LXR linux/lib/nlattr.c

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * NETLINK      Netlink attributes
   4 *
   5 *              Authors:        Thomas Graf <tgraf@suug.ch>
   6 *                              Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
   7 */
   8
   9#include <linux/export.h>
  10#include <linux/kernel.h>
  11#include <linux/errno.h>
  12#include <linux/jiffies.h>
  13#include <linux/skbuff.h>
  14#include <linux/string.h>
  15#include <linux/types.h>
  16#include <net/netlink.h>
  17
  18/* For these data types, attribute length should be exactly the given
  19 * size. However, to maintain compatibility with broken commands, if the
  20 * attribute length does not match the expected size a warning is emitted
  21 * to the user that the command is sending invalid data and needs to be fixed.
  22 */
  23static const u8 nla_attr_len[NLA_TYPE_MAX+1] = {
  24        [NLA_U8]        = sizeof(u8),
  25        [NLA_U16]       = sizeof(u16),
  26        [NLA_U32]       = sizeof(u32),
  27        [NLA_U64]       = sizeof(u64),
  28        [NLA_S8]        = sizeof(s8),
  29        [NLA_S16]       = sizeof(s16),
  30        [NLA_S32]       = sizeof(s32),
  31        [NLA_S64]       = sizeof(s64),
  32};
  33
  34static const u8 nla_attr_minlen[NLA_TYPE_MAX+1] = {
  35        [NLA_U8]        = sizeof(u8),
  36        [NLA_U16]       = sizeof(u16),
  37        [NLA_U32]       = sizeof(u32),
  38        [NLA_U64]       = sizeof(u64),
  39        [NLA_MSECS]     = sizeof(u64),
  40        [NLA_NESTED]    = NLA_HDRLEN,
  41        [NLA_S8]        = sizeof(s8),
  42        [NLA_S16]       = sizeof(s16),
  43        [NLA_S32]       = sizeof(s32),
  44        [NLA_S64]       = sizeof(s64),
  45};
  46
  47/*
  48 * Nested policies might refer back to the original
  49 * policy in some cases, and userspace could try to
  50 * abuse that and recurse by nesting in the right
  51 * ways. Limit recursion to avoid this problem.
  52 */
  53#define MAX_POLICY_RECURSION_DEPTH      10
  54
  55static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype,
  56                                const struct nla_policy *policy,
  57                                unsigned int validate,
  58                                struct netlink_ext_ack *extack,
  59                                struct nlattr **tb, unsigned int depth);
  60
  61static int validate_nla_bitfield32(const struct nlattr *nla,
  62                                   const u32 valid_flags_mask)
  63{
  64        const struct nla_bitfield32 *bf = nla_data(nla);
  65
  66        if (!valid_flags_mask)
  67                return -EINVAL;
  68
  69        /*disallow invalid bit selector */
  70        if (bf->selector & ~valid_flags_mask)
  71                return -EINVAL;
  72
  73        /*disallow invalid bit values */
  74        if (bf->value & ~valid_flags_mask)
  75                return -EINVAL;
  76
  77        /*disallow valid bit values that are not selected*/
  78        if (bf->value & ~bf->selector)
  79                return -EINVAL;
  80
  81        return 0;
  82}
  83
  84static int nla_validate_array(const struct nlattr *head, int len, int maxtype,
  85                              const struct nla_policy *policy,
  86                              struct netlink_ext_ack *extack,
  87                              unsigned int validate, unsigned int depth)
  88{
  89        const struct nlattr *entry;
  90        int rem;
  91
  92        nla_for_each_attr(entry, head, len, rem) {
  93                int ret;
  94
  95                if (nla_len(entry) == 0)
  96                        continue;
  97
  98                if (nla_len(entry) < NLA_HDRLEN) {
  99                        NL_SET_ERR_MSG_ATTR_POL(extack, entry, policy,
 100                                                "Array element too short");
 101                        return -ERANGE;
 102                }
 103
 104                ret = __nla_validate_parse(nla_data(entry), nla_len(entry),
 105                                           maxtype, policy, validate, extack,
 106                                           NULL, depth + 1);
 107                if (ret < 0)
 108                        return ret;
 109        }
 110
 111        return 0;
 112}
 113
 114void nla_get_range_unsigned(const struct nla_policy *pt,
 115                            struct netlink_range_validation *range)
 116{
 117        WARN_ON_ONCE(pt->validation_type != NLA_VALIDATE_RANGE_PTR &&
 118                     (pt->min < 0 || pt->max < 0));
 119
 120        range->min = 0;
 121
 122        switch (pt->type) {
 123        case NLA_U8:
 124                range->max = U8_MAX;
 125                break;
 126        case NLA_U16:
 127        case NLA_BINARY:
 128                range->max = U16_MAX;
 129                break;
 130        case NLA_U32:
 131                range->max = U32_MAX;
 132                break;
 133        case NLA_U64:
 134        case NLA_MSECS:
 135                range->max = U64_MAX;
 136                break;
 137        default:
 138                WARN_ON_ONCE(1);
 139                return;
 140        }
 141
 142        switch (pt->validation_type) {
 143        case NLA_VALIDATE_RANGE:
 144        case NLA_VALIDATE_RANGE_WARN_TOO_LONG:
 145                range->min = pt->min;
 146                range->max = pt->max;
 147                break;
 148        case NLA_VALIDATE_RANGE_PTR:
 149                *range = *pt->range;
 150                break;
 151        case NLA_VALIDATE_MIN:
