search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic()
[drm/drm-misc.git] / net / netlabel / netlabel_mgmt.c
blob689eaa2afbecd73118f9ed2ec10ba2be5ce39c4f
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * NetLabel Management Support
4 *
5 * This file defines the management functions for the NetLabel system. The
6 * NetLabel system manages static and dynamic label mappings for network
7 * protocols such as CIPSO and RIPSO.
8 *
9 * Author: Paul Moore <paul@paul-moore.com>
10 */
11
12 /*
13 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006, 2008
14 */
15
16 #include <linux/types.h>
17 #include <linux/socket.h>
18 #include <linux/string.h>
19 #include <linux/skbuff.h>
20 #include <linux/in.h>
21 #include <linux/in6.h>
22 #include <linux/slab.h>
23 #include <net/sock.h>
24 #include <net/netlink.h>
25 #include <net/genetlink.h>
26 #include <net/ip.h>
27 #include <net/ipv6.h>
28 #include <net/netlabel.h>
29 #include <net/cipso_ipv4.h>
30 #include <net/calipso.h>
31 #include <linux/atomic.h>
32
33 #include "netlabel_calipso.h"
34 #include "netlabel_domainhash.h"
35 #include "netlabel_user.h"
36 #include "netlabel_mgmt.h"
37
38 /* NetLabel configured protocol counter */
39 atomic_t netlabel_mgmt_protocount = ATOMIC_INIT(0);
40
41 /* Argument struct for netlbl_domhsh_walk() */
42 struct netlbl_domhsh_walk_arg {
43 struct netlink_callback *nl_cb;
44 struct sk_buff *skb;
45 u32 seq;
46 };
47
48 /* NetLabel Generic NETLINK CIPSOv4 family */
49 static struct genl_family netlbl_mgmt_gnl_family;
50
51 /* NetLabel Netlink attribute policy */
52 static const struct nla_policy netlbl_mgmt_genl_policy[NLBL_MGMT_A_MAX + 1] = {
53 [NLBL_MGMT_A_DOMAIN] = { .type = NLA_NUL_STRING },
54 [NLBL_MGMT_A_PROTOCOL] = { .type = NLA_U32 },
55 [NLBL_MGMT_A_VERSION] = { .type = NLA_U32 },
56 [NLBL_MGMT_A_CV4DOI] = { .type = NLA_U32 },
57 [NLBL_MGMT_A_FAMILY] = { .type = NLA_U16 },
58 [NLBL_MGMT_A_CLPDOI] = { .type = NLA_U32 },
59 };
60
61 /*
62 * Helper Functions
63 */
64
65 /**
66 * netlbl_mgmt_add_common - Handle an ADD message
67 * @info: the Generic NETLINK info block
68 * @audit_info: NetLabel audit information
69 *
70 * Description:
71 * Helper function for the ADD and ADDDEF messages to add the domain mappings
72 * from the message to the hash table. See netlabel.h for a description of the
73 * message format. Returns zero on success, negative values on failure.
