
12 #include <linux/types.h>
13 #include <net/netlink.h>
14
15 #define INITIAL_POLICIES_ALLOC 10
16
17 struct netlink_policy_dump_state {
18 unsigned int policy_idx;
19 unsigned int attr_idx;
20 unsigned int n_alloc;
21 struct {
22 const struct nla_policy *policy;
23 unsigned int maxtype;
24 } policies[];
25 };
26
add_policy(struct netlink_policy_dump_state ** statep,const struct nla_policy * policy,unsigned int maxtype)27 static int add_policy(struct netlink_policy_dump_state **statep,
28 const struct nla_policy *policy,
29 unsigned int maxtype)
30 {
31 struct netlink_policy_dump_state *state = *statep;
32 unsigned int n_alloc, i;
33
34 if (!policy || !maxtype)
35 return 0;
36
37 for (i = 0; i < state->n_alloc; i++) {
38 if (state->policies[i].policy == policy &&
39 state->policies[i].maxtype == maxtype)
40 return 0;
41
42 if (!state->policies[i].policy) {
43 state->policies[i].policy = policy;
44 state->policies[i].maxtype = maxtype;
45 return 0;
46 }
47 }
48
49 n_alloc = state->n_alloc + INITIAL_POLICIES_ALLOC;
50 state = krealloc(state, struct_size(state, policies, n_alloc),
51 GFP_KERNEL);
52 if (!state)
53 return -ENOMEM;
54
55 memset(&state->policies[state->n_alloc], 0,
56 flex_array_size(state, policies, n_alloc - state->n_alloc));
57
58 state->policies[state->n_alloc].policy = policy;
59 state->policies[state->n_alloc].maxtype = maxtype;
60 state->n_alloc = n_alloc;
61 *statep = state;
62
63 return 0;
64 }
65
66 /**
67 * netlink_policy_dump_get_policy_idx - retrieve policy index
68 * @state: the policy dump state
69 * @policy: the policy to find
70 * @maxtype: the policy's maxattr
71 *
72 * Returns: the index of the given policy in the dump state
73 *
74 * Call this to find a policy index when you've added multiple and e.g.
75 * need to tell userspace which command has which policy (by index).
76 *
77 * Note: this will WARN and return 0 if the policy isn't found, which
78 * means it wasn't added in the first place, which would be an
79 * internal consistency bug.
80 */
netlink_policy_dump_get_policy_idx(struct netlink_policy_dump_state * state,const struct nla_policy * policy,unsigned int maxtype)81 int netlink_policy_dump_get_policy_idx(struct netlink_policy_dump_state *state,
82 const struct nla_policy *policy,
83 unsigned int maxtype)
84 {
85 unsigned int i;
86
87 if (WARN_ON(!policy || !maxtype))
88 return 0;
89
90 for (i = 0; i < state->n_alloc; i++) {
91 if (state->policies[i].policy == policy &&
92 state->policies[i].maxtype == maxtype)
93 return i;
94 }
95
96 WARN_ON(1);
97 return 0;
98 }
99
alloc_state(void)100 static struct netlink_policy_dump_state *alloc_state(void)
101 {
102 struct netlink_policy_dump_state *state;
103
104 state = kzalloc(struct_size(state, policies, INITIAL_POLICIES_ALLOC),
105 GFP_KERNEL);
106 if (!state)
107 return ERR_PTR(-ENOMEM);
108 state->n_alloc = INITIAL_POLICIES_ALLOC;
109
110 return state;
111 }
112
113 /**
114 * netlink_policy_dump_add_policy - add a policy to the dump
115 * @pstate: state to add to, may be reallocated, must be %NULL the first time
116 * @policy: the new policy to add to the dump
117 * @maxtype: the new policy's max attr type
118 *
119 * Returns: 0 on success, a negative error code otherwise.
120 *
121 * Call this to allocate a policy dump state, and to add policies to it. This
122 * should be called from the dump start() callback.
123 *
124 * Note: on failures, any previously allocated state is freed.