 152                range->min = pt->min;
 153                break;
 154        case NLA_VALIDATE_MAX:
 155                range->max = pt->max;
 156                break;
 157        default:
 158                break;
 159        }
 160}
 161
 162static int nla_validate_range_unsigned(const struct nla_policy *pt,
 163                                       const struct nlattr *nla,
 164                                       struct netlink_ext_ack *extack,
 165                                       unsigned int validate)
 166{
 167        struct netlink_range_validation range;
 168        u64 value;
 169
 170        switch (pt->type) {
 171        case NLA_U8:
 172                value = nla_get_u8(nla);
 173                break;
 174        case NLA_U16:
 175                value = nla_get_u16(nla);
 176                break;
 177        case NLA_U32:
 178                value = nla_get_u32(nla);
 179                break;
 180        case NLA_U64:
 181        case NLA_MSECS:
 182                value = nla_get_u64(nla);
 183                break;
 184        case NLA_BINARY:
 185                value = nla_len(nla);
 186                break;
 187        default:
 188                return -EINVAL;
 189        }
 190
 191        nla_get_range_unsigned(pt, &range);
 192
 193        if (pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG &&
 194            pt->type == NLA_BINARY && value > range.max) {
 195                pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n",
 196                                    current->comm, pt->type);
 197                if (validate & NL_VALIDATE_STRICT_ATTRS) {
 198                        NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
 199                                                "invalid attribute length");
 200                        return -EINVAL;
 201                }
 202
 203                /* this assumes min <= max (don't validate against min) */
 204                return 0;
 205        }
 206
 207        if (value < range.min || value > range.max) {
 208                bool binary = pt->type == NLA_BINARY;
 209
 210                if (binary)
 211                        NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
 212                                                "binary attribute size out of range");
 213                else
 214                        NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
 215                                                "integer out of range");
 216
 217                return -ERANGE;
 218        }
 219
 220        return 0;
 221}
 222
 223void nla_get_range_signed(const struct nla_policy *pt,
 224                          struct netlink_range_validation_signed *range)
 225{
 226        switch (pt->type) {
 227        case NLA_S8:
 228                range->min = S8_MIN;
 229                range->max = S8_MAX;
 230                break;
 231        case NLA_S16:
 232                range->min = S16_MIN;
 233                range->max = S16_MAX;
 234                break;
 235        case NLA_S32:
 236                range->min = S32_MIN;
 237                range->max = S32_MAX;
 238                break;
 239        case NLA_S64:
 240                range->min = S64_MIN;
 241                range->max = S64_MAX;
 242                break;
 243        default:
 244                WARN_ON_ONCE(1);
 245                return;
 246        }
 247
 248        switch (pt->validation_type) {
 249        case NLA_VALIDATE_RANGE:
 250                range->min = pt->min;
 251                range->max = pt->max;
 252                break;
 253        case NLA_VALIDATE_RANGE_PTR:
 254                *range = *pt->range_signed;
 255                break;
 256        case NLA_VALIDATE_MIN:
 257                range->min = pt->min;
 258                break;
 259        case NLA_VALIDATE_MAX:
 260                range->max = pt->max;
 261                break;
 262        default:
 263                break;
 264        }
 265}
 266
 267static int nla_validate_int_range_signed(const struct nla_policy *pt,
 268                                         const struct nlattr *nla,
 269                                         struct netlink_ext_ack *extack)
 270{
 271        struct netlink_range_validation_signed range;
 272        s64 value;
 273
 274        switch (pt->type) {
 275        case NLA_S8:
 276                value = nla_get_s8(nla);
 277                break;
 278        case NLA_S16:
 279                value = nla_get_s16(nla);
 280                break;
 281        case NLA_S32:
 282                value = nla_get_s32(nla);
 283                break;
 284        case NLA_S64:
 285                value = nla_get_s64(nla);
 286                break;
 287        default:
 288                return -EINVAL;
 289        }
 290
 291        nla_get_range_signed(pt, &range);
 292
 293        if (value < range.min || value > range.max) {
 294                NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
 295                                        "integer out of range");
 296                return -ERANGE;
 297        }
 298
 299        return 0;
 300}
 301
 302static int nla_validate_int_range(const struct nla_policy *pt,
 303                                  const struct nlattr *nla,
 304                                  struct netlink_ext_ack *extack,
 305                                  unsigned int validate)
 306{
 307        switch (pt->type) {
 308        case NLA_U8:
 309        case NLA_U16:
 310        case NLA_U32:
 311        case NLA_U64:
 312        case NLA_MSECS:
 313        case NLA_BINARY:
 314                return nla_validate_range_unsigned(pt, nla, extack, validate);
 315        case NLA_S8:
 316        case NLA_S16:
 317        case NLA_S32:
 318        case NLA_S64:
 319                return nla_validate_int_range_signed(pt, nla, extack);
 320        default:
 321                WARN_ON(1);
 322                return -EINVAL;
 323        }
 324}
 325
 326static int nla_validate_mask(const struct nla_policy *pt,
 327                             const struct nlattr *nla,
 328                             struct netlink_ext_ack *extack)
 329{
 330        u64 value;
 331
 332        switch (pt->type) {
 333        case NLA_U8:
 334                value = nla_get_u8(nla);
 335                break;
 336        case NLA_U16:
 337                value = nla_get_u16(nla);
 338                break;
 339        case NLA_U32:
 340                value = nla_get_u32(nla);
 341                break;
 342        case NLA_U64:
 343                value = nla_get_u64(nla);
 344                break;
 345        default:
 346                return -EINVAL;
 347        }
 348
 349        if (value & ~(u64)pt->mask) {
 350                NL_SET_ERR_MSG_ATTR(extack, nla, "reserved bit set");
 351                return -EINVAL;
 352        }
 353
 354        return 0;
 355}
 356
 357static int validate_nla(const struct nlattr *nla, int maxtype,
 358                        const struct nla_policy *policy, unsigned int validate,
 359                        struct netlink_ext_ack *extack, unsigned int depth)
 360{
 361        u16 strict_start_type = policy[0].strict_start_type;
 362        const struct nla_policy *pt;
 363        int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla);
 364        int err = -ERANGE;
 365
 366        if (strict_start_type && type >= strict_start_type)
 367                validate |= NL_VALIDATE_STRICT;
 368
 369        if (type <= 0 || type > maxtype)
 370                return 0;
 371
 372        pt = &policy[type];
 373
 374        BUG_ON(pt->type > NLA_TYPE_MAX);
 375
 376        if (nla_attr_len[pt->type] && attrlen != nla_attr_len[pt->type]) {
 377                pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n",
 378                                    current->comm, type);
 379                if (validate & NL_VALIDATE_STRICT_ATTRS) {
 380                        NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
 381                                                "invalid attribute length");
 382                        return -EINVAL;
 383                }
 384        }
 385
 386        if (validate & NL_VALIDATE_NESTED) {
 387                if ((pt->type == NLA_NESTED || pt->type == NLA_NESTED_ARRAY) &&
 388                    !(nla->nla_type & NLA_F_NESTED)) {
 389                        NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
 390                                                "NLA_F_NESTED is missing");
 391                        return -EINVAL;
 392                }
 393                if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY &&
 394                    pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) {
 395                        NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
 396                                                "NLA_F_NESTED not expected");
 397                        return -EINVAL;
 398                }
 399        }
 400
 401        switch (pt->type) {
 402        case NLA_REJECT:
 403                if (extack && pt->reject_message) {
 404                        NL_SET_BAD_ATTR(extack, nla);
 405                        extack->_msg = pt->reject_message;
 406                        return -EINVAL;
 407                }
 408                err = -EINVAL;
 409                goto out_err;
 410
 411        case NLA_FLAG:
 412                if (attrlen > 0)
 413                        goto out_err;
 414                break;
 415
 416        case NLA_BITFIELD32:
 417                if (attrlen != sizeof(struct nla_bitfield32))
 418                        goto out_err;
 419
 420                err = validate_nla_bitfield32(nla, pt->bitfield32_valid);
 421                if (err)
 422                        goto out_err;
 423                break;
 424
 425        case NLA_NUL_STRING:
 426                if (pt->len)
 427                        minlen = min_t(int, attrlen, pt->len + 1);
 428                else
 429                        minlen = attrlen;
 430
 431                if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL) {
 432                        err = -EINVAL;
 433                        goto out_err;
 434                }
 435                fallthrough;
 436
 437        case NLA_STRING:
 438                if (attrlen < 1)
 439                        goto out_err;
 440
 441                if (pt->len) {
 442                        char *buf = nla_data(nla);
 443
 444                        if (buf[attrlen - 1] == '\0')
 445                                attrlen--;
 446
 447                        if (attrlen > pt->len)
 448                                goto out_err;
 449                }
 450                break;
 451
 452        case NLA_BINARY:
 453                if (pt->len && attrlen > pt->len)
 454                        goto out_err;
 455                break;
 456
 457        case NLA_NESTED:
 458                /* a nested attributes is allowed to be empty; if its not,
 459                 * it must have a size of at least NLA_HDRLEN.