74 *
75 */
76 static int netlbl_mgmt_add_common(struct genl_info *info,
77 struct netlbl_audit *audit_info)
78 {
79 void *pmap = NULL;
80 int ret_val = -EINVAL;
81 struct netlbl_domaddr_map *addrmap = NULL;
82 struct cipso_v4_doi *cipsov4 = NULL;
83 #if IS_ENABLED(CONFIG_IPV6)
84 struct calipso_doi *calipso = NULL;
85 #endif
86 u32 tmp_val;
87 struct netlbl_dom_map *entry = kzalloc(sizeof(*entry), GFP_KERNEL);
88
89 if (!entry)
90 return -ENOMEM;
91 entry->def.type = nla_get_u32(info->attrs[NLBL_MGMT_A_PROTOCOL]);
92 if (info->attrs[NLBL_MGMT_A_DOMAIN]) {
93 size_t tmp_size = nla_len(info->attrs[NLBL_MGMT_A_DOMAIN]);
94 entry->domain = kmalloc(tmp_size, GFP_KERNEL);
95 if (entry->domain == NULL) {
96 ret_val = -ENOMEM;
97 goto add_free_entry;
98 }
99 nla_strscpy(entry->domain,
100 info->attrs[NLBL_MGMT_A_DOMAIN], tmp_size);
101 }
102
103 /* NOTE: internally we allow/use a entry->def.type value of
104 * NETLBL_NLTYPE_ADDRSELECT but we don't currently allow users
105 * to pass that as a protocol value because we need to know the
106 * "real" protocol */
107
108 switch (entry->def.type) {
109 case NETLBL_NLTYPE_UNLABELED:
110 if (info->attrs[NLBL_MGMT_A_FAMILY])
111 entry->family =
112 nla_get_u16(info->attrs[NLBL_MGMT_A_FAMILY]);
113 else
114 entry->family = AF_UNSPEC;
115 break;
116 case NETLBL_NLTYPE_CIPSOV4:
117 if (!info->attrs[NLBL_MGMT_A_CV4DOI])
118 goto add_free_domain;
119
120 tmp_val = nla_get_u32(info->attrs[NLBL_MGMT_A_CV4DOI]);
121 cipsov4 = cipso_v4_doi_getdef(tmp_val);
122 if (cipsov4 == NULL)
123 goto add_free_domain;
124 entry->family = AF_INET;
125 entry->def.cipso = cipsov4;
126 break;
127 #if IS_ENABLED(CONFIG_IPV6)
128 case NETLBL_NLTYPE_CALIPSO:
129 if (!info->attrs[NLBL_MGMT_A_CLPDOI])
130 goto add_free_domain;
131
132 tmp_val = nla_get_u32(info->attrs[NLBL_MGMT_A_CLPDOI]);
133 calipso = calipso_doi_getdef(tmp_val);
134 if (calipso == NULL)
135 goto add_free_domain;
136 entry->family = AF_INET6;
137 entry->def.calipso = calipso;
138 break;
139 #endif /* IPv6 */
140 default:
141 goto add_free_domain;
142 }
143
144 if ((entry->family == AF_INET && info->attrs[NLBL_MGMT_A_IPV6ADDR]) ||
145 (entry->family == AF_INET6 && info->attrs[NLBL_MGMT_A_IPV4ADDR]))
146 goto add_doi_put_def;
147
148 if (info->attrs[NLBL_MGMT_A_IPV4ADDR]) {
149 struct in_addr *addr;
150 struct in_addr *mask;
151 struct netlbl_domaddr4_map *map;
152
153 addrmap = kzalloc(sizeof(*addrmap), GFP_KERNEL);
154 if (addrmap == NULL) {
155 ret_val = -ENOMEM;
156 goto add_doi_put_def;
157 }
158 INIT_LIST_HEAD(&addrmap->list4);
159 INIT_LIST_HEAD(&addrmap->list6);
160
161 if (nla_len(info->attrs[NLBL_MGMT_A_IPV4ADDR]) !=
162 sizeof(struct in_addr)) {
163 ret_val = -EINVAL;
164 goto add_free_addrmap;
165 }
166 if (nla_len(info->attrs[NLBL_MGMT_A_IPV4MASK]) !=
167 sizeof(struct in_addr)) {
168 ret_val = -EINVAL;
169 goto add_free_addrmap;
170 }
171 addr = nla_data(info->attrs[NLBL_MGMT_A_IPV4ADDR]);
172 mask = nla_data(info->attrs[NLBL_MGMT_A_IPV4MASK]);