125 */
netlink_policy_dump_add_policy(struct netlink_policy_dump_state ** pstate,const struct nla_policy * policy,unsigned int maxtype)126 int netlink_policy_dump_add_policy(struct netlink_policy_dump_state **pstate,
127 const struct nla_policy *policy,
128 unsigned int maxtype)
129 {
130 struct netlink_policy_dump_state *state = *pstate;
131 unsigned int policy_idx;
132 int err;
133
134 if (!state) {
135 state = alloc_state();
136 if (IS_ERR(state))
137 return PTR_ERR(state);
138 }
139
140 /*
141 * walk the policies and nested ones first, and build
142 * a linear list of them.
143 */
144
145 err = add_policy(&state, policy, maxtype);
146 if (err)
147 goto err_try_undo;
148
149 for (policy_idx = 0;
150 policy_idx < state->n_alloc && state->policies[policy_idx].policy;
151 policy_idx++) {
152 const struct nla_policy *policy;
153 unsigned int type;
154
155 policy = state->policies[policy_idx].policy;
156
157 for (type = 0;
158 type <= state->policies[policy_idx].maxtype;
159 type++) {
160 switch (policy[type].type) {
161 case NLA_NESTED:
162 case NLA_NESTED_ARRAY:
163 err = add_policy(&state,
164 policy[type].nested_policy,
165 policy[type].len);
166 if (err)
167 goto err_try_undo;
168 break;
169 default:
170 break;
171 }
172 }
173 }
174
175 *pstate = state;
176 return 0;
177
178 err_try_undo:
179 /* Try to preserve reasonable unwind semantics - if we're starting from
180 * scratch clean up fully, otherwise record what we got and caller will.
181 */
182 if (!*pstate)
183 netlink_policy_dump_free(state);
184 else
185 *pstate = state;
186 return err;
187 }
188
189 static bool
netlink_policy_dump_finished(struct netlink_policy_dump_state * state)190 netlink_policy_dump_finished(struct netlink_policy_dump_state *state)
191 {
192 return state->policy_idx >= state->n_alloc ||
193 !state->policies[state->policy_idx].policy;
194 }
195
196 /**
197 * netlink_policy_dump_loop - dumping loop indicator
198 * @state: the policy dump state
199 *
200 * Returns: %true if the dump continues, %false otherwise
201 *
202 * Note: this frees the dump state when finishing
203 */
netlink_policy_dump_loop(struct netlink_policy_dump_state * state)204 bool netlink_policy_dump_loop(struct netlink_policy_dump_state *state)
205 {
206 return !netlink_policy_dump_finished(state);
207 }
208
netlink_policy_dump_attr_size_estimate(const struct nla_policy * pt)209 int netlink_policy_dump_attr_size_estimate(const struct nla_policy *pt)
210 {
211 /* nested + type */
212 int common = 2 * nla_attr_size(sizeof(u32));
213
214 switch (pt->type) {
215 case NLA_UNSPEC:
216 case NLA_REJECT:
217 /* these actually don't need any space */
218 return 0;
219 case NLA_NESTED:
220 case NLA_NESTED_ARRAY:
221 /* common, policy idx, policy maxattr */
222 return common + 2 * nla_attr_size(sizeof(u32));
223 case NLA_U8:
224 case NLA_U16:
225 case NLA_U32:
226 case NLA_U64:
227 case NLA_MSECS:
228 case NLA_S8:
229 case NLA_S16:
230 case NLA_S32:
231 case NLA_S64:
232 /* maximum is common, u64 min/max with padding */
233 return common +
234 2 * (nla_attr_size(0) + nla_attr_size(sizeof(u64)));
235 case NLA_BITFIELD32:
236 return common + nla_attr_size(sizeof(u32));
237 case NLA_STRING:
238 case NLA_NUL_STRING:
239 case NLA_BINARY:
240 /* maximum is common, u32 min-length/max-length */
241 return common + 2 * nla_attr_size(sizeof(u32));
242 case NLA_FLAG:
