lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Jul 2017 09:51:41 -0400 From: Jamal Hadi Salim <jhs@...atatu.com> To: David Ahern <dsahern@...il.com>, davem@...emloft.net Cc: netdev@...r.kernel.org, jiri@...nulli.us, xiyou.wangcong@...il.com, eric.dumazet@...il.com, mrv@...atatu.com, simon.horman@...ronome.com, alex.aring@...il.com Subject: Re: [PATCH net-next v11 1/4] net netlink: Add new type NLA_BITFIELD_32 On 17-07-25 10:41 AM, David Ahern wrote: > On 7/23/17 7:35 PM, Jamal Hadi Salim wrote: >> In the most basic form, the user specifies the attribute policy as: >> [ATTR_GOO] = { .type = NLA_BITFIELD_32, .validation_data = &myvalidflags }, >> >> where myvalidflags is the bit mask of the flags the kernel understands. >> >> If the user _does not_ provide myvalidflags then the attribute will >> also be rejected. > > No other netlink attribute has this requirement. This is the first one where we have to inspect content. We add things when we need them - as in this case. > Users of the attributes > are the only ones that know if a value is valid or not (e.g, attribute > passing a device index) and those are always checked in line. It doesnt make sense that every user of the API has to repeat that validation code. Same principle as someone specifying that a type is u32 and have the nla validation check it. At some point we never had the u32 validation code. Then it was factored out because everyone repeats the same boilerplate code. I see this in the same spirit. > Furthermore, you are locking this attribute into a static meaning of > what is a valid value when flags can be valid or invalid based on other > attributes passed in the request. > That doesnt disqualify that i factored out common code that all users of this nltype are going to cutnpaste. On the dependency on bit presence topic: I had added an "extra validation" ops - but it was distracting enough that i removed that patch altogether. cheers, jamal
Powered by blists - more mailing lists