173
174 map = kzalloc(sizeof(*map), GFP_KERNEL);
175 if (map == NULL) {
176 ret_val = -ENOMEM;
177 goto add_free_addrmap;
178 }
179 pmap = map;
180 map->list.addr = addr->s_addr & mask->s_addr;
181 map->list.mask = mask->s_addr;
182 map->list.valid = 1;
183 map->def.type = entry->def.type;
184 if (cipsov4)
185 map->def.cipso = cipsov4;
186
187 ret_val = netlbl_af4list_add(&map->list, &addrmap->list4);
188 if (ret_val != 0)
189 goto add_free_map;
190
191 entry->family = AF_INET;
192 entry->def.type = NETLBL_NLTYPE_ADDRSELECT;
193 entry->def.addrsel = addrmap;
194 #if IS_ENABLED(CONFIG_IPV6)
195 } else if (info->attrs[NLBL_MGMT_A_IPV6ADDR]) {
196 struct in6_addr *addr;
197 struct in6_addr *mask;
198 struct netlbl_domaddr6_map *map;
199
200 addrmap = kzalloc(sizeof(*addrmap), GFP_KERNEL);
201 if (addrmap == NULL) {
202 ret_val = -ENOMEM;
203 goto add_doi_put_def;
204 }
205 INIT_LIST_HEAD(&addrmap->list4);
206 INIT_LIST_HEAD(&addrmap->list6);
207
208 if (nla_len(info->attrs[NLBL_MGMT_A_IPV6ADDR]) !=
209 sizeof(struct in6_addr)) {
210 ret_val = -EINVAL;
211 goto add_free_addrmap;
212 }
213 if (nla_len(info->attrs[NLBL_MGMT_A_IPV6MASK]) !=
214 sizeof(struct in6_addr)) {
215 ret_val = -EINVAL;
216 goto add_free_addrmap;
217 }
218 addr = nla_data(info->attrs[NLBL_MGMT_A_IPV6ADDR]);
219 mask = nla_data(info->attrs[NLBL_MGMT_A_IPV6MASK]);
220
221 map = kzalloc(sizeof(*map), GFP_KERNEL);
222 if (map == NULL) {
223 ret_val = -ENOMEM;
224 goto add_free_addrmap;
225 }
226 pmap = map;
227 map->list.addr = *addr;
228 map->list.addr.s6_addr32[0] &= mask->s6_addr32[0];
229 map->list.addr.s6_addr32[1] &= mask->s6_addr32[1];
230 map->list.addr.s6_addr32[2] &= mask->s6_addr32[2];
231 map->list.addr.s6_addr32[3] &= mask->s6_addr32[3];
232 map->list.mask = *mask;
233 map->list.valid = 1;
234 map->def.type = entry->def.type;
235 if (calipso)
236 map->def.calipso = calipso;
237
238 ret_val = netlbl_af6list_add(&map->list, &addrmap->list6);
239 if (ret_val != 0)
240 goto add_free_map;
241
242 entry->family = AF_INET6;
243 entry->def.type = NETLBL_NLTYPE_ADDRSELECT;
244 entry->def.addrsel = addrmap;
245 #endif /* IPv6 */
246 }
247
248 ret_val = netlbl_domhsh_add(entry, audit_info);
249 if (ret_val != 0)
250 goto add_free_map;
251
252 return 0;
253
254 add_free_map:
255 kfree(pmap);
256 add_free_addrmap:
257 kfree(addrmap);
258 add_doi_put_def:
259 cipso_v4_doi_putdef(cipsov4);
260 #if IS_ENABLED(CONFIG_IPV6)
261 calipso_doi_putdef(calipso);
262 #endif
263 add_free_domain:
264 kfree(entry->domain);
265 add_free_entry:
266 kfree(entry);
267 return ret_val;
268 }
269
270 /**
271 * netlbl_mgmt_listentry - List a NetLabel/LSM domain map entry
272 * @skb: the NETLINK buffer
273 * @entry: the map entry
274 *
275 * Description:
276 * This function is a helper function used by the LISTALL and LISTDEF command
277 * handlers. The caller is responsible for ensuring that the RCU read lock
278 * is held. Returns zero on success, negative values on failure.