 460                 */
 461                if (attrlen == 0)
 462                        break;
 463                if (attrlen < NLA_HDRLEN)
 464                        goto out_err;
 465                if (pt->nested_policy) {
 466                        err = __nla_validate_parse(nla_data(nla), nla_len(nla),
 467                                                   pt->len, pt->nested_policy,
 468                                                   validate, extack, NULL,
 469                                                   depth + 1);
 470                        if (err < 0) {
 471                                /*
 472                                 * return directly to preserve the inner
 473                                 * error message/attribute pointer
 474                                 */
 475                                return err;
 476                        }
 477                }
 478                break;
 479        case NLA_NESTED_ARRAY:
 480                /* a nested array attribute is allowed to be empty; if its not,
 481                 * it must have a size of at least NLA_HDRLEN.
 482                 */
 483                if (attrlen == 0)
 484                        break;
 485                if (attrlen < NLA_HDRLEN)
 486                        goto out_err;
 487                if (pt->nested_policy) {
 488                        int err;
 489
 490                        err = nla_validate_array(nla_data(nla), nla_len(nla),
 491                                                 pt->len, pt->nested_policy,
 492                                                 extack, validate, depth);
 493                        if (err < 0) {
 494                                /*
 495                                 * return directly to preserve the inner
 496                                 * error message/attribute pointer
 497                                 */
 498                                return err;
 499                        }
 500                }
 501                break;
 502
 503        case NLA_UNSPEC:
 504                if (validate & NL_VALIDATE_UNSPEC) {
 505                        NL_SET_ERR_MSG_ATTR(extack, nla,
 506                                            "Unsupported attribute");
 507                        return -EINVAL;
 508                }
 509                if (attrlen < pt->len)
 510                        goto out_err;
 511                break;
 512
 513        default:
 514                if (pt->len)
 515                        minlen = pt->len;
 516                else
 517                        minlen = nla_attr_minlen[pt->type];
 518
 519                if (attrlen < minlen)
 520                        goto out_err;
 521        }
 522
 523        /* further validation */
 524        switch (pt->validation_type) {
 525        case NLA_VALIDATE_NONE:
 526                /* nothing to do */
 527                break;
 528        case NLA_VALIDATE_RANGE_PTR:
 529        case NLA_VALIDATE_RANGE:
 530        case NLA_VALIDATE_RANGE_WARN_TOO_LONG:
 531        case NLA_VALIDATE_MIN:
 532        case NLA_VALIDATE_MAX:
 533                err = nla_validate_int_range(pt, nla, extack, validate);
 534                if (err)
 535                        return err;
 536                break;
 537        case NLA_VALIDATE_MASK:
 538                err = nla_validate_mask(pt, nla, extack);
 539                if (err)
 540                        return err;
 541                break;
 542        case NLA_VALIDATE_FUNCTION:
 543                if (pt->validate) {
 544                        err = pt->validate(nla, extack);
 545                        if (err)
 546                                return err;
 547                }
 548                break;
 549        }
 550
 551        return 0;
 552out_err:
 553        NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,
 554                                "Attribute failed policy validation");
 555        return err;
 556}
 557
 558static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype,
 559                                const struct nla_policy *policy,
 560                                unsigned int validate,
 561                                struct netlink_ext_ack *extack,
 562                                struct nlattr **tb, unsigned int depth)
 563{
 564        const struct nlattr *nla;
 565        int rem;
 566
 567        if (depth >= MAX_POLICY_RECURSION_DEPTH) {
 568                NL_SET_ERR_MSG(extack,
 569                               "allowed policy recursion depth exceeded");
 570                return -EINVAL;
 571        }
 572
 573        if (tb)
 574                memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1));
 575
 576        nla_for_each_attr(nla, head, len, rem) {
 577                u16 type = nla_type(nla);
 578
 579                if (type == 0 || type > maxtype) {
 580                        if (validate & NL_VALIDATE_MAXTYPE) {
 581                                NL_SET_ERR_MSG_ATTR(extack, nla,
 582                                                    "Unknown attribute type");
 583                                return -EINVAL;
 584                        }
 585                        continue;
 586                }
 587                if (policy) {
 588                        int err = validate_nla(nla, maxtype, policy,
 589                                               validate, extack, depth);
 590
 591                        if (err < 0)
 592                                return err;
 593                }
 594
 595                if (tb)
 596                        tb[type] = (struct nlattr *)nla;
 597        }
 598
 599        if (unlikely(rem > 0)) {
 600                pr_warn_ratelimited("netlink: %d bytes leftover after parsing attributes in process `%s'.\n",
 601                                    rem, current->comm);
 602                NL_SET_ERR_MSG(extack, "bytes leftover after parsing attributes");
 603                if (validate & NL_VALIDATE_TRAILING)
 604                        return -EINVAL;
 605        }
 606
 607        return 0;
 608}
 609
 610/**
 611 * __nla_validate - Validate a stream of attributes
 612 * @head: head of attribute stream
 613 * @len: length of attribute stream
 614 * @maxtype: maximum attribute type to be expected
 615 * @policy: validation policy
 616 * @validate: validation strictness
 617 * @extack: extended ACK report struct
 618 *
 619 * Validates all attributes in the specified attribute stream against the
 620 * specified policy. Validation depends on the validate flags passed, see
 621 * &enum netlink_validation for more details on that.
