1 // SPDX-License-Identifier: GPL-2.0
3 * NETLINK Netlink attributes
5 * Authors: Thomas Graf <tgraf@suug.ch>
6 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
9 #include <linux/export.h>
10 #include <linux/kernel.h>
11 #include <linux/errno.h>
12 #include <linux/jiffies.h>
13 #include <linux/skbuff.h>
14 #include <linux/string.h>
15 #include <linux/types.h>
16 #include <net/netlink.h>
18 /* For these data types, attribute length should be exactly the given
19 * size. However, to maintain compatibility with broken commands, if the
20 * attribute length does not match the expected size a warning is emitted
21 * to the user that the command is sending invalid data and needs to be fixed.
23 static const u8 nla_attr_len[NLA_TYPE_MAX+1] = {
24 [NLA_U8] = sizeof(u8),
25 [NLA_U16] = sizeof(u16),
26 [NLA_U32] = sizeof(u32),
27 [NLA_U64] = sizeof(u64),
28 [NLA_S8] = sizeof(s8),
29 [NLA_S16] = sizeof(s16),
30 [NLA_S32] = sizeof(s32),
31 [NLA_S64] = sizeof(s64),
34 static const u8 nla_attr_minlen[NLA_TYPE_MAX+1] = {
35 [NLA_U8] = sizeof(u8),
36 [NLA_U16] = sizeof(u16),
37 [NLA_U32] = sizeof(u32),
38 [NLA_U64] = sizeof(u64),
39 [NLA_MSECS] = sizeof(u64),
40 [NLA_NESTED] = NLA_HDRLEN,
41 [NLA_S8] = sizeof(s8),
42 [NLA_S16] = sizeof(s16),
43 [NLA_S32] = sizeof(s32),
44 [NLA_S64] = sizeof(s64),
48 * Nested policies might refer back to the original
49 * policy in some cases, and userspace could try to
50 * abuse that and recurse by nesting in the right
51 * ways. Limit recursion to avoid this problem.
53 #define MAX_POLICY_RECURSION_DEPTH 10
55 static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype,
56 const struct nla_policy *policy,
57 unsigned int validate,
58 struct netlink_ext_ack *extack,
59 struct nlattr **tb, unsigned int depth);
61 static int validate_nla_bitfield32(const struct nlattr *nla,
62 const u32 valid_flags_mask)
64 const struct nla_bitfield32 *bf = nla_data(nla);
66 if (!valid_flags_mask)
69 /*disallow invalid bit selector */
70 if (bf->selector & ~valid_flags_mask)
73 /*disallow invalid bit values */
74 if (bf->value & ~valid_flags_mask)
77 /*disallow valid bit values that are not selected*/
78 if (bf->value & ~bf->selector)
84 static int nla_validate_array(const struct nlattr *head, int len, int maxtype,
85 const struct nla_policy *policy,
86 struct netlink_ext_ack *extack,
87 unsigned int validate, unsigned int depth)
89 const struct nlattr *entry;
92 nla_for_each_attr(entry, head, len, rem) {
95 if (nla_len(entry) == 0)
98 if (nla_len(entry) < NLA_HDRLEN) {
99 NL_SET_ERR_MSG_ATTR(extack, entry,
100 "Array element too short");
104 ret = __nla_validate_parse(nla_data(entry), nla_len(entry),
105 maxtype, policy, validate, extack,
114 static int nla_validate_int_range(const struct nla_policy *pt,
115 const struct nlattr *nla,
116 struct netlink_ext_ack *extack)
118 bool validate_min, validate_max;
121 validate_min = pt->validation_type == NLA_VALIDATE_RANGE ||
122 pt->validation_type == NLA_VALIDATE_MIN;