279 *
280 */
281 static int netlbl_mgmt_listentry(struct sk_buff *skb,
282 struct netlbl_dom_map *entry)
283 {
284 int ret_val = 0;
285 struct nlattr *nla_a;
286 struct nlattr *nla_b;
287 struct netlbl_af4list *iter4;
288 #if IS_ENABLED(CONFIG_IPV6)
289 struct netlbl_af6list *iter6;
290 #endif
291
292 if (entry->domain != NULL) {
293 ret_val = nla_put_string(skb,
294 NLBL_MGMT_A_DOMAIN, entry->domain);
295 if (ret_val != 0)
296 return ret_val;
297 }
298
299 ret_val = nla_put_u16(skb, NLBL_MGMT_A_FAMILY, entry->family);
300 if (ret_val != 0)
301 return ret_val;
302
303 switch (entry->def.type) {
304 case NETLBL_NLTYPE_ADDRSELECT:
305 nla_a = nla_nest_start_noflag(skb, NLBL_MGMT_A_SELECTORLIST);
306 if (nla_a == NULL)
307 return -ENOMEM;
308
309 netlbl_af4list_foreach_rcu(iter4, &entry->def.addrsel->list4) {
310 struct netlbl_domaddr4_map *map4;
311 struct in_addr addr_struct;
312
313 nla_b = nla_nest_start_noflag(skb,
314 NLBL_MGMT_A_ADDRSELECTOR);
315 if (nla_b == NULL)
316 return -ENOMEM;
317
318 addr_struct.s_addr = iter4->addr;
319 ret_val = nla_put_in_addr(skb, NLBL_MGMT_A_IPV4ADDR,
320 addr_struct.s_addr);
321 if (ret_val != 0)
322 return ret_val;
323 addr_struct.s_addr = iter4->mask;
324 ret_val = nla_put_in_addr(skb, NLBL_MGMT_A_IPV4MASK,
325 addr_struct.s_addr);
326 if (ret_val != 0)
327 return ret_val;
328 map4 = netlbl_domhsh_addr4_entry(iter4);
329 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL,
330 map4->def.type);
331 if (ret_val != 0)
332 return ret_val;
333 switch (map4->def.type) {
334 case NETLBL_NLTYPE_CIPSOV4:
335 ret_val = nla_put_u32(skb, NLBL_MGMT_A_CV4DOI,
336 map4->def.cipso->doi);
337 if (ret_val != 0)
338 return ret_val;
339 break;
340 }
341
342 nla_nest_end(skb, nla_b);
343 }
344 #if IS_ENABLED(CONFIG_IPV6)
345 netlbl_af6list_foreach_rcu(iter6, &entry->def.addrsel->list6) {
346 struct netlbl_domaddr6_map *map6;
347
348 nla_b = nla_nest_start_noflag(skb,
349 NLBL_MGMT_A_ADDRSELECTOR);
350 if (nla_b == NULL)
351 return -ENOMEM;
352
353 ret_val = nla_put_in6_addr(skb, NLBL_MGMT_A_IPV6ADDR,
354 &iter6->addr);
355 if (ret_val != 0)
356 return ret_val;
357 ret_val = nla_put_in6_addr(skb, NLBL_MGMT_A_IPV6MASK,
358 &iter6->mask);
359 if (ret_val != 0)
360 return ret_val;
361 map6 = netlbl_domhsh_addr6_entry(iter6);
362 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL,
363 map6->def.type);
364 if (ret_val != 0)
365 return ret_val;
366
367 switch (map6->def.type) {
368 case NETLBL_NLTYPE_CALIPSO:
369 ret_val = nla_put_u32(skb, NLBL_MGMT_A_CLPDOI,
370 map6->def.calipso->doi);
371 if (ret_val != 0)
372 return ret_val;
373 break;
374 }
375
376 nla_nest_end(skb, nla_b);
377 }
378 #endif /* IPv6 */
379
380 nla_nest_end(skb, nla_a);
381 break;
382 case NETLBL_NLTYPE_UNLABELED:
383 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL,
384 entry->def.type);
385 break;
386 case NETLBL_NLTYPE_CIPSOV4:
387 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL,
388 entry->def.type);
389 if (ret_val != 0)
390 return ret_val;
391 ret_val = nla_put_u32(skb, NLBL_MGMT_A_CV4DOI,
392 entry->def.cipso->doi);
393 break;
394 case NETLBL_NLTYPE_CALIPSO:
395 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL,
396 entry->def.type);
397 if (ret_val != 0)
398 return ret_val;
399 ret_val = nla_put_u32(skb, NLBL_MGMT_A_CLPDOI,
400 entry->def.calipso->doi);
401 break;
402 }
403
404 return ret_val;
405 }
406
407 /*
408 * NetLabel Command Handlers
409 */
410
411 /**
412 * netlbl_mgmt_add - Handle an ADD message
413 * @skb: the NETLINK buffer
414 * @info: the Generic NETLINK info block
415 *
416 * Description:
417 * Process a user generated ADD message and add the domains from the message
418 * to the hash table. See netlabel.h for a description of the message format.