 622 * See documentation of struct nla_policy for more details.
 623 *
 624 * Returns 0 on success or a negative error code.
 625 */
 626int __nla_validate(const struct nlattr *head, int len, int maxtype,
 627                   const struct nla_policy *policy, unsigned int validate,
 628                   struct netlink_ext_ack *extack)
 629{
 630        return __nla_validate_parse(head, len, maxtype, policy, validate,
 631                                    extack, NULL, 0);
 632}
 633EXPORT_SYMBOL(__nla_validate);
 634
 635/**
 636 * nla_policy_len - Determine the max. length of a policy
 637 * @policy: policy to use
 638 * @n: number of policies
 639 *
 640 * Determines the max. length of the policy.  It is currently used
 641 * to allocated Netlink buffers roughly the size of the actual
 642 * message.
 643 *
 644 * Returns 0 on success or a negative error code.
 645 */
 646int
 647nla_policy_len(const struct nla_policy *p, int n)
 648{
 649        int i, len = 0;
 650
 651        for (i = 0; i < n; i++, p++) {
 652                if (p->len)
 653                        len += nla_total_size(p->len);
 654                else if (nla_attr_len[p->type])
 655                        len += nla_total_size(nla_attr_len[p->type]);
 656                else if (nla_attr_minlen[p->type])
 657                        len += nla_total_size(nla_attr_minlen[p->type]);
 658        }
 659
 660        return len;
 661}
 662EXPORT_SYMBOL(nla_policy_len);
 663
 664/**
 665 * __nla_parse - Parse a stream of attributes into a tb buffer
 666 * @tb: destination array with maxtype+1 elements
 667 * @maxtype: maximum attribute type to be expected
 668 * @head: head of attribute stream
 669 * @len: length of attribute stream
 670 * @policy: validation policy
 671 * @validate: validation strictness
 672 * @extack: extended ACK pointer
 673 *
 674 * Parses a stream of attributes and stores a pointer to each attribute in
 675 * the tb array accessible via the attribute type.
 676 * Validation is controlled by the @validate parameter.
 677 *
 678 * Returns 0 on success or a negative error code.
 679 */
 680int __nla_parse(struct nlattr **tb, int maxtype,
 681                const struct nlattr *head, int len,
 682                const struct nla_policy *policy, unsigned int validate,
 683                struct netlink_ext_ack *extack)
 684{
 685        return __nla_validate_parse(head, len, maxtype, policy, validate,
 686                                    extack, tb, 0);
 687}
 688EXPORT_SYMBOL(__nla_parse);
 689
 690/**
 691 * nla_find - Find a specific attribute in a stream of attributes
 692 * @head: head of attribute stream
 693 * @len: length of attribute stream
 694 * @attrtype: type of attribute to look for
 695 *
 696 * Returns the first attribute in the stream matching the specified type.
 697 */
 698struct nlattr *nla_find(const struct nlattr *head, int len, int attrtype)
 699{
 700        const struct nlattr *nla;
 701        int rem;
 702
 703        nla_for_each_attr(nla, head, len, rem)
 704                if (nla_type(nla) == attrtype)
 705                        return (struct nlattr *)nla;
 706
 707        return NULL;
 708}
 709EXPORT_SYMBOL(nla_find);
 710
 711/**
 712 * nla_strscpy - Copy string attribute payload into a sized buffer
 713 * @dst: Where to copy the string to.
 714 * @nla: Attribute to copy the string from.
 715 * @dstsize: Size of destination buffer.
 716 *
 717 * Copies at most dstsize - 1 bytes into the destination buffer.
 718 * Unlike strlcpy the destination buffer is always padded out.
