License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that became
the concluded license(s).
- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-01 15:07:57 +01:00
/* SPDX-License-Identifier: GPL-2.0 */
2005-11-10 02:25:56 +01:00
# ifndef __NET_GENERIC_NETLINK_H
# define __NET_GENERIC_NETLINK_H
# include <linux/genetlink.h>
# include <net/netlink.h>
2009-07-10 09:51:34 +00:00
# include <net/net_namespace.h>
2005-11-10 02:25:56 +01:00
2012-06-28 03:57:45 +00:00
# define GENLMSG_DEFAULT_SIZE (NLMSG_DEFAULT_SIZE - GENL_HDRLEN)
2007-07-18 15:47:52 -07:00
/**
* struct genl_multicast_group - generic netlink multicast group
* @ name : name of the multicast group , names are per - family
*/
2009-11-03 03:26:03 +00:00
struct genl_multicast_group {
2007-07-18 15:47:52 -07:00
char name [ GENL_NAMSIZ ] ;
2021-02-12 15:59:59 -08:00
u8 flags ;
2007-07-18 15:47:52 -07:00
} ;
2010-10-04 21:14:03 +02:00
struct genl_ops ;
struct genl_info ;
2005-11-10 02:25:56 +01:00
/**
* struct genl_family - generic netlink family
2016-10-24 14:40:02 +02:00
* @ id : protocol family identifier ( private )
2005-11-10 02:25:56 +01:00
* @ hdrsize : length of user specific header in bytes
* @ name : name of family
* @ version : protocol version
* @ maxattr : maximum number of attributes supported
genetlink: make policy common to family
Since maxattr is common, the policy can't really differ sanely,
so make it common as well.
The only user that did in fact manage to make a non-common policy
is taskstats, which has to be really careful about it (since it's
still using a common maxattr!). This is no longer supported, but
we can fake it using pre_doit.
This reduces the size of e.g. nl80211.o (which has lots of commands):
text data bss dec hex filename
398745 14323 2240 415308 6564c net/wireless/nl80211.o (before)
397913 14331 2240 414484 65314 net/wireless/nl80211.o (after)
--------------------------------
-832 +8 0 -824
Which is obviously just 8 bytes for each command, and an added 8
bytes for the new policy pointer. I'm not sure why the ops list is
counted as .text though.
Most of the code transformations were done using the following spatch:
@ops@
identifier OPS;
expression POLICY;
@@
struct genl_ops OPS[] = {
...,
{
- .policy = POLICY,
},
...
};
@@
identifier ops.OPS;
expression ops.POLICY;
identifier fam;
expression M;
@@
struct genl_family fam = {
.ops = OPS,
.maxattr = M,
+ .policy = POLICY,
...
};
This also gets rid of devlink_nl_cmd_region_read_dumpit() accessing
the cb->data as ops, which we want to change in a later genl patch.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-03-21 22:51:02 +01:00
* @ policy : netlink policy
2009-07-10 09:51:34 +00:00
* @ netnsok : set to true if the family can handle network
* namespaces and should be presented in all of them
2015-01-16 11:37:12 +01:00
* @ parallel_ops : operations can be called in parallel and aren ' t
* synchronized by the core genetlink code
2010-10-04 21:14:03 +02:00
* @ pre_doit : called before an operation ' s doit callback , it may
* do additional , common , filtering and return an error
* @ post_doit : called after an operation ' s doit callback , it may
* undo operations done by pre_doit , for example release locks
2016-10-24 14:40:03 +02:00
* @ mcgrps : multicast groups used by this family
* @ n_mcgrps : number of multicast groups
2013-11-19 15:19:39 +01:00
* @ mcgrp_offset : starting number of multicast group IDs in this family
2016-10-24 14:40:03 +02:00
* ( private )
* @ ops : the operations supported by this family
* @ n_ops : number of operations supported by this family
2020-10-02 14:49:53 -07:00
* @ small_ops : the small - struct operations supported by this family
* @ n_small_ops : number of small - struct operations supported by this family
2005-11-10 02:25:56 +01:00
*/
2009-11-03 03:26:03 +00:00
struct genl_family {
2016-11-13 12:14:59 -05:00
int id ; /* private */
2005-11-10 02:25:56 +01:00
unsigned int hdrsize ;
char name [ GENL_NAMSIZ ] ;
unsigned int version ;
unsigned int maxattr ;
2020-10-02 14:49:52 -07:00
unsigned int mcgrp_offset ; /* private */
u8 netnsok : 1 ;
u8 parallel_ops : 1 ;
u8 n_ops ;
2020-10-02 14:49:53 -07:00
u8 n_small_ops ;
2020-10-02 14:49:52 -07:00
u8 n_mcgrps ;
genetlink: make policy common to family
Since maxattr is common, the policy can't really differ sanely,
so make it common as well.