419 * Returns zero on success, negative values on failure.
420 *
421 */
422 static int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info)
423 {
424 struct netlbl_audit audit_info;
425
426 if ((!info->attrs[NLBL_MGMT_A_DOMAIN]) ||
427 (!info->attrs[NLBL_MGMT_A_PROTOCOL]) ||
428 (info->attrs[NLBL_MGMT_A_IPV4ADDR] &&
429 info->attrs[NLBL_MGMT_A_IPV6ADDR]) ||
430 (info->attrs[NLBL_MGMT_A_IPV4MASK] &&
431 info->attrs[NLBL_MGMT_A_IPV6MASK]) ||
432 ((info->attrs[NLBL_MGMT_A_IPV4ADDR] != NULL) ^
433 (info->attrs[NLBL_MGMT_A_IPV4MASK] != NULL)) ||
434 ((info->attrs[NLBL_MGMT_A_IPV6ADDR] != NULL) ^
435 (info->attrs[NLBL_MGMT_A_IPV6MASK] != NULL)))
436 return -EINVAL;
437
438 netlbl_netlink_auditinfo(&audit_info);
439
440 return netlbl_mgmt_add_common(info, &audit_info);
441 }
442
443 /**
444 * netlbl_mgmt_remove - Handle a REMOVE message
445 * @skb: the NETLINK buffer
446 * @info: the Generic NETLINK info block
447 *
448 * Description:
449 * Process a user generated REMOVE message and remove the specified domain
450 * mappings. Returns zero on success, negative values on failure.
451 *
452 */
453 static int netlbl_mgmt_remove(struct sk_buff *skb, struct genl_info *info)
454 {
455 char *domain;
456 struct netlbl_audit audit_info;
457
458 if (!info->attrs[NLBL_MGMT_A_DOMAIN])
459 return -EINVAL;
460
461 netlbl_netlink_auditinfo(&audit_info);
462
463 domain = nla_data(info->attrs[NLBL_MGMT_A_DOMAIN]);
464 return netlbl_domhsh_remove(domain, AF_UNSPEC, &audit_info);
465 }
466
467 /**
468 * netlbl_mgmt_listall_cb - netlbl_domhsh_walk() callback for LISTALL
469 * @entry: the domain mapping hash table entry
470 * @arg: the netlbl_domhsh_walk_arg structure
471 *
472 * Description:
473 * This function is designed to be used as a callback to the
474 * netlbl_domhsh_walk() function for use in generating a response for a LISTALL
475 * message. Returns the size of the message on success, negative values on
476 * failure.
477 *
478 */
479 static int netlbl_mgmt_listall_cb(struct netlbl_dom_map *entry, void *arg)
480 {
481 int ret_val = -ENOMEM;
482 struct netlbl_domhsh_walk_arg *cb_arg = arg;
483 void *data;
484
485 data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid,
486 cb_arg->seq, &netlbl_mgmt_gnl_family,
487 NLM_F_MULTI, NLBL_MGMT_C_LISTALL);
488 if (data == NULL)
489 goto listall_cb_failure;
490
491 ret_val = netlbl_mgmt_listentry(cb_arg->skb, entry);
492 if (ret_val != 0)
493 goto listall_cb_failure;
494
495 cb_arg->seq++;
496 genlmsg_end(cb_arg->skb, data);
497 return 0;
498
499 listall_cb_failure:
500 genlmsg_cancel(cb_arg->skb, data);
501 return ret_val;
502 }
503
504 /**
505 * netlbl_mgmt_listall - Handle a LISTALL message
506 * @skb: the NETLINK buffer
507 * @cb: the NETLINK callback
508 *
509 * Description:
510 * Process a user generated LISTALL message and dumps the domain hash table in
511 * a form suitable for use in a kernel generated LISTALL message. Returns zero
512 * on success, negative values on failure.