 719 *
 720 * Return:
 721 * * srclen - Returns @nla length (not including the trailing %NUL).
 722 * * -E2BIG - If @dstsize is 0 or greater than U16_MAX or @nla length greater
 723 *            than @dstsize.
 724 */
 725ssize_t nla_strscpy(char *dst, const struct nlattr *nla, size_t dstsize)
 726{
 727        size_t srclen = nla_len(nla);
 728        char *src = nla_data(nla);
 729        ssize_t ret;
 730        size_t len;
 731
 732        if (dstsize == 0 || WARN_ON_ONCE(dstsize > U16_MAX))
 733                return -E2BIG;
 734
 735        if (srclen > 0 && src[srclen - 1] == '\0')
 736                srclen--;
 737
 738        if (srclen >= dstsize) {
 739                len = dstsize - 1;
 740                ret = -E2BIG;
 741        } else {
 742                len = srclen;
 743                ret = len;
 744        }
 745
 746        memcpy(dst, src, len);
 747        /* Zero pad end of dst. */
 748        memset(dst + len, 0, dstsize - len);
 749
 750        return ret;
 751}
 752EXPORT_SYMBOL(nla_strscpy);
 753
 754/**
 755 * nla_strdup - Copy string attribute payload into a newly allocated buffer
 756 * @nla: attribute to copy the string from
 757 * @flags: the type of memory to allocate (see kmalloc).
 758 *
 759 * Returns a pointer to the allocated buffer or NULL on error.
 760 */
 761char *nla_strdup(const struct nlattr *nla, gfp_t flags)
 762{
 763        size_t srclen = nla_len(nla);
 764        char *src = nla_data(nla), *dst;
 765
 766        if (srclen > 0 && src[srclen - 1] == '\0')
 767                srclen--;
 768
 769        dst = kmalloc(srclen + 1, flags);
 770        if (dst != NULL) {
 771                memcpy(dst, src, srclen);
 772                dst[srclen] = '\0';
 773        }
 774        return dst;
 775}
 776EXPORT_SYMBOL(nla_strdup);
 777
 778/**
 779 * nla_memcpy - Copy a netlink attribute into another memory area
 780 * @dest: where to copy to memcpy
 781 * @src: netlink attribute to copy from
 782 * @count: size of the destination area
 783 *
 784 * Note: The number of bytes copied is limited by the length of
 785 *       attribute's payload. memcpy
 786 *
 787 * Returns the number of bytes copied.
 788 */
 789int nla_memcpy(void *dest, const struct nlattr *src, int count)
 790{
 791        int minlen = min_t(int, count, nla_len(src));
 792
 793        memcpy(dest, nla_data(src), minlen);
 794        if (count > minlen)
 795                memset(dest + minlen, 0, count - minlen);
 796
 797        return minlen;
 798}
 799EXPORT_SYMBOL(nla_memcpy);
 800
 801/**
 802 * nla_memcmp - Compare an attribute with sized memory area
 803 * @nla: netlink attribute
 804 * @data: memory area
 805 * @size: size of memory area
 806 */
 807int nla_memcmp(const struct nlattr *nla, const void *data,
 808                             size_t size)
 809{
 810        int d = nla_len(nla) - size;
 811
 812        if (d == 0)
 813                d = memcmp(nla_data(nla), data, size);
 814
 815        return d;
 816}
 817EXPORT_SYMBOL(nla_memcmp);
 818
 819/**
 820 * nla_strcmp - Compare a string attribute against a string
 821 * @nla: netlink string attribute
 822 * @str: another string
 823 */
 824int nla_strcmp(const struct nlattr *nla, const char *str)
 825{
 826        int len = strlen(str);
 827        char *buf = nla_data(nla);
 828        int attrlen = nla_len(nla);
 829        int d;
 830
 831        while (attrlen > 0 && buf[attrlen - 1] == '\0')
 832                attrlen--;
 833
 834        d = attrlen - len;
 835        if (d == 0)
 836                d = memcmp(nla_data(nla), str, len);
 837
 838        return d;
 839}
 840EXPORT_SYMBOL(nla_strcmp);
 841
 842#ifdef CONFIG_NET
 843/**
 844 * __nla_reserve - reserve room for attribute on the skb
 845 * @skb: socket buffer to reserve room on
 846 * @attrtype: attribute type
 847 * @attrlen: length of attribute payload
 848 *
 849 * Adds a netlink attribute header to a socket buffer and reserves
 850 * room for the payload but does not copy it.
 851 *
 852 * The caller is responsible to ensure that the skb provides enough
 853 * tailroom for the attribute header and payload.
