1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * NETLINK      Policy advertisement to userspace
4  *
5  * 		Authors:	Johannes Berg <johannes@sipsolutions.net>
6  *
7  * Copyright 2019 Intel Corporation
8  */
9 
10 #include <linux/kernel.h>
11 #include <linux/errno.h>
12 #include <linux/types.h>
13 #include <net/netlink.h>
14 
15 #define INITIAL_POLICIES_ALLOC	10
16 
17 struct netlink_policy_dump_state {
18 	unsigned int policy_idx;
19 	unsigned int attr_idx;
20 	unsigned int n_alloc;
21 	struct {
22 		const struct nla_policy *policy;
23 		unsigned int maxtype;
24 	} policies[] __counted_by(n_alloc);
25 };
26 
add_policy(struct netlink_policy_dump_state ** statep,const struct nla_policy * policy,unsigned int maxtype)27 static int add_policy(struct netlink_policy_dump_state **statep,
28 		      const struct nla_policy *policy,
29 		      unsigned int maxtype)
30 {
31 	struct netlink_policy_dump_state *state = *statep;
32 	unsigned int old_n_alloc, n_alloc, i;
33 
34 	if (!policy || !maxtype)
35 		return 0;
36 
37 	for (i = 0; i < state->n_alloc; i++) {
38 		if (state->policies[i].policy == policy &&
39 		    state->policies[i].maxtype == maxtype)
40 			return 0;
41 
42 		if (!state->policies[i].policy) {
43 			state->policies[i].policy = policy;
44 			state->policies[i].maxtype = maxtype;
45 			return 0;
46 		}
47 	}
48 
49 	n_alloc = state->n_alloc + INITIAL_POLICIES_ALLOC;
50 	state = krealloc(state, struct_size(state, policies, n_alloc),
51 			 GFP_KERNEL);
52 	if (!state)
53 		return -ENOMEM;
54 
55 	old_n_alloc = state->n_alloc;
56 	state->n_alloc = n_alloc;
57 	memset(&state->policies[old_n_alloc], 0,
58 	       flex_array_size(state, policies, n_alloc - old_n_alloc));
59 
60 	state->policies[old_n_alloc].policy = policy;
61 	state->policies[old_n_alloc].maxtype = maxtype;
62 	*statep = state;
63 
64 	return 0;
65 }
66 
67 /**
68  * netlink_policy_dump_get_policy_idx - retrieve policy index
69  * @state: the policy dump state
70  * @policy: the policy to find
71  * @maxtype: the policy's maxattr
72  *
73  * Returns: the index of the given policy in the dump state
74  *
75  * Call this to find a policy index when you've added multiple and e.g.
76  * need to tell userspace which command has which policy (by index).
77  *
78  * Note: this will WARN and return 0 if the policy isn't found, which
79  *	 means it wasn't added in the first place, which would be an
80  *	 internal consistency bug.
81  */
netlink_policy_dump_get_policy_idx(struct netlink_policy_dump_state * state,const struct nla_policy * policy,unsigned int maxtype)82 int netlink_policy_dump_get_policy_idx(struct netlink_policy_dump_state *state,
83 				       const struct nla_policy *policy,
84 				       unsigned int maxtype)
85 {
86 	unsigned int i;
87 
88 	if (WARN_ON(!policy || !maxtype))
89                 return 0;
90 
91 	for (i = 0; i < state->n_alloc; i++) {
92 		if (state->policies[i].policy == policy &&
93 		    state->policies[i].maxtype == maxtype)
94 			return i;
95 	}
96 
97 	WARN_ON(1);
98 	return 0;
99 }
100 
alloc_state(void)101 static struct netlink_policy_dump_state *alloc_state(void)
102 {
103 	struct netlink_policy_dump_state *state;
104 
105 	state = kzalloc(struct_size(state, policies, INITIAL_POLICIES_ALLOC),
106 			GFP_KERNEL);
107 	if (!state)
108 		return ERR_PTR(-ENOMEM);
109 	state->n_alloc = INITIAL_POLICIES_ALLOC;
110 
111 	return state;
112 }
113 
114 /**
115  * netlink_policy_dump_add_policy - add a policy to the dump
116  * @pstate: state to add to, may be reallocated, must be %NULL the first time
117  * @policy: the new policy to add to the dump
118  * @maxtype: the new policy's max attr type
119  *
120  * Returns: 0 on success, a negative error code otherwise.