513 *
514 */
515 static int netlbl_mgmt_listall(struct sk_buff *skb,
516 struct netlink_callback *cb)
517 {
518 struct netlbl_domhsh_walk_arg cb_arg;
519 u32 skip_bkt = cb->args[0];
520 u32 skip_chain = cb->args[1];
521
522 cb_arg.nl_cb = cb;
523 cb_arg.skb = skb;
524 cb_arg.seq = cb->nlh->nlmsg_seq;
525
526 netlbl_domhsh_walk(&skip_bkt,
527 &skip_chain,
528 netlbl_mgmt_listall_cb,
529 &cb_arg);
530
531 cb->args[0] = skip_bkt;
532 cb->args[1] = skip_chain;
533 return skb->len;
534 }
535
536 /**
537 * netlbl_mgmt_adddef - Handle an ADDDEF message
538 * @skb: the NETLINK buffer
539 * @info: the Generic NETLINK info block
540 *
541 * Description:
542 * Process a user generated ADDDEF message and respond accordingly. Returns
543 * zero on success, negative values on failure.
544 *
545 */
546 static int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info)
547 {
548 struct netlbl_audit audit_info;
549
550 if ((!info->attrs[NLBL_MGMT_A_PROTOCOL]) ||
551 (info->attrs[NLBL_MGMT_A_IPV4ADDR] &&
552 info->attrs[NLBL_MGMT_A_IPV6ADDR]) ||
553 (info->attrs[NLBL_MGMT_A_IPV4MASK] &&
554 info->attrs[NLBL_MGMT_A_IPV6MASK]) ||
555 ((info->attrs[NLBL_MGMT_A_IPV4ADDR] != NULL) ^
556 (info->attrs[NLBL_MGMT_A_IPV4MASK] != NULL)) ||
557 ((info->attrs[NLBL_MGMT_A_IPV6ADDR] != NULL) ^
558 (info->attrs[NLBL_MGMT_A_IPV6MASK] != NULL)))
559 return -EINVAL;
560
561 netlbl_netlink_auditinfo(&audit_info);
562
563 return netlbl_mgmt_add_common(info, &audit_info);
564 }
565
566 /**
567 * netlbl_mgmt_removedef - Handle a REMOVEDEF message
568 * @skb: the NETLINK buffer
569 * @info: the Generic NETLINK info block
570 *
571 * Description:
572 * Process a user generated REMOVEDEF message and remove the default domain
573 * mapping. Returns zero on success, negative values on failure.
574 *
575 */
576 static int netlbl_mgmt_removedef(struct sk_buff *skb, struct genl_info *info)
577 {
578 struct netlbl_audit audit_info;
579
580 netlbl_netlink_auditinfo(&audit_info);
581
582 return netlbl_domhsh_remove_default(AF_UNSPEC, &audit_info);
583 }
584
585 /**
586 * netlbl_mgmt_listdef - Handle a LISTDEF message
587 * @skb: the NETLINK buffer
588 * @info: the Generic NETLINK info block
589 *
590 * Description:
591 * Process a user generated LISTDEF message and dumps the default domain
592 * mapping in a form suitable for use in a kernel generated LISTDEF message.
593 * Returns zero on success, negative values on failure.
