1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * NETLINK      Policy advertisement to userspace
4  *
5  * 		Authors:	Johannes Berg <johannes@sipsolutions.net>
6  *
7  * Copyright 2019 Intel Corporation
8  */
9 
10 #include <linux/kernel.h>
11 #include <linux/errno.h>
12 #include <linux/types.h>
13 #include <net/netlink.h>
14 
15 #define INITIAL_POLICIES_ALLOC	10
16 
17 struct netlink_policy_dump_state {
18 	unsigned int policy_idx;
19 	unsigned int attr_idx;
20 	unsigned int n_alloc;
21 	struct {
22 		const struct nla_policy *policy;
23 		unsigned int maxtype;
24 	} policies[];
25 };
26 
add_policy(struct netlink_policy_dump_state ** statep,const struct nla_policy * policy,unsigned int maxtype)27 static int add_policy(struct netlink_policy_dump_state **statep,
28 		      const struct nla_policy *policy,
29 		      unsigned int maxtype)
30 {
31 	struct netlink_policy_dump_state *state = *statep;
32 	unsigned int n_alloc, i;
33 
34 	if (!policy || !maxtype)
35 		return 0;
36 
37 	for (i = 0; i < state->n_alloc; i++) {
38 		if (state->policies[i].policy == policy &&
39 		    state->policies[i].maxtype == maxtype)
40 			return 0;
41 
42 		if (!state->policies[i].policy) {
43 			state->policies[i].policy = policy;
44 			state->policies[i].maxtype = maxtype;
45 			return 0;
46 		}
47 	}
48 
49 	n_alloc = state->n_alloc + INITIAL_POLICIES_ALLOC;
50 	state = krealloc(state, struct_size(state, policies, n_alloc),
51 			 GFP_KERNEL);
52 	if (!state)
53 		return -ENOMEM;
54 
55 	memset(&state->policies[state->n_alloc], 0,
56 	       flex_array_size(state, policies, n_alloc - state->n_alloc));
57 
58 	state->policies[state->n_alloc].policy = policy;
59 	state->policies[state->n_alloc].maxtype = maxtype;
60 	state->n_alloc = n_alloc;
61 	*statep = state;
62 
63 	return 0;
64 }
65 
66 /**
67  * netlink_policy_dump_get_policy_idx - retrieve policy index
68  * @state: the policy dump state
69  * @policy: the policy to find
70  * @maxtype: the policy's maxattr
71  *
72  * Returns: the index of the given policy in the dump state
73  *
74  * Call this to find a policy index when you've added multiple and e.g.
75  * need to tell userspace which command has which policy (by index).
76  *
77  * Note: this will WARN and return 0 if the policy isn't found, which
78  *	 means it wasn't added in the first place, which would be an
79  *	 internal consistency bug.
80  */
netlink_policy_dump_get_policy_idx(struct netlink_policy_dump_state * state,const struct nla_policy * policy,unsigned int maxtype)81 int netlink_policy_dump_get_policy_idx(struct netlink_policy_dump_state *state,
82 				       const struct nla_policy *policy,
83 				       unsigned int maxtype)
84 {
85 	unsigned int i;
86 
87 	if (WARN_ON(!policy || !maxtype))
88                 return 0;
89 
90 	for (i = 0; i < state->n_alloc; i++) {
91 		if (state->policies[i].policy == policy &&
92 		    state->policies[i].maxtype == maxtype)
93 			return i;
94 	}
95 
96 	WARN_ON(1);
97 	return 0;
98 }
99 
alloc_state(void)100 static struct netlink_policy_dump_state *alloc_state(void)
101 {
102 	struct netlink_policy_dump_state *state;
103 
104 	state = kzalloc(struct_size(state, policies, INITIAL_POLICIES_ALLOC),
105 			GFP_KERNEL);
106 	if (!state)
107 		return ERR_PTR(-ENOMEM);
108 	state->n_alloc = INITIAL_POLICIES_ALLOC;
109 
110 	return state;
111 }
112 
113 /**
114  * netlink_policy_dump_add_policy - add a policy to the dump
115  * @pstate: state to add to, may be reallocated, must be %NULL the first time
116  * @policy: the new policy to add to the dump
117  * @maxtype: the new policy's max attr type
118  *
119  * Returns: 0 on success, a negative error code otherwise.
120  *
121  * Call this to allocate a policy dump state, and to add policies to it. This
122  * should be called from the dump start() callback.