123 validate_max = pt->validation_type == NLA_VALIDATE_RANGE ||
124 pt->validation_type == NLA_VALIDATE_MAX;
128 value = nla_get_u8(nla);
131 value = nla_get_u16(nla);
134 value = nla_get_u32(nla);
137 value = nla_get_s8(nla);
140 value = nla_get_s16(nla);
143 value = nla_get_s32(nla);
146 value = nla_get_s64(nla);
149 /* treat this one specially, since it may not fit into s64 */
150 if ((validate_min && nla_get_u64(nla) < pt->min) ||
151 (validate_max && nla_get_u64(nla) > pt->max)) {
152 NL_SET_ERR_MSG_ATTR(extack, nla,
153 "integer out of range");
162 if ((validate_min && value < pt->min) ||
163 (validate_max && value > pt->max)) {
164 NL_SET_ERR_MSG_ATTR(extack, nla,
165 "integer out of range");
172 static int validate_nla(const struct nlattr *nla, int maxtype,
173 const struct nla_policy *policy, unsigned int validate,
174 struct netlink_ext_ack *extack, unsigned int depth)
176 u16 strict_start_type = policy[0].strict_start_type;
177 const struct nla_policy *pt;
178 int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla);
181 if (strict_start_type && type >= strict_start_type)
182 validate |= NL_VALIDATE_STRICT;
184 if (type <= 0 || type > maxtype)
189 BUG_ON(pt->type > NLA_TYPE_MAX);
191 if ((nla_attr_len[pt->type] && attrlen != nla_attr_len[pt->type]) ||
192 (pt->type == NLA_EXACT_LEN_WARN && attrlen != pt->len)) {
193 pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n",
194 current->comm, type);
195 if (validate & NL_VALIDATE_STRICT_ATTRS) {
196 NL_SET_ERR_MSG_ATTR(extack, nla,
197 "invalid attribute length");
202 if (validate & NL_VALIDATE_NESTED) {
203 if ((pt->type == NLA_NESTED || pt->type == NLA_NESTED_ARRAY) &&
204 !(nla->nla_type & NLA_F_NESTED)) {
205 NL_SET_ERR_MSG_ATTR(extack, nla,
206 "NLA_F_NESTED is missing");
209 if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY &&
210 pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) {
211 NL_SET_ERR_MSG_ATTR(extack, nla,
212 "NLA_F_NESTED not expected");
219 if (attrlen != pt->len)
224 if (extack && pt->reject_message) {
225 NL_SET_BAD_ATTR(extack, nla);
226 extack->_msg = pt->reject_message;
238 if (attrlen != sizeof(struct nla_bitfield32))
241 err = validate_nla_bitfield32(nla, pt->bitfield32_valid);
248 minlen = min_t(int, attrlen, pt->len + 1);
252 if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL) {
263 char *buf = nla_data(nla);
265 if (buf[attrlen - 1] == '\0')
268 if (attrlen > pt->len)
274 if (pt->len && attrlen > pt->len)
279 /* a nested attributes is allowed to be empty; if its not,
280 * it must have a size of at least NLA_HDRLEN.
284 if (attrlen < NLA_HDRLEN)
286 if (pt->nested_policy) {
287 err = __nla_validate_parse(nla_data(nla), nla_len(nla),
288 pt->len, pt->nested_policy,
289 validate, extack, NULL,
293 * return directly to preserve the inner
294 * error message/attribute pointer
300 case NLA_NESTED_ARRAY:
301 /* a nested array attribute is allowed to be empty; if its not,
302 * it must have a size of at least NLA_HDRLEN.