 854 */
 855struct nlattr *__nla_reserve(struct sk_buff *skb, int attrtype, int attrlen)
 856{
 857        struct nlattr *nla;
 858
 859        nla = skb_put(skb, nla_total_size(attrlen));
 860        nla->nla_type = attrtype;
 861        nla->nla_len = nla_attr_size(attrlen);
 862
 863        memset((unsigned char *) nla + nla->nla_len, 0, nla_padlen(attrlen));
 864
 865        return nla;
 866}
 867EXPORT_SYMBOL(__nla_reserve);
 868
 869/**
 870 * __nla_reserve_64bit - reserve room for attribute on the skb and align it
 871 * @skb: socket buffer to reserve room on
 872 * @attrtype: attribute type
 873 * @attrlen: length of attribute payload
 874 * @padattr: attribute type for the padding
 875 *
 876 * Adds a netlink attribute header to a socket buffer and reserves
 877 * room for the payload but does not copy it. It also ensure that this
 878 * attribute will have a 64-bit aligned nla_data() area.
 879 *
 880 * The caller is responsible to ensure that the skb provides enough
 881 * tailroom for the attribute header and payload.
 882 */
 883struct nlattr *__nla_reserve_64bit(struct sk_buff *skb, int attrtype,
 884                                   int attrlen, int padattr)
 885{
 886        nla_align_64bit(skb, padattr);
 887
 888        return __nla_reserve(skb, attrtype, attrlen);
 889}
 890EXPORT_SYMBOL(__nla_reserve_64bit);
 891
 892/**
 893 * __nla_reserve_nohdr - reserve room for attribute without header
 894 * @skb: socket buffer to reserve room on
 895 * @attrlen: length of attribute payload
 896 *
 897 * Reserves room for attribute payload without a header.
 898 *
 899 * The caller is responsible to ensure that the skb provides enough
 900 * tailroom for the payload.
 901 */
 902void *__nla_reserve_nohdr(struct sk_buff *skb, int attrlen)
 903{
 904        return skb_put_zero(skb, NLA_ALIGN(attrlen));
 905}
 906EXPORT_SYMBOL(__nla_reserve_nohdr);
 907
 908/**
 909 * nla_reserve - reserve room for attribute on the skb
 910 * @skb: socket buffer to reserve room on
 911 * @attrtype: attribute type
 912 * @attrlen: length of attribute payload
 913 *
 914 * Adds a netlink attribute header to a socket buffer and reserves
 915 * room for the payload but does not copy it.
 916 *
 917 * Returns NULL if the tailroom of the skb is insufficient to store
 918 * the attribute header and payload.
 919 */
 920struct nlattr *nla_reserve(struct sk_buff *skb, int attrtype, int attrlen)
 921{
 922        if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen)))
 923                return NULL;
 924
 925        return __nla_reserve(skb, attrtype, attrlen);
 926}
 927EXPORT_SYMBOL(nla_reserve);
 928
 929/**
 930 * nla_reserve_64bit - reserve room for attribute on the skb and align it
 931 * @skb: socket buffer to reserve room on
 932 * @attrtype: attribute type
 933 * @attrlen: length of attribute payload
 934 * @padattr: attribute type for the padding
 935 *
 936 * Adds a netlink attribute header to a socket buffer and reserves
 937 * room for the payload but does not copy it. It also ensure that this
 938 * attribute will have a 64-bit aligned nla_data() area.
 939 *
 940 * Returns NULL if the tailroom of the skb is insufficient to store
 941 * the attribute header and payload.
 942 */
 943struct nlattr *nla_reserve_64bit(struct sk_buff *skb, int attrtype, int attrlen,
 944                                 int padattr)
 945{
 946        size_t len;
 947
 948        if (nla_need_padding_for_64bit(skb))
 949                len = nla_total_size_64bit(attrlen);
 950        else
 951                len = nla_total_size(attrlen);
 952        if (unlikely(skb_tailroom(skb) < len))
 953                return NULL;
 954
 955        return __nla_reserve_64bit(skb, attrtype, attrlen, padattr);
 956}
 957EXPORT_SYMBOL(nla_reserve_64bit);
 958
 959/**
 960 * nla_reserve_nohdr - reserve room for attribute without header
 961 * @skb: socket buffer to reserve room on
 962 * @attrlen: length of attribute payload
 963 *
 964 * Reserves room for attribute payload without a header.
 965 *
 966 * Returns NULL if the tailroom of the skb is insufficient to store
 967 * the attribute payload.
 968 */
 969void *nla_reserve_nohdr(struct sk_buff *skb, int attrlen)
 970{
 971        if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
 972                return NULL;
 973
 974        return __nla_reserve_nohdr(skb, attrlen);
 975}
 976EXPORT_SYMBOL(nla_reserve_nohdr);
 977
 978/**
 979 * __nla_put - Add a netlink attribute to a socket buffer
 980 * @skb: socket buffer to add attribute to
 981 * @attrtype: attribute type
 982 * @attrlen: length of attribute payload
 983 * @data: head of attribute payload
 984 *
 985 * The caller is responsible to ensure that the skb provides enough
 986 * tailroom for the attribute header and payload.