The only user that did in fact manage to make a non-common policy
is taskstats, which has to be really careful about it (since it's
still using a common maxattr!). This is no longer supported, but
we can fake it using pre_doit.
This reduces the size of e.g. nl80211.o (which has lots of commands):
text data bss dec hex filename
398745 14323 2240 415308 6564c net/wireless/nl80211.o (before)
397913 14331 2240 414484 65314 net/wireless/nl80211.o (after)
--------------------------------
-832 +8 0 -824
Which is obviously just 8 bytes for each command, and an added 8
bytes for the new policy pointer. I'm not sure why the ops list is
counted as .text though.
Most of the code transformations were done using the following spatch:
@ops@
identifier OPS;
expression POLICY;
@@
struct genl_ops OPS[] = {
...,
{
- .policy = POLICY,
},
...
};
@@
identifier ops.OPS;
expression ops.POLICY;
identifier fam;
expression M;
@@
struct genl_family fam = {
.ops = OPS,
.maxattr = M,
+ .policy = POLICY,
...
};
This also gets rid of devlink_nl_cmd_region_read_dumpit() accessing
the cb->data as ops, which we want to change in a later genl patch.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-03-21 22:51:02 +01:00
const struct nla_policy * policy ;
2013-11-14 17:14:45 +01:00
int ( * pre_doit ) ( const struct genl_ops * ops ,
2010-10-04 21:14:03 +02:00
struct sk_buff * skb ,
struct genl_info * info ) ;
2013-11-14 17:14:45 +01:00
void ( * post_doit ) ( const struct genl_ops * ops ,
2010-10-04 21:14:03 +02:00
struct sk_buff * skb ,
struct genl_info * info ) ;
2016-10-24 14:40:03 +02:00
const struct genl_ops * ops ;
2020-10-02 14:49:53 -07:00
const struct genl_small_ops * small_ops ;
2016-10-24 14:40:03 +02:00
const struct genl_multicast_group * mcgrps ;
2013-08-23 12:45:04 -07:00
struct module * module ;
2005-11-10 02:25:56 +01:00
} ;
/**
* struct genl_info - receiving information
* @ snd_seq : sending sequence number
2012-09-07 20:12:54 +00:00
* @ snd_portid : netlink portid of sender
2005-11-10 02:25:56 +01:00
* @ nlhdr : netlink message header
* @ genlhdr : generic netlink message header
* @ userhdr : user specific header
* @ attrs : netlink attributes
2010-10-04 21:14:03 +02:00
* @ _net : network namespace
* @ user_ptr : user pointers
2017-04-12 14:34:05 +02:00
* @ extack : extended ACK report struct
2005-11-10 02:25:56 +01:00
*/
2009-11-03 03:26:03 +00:00
struct genl_info {
2005-11-10 02:25:56 +01:00
u32 snd_seq ;
2012-09-07 20:12:54 +00:00
u32 snd_portid ;
2005-11-10 02:25:56 +01:00
struct nlmsghdr * nlhdr ;
struct genlmsghdr * genlhdr ;
void * userhdr ;
struct nlattr * * attrs ;
2015-03-11 23:06:44 -05:00
possible_net_t _net ;
2010-10-04 21:14:03 +02:00
void * user_ptr [ 2 ] ;
2017-04-12 14:34:05 +02:00
struct netlink_ext_ack * extack ;
2005-11-10 02:25:56 +01:00
} ;
2009-07-10 09:51:34 +00:00
static inline struct net * genl_info_net ( struct genl_info * info )
{
2010-06-01 06:51:19 +00:00
return read_pnet ( & info - > _net ) ;
2009-07-10 09:51:34 +00:00
}
static inline void genl_info_net_set ( struct genl_info * info , struct net * net )
{
2010-06-01 06:51:19 +00:00
write_pnet ( & info - > _net , net ) ;
2009-07-10 09:51:34 +00:00
}
2017-04-12 14:34:05 +02:00
# define GENL_SET_ERR_MSG(info, msg) NL_SET_ERR_MSG((info)->extack, msg)
2019-04-26 14:07:31 +02:00