121  *
122  * Call this to allocate a policy dump state, and to add policies to it. This
123  * should be called from the dump start() callback.
124  *
125  * Note: on failures, any previously allocated state is freed.
126  */
netlink_policy_dump_add_policy(struct netlink_policy_dump_state ** pstate,const struct nla_policy * policy,unsigned int maxtype)127 int netlink_policy_dump_add_policy(struct netlink_policy_dump_state **pstate,
128 				   const struct nla_policy *policy,
129 				   unsigned int maxtype)
130 {
131 	struct netlink_policy_dump_state *state = *pstate;
132 	unsigned int policy_idx;
133 	int err;
134 
135 	if (!state) {
136 		state = alloc_state();
137 		if (IS_ERR(state))
138 			return PTR_ERR(state);
139 	}
140 
141 	/*
142 	 * walk the policies and nested ones first, and build
143 	 * a linear list of them.
144 	 */
145 
146 	err = add_policy(&state, policy, maxtype);
147 	if (err)
148 		goto err_try_undo;
149 
150 	for (policy_idx = 0;
151 	     policy_idx < state->n_alloc && state->policies[policy_idx].policy;
152 	     policy_idx++) {
153 		const struct nla_policy *policy;
154 		unsigned int type;
155 
156 		policy = state->policies[policy_idx].policy;
157 
158 		for (type = 0;
159 		     type <= state->policies[policy_idx].maxtype;
160 		     type++) {
161 			switch (policy[type].type) {
162 			case NLA_NESTED:
163 			case NLA_NESTED_ARRAY:
164 				err = add_policy(&state,
165 						 policy[type].nested_policy,
166 						 policy[type].len);
167 				if (err)
168 					goto err_try_undo;
169 				break;
170 			default:
171 				break;
172 			}
173 		}
174 	}
175 
176 	*pstate = state;
177 	return 0;
178 
179 err_try_undo:
180 	/* Try to preserve reasonable unwind semantics - if we're starting from
181 	 * scratch clean up fully, otherwise record what we got and caller will.
182 	 */
183 	if (!*pstate)
184 		netlink_policy_dump_free(state);
185 	else
186 		*pstate = state;
187 	return err;
188 }
189 
190 static bool
netlink_policy_dump_finished(struct netlink_policy_dump_state * state)191 netlink_policy_dump_finished(struct netlink_policy_dump_state *state)
192 {
193 	return state->policy_idx >= state->n_alloc ||
194 	       !state->policies[state->policy_idx].policy;
195 }
196 
197 /**
198  * netlink_policy_dump_loop - dumping loop indicator
199  * @state: the policy dump state
200  *
201  * Returns: %true if the dump continues, %false otherwise
202  *
203  * Note: this frees the dump state when finishing
204  */
netlink_policy_dump_loop(struct netlink_policy_dump_state * state)205 bool netlink_policy_dump_loop(struct netlink_policy_dump_state *state)
206 {
207 	return !netlink_policy_dump_finished(state);
208 }
209 
netlink_policy_dump_attr_size_estimate(const struct nla_policy * pt)210 int netlink_policy_dump_attr_size_estimate(const struct nla_policy *pt)
211 {
212 	/* nested + type */
213 	int common = 2 * nla_attr_size(sizeof(u32));
214 
215 	switch (pt->type) {
216 	case NLA_UNSPEC:
217 	case NLA_REJECT:
218 		/* these actually don't need any space */
219 		return 0;
220 	case NLA_NESTED:
221 	case NLA_NESTED_ARRAY:
222 		/* common, policy idx, policy maxattr */
223 		return common + 2 * nla_attr_size(sizeof(u32));
224 	case NLA_U8:
225 	case NLA_U16:
226 	case NLA_U32:
227 	case NLA_U64:
228 	case NLA_MSECS:
229 	case NLA_S8:
230 	case NLA_S16:
231 	case NLA_S32:
232 	case NLA_S64:
233 	case NLA_SINT:
234 	case NLA_UINT:
235 		/* maximum is common, u64 min/max with padding */
236 		return common +
237 		       2 * (nla_attr_size(0) + nla_attr_size(sizeof(u64)));
238 	case NLA_BITFIELD32:
239 		return common + nla_attr_size(sizeof(u32));
240 	case NLA_STRING:
241 	case NLA_NUL_STRING:
242 	case NLA_BINARY:
243 		/* maximum is common, u32 min-length/max-length */