306 if (attrlen < NLA_HDRLEN)
308 if (pt->nested_policy) {
311 err = nla_validate_array(nla_data(nla), nla_len(nla),
312 pt->len, pt->nested_policy,
313 extack, validate, depth);
316 * return directly to preserve the inner
317 * error message/attribute pointer
325 if (validate & NL_VALIDATE_UNSPEC) {
326 NL_SET_ERR_MSG_ATTR(extack, nla,
327 "Unsupported attribute");
332 if (attrlen < pt->len)
340 minlen = nla_attr_minlen[pt->type];
342 if (attrlen < minlen)
346 /* further validation */
347 switch (pt->validation_type) {
348 case NLA_VALIDATE_NONE:
351 case NLA_VALIDATE_RANGE:
352 case NLA_VALIDATE_MIN:
353 case NLA_VALIDATE_MAX:
354 err = nla_validate_int_range(pt, nla, extack);
358 case NLA_VALIDATE_FUNCTION:
360 err = pt->validate(nla, extack);
369 NL_SET_ERR_MSG_ATTR(extack, nla, "Attribute failed policy validation");
373 static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype,
374 const struct nla_policy *policy,
375 unsigned int validate,
376 struct netlink_ext_ack *extack,
377 struct nlattr **tb, unsigned int depth)
379 const struct nlattr *nla;
382 if (depth >= MAX_POLICY_RECURSION_DEPTH) {
383 NL_SET_ERR_MSG(extack,
384 "allowed policy recursion depth exceeded");
389 memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1));
391 nla_for_each_attr(nla, head, len, rem) {
392 u16 type = nla_type(nla);
394 if (type == 0 || type > maxtype) {
395 if (validate & NL_VALIDATE_MAXTYPE) {
396 NL_SET_ERR_MSG_ATTR(extack, nla,
397 "Unknown attribute type");
403 int err = validate_nla(nla, maxtype, policy,
404 validate, extack, depth);
411 tb[type] = (struct nlattr *)nla;
414 if (unlikely(rem > 0)) {
415 pr_warn_ratelimited("netlink: %d bytes leftover after parsing attributes in process `%s'.\n",
417 NL_SET_ERR_MSG(extack, "bytes leftover after parsing attributes");
418 if (validate & NL_VALIDATE_TRAILING)
426 * __nla_validate - Validate a stream of attributes
427 * @head: head of attribute stream
428 * @len: length of attribute stream
429 * @maxtype: maximum attribute type to be expected
430 * @policy: validation policy
431 * @validate: validation strictness
432 * @extack: extended ACK report struct
434 * Validates all attributes in the specified attribute stream against the
435 * specified policy. Validation depends on the validate flags passed, see
436 * &enum netlink_validation for more details on that.
437 * See documenation of struct nla_policy for more details.
439 * Returns 0 on success or a negative error code.
441 int __nla_validate(const struct nlattr *head, int len, int maxtype,
442 const struct nla_policy *policy, unsigned int validate,
443 struct netlink_ext_ack *extack)
445 return __nla_validate_parse(head, len, maxtype, policy, validate,
448 EXPORT_SYMBOL(__nla_validate);
451 * nla_policy_len - Determin the max. length of a policy
452 * @policy: policy to use
453 * @n: number of policies
455 * Determines the max. length of the policy. It is currently used
456 * to allocated Netlink buffers roughly the size of the actual
459 * Returns 0 on success or a negative error code.
462 nla_policy_len(const struct nla_policy *p, int n)
466 for (i = 0; i < n; i++, p++) {
468 len += nla_total_size(p->len);
469 else if (nla_attr_len[p->type])
470 len += nla_total_size(nla_attr_len[p->type]);
471 else if (nla_attr_minlen[p->type])
472 len += nla_total_size(nla_attr_minlen[p->type]);
477 EXPORT_SYMBOL(nla_policy_len);
480 * __nla_parse - Parse a stream of attributes into a tb buffer
481 * @tb: destination array with maxtype+1 elements
482 * @maxtype: maximum attribute type to be expected
483 * @head: head of attribute stream
484 * @len: length of attribute stream
485 * @policy: validation policy
486 * @validate: validation strictness
487 * @extack: extended ACK pointer
489 * Parses a stream of attributes and stores a pointer to each attribute in
490 * the tb array accessible via the attribute type.
491 * Validation is controlled by the @validate parameter.
493 * Returns 0 on success or a negative error code.