enum genl_validate_flags {
GENL_DONT_VALIDATE_STRICT = BIT ( 0 ) ,
GENL_DONT_VALIDATE_DUMP = BIT ( 1 ) ,
GENL_DONT_VALIDATE_DUMP_STRICT = BIT ( 2 ) ,
} ;
2019-10-05 20:04:34 +02:00
/**
2020-10-02 14:49:53 -07:00
* struct genl_small_ops - generic netlink operations ( small version )
* @ cmd : command identifier
* @ internal_flags : flags used by the family
* @ flags : flags
* @ validate : validation flags from enum genl_validate_flags
* @ doit : standard command callback
* @ dumpit : callback for dumpers
*
* This is a cut - down version of struct genl_ops for users who don ' t need
* most of the ancillary infra and want to save space .
2019-10-05 20:04:34 +02:00
*/
2020-10-02 14:49:53 -07:00
struct genl_small_ops {
int ( * doit ) ( struct sk_buff * skb , struct genl_info * info ) ;
int ( * dumpit ) ( struct sk_buff * skb , struct netlink_callback * cb ) ;
u8 cmd ;
u8 internal_flags ;
u8 flags ;
u8 validate ;
2019-10-05 20:04:34 +02:00
} ;
2005-11-10 02:25:56 +01:00
/**
* struct genl_ops - generic netlink operations
* @ cmd : command identifier
2010-10-04 21:14:03 +02:00
* @ internal_flags : flags used by the family
2005-11-10 02:25:56 +01:00
* @ flags : flags
2020-10-02 14:49:57 -07:00
* @ maxattr : maximum number of attributes supported
* @ policy : netlink policy ( takes precedence over family policy )
2020-09-28 17:53:29 -07:00
* @ validate : validation flags from enum genl_validate_flags
2005-11-10 02:25:56 +01:00
* @ doit : standard command callback
2015-12-15 15:41:37 -08:00
* @ start : start callback for dumps
2005-11-10 02:25:56 +01:00
* @ dumpit : callback for dumpers
2006-12-01 20:07:42 -08:00
* @ done : completion callback for dumps
2005-11-10 02:25:56 +01:00
*/
2009-11-03 03:26:03 +00:00
struct genl_ops {
2005-11-10 02:25:56 +01:00
int ( * doit ) ( struct sk_buff * skb ,
struct genl_info * info ) ;
2015-12-15 15:41:37 -08:00
int ( * start ) ( struct netlink_callback * cb ) ;
2005-11-10 02:25:56 +01:00
int ( * dumpit ) ( struct sk_buff * skb ,
struct netlink_callback * cb ) ;
2006-12-01 20:07:42 -08:00
int ( * done ) ( struct netlink_callback * cb ) ;
2020-10-02 14:49:57 -07:00
const struct nla_policy * policy ;
unsigned int maxattr ;
2013-11-14 17:14:47 +01:00
u8 cmd ;
u8 internal_flags ;
u8 flags ;
2019-04-26 14:07:31 +02:00
u8 validate ;
2005-11-10 02:25:56 +01:00
} ;
2020-10-02 14:49:53 -07:00
/**
* struct genl_info - info that is available during dumpit op call
* @ family : generic netlink family - for internal genl code usage
* @ ops : generic netlink ops - for internal genl code usage
* @ attrs : netlink attributes
*/
struct genl_dumpit_info {
const struct genl_family * family ;
struct genl_ops op ;
struct nlattr * * attrs ;
} ;
static inline const struct genl_dumpit_info *
genl_dumpit_info ( struct netlink_callback * cb )
{
return cb - > data ;
}
2016-10-24 14:40:03 +02:00
int genl_register_family ( struct genl_family * family ) ;
2016-10-24 14:40:04 +02:00
int genl_unregister_family ( const struct genl_family * family ) ;
void genl_notify ( const struct genl_family * family , struct sk_buff * skb ,
2015-09-22 18:56:43 +02:00
struct genl_info * info , u32 group , gfp_t flags ) ;
2005-11-10 02:25:56 +01:00
2012-09-07 20:12:54 +00:00
void * genlmsg_put ( struct sk_buff * skb , u32 portid , u32 seq ,
2016-10-24 14:40:04 +02:00