244 		return common + 2 * nla_attr_size(sizeof(u32));
245 	case NLA_FLAG:
246 		return common;
247 	}
248 
249 	/* this should then cause a warning later */
250 	return 0;
251 }
252 
253 static int
__netlink_policy_dump_write_attr(struct netlink_policy_dump_state * state,struct sk_buff * skb,const struct nla_policy * pt,int nestattr)254 __netlink_policy_dump_write_attr(struct netlink_policy_dump_state *state,
255 				 struct sk_buff *skb,
256 				 const struct nla_policy *pt,
257 				 int nestattr)
258 {
259 	int estimate = netlink_policy_dump_attr_size_estimate(pt);
260 	enum netlink_attribute_type type;
261 	struct nlattr *attr;
262 
263 	attr = nla_nest_start(skb, nestattr);
264 	if (!attr)
265 		return -ENOBUFS;
266 
267 	switch (pt->type) {
268 	default:
269 	case NLA_UNSPEC:
270 	case NLA_REJECT:
271 		/* skip - use NLA_MIN_LEN to advertise such */
272 		nla_nest_cancel(skb, attr);
273 		return -ENODATA;
274 	case NLA_NESTED:
275 		type = NL_ATTR_TYPE_NESTED;
276 		fallthrough;
277 	case NLA_NESTED_ARRAY:
278 		if (pt->type == NLA_NESTED_ARRAY)
279 			type = NL_ATTR_TYPE_NESTED_ARRAY;
280 		if (state && pt->nested_policy && pt->len &&
281 		    (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_IDX,
282 				 netlink_policy_dump_get_policy_idx(state,
283 								    pt->nested_policy,
284 								    pt->len)) ||
285 		     nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_MAXTYPE,
286 				 pt->len)))
287 			goto nla_put_failure;
288 		break;
289 	case NLA_U8:
290 	case NLA_U16:
291 	case NLA_U32:
292 	case NLA_U64:
293 	case NLA_UINT:
294 	case NLA_MSECS: {
295 		struct netlink_range_validation range;
296 
297 		if (pt->type == NLA_U8)
298 			type = NL_ATTR_TYPE_U8;
299 		else if (pt->type == NLA_U16)
300 			type = NL_ATTR_TYPE_U16;
301 		else if (pt->type == NLA_U32)
302 			type = NL_ATTR_TYPE_U32;
303 		else if (pt->type == NLA_U64)
304 			type = NL_ATTR_TYPE_U64;
305 		else
306 			type = NL_ATTR_TYPE_UINT;
307 
308 		if (pt->validation_type == NLA_VALIDATE_MASK) {
309 			if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MASK,
310 					      pt->mask,
311 					      NL_POLICY_TYPE_ATTR_PAD))
312 				goto nla_put_failure;
313 			break;
314 		}
315 
316 		nla_get_range_unsigned(pt, &range);
317 
318 		if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_U,
319 				      range.min, NL_POLICY_TYPE_ATTR_PAD) ||
320 		    nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_U,
321 				      range.max, NL_POLICY_TYPE_ATTR_PAD))
322 			goto nla_put_failure;
323 		break;
324 	}
325 	case NLA_S8:
326 	case NLA_S16:
327 	case NLA_S32:
328 	case NLA_S64:
329 	case NLA_SINT: {
330 		struct netlink_range_validation_signed range;
331 
332 		if (pt->type == NLA_S8)
333 			type = NL_ATTR_TYPE_S8;
334 		else if (pt->type == NLA_S16)
335 			type = NL_ATTR_TYPE_S16;
336 		else if (pt->type == NLA_S32)
337 			type = NL_ATTR_TYPE_S32;
338 		else if (pt->type == NLA_S64)
339 			type = NL_ATTR_TYPE_S64;
340 		else
341 			type = NL_ATTR_TYPE_SINT;
342 
343 		nla_get_range_signed(pt, &range);
344 
345 		if (nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_S,
346 				range.min, NL_POLICY_TYPE_ATTR_PAD) ||
347 		    nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_S,
348 				range.max, NL_POLICY_TYPE_ATTR_PAD))
349 			goto nla_put_failure;
350 		break;
351 	}
352 	case NLA_BITFIELD32:
353 		type = NL_ATTR_TYPE_BITFIELD32;
354 		if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_BITFIELD32_MASK,
355 				pt->bitfield32_valid))
356 			goto nla_put_failure;
357 		break;
358 	case NLA_STRING:
359 	case NLA_NUL_STRING:
360 	case NLA_BINARY:
361 		if (pt->type == NLA_STRING)
362 			type = NL_ATTR_TYPE_STRING;
363 		else if (pt->type == NLA_NUL_STRING)