123  *
124  * Note: on failures, any previously allocated state is freed.
125  */
netlink_policy_dump_add_policy(struct netlink_policy_dump_state ** pstate,const struct nla_policy * policy,unsigned int maxtype)126 int netlink_policy_dump_add_policy(struct netlink_policy_dump_state **pstate,
127 				   const struct nla_policy *policy,
128 				   unsigned int maxtype)
129 {
130 	struct netlink_policy_dump_state *state = *pstate;
131 	unsigned int policy_idx;
132 	int err;
133 
134 	if (!state) {
135 		state = alloc_state();
136 		if (IS_ERR(state))
137 			return PTR_ERR(state);
138 	}
139 
140 	/*
141 	 * walk the policies and nested ones first, and build
142 	 * a linear list of them.
143 	 */
144 
145 	err = add_policy(&state, policy, maxtype);
146 	if (err)
147 		goto err_try_undo;
148 
149 	for (policy_idx = 0;
150 	     policy_idx < state->n_alloc && state->policies[policy_idx].policy;
151 	     policy_idx++) {
152 		const struct nla_policy *policy;
153 		unsigned int type;
154 
155 		policy = state->policies[policy_idx].policy;
156 
157 		for (type = 0;
158 		     type <= state->policies[policy_idx].maxtype;
159 		     type++) {
160 			switch (policy[type].type) {
161 			case NLA_NESTED:
162 			case NLA_NESTED_ARRAY:
163 				err = add_policy(&state,
164 						 policy[type].nested_policy,
165 						 policy[type].len);
166 				if (err)
167 					goto err_try_undo;
168 				break;
169 			default:
170 				break;
171 			}
172 		}
173 	}
174 
175 	*pstate = state;
176 	return 0;
177 
178 err_try_undo:
179 	/* Try to preserve reasonable unwind semantics - if we're starting from
180 	 * scratch clean up fully, otherwise record what we got and caller will.
181 	 */
182 	if (!*pstate)
183 		netlink_policy_dump_free(state);
184 	else
185 		*pstate = state;
186 	return err;
187 }
188 
189 static bool
netlink_policy_dump_finished(struct netlink_policy_dump_state * state)190 netlink_policy_dump_finished(struct netlink_policy_dump_state *state)
191 {
192 	return state->policy_idx >= state->n_alloc ||
193 	       !state->policies[state->policy_idx].policy;
194 }
195 
196 /**
197  * netlink_policy_dump_loop - dumping loop indicator
198  * @state: the policy dump state
199  *
200  * Returns: %true if the dump continues, %false otherwise
201  *
202  * Note: this frees the dump state when finishing
203  */
netlink_policy_dump_loop(struct netlink_policy_dump_state * state)204 bool netlink_policy_dump_loop(struct netlink_policy_dump_state *state)
205 {
206 	return !netlink_policy_dump_finished(state);
207 }
208 
netlink_policy_dump_attr_size_estimate(const struct nla_policy * pt)209 int netlink_policy_dump_attr_size_estimate(const struct nla_policy *pt)
210 {
211 	/* nested + type */
212 	int common = 2 * nla_attr_size(sizeof(u32));
213 
214 	switch (pt->type) {
215 	case NLA_UNSPEC:
216 	case NLA_REJECT:
217 		/* these actually don't need any space */
218 		return 0;
219 	case NLA_NESTED:
220 	case NLA_NESTED_ARRAY:
221 		/* common, policy idx, policy maxattr */
222 		return common + 2 * nla_attr_size(sizeof(u32));
223 	case NLA_U8:
224 	case NLA_U16:
225 	case NLA_U32:
226 	case NLA_U64:
227 	case NLA_MSECS:
228 	case NLA_S8:
229 	case NLA_S16:
230 	case NLA_S32:
231 	case NLA_S64:
232 		/* maximum is common, u64 min/max with padding */
233 		return common +
234 		       2 * (nla_attr_size(0) + nla_attr_size(sizeof(u64)));
235 	case NLA_BITFIELD32:
236 		return common + nla_attr_size(sizeof(u32));
237 	case NLA_STRING:
238 	case NLA_NUL_STRING:
239 	case NLA_BINARY:
240 		/* maximum is common, u32 min-length/max-length */
241 		return common + 2 * nla_attr_size(sizeof(u32));