 987 */
 988void __nla_put(struct sk_buff *skb, int attrtype, int attrlen,
 989                             const void *data)
 990{
 991        struct nlattr *nla;
 992
 993        nla = __nla_reserve(skb, attrtype, attrlen);
 994        memcpy(nla_data(nla), data, attrlen);
 995}
 996EXPORT_SYMBOL(__nla_put);
 997
 998/**
 999 * __nla_put_64bit - Add a netlink attribute to a socket buffer and align it
1000 * @skb: socket buffer to add attribute to

1001 * @attrtype: attribute type
1002 * @attrlen: length of attribute payload
1003 * @data: head of attribute payload
1004 * @padattr: attribute type for the padding
1005 *
1006 * The caller is responsible to ensure that the skb provides enough
1007 * tailroom for the attribute header and payload.
1008 */
1009void __nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen,
1010                     const void *data, int padattr)
1011{
1012        struct nlattr *nla;
1013
1014        nla = __nla_reserve_64bit(skb, attrtype, attrlen, padattr);
1015        memcpy(nla_data(nla), data, attrlen);
1016}
1017EXPORT_SYMBOL(__nla_put_64bit);
1018
1019/**
1020 * __nla_put_nohdr - Add a netlink attribute without header
1021 * @skb: socket buffer to add attribute to
1022 * @attrlen: length of attribute payload
1023 * @data: head of attribute payload
1024 *
1025 * The caller is responsible to ensure that the skb provides enough
1026 * tailroom for the attribute payload.
1027 */
1028void __nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
1029{
1030        void *start;
1031
1032        start = __nla_reserve_nohdr(skb, attrlen);
1033        memcpy(start, data, attrlen);
1034}
1035EXPORT_SYMBOL(__nla_put_nohdr);
1036
1037/**
1038 * nla_put - Add a netlink attribute to a socket buffer
1039 * @skb: socket buffer to add attribute to
1040 * @attrtype: attribute type
1041 * @attrlen: length of attribute payload
1042 * @data: head of attribute payload
1043 *
1044 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
1045 * the attribute header and payload.
1046 */
1047int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data)
1048{
1049        if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen)))
1050                return -EMSGSIZE;
1051
1052        __nla_put(skb, attrtype, attrlen, data);
1053        return 0;
1054}
1055EXPORT_SYMBOL(nla_put);
1056
1057/**
1058 * nla_put_64bit - Add a netlink attribute to a socket buffer and align it
1059 * @skb: socket buffer to add attribute to
1060 * @attrtype: attribute type
1061 * @attrlen: length of attribute payload
1062 * @data: head of attribute payload
1063 * @padattr: attribute type for the padding
1064 *
1065 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
1066 * the attribute header and payload.
1067 */
1068int nla_put_64bit(struct sk_buff *skb, int attrtype, int attrlen,
1069                  const void *data, int padattr)
1070{
1071        size_t len;
1072
1073        if (nla_need_padding_for_64bit(skb))
1074                len = nla_total_size_64bit(attrlen);
1075        else
1076                len = nla_total_size(attrlen);
1077        if (unlikely(skb_tailroom(skb) < len))
1078                return -EMSGSIZE;
1079
1080        __nla_put_64bit(skb, attrtype, attrlen, data, padattr);
1081        return 0;
1082}
1083EXPORT_SYMBOL(nla_put_64bit);
1084
1085/**
1086 * nla_put_nohdr - Add a netlink attribute without header
1087 * @skb: socket buffer to add attribute to
1088 * @attrlen: length of attribute payload
1089 * @data: head of attribute payload
1090 *
1091 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
1092 * the attribute payload.
1093 */
1094int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
1095{
1096        if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
1097                return -EMSGSIZE;
1098
1099        __nla_put_nohdr(skb, attrlen, data);
1100        return 0;
1101}
1102EXPORT_SYMBOL(nla_put_nohdr);
1103
1104/**
1105 * nla_append - Add a netlink attribute without header or padding
1106 * @skb: socket buffer to add attribute to
1107 * @attrlen: length of attribute payload
1108 * @data: head of attribute payload
1109 *
1110 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
1111 * the attribute payload.
1112 */
1113int nla_append(struct sk_buff *skb, int attrlen, const void *data)
1114{
1115        if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
1116                return -EMSGSIZE;
1117
1118        skb_put_data(skb, data, attrlen);
1119        return 0;
1120}
1121EXPORT_SYMBOL(nla_append);
1122#endif
1123