lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <385b9766.f63d7.189b3a33c6b.Coremail.linma@zju.edu.cn>
Date:   Wed, 2 Aug 2023 08:26:06 +0800 (GMT+08:00)
From:   "Lin Ma" <linma@....edu.cn>
To:     "Jakub Kicinski" <kuba@...nel.org>
Cc:     "Leon Romanovsky" <leon@...nel.org>, davem@...emloft.net,
        edumazet@...gle.com, pabeni@...hat.com, fw@...len.de,
        yang.lee@...ux.alibaba.com, jgg@...pe.ca, markzhang@...dia.com,
        phaddad@...dia.com, yuancan@...wei.com, ohartoov@...dia.com,
        chenzhongjin@...wei.com, aharonl@...dia.com,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-rdma@...r.kernel.org
Subject: Re: [PATCH net v1 1/2] netlink: let len field used to parse
 type-not-care nested attrs

Hello there,

> For the longest time there was no docs or best practices for netlink.
> We have the documentation and more infrastructure in place now.
> I hope if you wrote the code today the distinction would have been
> clearer.
> 
> If we start adding APIs for various one-(two?)-offs from the past
> we'll never dig ourselves out of the "no idea what's the normal use
> of these APIs" hole..

This is true. Actually, those check missing codes are mostly old codes and
modern netlink consumers will choose the general netlink interface which
can automatically get attributes description from YAML and never need to
do things like *manual parsing* anymore.

However, according to my practice in auditing the code, I found there are
some general netlink interface users confront other issues like choosing
GENL_DONT_VALIDATE_STRICT without thinking or forgetting add a new
nla_policy when introducing new attributes.

To this end, I'm currently writing a simple documentation about Netlink
interface best practices for the kernel developer (the newly coming docs
are mostly about the user API part). 

I guess I will put this doc in Documentation/staging :)
and I will finish the draft ASAP.

Thanks
Lin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