const struct genl_family * family , int flags , u8 cmd ) ;
2005-11-10 02:25:56 +01:00
netlink: advertise incomplete dumps
Consider the following situation:
* a dump that would show 8 entries, four in the first
round, and four in the second
* between the first and second rounds, 6 entries are
removed
* now the second round will not show any entry, and
even if there is a sequence/generation counter the
application will not know
To solve this problem, add a new flag NLM_F_DUMP_INTR
to the netlink header that indicates the dump wasn't
consistent, this flag can also be set on the MSG_DONE
message that terminates the dump, and as such above
situation can be detected.
To achieve this, add a sequence counter to the netlink
callback struct. Of course, netlink code still needs
to use this new functionality. The correct way to do
that is to always set cb->seq when a dumpit callback
is invoked and call nl_dump_check_consistent() for
each new message. The core code will also call this
function for the final MSG_DONE message.
To make it usable with generic netlink, a new function
genlmsg_nlhdr() is needed to obtain the netlink header
from the genetlink user header.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-06-20 13:40:46 +02:00
/**
* genlmsg_nlhdr - Obtain netlink header from user specified header
* @ user_hdr : user header as returned from genlmsg_put ( )
*
* Returns pointer to netlink header .
*/
2017-11-15 13:09:32 +01:00
static inline struct nlmsghdr * genlmsg_nlhdr ( void * user_hdr )
netlink: advertise incomplete dumps
Consider the following situation:
* a dump that would show 8 entries, four in the first
round, and four in the second
* between the first and second rounds, 6 entries are
removed
* now the second round will not show any entry, and
even if there is a sequence/generation counter the
application will not know
To solve this problem, add a new flag NLM_F_DUMP_INTR
to the netlink header that indicates the dump wasn't
consistent, this flag can also be set on the MSG_DONE
message that terminates the dump, and as such above
situation can be detected.
To achieve this, add a sequence counter to the netlink
callback struct. Of course, netlink code still needs
to use this new functionality. The correct way to do
that is to always set cb->seq when a dumpit callback
is invoked and call nl_dump_check_consistent() for
each new message. The core code will also call this
function for the final MSG_DONE message.
To make it usable with generic netlink, a new function
genlmsg_nlhdr() is needed to obtain the netlink header
from the genetlink user header.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-06-20 13:40:46 +02:00
{
return ( struct nlmsghdr * ) ( ( char * ) user_hdr -
GENL_HDRLEN -
NLMSG_HDRLEN ) ;
}
2015-01-21 16:42:51 -08:00
/**
netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:
1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size
The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().
Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.
We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated
Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)
@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.
Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.
Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.