243 return common;
244 }
245
246 /* this should then cause a warning later */
247 return 0;
248 }
249
250 static int
__netlink_policy_dump_write_attr(struct netlink_policy_dump_state * state,struct sk_buff * skb,const struct nla_policy * pt,int nestattr)251 __netlink_policy_dump_write_attr(struct netlink_policy_dump_state *state,
252 struct sk_buff *skb,
253 const struct nla_policy *pt,
254 int nestattr)
255 {
256 int estimate = netlink_policy_dump_attr_size_estimate(pt);
257 enum netlink_attribute_type type;
258 struct nlattr *attr;
259
260 attr = nla_nest_start(skb, nestattr);
261 if (!attr)
262 return -ENOBUFS;
263
264 switch (pt->type) {
265 default:
266 case NLA_UNSPEC:
267 case NLA_REJECT:
268 /* skip - use NLA_MIN_LEN to advertise such */
269 nla_nest_cancel(skb, attr);
270 return -ENODATA;
271 case NLA_NESTED:
272 type = NL_ATTR_TYPE_NESTED;
273 fallthrough;
274 case NLA_NESTED_ARRAY:
275 if (pt->type == NLA_NESTED_ARRAY)
276 type = NL_ATTR_TYPE_NESTED_ARRAY;
277 if (state && pt->nested_policy && pt->len &&
278 (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_IDX,
279 netlink_policy_dump_get_policy_idx(state,
280 pt->nested_policy,
281 pt->len)) ||
282 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_MAXTYPE,
283 pt->len)))
284 goto nla_put_failure;
285 break;
286 case NLA_U8:
287 case NLA_U16:
288 case NLA_U32:
289 case NLA_U64:
290 case NLA_MSECS: {
291 struct netlink_range_validation range;
292
293 if (pt->type == NLA_U8)
294 type = NL_ATTR_TYPE_U8;
295 else if (pt->type == NLA_U16)
296 type = NL_ATTR_TYPE_U16;
297 else if (pt->type == NLA_U32)
298 type = NL_ATTR_TYPE_U32;
299 else
300 type = NL_ATTR_TYPE_U64;
301
302 if (pt->validation_type == NLA_VALIDATE_MASK) {
303 if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MASK,
304 pt->mask,
305 NL_POLICY_TYPE_ATTR_PAD))
306 goto nla_put_failure;
307 break;
308 }
309
310 nla_get_range_unsigned(pt, &range);
311
312 if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_U,
313 range.min, NL_POLICY_TYPE_ATTR_PAD) ||
314 nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_U,
315 range.max, NL_POLICY_TYPE_ATTR_PAD))
316 goto nla_put_failure;
317 break;
318 }
319 case NLA_S8:
320 case NLA_S16:
321 case NLA_S32:
322 case NLA_S64: {
323 struct netlink_range_validation_signed range;
324
325 if (pt->type == NLA_S8)
326 type = NL_ATTR_TYPE_S8;
327 else if (pt->type == NLA_S16)
328 type = NL_ATTR_TYPE_S16;
329 else if (pt->type == NLA_S32)
330 type = NL_ATTR_TYPE_S32;
331 else
332 type = NL_ATTR_TYPE_S64;
333
334 nla_get_range_signed(pt, &range);
335
336 if (nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_S,
337 range.min, NL_POLICY_TYPE_ATTR_PAD) ||
338 nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_S,
339 range.max, NL_POLICY_TYPE_ATTR_PAD))
340 goto nla_put_failure;
341 break;
342 }
343 case NLA_BITFIELD32:
344 type = NL_ATTR_TYPE_BITFIELD32;
345 if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_BITFIELD32_MASK,
346 pt->bitfield32_valid))
347 goto nla_put_failure;
348 break;
349 case NLA_STRING:
350 case NLA_NUL_STRING:
351 case NLA_BINARY:
352 if (pt->type == NLA_STRING)
353 type = NL_ATTR_TYPE_STRING;
354 else if (pt->type == NLA_NUL_STRING)
355 type = NL_ATTR_TYPE_NUL_STRING;
356 else
357 type = NL_ATTR_TYPE_BINARY;
358
359 if (pt->validation_type == NLA_VALIDATE_RANGE ||