495 int __nla_parse(struct nlattr **tb, int maxtype,
496 const struct nlattr *head, int len,
497 const struct nla_policy *policy, unsigned int validate,
498 struct netlink_ext_ack *extack)
500 return __nla_validate_parse(head, len, maxtype, policy, validate,
503 EXPORT_SYMBOL(__nla_parse);
506 * nla_find - Find a specific attribute in a stream of attributes
507 * @head: head of attribute stream
508 * @len: length of attribute stream
509 * @attrtype: type of attribute to look for
511 * Returns the first attribute in the stream matching the specified type.
513 struct nlattr *nla_find(const struct nlattr *head, int len, int attrtype)
515 const struct nlattr *nla;
518 nla_for_each_attr(nla, head, len, rem)
519 if (nla_type(nla) == attrtype)
520 return (struct nlattr *)nla;
524 EXPORT_SYMBOL(nla_find);
527 * nla_strlcpy - Copy string attribute payload into a sized buffer
528 * @dst: where to copy the string to
529 * @nla: attribute to copy the string from
530 * @dstsize: size of destination buffer
532 * Copies at most dstsize - 1 bytes into the destination buffer.
533 * The result is always a valid NUL-terminated string. Unlike
534 * strlcpy the destination buffer is always padded out.
536 * Returns the length of the source buffer.
538 size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize)
540 size_t srclen = nla_len(nla);
541 char *src = nla_data(nla);
543 if (srclen > 0 && src[srclen - 1] == '\0')
547 size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen;
549 memset(dst, 0, dstsize);
550 memcpy(dst, src, len);
555 EXPORT_SYMBOL(nla_strlcpy);
558 * nla_strdup - Copy string attribute payload into a newly allocated buffer
559 * @nla: attribute to copy the string from
560 * @flags: the type of memory to allocate (see kmalloc).
562 * Returns a pointer to the allocated buffer or NULL on error.
564 char *nla_strdup(const struct nlattr *nla, gfp_t flags)
566 size_t srclen = nla_len(nla);
567 char *src = nla_data(nla), *dst;
569 if (srclen > 0 && src[srclen - 1] == '\0')
572 dst = kmalloc(srclen + 1, flags);
574 memcpy(dst, src, srclen);
579 EXPORT_SYMBOL(nla_strdup);
582 * nla_memcpy - Copy a netlink attribute into another memory area
583 * @dest: where to copy to memcpy
584 * @src: netlink attribute to copy from
585 * @count: size of the destination area
587 * Note: The number of bytes copied is limited by the length of
588 * attribute's payload. memcpy
590 * Returns the number of bytes copied.
592 int nla_memcpy(void *dest, const struct nlattr *src, int count)
594 int minlen = min_t(int, count, nla_len(src));
596 memcpy(dest, nla_data(src), minlen);
598 memset(dest + minlen, 0, count - minlen);
602 EXPORT_SYMBOL(nla_memcpy);
605 * nla_memcmp - Compare an attribute with sized memory area
606 * @nla: netlink attribute
608 * @size: size of memory area
610 int nla_memcmp(const struct nlattr *nla, const void *data,
613 int d = nla_len(nla) - size;
616 d = memcmp(nla_data(nla), data, size);
620 EXPORT_SYMBOL(nla_memcmp);
623 * nla_strcmp - Compare a string attribute against a string
624 * @nla: netlink string attribute
625 * @str: another string
627 int nla_strcmp(const struct nlattr *nla, const char *str)
629 int len = strlen(str);
630 char *buf = nla_data(nla);
631 int attrlen = nla_len(nla);
634 if (attrlen > 0 && buf[attrlen - 1] == '\0')
639 d = memcmp(nla_data(nla), str, len);
643 EXPORT_SYMBOL(nla_strcmp);
647 * __nla_reserve - reserve room for attribute on the skb
648 * @skb: socket buffer to reserve room on
649 * @attrtype: attribute type
650 * @attrlen: length of attribute payload
652 * Adds a netlink attribute header to a socket buffer and reserves
653 * room for the payload but does not copy it.
