Commit c77fb07f authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge branch 'netlink-export-policy-on-validation-failures' 



Johannes Berg says:

====================
netlink: export policy on validation failures

Export the policy used for attribute validation when it fails,
so e.g. for an out-of-range attribute userspace immediately gets
the valid ranges back.

v2 incorporates the suggestion from Jakub to have a function to
estimate the size (netlink_policy_dump_attr_size_estimate()) and
check that it does the right thing on the *normal* policy dumps,
not (just) when calling it from the error scenario.

v3 only addresses a few minor style issues.

v4 fixes up a forgotten 'git add' ... sorry.

v5 is a resend, I messed up v4's cover letter subject (saying v3)
and apparently the second patch didn't go out at all.

Tested using nl80211/iw in a few scenarios, seems to work fine
and return the policy back, e.g.

kernel reports: integer out of range
policy: 04 00 0b 00 0c 00 04 00 01 00 00 00 00 00 00 00
        ^ padding
                    ^ minimum allowed value
policy: 04 00 0b 00 0c 00 05 00 ff ff ff ff 00 00 00 00
        ^ padding
                    ^ maximum allowed value
policy: 08 00 01 00 04 00 00 00
        ^ type 4 == U32

for an out-of-range case.
====================

Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents c4cc0b9c 44f3625b

include/linux/netlink.h

+20 −10
Original line number Diff line number Diff line
@@ -68,12 +68,14 @@ netlink_kernel_create(struct net *net, int unit, struct netlink_kernel_cfg *cfg) 
 * @_msg: message string to report - don't access directly, use

 *	%NL_SET_ERR_MSG

 * @bad_attr: attribute with error

 * @policy: policy for a bad attribute

 * @cookie: cookie data to return to userspace (for success)

 * @cookie_len: actual cookie data length

 */

struct netlink_ext_ack {

	const char *_msg;

	const struct nlattr *bad_attr;

	const struct nla_policy *policy;

	u8 cookie[NETLINK_MAX_COOKIE_LEN];

	u8 cookie_len;

};
@@ -95,21 +97,29 @@ struct netlink_ext_ack { 
#define NL_SET_ERR_MSG_MOD(extack, msg)			\

	NL_SET_ERR_MSG((extack), KBUILD_MODNAME ": " msg)



#define NL_SET_BAD_ATTR(extack, attr) do {		\

	if ((extack))					\

#define NL_SET_BAD_ATTR_POLICY(extack, attr, pol) do {	\

	if ((extack)) {					\

		(extack)->bad_attr = (attr);		\

		(extack)->policy = (pol);		\

	}						\

} while (0)



#define NL_SET_ERR_MSG_ATTR(extack, attr, msg) do {	\

#define NL_SET_BAD_ATTR(extack, attr) NL_SET_BAD_ATTR_POLICY(extack, attr, NULL)



#define NL_SET_ERR_MSG_ATTR_POL(extack, attr, pol, msg) do {	\

	static const char __msg[] = msg;			\

	struct netlink_ext_ack *__extack = (extack);		\

								\

	if (__extack) {						\

		__extack->_msg = __msg;				\

		__extack->bad_attr = (attr);			\

		__extack->policy = (pol);			\

	}							\

} while (0)



#define NL_SET_ERR_MSG_ATTR(extack, attr, msg)		\

	NL_SET_ERR_MSG_ATTR_POL(extack, attr, NULL, msg)



static inline void nl_set_extack_cookie_u64(struct netlink_ext_ack *extack,

					    u64 cookie)

{

include/net/netlink.h

+4 −0
Original line number Diff line number Diff line
@@ -1957,6 +1957,10 @@ int netlink_policy_dump_get_policy_idx(struct netlink_policy_dump_state *state, 
bool netlink_policy_dump_loop(struct netlink_policy_dump_state *state);

int netlink_policy_dump_write(struct sk_buff *skb,

			      struct netlink_policy_dump_state *state);

int netlink_policy_dump_attr_size_estimate(const struct nla_policy *pt);

int netlink_policy_dump_write_attr(struct sk_buff *skb,

				   const struct nla_policy *pt,

				   int nestattr);

void netlink_policy_dump_free(struct netlink_policy_dump_state *state);



#endif

include/uapi/linux/netlink.h

+2 −0
Original line number Diff line number Diff line
@@ -129,6 +129,7 @@ struct nlmsgerr { 
 * @NLMSGERR_ATTR_COOKIE: arbitrary subsystem specific cookie to

 *	be used - in the success case - to identify a created

 *	object or operation or similar (binary)