364 			type = NL_ATTR_TYPE_NUL_STRING;
365 		else
366 			type = NL_ATTR_TYPE_BINARY;
367 
368 		if (pt->validation_type == NLA_VALIDATE_RANGE ||
369 		    pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG) {
370 			struct netlink_range_validation range;
371 
372 			nla_get_range_unsigned(pt, &range);
373 
374 			if (range.min &&
375 			    nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MIN_LENGTH,
376 					range.min))
377 				goto nla_put_failure;
378 
379 			if (range.max < U16_MAX &&
380 			    nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH,
381 					range.max))
382 				goto nla_put_failure;
383 		} else if (pt->len &&
384 			   nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH,
385 				       pt->len)) {
386 			goto nla_put_failure;
387 		}
388 		break;
389 	case NLA_FLAG:
390 		type = NL_ATTR_TYPE_FLAG;
391 		break;
392 	}
393 
394 	if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_TYPE, type))
395 		goto nla_put_failure;
396 
397 	nla_nest_end(skb, attr);
398 	WARN_ON(attr->nla_len > estimate);
399 
400 	return 0;
401 nla_put_failure:
402 	nla_nest_cancel(skb, attr);
403 	return -ENOBUFS;
404 }
405 
406 /**
407  * netlink_policy_dump_write_attr - write a given attribute policy
408  * @skb: the message skb to write to
409  * @pt: the attribute's policy
410  * @nestattr: the nested attribute ID to use
411  *
412  * Returns: 0 on success, an error code otherwise; -%ENODATA is
413  *	    special, indicating that there's no policy data and
414  *	    the attribute is generally rejected.
415  */
netlink_policy_dump_write_attr(struct sk_buff * skb,const struct nla_policy * pt,int nestattr)416 int netlink_policy_dump_write_attr(struct sk_buff *skb,
417 				   const struct nla_policy *pt,
418 				   int nestattr)
419 {
420 	return __netlink_policy_dump_write_attr(NULL, skb, pt, nestattr);
421 }
422 
423 /**
424  * netlink_policy_dump_write - write current policy dump attributes
425  * @skb: the message skb to write to
426  * @state: the policy dump state
427  *
428  * Returns: 0 on success, an error code otherwise
429  */
netlink_policy_dump_write(struct sk_buff * skb,struct netlink_policy_dump_state * state)430 int netlink_policy_dump_write(struct sk_buff *skb,
431 			      struct netlink_policy_dump_state *state)
432 {
433 	const struct nla_policy *pt;
434 	struct nlattr *policy;
435 	bool again;
436 	int err;
437 
438 send_attribute:
439 	again = false;
440 
441 	pt = &state->policies[state->policy_idx].policy[state->attr_idx];
442 
443 	policy = nla_nest_start(skb, state->policy_idx);
444 	if (!policy)
445 		return -ENOBUFS;
446 
447 	err = __netlink_policy_dump_write_attr(state, skb, pt, state->attr_idx);
448 	if (err == -ENODATA) {
449 		nla_nest_cancel(skb, policy);
450 		again = true;
451 		goto next;
452 	} else if (err) {
453 		goto nla_put_failure;
454 	}
455 
456 	/* finish and move state to next attribute */
457 	nla_nest_end(skb, policy);
458 
459 next:
460 	state->attr_idx += 1;
461 	if (state->attr_idx > state->policies[state->policy_idx].maxtype) {
462 		state->attr_idx = 0;
463 		state->policy_idx++;
464 	}
465 
466 	if (again) {
467 		if (netlink_policy_dump_finished(state))
468 			return -ENODATA;
469 		goto send_attribute;
470 	}
471 
472 	return 0;
473 
474 nla_put_failure:
475 	nla_nest_cancel(skb, policy);
476 	return -ENOBUFS;
477 }
478 
479 /**
480  * netlink_policy_dump_free - free policy dump state
481  * @state: the policy dump state to free
482  *
483  * Call this from the done() method to ensure dump state is freed.
484  */
netlink_policy_dump_free(struct netlink_policy_dump_state * state)485 void netlink_policy_dump_free(struct netlink_policy_dump_state *state)
486 {
487 	kfree(state);
488 }
489