655 * The caller is responsible to ensure that the skb provides enough
656 * tailroom for the attribute header and payload.
658 struct nlattr *__nla_reserve(struct sk_buff *skb, int attrtype, int attrlen)
662 nla = skb_put(skb, nla_total_size(attrlen));
663 nla->nla_type = attrtype;
664 nla->nla_len = nla_attr_size(attrlen);
666 memset((unsigned char *) nla + nla->nla_len, 0, nla_padlen(attrlen));
670 EXPORT_SYMBOL(__nla_reserve);
673 * __nla_reserve_64bit - reserve room for attribute on the skb and align it
674 * @skb: socket buffer to reserve room on
675 * @attrtype: attribute type
676 * @attrlen: length of attribute payload
677 * @padattr: attribute type for the padding
679 * Adds a netlink attribute header to a socket buffer and reserves
680 * room for the payload but does not copy it. It also ensure that this
681 * attribute will have a 64-bit aligned nla_data() area.
683 * The caller is responsible to ensure that the skb provides enough
684 * tailroom for the attribute header and payload.
686 struct nlattr *__nla_reserve_64bit(struct sk_buff *skb, int attrtype,
687 int attrlen, int padattr)
689 if (nla_need_padding_for_64bit(skb))
690 nla_align_64bit(skb, padattr);
692 return __nla_reserve(skb, attrtype, attrlen);
694 EXPORT_SYMBOL(__nla_reserve_64bit);
697 * __nla_reserve_nohdr - reserve room for attribute without header
698 * @skb: socket buffer to reserve room on
699 * @attrlen: length of attribute payload
701 * Reserves room for attribute payload without a header.
703 * The caller is responsible to ensure that the skb provides enough
704 * tailroom for the payload.
706 void *__nla_reserve_nohdr(struct sk_buff *skb, int attrlen)
708 return skb_put_zero(skb, NLA_ALIGN(attrlen));
710 EXPORT_SYMBOL(__nla_reserve_nohdr);
713 * nla_reserve - reserve room for attribute on the skb
714 * @skb: socket buffer to reserve room on
715 * @attrtype: attribute type
716 * @attrlen: length of attribute payload
718 * Adds a netlink attribute header to a socket buffer and reserves
719 * room for the payload but does not copy it.
721 * Returns NULL if the tailroom of the skb is insufficient to store
722 * the attribute header and payload.
724 struct nlattr *nla_reserve(struct sk_buff *skb, int attrtype, int attrlen)
726 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen)))
729 return __nla_reserve(skb, attrtype, attrlen);
731 EXPORT_SYMBOL(nla_reserve);
734 * nla_reserve_64bit - reserve room for attribute on the skb and align it
735 * @skb: socket buffer to reserve room on
736 * @attrtype: attribute type
737 * @attrlen: length of attribute payload
738 * @padattr: attribute type for the padding
740 * Adds a netlink attribute header to a socket buffer and reserves
741 * room for the payload but does not copy it. It also ensure that this
742 * attribute will have a 64-bit aligned nla_data() area.
744 * Returns NULL if the tailroom of the skb is insufficient to store
745 * the attribute header and payload.
747 struct nlattr *nla_reserve_64bit(struct sk_buff *skb, int attrtype, int attrlen,
752 if (nla_need_padding_for_64bit(skb))
753 len = nla_total_size_64bit(attrlen);
755 len = nla_total_size(attrlen);
756 if (unlikely(skb_tailroom(skb) < len))
759 return __nla_reserve_64bit(skb, attrtype, attrlen, padattr);
761 EXPORT_SYMBOL(nla_reserve_64bit);
764 * nla_reserve_nohdr - reserve room for attribute without header
765 * @skb: socket buffer to reserve room on
766 * @attrlen: length of attribute payload
768 * Reserves room for attribute payload without a header.
770 * Returns NULL if the tailroom of the skb is insufficient to store
771 * the attribute payload.