 * @NLMSGERR_ATTR_POLICY: policy for a rejected attribute

 * @__NLMSGERR_ATTR_MAX: number of attributes

 * @NLMSGERR_ATTR_MAX: highest attribute number

 */
@@ -137,6 +138,7 @@ enum nlmsgerr_attrs { 
	NLMSGERR_ATTR_MSG,

	NLMSGERR_ATTR_OFFS,

	NLMSGERR_ATTR_COOKIE,

	NLMSGERR_ATTR_POLICY,



	__NLMSGERR_ATTR_MAX,

	NLMSGERR_ATTR_MAX = __NLMSGERR_ATTR_MAX - 1

lib/nlattr.c

+18 −17
Original line number Diff line number Diff line
@@ -96,7 +96,7 @@ static int nla_validate_array(const struct nlattr *head, int len, int maxtype, 
			continue;



		if (nla_len(entry) < NLA_HDRLEN) {

			NL_SET_ERR_MSG_ATTR(extack, entry,

			NL_SET_ERR_MSG_ATTR_POL(extack, entry, policy,

						"Array element too short");

			return -ERANGE;

		}
@@ -195,7 +195,7 @@ static int nla_validate_range_unsigned(const struct nla_policy *pt, 
		pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n",

				    current->comm, pt->type);

		if (validate & NL_VALIDATE_STRICT_ATTRS) {

			NL_SET_ERR_MSG_ATTR(extack, nla,

			NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,

						"invalid attribute length");

			return -EINVAL;

		}
@@ -208,10 +208,10 @@ static int nla_validate_range_unsigned(const struct nla_policy *pt, 
		bool binary = pt->type == NLA_BINARY;



		if (binary)

			NL_SET_ERR_MSG_ATTR(extack, nla,

			NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,

						"binary attribute size out of range");

		else

			NL_SET_ERR_MSG_ATTR(extack, nla,

			NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,

						"integer out of range");



		return -ERANGE;
@@ -291,7 +291,7 @@ static int nla_validate_int_range_signed(const struct nla_policy *pt, 
	nla_get_range_signed(pt, &range);



	if (value < range.min || value > range.max) {

		NL_SET_ERR_MSG_ATTR(extack, nla,

		NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,

					"integer out of range");

		return -ERANGE;

	}
@@ -377,7 +377,7 @@ static int validate_nla(const struct nlattr *nla, int maxtype, 
		pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n",

				    current->comm, type);

		if (validate & NL_VALIDATE_STRICT_ATTRS) {

			NL_SET_ERR_MSG_ATTR(extack, nla,

			NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,

						"invalid attribute length");

			return -EINVAL;

		}
@@ -386,13 +386,13 @@ static int validate_nla(const struct nlattr *nla, int maxtype, 
	if (validate & NL_VALIDATE_NESTED) {

		if ((pt->type == NLA_NESTED || pt->type == NLA_NESTED_ARRAY) &&

		    !(nla->nla_type & NLA_F_NESTED)) {

			NL_SET_ERR_MSG_ATTR(extack, nla,

			NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,

						"NLA_F_NESTED is missing");

			return -EINVAL;

		}

		if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY &&

		    pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) {

			NL_SET_ERR_MSG_ATTR(extack, nla,

			NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,

						"NLA_F_NESTED not expected");

			return -EINVAL;

		}
@@ -550,7 +550,8 @@ static int validate_nla(const struct nlattr *nla, int maxtype, 


	return 0;

out_err:

	NL_SET_ERR_MSG_ATTR(extack, nla, "Attribute failed policy validation");

	NL_SET_ERR_MSG_ATTR_POL(extack, nla, pt,

				"Attribute failed policy validation");

	return err;

}

net/netlink/af_netlink.c

+5 −0
Original line number Diff line number Diff line
@@ -2420,6 +2420,8 @@ void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err, 
		tlvlen += nla_total_size(sizeof(u32));

	if (nlk_has_extack && extack && extack->cookie_len)

		tlvlen += nla_total_size(extack->cookie_len);

	if (err && nlk_has_extack && extack && extack->policy)

		tlvlen += netlink_policy_dump_attr_size_estimate(extack->policy);



	if (tlvlen)

		flags |= NLM_F_ACK_TLVS;
@@ -2452,6 +2454,9 @@ void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err, 
		if (extack->cookie_len)

			WARN_ON(nla_put(skb, NLMSGERR_ATTR_COOKIE,

					extack->cookie_len, extack->cookie));

		if (extack->policy)

			netlink_policy_dump_write_attr(skb, extack->policy,

						       NLMSGERR_ATTR_POLICY);

	}



	nlmsg_end(skb, rep);

CRA Git | Maintained and supported by SUSTech CRA and CCSE