242 	case NLA_FLAG:
243 		return common;
244 	}
245 
246 	/* this should then cause a warning later */
247 	return 0;
248 }
249 
250 static int
__netlink_policy_dump_write_attr(struct netlink_policy_dump_state * state,struct sk_buff * skb,const struct nla_policy * pt,int nestattr)251 __netlink_policy_dump_write_attr(struct netlink_policy_dump_state *state,
252 				 struct sk_buff *skb,
253 				 const struct nla_policy *pt,
254 				 int nestattr)
255 {
256 	int estimate = netlink_policy_dump_attr_size_estimate(pt);
257 	enum netlink_attribute_type type;
258 	struct nlattr *attr;
259 
260 	attr = nla_nest_start(skb, nestattr);
261 	if (!attr)
262 		return -ENOBUFS;
263 
264 	switch (pt->type) {
265 	default:
266 	case NLA_UNSPEC:
267 	case NLA_REJECT:
268 		/* skip - use NLA_MIN_LEN to advertise such */
269 		nla_nest_cancel(skb, attr);
270 		return -ENODATA;
271 	case NLA_NESTED:
272 		type = NL_ATTR_TYPE_NESTED;
273 		fallthrough;
274 	case NLA_NESTED_ARRAY:
275 		if (pt->type == NLA_NESTED_ARRAY)
276 			type = NL_ATTR_TYPE_NESTED_ARRAY;
277 		if (state && pt->nested_policy && pt->len &&
278 		    (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_IDX,
279 				 netlink_policy_dump_get_policy_idx(state,
280 								    pt->nested_policy,
281 								    pt->len)) ||
282 		     nla_put_u32(skb, NL_POLICY_TYPE_ATTR_POLICY_MAXTYPE,
283 				 pt->len)))
284 			goto nla_put_failure;
285 		break;
286 	case NLA_U8:
287 	case NLA_U16:
288 	case NLA_U32:
289 	case NLA_U64:
290 	case NLA_MSECS: {
291 		struct netlink_range_validation range;
292 
293 		if (pt->type == NLA_U8)
294 			type = NL_ATTR_TYPE_U8;
295 		else if (pt->type == NLA_U16)
296 			type = NL_ATTR_TYPE_U16;
297 		else if (pt->type == NLA_U32)
298 			type = NL_ATTR_TYPE_U32;
299 		else
300 			type = NL_ATTR_TYPE_U64;
301 
302 		if (pt->validation_type == NLA_VALIDATE_MASK) {
303 			if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MASK,
304 					      pt->mask,
305 					      NL_POLICY_TYPE_ATTR_PAD))
306 				goto nla_put_failure;
307 			break;
308 		}
309 
310 		nla_get_range_unsigned(pt, &range);
311 
312 		if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_U,
313 				      range.min, NL_POLICY_TYPE_ATTR_PAD) ||
314 		    nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_U,
315 				      range.max, NL_POLICY_TYPE_ATTR_PAD))
316 			goto nla_put_failure;
317 		break;
318 	}
319 	case NLA_S8:
320 	case NLA_S16:
321 	case NLA_S32:
322 	case NLA_S64: {
323 		struct netlink_range_validation_signed range;
324 
325 		if (pt->type == NLA_S8)
326 			type = NL_ATTR_TYPE_S8;
327 		else if (pt->type == NLA_S16)
328 			type = NL_ATTR_TYPE_S16;
329 		else if (pt->type == NLA_S32)
330 			type = NL_ATTR_TYPE_S32;
331 		else
332 			type = NL_ATTR_TYPE_S64;
333 
334 		nla_get_range_signed(pt, &range);
335 
336 		if (nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_S,
337 				range.min, NL_POLICY_TYPE_ATTR_PAD) ||
338 		    nla_put_s64(skb, NL_POLICY_TYPE_ATTR_MAX_VALUE_S,
339 				range.max, NL_POLICY_TYPE_ATTR_PAD))
340 			goto nla_put_failure;
341 		break;
342 	}
343 	case NLA_BITFIELD32:
344 		type = NL_ATTR_TYPE_BITFIELD32;
345 		if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_BITFIELD32_MASK,
346 				pt->bitfield32_valid))
347 			goto nla_put_failure;
348 		break;
349 	case NLA_STRING:
350 	case NLA_NUL_STRING:
351 	case NLA_BINARY:
352 		if (pt->type == NLA_STRING)
353 			type = NL_ATTR_TYPE_STRING;
354 		else if (pt->type == NLA_NUL_STRING)
355 			type = NL_ATTR_TYPE_NUL_STRING;
356 		else
357 			type = NL_ATTR_TYPE_BINARY;
358 