773 void *nla_reserve_nohdr(struct sk_buff *skb, int attrlen)
775 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
778 return __nla_reserve_nohdr(skb, attrlen);
780 EXPORT_SYMBOL(nla_reserve_nohdr);
783 * __nla_put - Add a netlink attribute to a socket buffer
784 * @skb: socket buffer to add attribute to
785 * @attrtype: attribute type
786 * @attrlen: length of attribute payload
787 * @data: head of attribute payload
789 * The caller is responsible to ensure that the skb provides enough
790 * tailroom for the attribute header and payload.
792 void __nla_put(struct sk_buff *skb, int attrtype, int attrlen,
797 nla = __nla_reserve(skb, attrtype, attrlen);
798 memcpy(nla_data(nla), data, attrlen);
800 EXPORT_SYMBOL(__nla_put);
803 * __nla_put_64bit - Add a netlink attribute to a socket buffer and align it
804 * @skb: socket buffer to add attribute to
805 * @attrtype: attribute type
806 * @attrlen: length of attribute payload
807 * @data: head of attribute payload
808 * @padattr: attribute type for the padding
810 * The caller is responsible to ensure that the skb provides enough
811 * tailroom for the attribute header and payload.
813 void __nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen,
814 const void *data, int padattr)
818 nla = __nla_reserve_64bit(skb, attrtype, attrlen, padattr);
819 memcpy(nla_data(nla), data, attrlen);
821 EXPORT_SYMBOL(__nla_put_64bit);
824 * __nla_put_nohdr - Add a netlink attribute without header
825 * @skb: socket buffer to add attribute to
826 * @attrlen: length of attribute payload
827 * @data: head of attribute payload
829 * The caller is responsible to ensure that the skb provides enough
830 * tailroom for the attribute payload.
832 void __nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
836 start = __nla_reserve_nohdr(skb, attrlen);
837 memcpy(start, data, attrlen);
839 EXPORT_SYMBOL(__nla_put_nohdr);
842 * nla_put - Add a netlink attribute to a socket buffer
843 * @skb: socket buffer to add attribute to
844 * @attrtype: attribute type
845 * @attrlen: length of attribute payload
846 * @data: head of attribute payload
848 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
849 * the attribute header and payload.
851 int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data)
853 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen)))
856 __nla_put(skb, attrtype, attrlen, data);
859 EXPORT_SYMBOL(nla_put);
862 * nla_put_64bit - Add a netlink attribute to a socket buffer and align it
863 * @skb: socket buffer to add attribute to
864 * @attrtype: attribute type
865 * @attrlen: length of attribute payload
866 * @data: head of attribute payload
867 * @padattr: attribute type for the padding
869 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
870 * the attribute header and payload.
872 int nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen,
873 const void *data, int padattr)
877 if (nla_need_padding_for_64bit(skb))
878 len = nla_total_size_64bit(attrlen);
880 len = nla_total_size(attrlen);
881 if (unlikely(skb_tailroom(skb) < len))
884 __nla_put_64bit(skb, attrtype, attrlen, data, padattr);
887 EXPORT_SYMBOL(nla_put_64bit);
890 * nla_put_nohdr - Add a netlink attribute without header
891 * @skb: socket buffer to add attribute to
892 * @attrlen: length of attribute payload
893 * @data: head of attribute payload
895 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
896 * the attribute payload.
898 int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
900 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
903 __nla_put_nohdr(skb, attrlen, data);
906 EXPORT_SYMBOL(nla_put_nohdr);
909 * nla_append - Add a netlink attribute without header or padding
910 * @skb: socket buffer to add attribute to
911 * @attrlen: length of attribute payload
912 * @data: head of attribute payload
914 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
915 * the attribute payload.
917 int nla_append(struct sk_buff *skb, int attrlen, const void *data)
919 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
922 skb_put_data(skb, data, attrlen);
925 EXPORT_SYMBOL(nla_append);