360 pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG) {
361 struct netlink_range_validation range;
362
363 nla_get_range_unsigned(pt, &range);
364
365 if (range.min &&
366 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MIN_LENGTH,
367 range.min))
368 goto nla_put_failure;
369
370 if (range.max < U16_MAX &&
371 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH,
372 range.max))
373 goto nla_put_failure;
374 } else if (pt->len &&
375 nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH,
376 pt->len)) {
377 goto nla_put_failure;
378 }
379 break;
380 case NLA_FLAG:
381 type = NL_ATTR_TYPE_FLAG;
382 break;
383 }
384
385 if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_TYPE, type))
386 goto nla_put_failure;
387
388 nla_nest_end(skb, attr);
389 WARN_ON(attr->nla_len > estimate);
390
391 return 0;
392 nla_put_failure:
393 nla_nest_cancel(skb, attr);
394 return -ENOBUFS;
395 }
396
397 /**
398 * netlink_policy_dump_write_attr - write a given attribute policy
399 * @skb: the message skb to write to
400 * @pt: the attribute's policy
401 * @nestattr: the nested attribute ID to use
402 *
403 * Returns: 0 on success, an error code otherwise; -%ENODATA is
404 * special, indicating that there's no policy data and
405 * the attribute is generally rejected.
406 */
netlink_policy_dump_write_attr(struct sk_buff * skb,const struct nla_policy * pt,int nestattr)407 int netlink_policy_dump_write_attr(struct sk_buff *skb,
408 const struct nla_policy *pt,
409 int nestattr)
410 {
411 return __netlink_policy_dump_write_attr(NULL, skb, pt, nestattr);
412 }
413
414 /**
415 * netlink_policy_dump_write - write current policy dump attributes
416 * @skb: the message skb to write to
417 * @state: the policy dump state
418 *
419 * Returns: 0 on success, an error code otherwise
420 */
netlink_policy_dump_write(struct sk_buff * skb,struct netlink_policy_dump_state * state)421 int netlink_policy_dump_write(struct sk_buff *skb,
422 struct netlink_policy_dump_state *state)
423 {
424 const struct nla_policy *pt;
425 struct nlattr *policy;
426 bool again;
427 int err;
428
429 send_attribute:
430 again = false;
431
432 pt = &state->policies[state->policy_idx].policy[state->attr_idx];
433
434 policy = nla_nest_start(skb, state->policy_idx);
435 if (!policy)
436 return -ENOBUFS;
437
438 err = __netlink_policy_dump_write_attr(state, skb, pt, state->attr_idx);
439 if (err == -ENODATA) {
440 nla_nest_cancel(skb, policy);
441 again = true;
442 goto next;
443 } else if (err) {
444 goto nla_put_failure;
445 }
446
447 /* finish and move state to next attribute */
448 nla_nest_end(skb, policy);
449
450 next:
451 state->attr_idx += 1;
452 if (state->attr_idx > state->policies[state->policy_idx].maxtype) {
453 state->attr_idx = 0;
454 state->policy_idx++;
455 }
456
457 if (again) {
458 if (netlink_policy_dump_finished(state))
459 return -ENODATA;
460 goto send_attribute;
461 }
462
463 return 0;
464
465 nla_put_failure:
466 nla_nest_cancel(skb, policy);
467 return -ENOBUFS;
468 }
469
470 /**
471 * netlink_policy_dump_free - free policy dump state
472 * @state: the policy dump state to free
473 *
474 * Call this from the done() method to ensure dump state is freed.
475 */
netlink_policy_dump_free(struct netlink_policy_dump_state * state)476 void netlink_policy_dump_free(struct netlink_policy_dump_state *state)
477 {
478 kfree(state);
479 }
480