In effect then, this adds fully strict validation for any new command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 14:07:28 +02:00
* genlmsg_parse_deprecated - parse attributes of a genetlink message
2015-01-21 16:42:51 -08:00
* @ nlh : netlink message header
* @ family : genetlink message family
* @ tb : destination array with maxtype + 1 elements
* @ maxtype : maximum attribute type to be expected
* @ policy : validation policy
2017-04-12 14:34:07 +02:00
* @ extack : extended ACK report struct
*/
netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:
1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size
The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().
Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.
We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated
Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)
@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.
Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.
Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.
In effect then, this adds fully strict validation for any new command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 14:07:28 +02:00
static inline int genlmsg_parse_deprecated ( const struct nlmsghdr * nlh ,
const struct genl_family * family ,
struct nlattr * tb [ ] , int maxtype ,
const struct nla_policy * policy ,
struct netlink_ext_ack * extack )
2015-01-21 16:42:51 -08:00
{
netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:
1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size
The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().
Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.
We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated
Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)
@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.
Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.
Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.
In effect then, this adds fully strict validation for any new command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 14:07:28 +02:00
return __nlmsg_parse ( nlh , family - > hdrsize + GENL_HDRLEN , tb , maxtype ,
policy , NL_VALIDATE_LIBERAL , extack ) ;
2015-01-21 16:42:51 -08:00
}
2019-04-26 14:07:29 +02:00
/**
* genlmsg_parse - parse attributes of a genetlink message
* @ nlh : netlink message header
* @ family : genetlink message family
* @ tb : destination array with maxtype + 1 elements
* @ maxtype : maximum attribute type to be expected
* @ policy : validation policy
* @ extack : extended ACK report struct
*/
static inline int genlmsg_parse ( const struct nlmsghdr * nlh ,
const struct genl_family * family ,
struct nlattr * tb [ ] , int maxtype ,
const struct nla_policy * policy ,
struct netlink_ext_ack * extack )
{
return __nlmsg_parse ( nlh , family - > hdrsize + GENL_HDRLEN , tb , maxtype ,
policy , NL_VALIDATE_STRICT , extack ) ;
}
netlink: advertise incomplete dumps
Consider the following situation:
* a dump that would show 8 entries, four in the first
round, and four in the second
* between the first and second rounds, 6 entries are
removed
* now the second round will not show any entry, and
even if there is a sequence/generation counter the
application will not know
To solve this problem, add a new flag NLM_F_DUMP_INTR
to the netlink header that indicates the dump wasn't
consistent, this flag can also be set on the MSG_DONE
message that terminates the dump, and as such above
situation can be detected.
To achieve this, add a sequence counter to the netlink
callback struct. Of course, netlink code still needs
to use this new functionality. The correct way to do
that is to always set cb->seq when a dumpit callback
is invoked and call nl_dump_check_consistent() for
each new message. The core code will also call this
function for the final MSG_DONE message.
To make it usable with generic netlink, a new function
genlmsg_nlhdr() is needed to obtain the netlink header
from the genetlink user header.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-06-20 13:40:46 +02:00
/**
* genl_dump_check_consistent - check if sequence is consistent and advertise if not
* @ cb : netlink callback structure that stores the sequence number
* @ user_hdr : user header as returned from genlmsg_put ( )
*
* Cf . nl_dump_check_consistent ( ) , this just provides a wrapper to make it
* simpler to use with generic netlink .
*/
static inline void genl_dump_check_consistent ( struct netlink_callback * cb ,
2017-11-15 13:09:32 +01:00
void * user_hdr )
netlink: advertise incomplete dumps
Consider the following situation:
* a dump that would show 8 entries, four in the first
round, and four in the second
* between the first and second rounds, 6 entries are
removed
* now the second round will not show any entry, and
even if there is a sequence/generation counter the
application will not know
To solve this problem, add a new flag NLM_F_DUMP_INTR
to the netlink header that indicates the dump wasn't
consistent, this flag can also be set on the MSG_DONE
message that terminates the dump, and as such above
situation can be detected.