594 *
595 */
596 static int netlbl_mgmt_listdef(struct sk_buff *skb, struct genl_info *info)
597 {
598 int ret_val = -ENOMEM;
599 struct sk_buff *ans_skb = NULL;
600 void *data;
601 struct netlbl_dom_map *entry;
602 u16 family;
603
604 if (info->attrs[NLBL_MGMT_A_FAMILY])
605 family = nla_get_u16(info->attrs[NLBL_MGMT_A_FAMILY]);
606 else
607 family = AF_INET;
608
609 ans_skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
610 if (ans_skb == NULL)
611 return -ENOMEM;
612 data = genlmsg_put_reply(ans_skb, info, &netlbl_mgmt_gnl_family,
613 0, NLBL_MGMT_C_LISTDEF);
614 if (data == NULL)
615 goto listdef_failure;
616
617 rcu_read_lock();
618 entry = netlbl_domhsh_getentry(NULL, family);
619 if (entry == NULL) {
620 ret_val = -ENOENT;
621 goto listdef_failure_lock;
622 }
623 ret_val = netlbl_mgmt_listentry(ans_skb, entry);
624 rcu_read_unlock();
625 if (ret_val != 0)
626 goto listdef_failure;
627
628 genlmsg_end(ans_skb, data);
629 return genlmsg_reply(ans_skb, info);
630
631 listdef_failure_lock:
632 rcu_read_unlock();
633 listdef_failure:
634 kfree_skb(ans_skb);
635 return ret_val;
636 }
637
638 /**
639 * netlbl_mgmt_protocols_cb - Write an individual PROTOCOL message response
640 * @skb: the skb to write to
641 * @cb: the NETLINK callback
642 * @protocol: the NetLabel protocol to use in the message
643 *
644 * Description:
645 * This function is to be used in conjunction with netlbl_mgmt_protocols() to
646 * answer a application's PROTOCOLS message. Returns the size of the message
647 * on success, negative values on failure.
648 *
649 */
650 static int netlbl_mgmt_protocols_cb(struct sk_buff *skb,
651 struct netlink_callback *cb,
652 u32 protocol)
653 {
654 int ret_val = -ENOMEM;
655 void *data;
656
657 data = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq,
658 &netlbl_mgmt_gnl_family, NLM_F_MULTI,
659 NLBL_MGMT_C_PROTOCOLS);
660 if (data == NULL)
661 goto protocols_cb_failure;
662
663 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, protocol);
664 if (ret_val != 0)
665 goto protocols_cb_failure;
666
667 genlmsg_end(skb, data);
668 return 0;
669
670 protocols_cb_failure:
671 genlmsg_cancel(skb, data);
672 return ret_val;
673 }
674
675 /**
676 * netlbl_mgmt_protocols - Handle a PROTOCOLS message
677 * @skb: the NETLINK buffer
678 * @cb: the NETLINK callback
679 *
680 * Description:
681 * Process a user generated PROTOCOLS message and respond accordingly.
682 *
683 */
684 static int netlbl_mgmt_protocols(struct sk_buff *skb,
685 struct netlink_callback *cb)
686 {
687 u32 protos_sent = cb->args[0];
688
689 if (protos_sent == 0) {
690 if (netlbl_mgmt_protocols_cb(skb,
691 cb,
692 NETLBL_NLTYPE_UNLABELED) < 0)
693 goto protocols_return;
694 protos_sent++;
695 }
696 if (protos_sent == 1) {
697 if (netlbl_mgmt_protocols_cb(skb,
698 cb,
699 NETLBL_NLTYPE_CIPSOV4) < 0)
700 goto protocols_return;
701 protos_sent++;
702 }
703 #if IS_ENABLED(CONFIG_IPV6)
704 if (protos_sent == 2) {
705 if (netlbl_mgmt_protocols_cb(skb,
706 cb,
707 NETLBL_NLTYPE_CALIPSO) < 0)
708 goto protocols_return;
709 protos_sent++;
710 }
711 #endif
712
713 protocols_return:
714 cb->args[0] = protos_sent;
715 return skb->len;
716 }
717
718 /**
719 * netlbl_mgmt_version - Handle a VERSION message
720 * @skb: the NETLINK buffer
721 * @info: the Generic NETLINK info block
722 *
723 * Description:
724 * Process a user generated VERSION message and respond accordingly. Returns
725 * zero on success, negative values on failure.
