lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 24 Apr 2019 23:34:21 +0200 (CEST)
From:   Michal Kubecek <mkubecek@...e.cz>
To:     netdev@...r.kernel.org
Cc:     "David S. Miller" <davem@...emloft.net>,
        David Ahern <dsahern@...il.com>,
        Johannes Berg <johannes.berg@...el.com>,
        Jiri Pirko <jiri@...lanox.com>,
        Pablo Neira Ayuso <pablo@...filter.org>,
        Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>,
        Florian Westphal <fw@...len.de>,
        netfilter-devel@...r.kernel.org
Subject: [RFC PATCH net-next 0/3] make nla_nest_start() add NLA_F_NESTED flag

One of the comments in recent review of the ethtool netlink series pointed
out that proposed ethnl_nest_start() helper which adds NLA_F_NESTED to
second argument of nla_nest_start() is not really specific to ethtool
netlink code. That is hard to argue with as closer inspection revealed that
exactly the same helper already exists in ipset code (except it's a macro
rather than an inline function).

Another observation was that even if NLA_F_NESTED flag was introduced in
2007, only few netlink based interfaces set it in kernel generated messages
and even many recently added APIs omit it. That is unfortunate as without
the flag, message parsers not familiar with attribute semantics cannot
recognize nested attributes and do not see message structure; this affects
e.g. wireshark dissector or mnl_nlmsg_fprintf() from libmnl.

This is why I'm suggesting to rename existing nla_nest_start() to different
name (nla_nest_start_noflag) and reintroduce nla_nest_start() as a wrapper
adding NLA_F_NESTED flag. This is implemented in first patch which is
mostly generated by spatch. Second patch drops ipset helper macros which
lose their purpose. Third patch cleans up minor coding style issues found
by checkpatch.pl in first patch.

If this approach is considered too intrusive, we can leave nla_nest_start()
untouched and simply add a wrapper adding NLA_F_NESTED but that would
probably preserve the state when even most new code doesn't set the flag.

Michal Kubecek (3):
  netlink: make nla_nest_start() add NLA_F_NESTED flag
  ipset: drop ipset_nest_start() and ipset_nest_end()
  net: fix two coding style issues