To achieve this, add a sequence counter to the netlink
callback struct. Of course, netlink code still needs
to use this new functionality. The correct way to do
that is to always set cb->seq when a dumpit callback
is invoked and call nl_dump_check_consistent() for
each new message. The core code will also call this
function for the final MSG_DONE message.
To make it usable with generic netlink, a new function
genlmsg_nlhdr() is needed to obtain the netlink header
from the genetlink user header.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-06-20 13:40:46 +02:00
{
2017-11-15 13:09:32 +01:00
nl_dump_check_consistent ( cb , genlmsg_nlhdr ( user_hdr ) ) ;
netlink: advertise incomplete dumps
Consider the following situation:
* a dump that would show 8 entries, four in the first
round, and four in the second
* between the first and second rounds, 6 entries are
removed
* now the second round will not show any entry, and
even if there is a sequence/generation counter the
application will not know
To solve this problem, add a new flag NLM_F_DUMP_INTR
to the netlink header that indicates the dump wasn't
consistent, this flag can also be set on the MSG_DONE
message that terminates the dump, and as such above
situation can be detected.
To achieve this, add a sequence counter to the netlink
callback struct. Of course, netlink code still needs
to use this new functionality. The correct way to do
that is to always set cb->seq when a dumpit callback
is invoked and call nl_dump_check_consistent() for
each new message. The core code will also call this
function for the final MSG_DONE message.
To make it usable with generic netlink, a new function
genlmsg_nlhdr() is needed to obtain the netlink header
from the genetlink user header.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-06-20 13:40:46 +02:00
}
2006-11-14 19:46:02 -08:00
/**
* genlmsg_put_reply - Add generic netlink header to a reply message
* @ skb : socket buffer holding the message
* @ info : receiver info
* @ family : generic netlink family
* @ flags : netlink message flags
* @ cmd : generic netlink command
*
* Returns pointer to user specific header
*/
static inline void * genlmsg_put_reply ( struct sk_buff * skb ,
struct genl_info * info ,
2016-10-24 14:40:04 +02:00
const struct genl_family * family ,
2006-11-14 19:46:02 -08:00
int flags , u8 cmd )
{
2012-09-07 20:12:54 +00:00
return genlmsg_put ( skb , info - > snd_portid , info - > snd_seq , family ,
2006-11-14 19:46:02 -08:00
flags , cmd ) ;
}
2005-11-10 02:25:56 +01:00
/**
* genlmsg_end - Finalize a generic netlink message
* @ skb : socket buffer the message is stored in
* @ hdr : user specific header
*/
2015-01-16 22:09:00 +01:00
static inline void genlmsg_end ( struct sk_buff * skb , void * hdr )
2005-11-10 02:25:56 +01:00
{
2015-01-16 22:09:00 +01:00
nlmsg_end ( skb , hdr - GENL_HDRLEN - NLMSG_HDRLEN ) ;
2005-11-10 02:25:56 +01:00