726 *
727 */
728 static int netlbl_mgmt_version(struct sk_buff *skb, struct genl_info *info)
729 {
730 int ret_val = -ENOMEM;
731 struct sk_buff *ans_skb = NULL;
732 void *data;
733
734 ans_skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
735 if (ans_skb == NULL)
736 return -ENOMEM;
737 data = genlmsg_put_reply(ans_skb, info, &netlbl_mgmt_gnl_family,
738 0, NLBL_MGMT_C_VERSION);
739 if (data == NULL)
740 goto version_failure;
741
742 ret_val = nla_put_u32(ans_skb,
743 NLBL_MGMT_A_VERSION,
744 NETLBL_PROTO_VERSION);
745 if (ret_val != 0)
746 goto version_failure;
747
748 genlmsg_end(ans_skb, data);
749 return genlmsg_reply(ans_skb, info);
750
751 version_failure:
752 kfree_skb(ans_skb);
753 return ret_val;
754 }
755
756
757 /*
758 * NetLabel Generic NETLINK Command Definitions
759 */
760
761 static const struct genl_small_ops netlbl_mgmt_genl_ops[] = {
762 {
763 .cmd = NLBL_MGMT_C_ADD,
764 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
765 .flags = GENL_ADMIN_PERM,
766 .doit = netlbl_mgmt_add,
767 .dumpit = NULL,
768 },
769 {
770 .cmd = NLBL_MGMT_C_REMOVE,
771 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
772 .flags = GENL_ADMIN_PERM,
773 .doit = netlbl_mgmt_remove,
774 .dumpit = NULL,
775 },
776 {
777 .cmd = NLBL_MGMT_C_LISTALL,
778 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
779 .flags = 0,
780 .doit = NULL,
781 .dumpit = netlbl_mgmt_listall,
782 },
783 {
784 .cmd = NLBL_MGMT_C_ADDDEF,
785 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
786 .flags = GENL_ADMIN_PERM,
787 .doit = netlbl_mgmt_adddef,
788 .dumpit = NULL,
789 },
790 {
791 .cmd = NLBL_MGMT_C_REMOVEDEF,
792 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
793 .flags = GENL_ADMIN_PERM,
794 .doit = netlbl_mgmt_removedef,
795 .dumpit = NULL,
796 },
797 {
798 .cmd = NLBL_MGMT_C_LISTDEF,
799 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
800 .flags = 0,
801 .doit = netlbl_mgmt_listdef,
802 .dumpit = NULL,
803 },
804 {
805 .cmd = NLBL_MGMT_C_PROTOCOLS,
806 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
807 .flags = 0,
808 .doit = NULL,
809 .dumpit = netlbl_mgmt_protocols,
810 },
811 {
812 .cmd = NLBL_MGMT_C_VERSION,
813 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
814 .flags = 0,
815 .doit = netlbl_mgmt_version,
816 .dumpit = NULL,
817 },
818 };
819
820 static struct genl_family netlbl_mgmt_gnl_family __ro_after_init = {
821 .hdrsize = 0,
822 .name = NETLBL_NLTYPE_MGMT_NAME,
823 .version = NETLBL_PROTO_VERSION,
824 .maxattr = NLBL_MGMT_A_MAX,
825 .policy = netlbl_mgmt_genl_policy,
826 .module = THIS_MODULE,
827 .small_ops = netlbl_mgmt_genl_ops,
828 .n_small_ops = ARRAY_SIZE(netlbl_mgmt_genl_ops),
829 .resv_start_op = NLBL_MGMT_C_VERSION + 1,
830 };
831
832 /*
833 * NetLabel Generic NETLINK Protocol Functions
834 */
835
836 /**
837 * netlbl_mgmt_genl_init - Register the NetLabel management component
838 *
839 * Description:
840 * Register the NetLabel management component with the Generic NETLINK
841 * mechanism. Returns zero on success, negative values on failure.
842 *
843 */
844 int __init netlbl_mgmt_genl_init(void)
845 {
846 return genl_register_family(&netlbl_mgmt_gnl_family);
847 }
Kernel DRM miscellaneous fixes and cross-tree changes