359 		if (pt->validation_type == NLA_VALIDATE_RANGE ||
360 		    pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG) {
361 			struct netlink_range_validation range;
362 
363 			nla_get_range_unsigned(pt, &range);
364 
365 			if (range.min &&
366 			    nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MIN_LENGTH,
367 					range.min))
368 				goto nla_put_failure;
369 
370 			if (range.max < U16_MAX &&
371 			    nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH,
372 					range.max))
373 				goto nla_put_failure;
374 		} else if (pt->len &&
375 			   nla_put_u32(skb, NL_POLICY_TYPE_ATTR_MAX_LENGTH,
376 				       pt->len)) {
377 			goto nla_put_failure;
378 		}
379 		break;
380 	case NLA_FLAG:
381 		type = NL_ATTR_TYPE_FLAG;
382 		break;
383 	}
384 
385 	if (nla_put_u32(skb, NL_POLICY_TYPE_ATTR_TYPE, type))
386 		goto nla_put_failure;
387 
388 	nla_nest_end(skb, attr);
389 	WARN_ON(attr->nla_len > estimate);
390 
391 	return 0;
392 nla_put_failure:
393 	nla_nest_cancel(skb, attr);
394 	return -ENOBUFS;
395 }
396 
397 /**
398  * netlink_policy_dump_write_attr - write a given attribute policy
399  * @skb: the message skb to write to
400  * @pt: the attribute's policy
401  * @nestattr: the nested attribute ID to use
402  *
403  * Returns: 0 on success, an error code otherwise; -%ENODATA is
404  *	    special, indicating that there's no policy data and
405  *	    the attribute is generally rejected.
406  */
netlink_policy_dump_write_attr(struct sk_buff * skb,const struct nla_policy * pt,int nestattr)407 int netlink_policy_dump_write_attr(struct sk_buff *skb,
408 				   const struct nla_policy *pt,
409 				   int nestattr)
410 {
411 	return __netlink_policy_dump_write_attr(NULL, skb, pt, nestattr);
412 }
413 
414 /**
415  * netlink_policy_dump_write - write current policy dump attributes
416  * @skb: the message skb to write to
417  * @state: the policy dump state
418  *
419  * Returns: 0 on success, an error code otherwise
420  */
netlink_policy_dump_write(struct sk_buff * skb,struct netlink_policy_dump_state * state)421 int netlink_policy_dump_write(struct sk_buff *skb,
422 			      struct netlink_policy_dump_state *state)
423 {
424 	const struct nla_policy *pt;
425 	struct nlattr *policy;
426 	bool again;
427 	int err;
428 
429 send_attribute:
430 	again = false;
431 
432 	pt = &state->policies[state->policy_idx].policy[state->attr_idx];
433 
434 	policy = nla_nest_start(skb, state->policy_idx);
435 	if (!policy)
436 		return -ENOBUFS;
437 
438 	err = __netlink_policy_dump_write_attr(state, skb, pt, state->attr_idx);
439 	if (err == -ENODATA) {
440 		nla_nest_cancel(skb, policy);
441 		again = true;
442 		goto next;
443 	} else if (err) {
444 		goto nla_put_failure;
445 	}
446 
447 	/* finish and move state to next attribute */
448 	nla_nest_end(skb, policy);
449 
450 next:
451 	state->attr_idx += 1;
452 	if (state->attr_idx > state->policies[state->policy_idx].maxtype) {
453 		state->attr_idx = 0;
454 		state->policy_idx++;
455 	}
456 
457 	if (again) {
458 		if (netlink_policy_dump_finished(state))
459 			return -ENODATA;
460 		goto send_attribute;
461 	}
462 
463 	return 0;
464 
465 nla_put_failure:
466 	nla_nest_cancel(skb, policy);
467 	return -ENOBUFS;
468 }
469 
470 /**
471  * netlink_policy_dump_free - free policy dump state
472  * @state: the policy dump state to free
473  *
474  * Call this from the done() method to ensure dump state is freed.
475  */
netlink_policy_dump_free(struct netlink_policy_dump_state * state)476 void netlink_policy_dump_free(struct netlink_policy_dump_state *state)
477 {
478 	kfree(state);
479 }
480