}
/**
* genlmsg_cancel - Cancel construction of a generic netlink message
* @ skb : socket buffer the message is stored in
* @ hdr : generic netlink message header
*/
2008-06-03 16:36:54 -07:00
static inline void genlmsg_cancel ( struct sk_buff * skb , void * hdr )
2005-11-10 02:25:56 +01:00
{
2011-01-28 05:43:40 +00:00
if ( hdr )
nlmsg_cancel ( skb , hdr - GENL_HDRLEN - NLMSG_HDRLEN ) ;
2005-11-10 02:25:56 +01:00
}
/**
2009-07-10 09:51:34 +00:00
* genlmsg_multicast_netns - multicast a netlink message to a specific netns
2013-11-19 15:19:38 +01:00
* @ family : the generic netlink family
2009-07-10 09:51:34 +00:00
* @ net : the net namespace
* @ skb : netlink message as socket buffer
2012-09-07 20:12:54 +00:00
* @ portid : own netlink portid to avoid sending to yourself
2013-11-19 15:19:39 +01:00
* @ group : offset of multicast group in groups array
2009-07-10 09:51:34 +00:00
* @ flags : allocation flags
*/
2016-10-24 14:40:04 +02:00
static inline int genlmsg_multicast_netns ( const struct genl_family * family ,
2013-11-19 15:19:38 +01:00
struct net * net , struct sk_buff * skb ,
2012-09-07 20:12:54 +00:00
u32 portid , unsigned int group , gfp_t flags )
2009-07-10 09:51:34 +00:00
{
2013-11-21 18:17:04 +01:00
if ( WARN_ON_ONCE ( group > = family - > n_mcgrps ) )
2013-11-19 15:19:39 +01:00
return - EINVAL ;
group = family - > mcgrp_offset + group ;
2012-09-07 20:12:54 +00:00
return nlmsg_multicast ( net - > genl_sock , skb , portid , group , flags ) ;
2009-07-10 09:51:34 +00:00
}
/**
* genlmsg_multicast - multicast a netlink message to the default netns
2013-11-19 15:19:38 +01:00
* @ family : the generic netlink family
2005-11-10 02:25:56 +01:00
* @ skb : netlink message as socket buffer
2012-09-07 20:12:54 +00:00
* @ portid : own netlink portid to avoid sending to yourself
2013-11-19 15:19:39 +01:00
* @ group : offset of multicast group in groups array
2006-08-15 00:31:06 -07:00
* @ flags : allocation flags
2005-11-10 02:25:56 +01:00
*/
2016-10-24 14:40:04 +02:00
static inline int genlmsg_multicast ( const struct genl_family * family ,
2013-11-19 15:19:38 +01:00
struct sk_buff * skb , u32 portid ,
2006-08-15 00:31:06 -07:00
unsigned int group , gfp_t flags )
2005-11-10 02:25:56 +01:00
{
2013-11-19 15:19:38 +01:00
return genlmsg_multicast_netns ( family , & init_net , skb ,
portid , group , flags ) ;
2005-11-10 02:25:56 +01:00
}
2009-07-10 09:51:34 +00:00
/**
* genlmsg_multicast_allns - multicast a netlink message to all net namespaces
2013-11-19 15:19:38 +01:00
* @ family : the generic netlink family
2009-07-10 09:51:34 +00:00
* @ skb : netlink message as socket buffer
2012-09-07 20:12:54 +00:00
* @ portid : own netlink portid to avoid sending to yourself
2013-11-19 15:19:39 +01:00
* @ group : offset of multicast group in groups array
2009-07-10 09:51:34 +00:00
* @ flags : allocation flags
*
* This function must hold the RTNL or rcu_read_lock ( ) .
*/
2016-10-24 14:40:04 +02:00
int genlmsg_multicast_allns ( const struct genl_family * family ,
2013-11-19 15:19:38 +01:00
struct sk_buff * skb , u32 portid ,
2009-07-10 09:51:34 +00:00
unsigned int group , gfp_t flags ) ;
2005-11-10 02:25:56 +01:00
/**
* genlmsg_unicast - unicast a netlink message
* @ skb : netlink message as socket buffer
2012-09-07 20:12:54 +00:00
* @ portid : netlink portid of the destination socket
2005-11-10 02:25:56 +01:00
*/
2012-09-07 20:12:54 +00:00
static inline int genlmsg_unicast ( struct net * net , struct sk_buff * skb , u32 portid )
2005-11-10 02:25:56 +01:00
{
2012-09-07 20:12:54 +00:00
return nlmsg_unicast ( net - > genl_sock , skb , portid ) ;
2005-11-10 02:25:56 +01:00
}
2006-11-14 19:45:27 -08:00
/**
* genlmsg_reply - reply to a request
* @ skb : netlink message to be sent back
* @ info : receiver information
*/
static inline int genlmsg_reply ( struct sk_buff * skb , struct genl_info * info )
{
2012-09-07 20:12:54 +00:00
return genlmsg_unicast ( genl_info_net ( info ) , skb , info - > snd_portid ) ;
2006-11-14 19:45:27 -08:00
}
2006-07-14 00:24:39 -07:00
/**
* gennlmsg_data - head of message payload
2011-05-10 10:16:21 +02:00
* @ gnlh : genetlink message header
2006-07-14 00:24:39 -07:00
*/
static inline void * genlmsg_data ( const struct genlmsghdr * gnlh )
{
return ( ( unsigned char * ) gnlh + GENL_HDRLEN ) ;
}
/**
* genlmsg_len - length of message payload
* @ gnlh : genetlink message header
*/
static inline int genlmsg_len ( const struct genlmsghdr * gnlh )
{
struct nlmsghdr * nlh = ( struct nlmsghdr * ) ( ( unsigned char * ) gnlh -
NLMSG_HDRLEN ) ;
return ( nlh - > nlmsg_len - GENL_HDRLEN - NLMSG_HDRLEN ) ;
}
2006-09-30 23:28:51 -07:00
/**
* genlmsg_msg_size - length of genetlink message not including padding
* @ payload : length of message payload
*/
static inline int genlmsg_msg_size ( int payload )
{
return GENL_HDRLEN + payload ;
}
/**
* genlmsg_total_size - length of genetlink message including padding
* @ payload : length of message payload
*/
static inline int genlmsg_total_size ( int payload )
{
return NLMSG_ALIGN ( genlmsg_msg_size ( payload ) ) ;
}
2006-11-14 19:44:52 -08:00
/**
* genlmsg_new - Allocate a new generic netlink message
* @ payload : size of the message payload
* @ flags : the type of memory to allocate .
*/
static inline struct sk_buff * genlmsg_new ( size_t payload , gfp_t flags )
{
return nlmsg_new ( genlmsg_total_size ( payload ) , flags ) ;
}
2013-11-19 15:19:37 +01:00
/**
* genl_set_err - report error to genetlink broadcast listeners
2013-11-19 15:19:38 +01:00
* @ family : the generic netlink family
2013-11-19 15:19:37 +01:00
* @ net : the network namespace to report the error to
* @ portid : the PORTID of a process that we want to skip ( if any )
* @ group : the broadcast group that will notice the error
2013-11-19 15:19:39 +01:00
* ( this is the offset of the multicast group in the groups array )
2013-11-19 15:19:37 +01:00
* @ code : error code , must be negative ( as usual in kernelspace )
*
* This function returns the number of broadcast listeners that have set the
* NETLINK_RECV_NO_ENOBUFS socket option .
*/
2016-10-24 14:40:04 +02:00
static inline int genl_set_err ( const struct genl_family * family ,
struct net * net , u32 portid ,
u32 group , int code )
2013-11-19 15:19:37 +01:00
{
2013-11-21 18:20:28 +01:00
if ( WARN_ON_ONCE ( group > = family - > n_mcgrps ) )
return - EINVAL ;
group = family - > mcgrp_offset + group ;
2013-11-19 15:19:37 +01:00
return netlink_set_err ( net - > genl_sock , portid , group , code ) ;
}
2006-11-14 19:44:52 -08:00
2016-10-24 14:40:04 +02:00
static inline int genl_has_listeners ( const struct genl_family * family ,
2014-12-22 18:56:36 +01:00
struct net * net , unsigned int group )
2014-09-18 10:31:03 +02:00
{
if ( WARN_ON_ONCE ( group > = family - > n_mcgrps ) )
return - EINVAL ;
group = family - > mcgrp_offset + group ;
2014-12-22 18:56:36 +01:00
return netlink_has_listeners ( net - > genl_sock , group ) ;
2014-09-18 10:31:03 +02:00
}
2005-11-10 02:25:56 +01:00
# endif /* __NET_GENERIC_NETLINK_H */