 drivers/block/drbd/drbd_nl.c                |   8 +-
 drivers/block/nbd.c                         |   4 +-
 drivers/infiniband/core/nldev.c             |   9 +-
 drivers/infiniband/hw/cxgb4/restrack.c      |   8 +-
 drivers/net/bonding/bond_netlink.c          |   8 +-
 drivers/net/ieee802154/mac802154_hwsim.c    |   6 +-
 drivers/net/macsec.c                        |  27 +--
 drivers/net/macvlan.c                       |   2 +-
 drivers/net/team/team.c                     |   8 +-
 drivers/net/wireless/ath/wil6210/cfg80211.c |   4 +-
 include/linux/netfilter/ipset/ip_set.h      |  11 +-
 include/net/netlink.h                       |  26 ++-
 kernel/taskstats.c                          |   2 +-
 net/8021q/vlan_netlink.c                    |   4 +-
 net/bridge/br_mdb.c                         |  17 +-
 net/bridge/br_netlink.c                     |   8 +-
 net/bridge/br_netlink_tunnel.c              |   2 +-
 net/core/devlink.c                          |  78 ++++----
 net/core/lwt_bpf.c                          |   2 +-
 net/core/lwtunnel.c                         |   2 +-
 net/core/neighbour.c                        |   2 +-
 net/core/rtnetlink.c                        |  48 ++---
 net/dcb/dcbnl.c                             |  40 ++--
 net/decnet/dn_table.c                       |   3 +-
 net/ieee802154/nl802154.c                   |  34 ++--
 net/ipv4/fib_semantics.c                    |   2 +-
 net/ipv4/ipmr.c                             |   6 +-
 net/ipv4/ipmr_base.c                        |   2 +-
 net/ipv4/tcp_metrics.c                      |   2 +-
 net/ipv6/addrconf.c                         |   2 +-
 net/ipv6/route.c                            |   2 +-
 net/ipv6/seg6_local.c                       |   2 +-
 net/l2tp/l2tp_netlink.c                     |   4 +-
 net/mpls/af_mpls.c                          |   2 +-
 net/ncsi/ncsi-netlink.c                     |  12 +-
 net/netfilter/ipset/ip_set_bitmap_gen.h     |  14 +-
 net/netfilter/ipset/ip_set_hash_gen.h       |  14 +-
 net/netfilter/ipset/ip_set_list_set.c       |  14 +-
 net/netfilter/ipvs/ip_vs_ctl.c              |  10 +-
 net/netfilter/nf_conntrack_netlink.c        |  40 ++--
 net/netfilter/nf_conntrack_proto_dccp.c     |   2 +-
 net/netfilter/nf_conntrack_proto_sctp.c     |   2 +-
 net/netfilter/nf_conntrack_proto_tcp.c      |   2 +-
 net/netfilter/nf_tables_api.c               |  29 +--
 net/netfilter/nfnetlink_cthelper.c          |   7 +-
 net/netfilter/nfnetlink_cttimeout.c         |   4 +-
 net/netfilter/nfnetlink_queue.c             |   2 +-
 net/netfilter/nft_ct.c                      |   2 +-
 net/netfilter/nft_tunnel.c                  |   6 +-
 net/netlabel/netlabel_cipso_v4.c            |  14 +-
 net/netlabel/netlabel_mgmt.c                |   8 +-
 net/netlink/genetlink.c                     |  12 +-
 net/nfc/netlink.c                           |   4 +-
 net/openvswitch/conntrack.c                 |   6 +-
 net/openvswitch/datapath.c                  |   7 +-
 net/openvswitch/flow_netlink.c              |  33 ++--
 net/openvswitch/meter.c                     |   8 +-
 net/openvswitch/vport-vxlan.c               |   2 +-
 net/openvswitch/vport.c                     |   2 +-
 net/packet/diag.c                           |   2 +-
 net/sched/act_api.c                         |  14 +-
 net/sched/act_ife.c                         |   2 +-
 net/sched/act_pedit.c                       |   5 +-
 net/sched/act_tunnel_key.c                  |   4 +-
 net/sched/cls_api.c                         |   4 +-
 net/sched/cls_basic.c                       |   2 +-
 net/sched/cls_bpf.c                         |   2 +-
 net/sched/cls_cgroup.c                      |   2 +-
 net/sched/cls_flow.c                        |   2 +-
 net/sched/cls_flower.c                      |   8 +-
 net/sched/cls_fw.c                          |   2 +-
 net/sched/cls_matchall.c                    |   2 +-
 net/sched/cls_route.c                       |   2 +-
 net/sched/cls_rsvp.h                        |   2 +-
 net/sched/cls_tcindex.c                     |   2 +-
 net/sched/cls_u32.c                         |   2 +-
 net/sched/ematch.c                          |   4 +-
 net/sched/sch_api.c                         |   2 +-
 net/sched/sch_atm.c                         |   2 +-
 net/sched/sch_cake.c                        |  10 +-
 net/sched/sch_cbq.c                         |   4 +-
 net/sched/sch_cbs.c                         |   2 +-
 net/sched/sch_choke.c                       |   2 +-
 net/sched/sch_codel.c                       |   2 +-
 net/sched/sch_drr.c                         |   2 +-
 net/sched/sch_dsmark.c                      |   4 +-
 net/sched/sch_etf.c                         |   2 +-
 net/sched/sch_fq.c                          |   2 +-
 net/sched/sch_fq_codel.c                    |   2 +-
 net/sched/sch_gred.c                        |   8 +-
 net/sched/sch_hfsc.c                        |   2 +-
 net/sched/sch_hhf.c                         |   2 +-
 net/sched/sch_htb.c                         |   4 +-
 net/sched/sch_ingress.c                     |   2 +-
 net/sched/sch_mqprio.c                      |   4 +-
 net/sched/sch_netem.c                       |   2 +-
 net/sched/sch_pie.c                         |   2 +-
 net/sched/sch_qfq.c                         |   2 +-
 net/sched/sch_red.c                         |   2 +-
 net/sched/sch_sfb.c                         |   2 +-
 net/sched/sch_taprio.c                      |   7 +-
 net/sched/sch_tbf.c                         |   2 +-
 net/tipc/bearer.c                           |   8 +-
 net/tipc/group.c                            |   2 +-
 net/tipc/link.c                             |  12 +-
 net/tipc/monitor.c                          |   4 +-
 net/tipc/name_table.c                       |   4 +-
 net/tipc/net.c                              |   2 +-
 net/tipc/netlink_compat.c                   |  24 +--
 net/tipc/node.c                             |   4 +-
 net/tipc/socket.c                           |  10 +-
 net/tipc/udp_media.c                        |   2 +-
 net/wireless/nl80211.c                      | 192 +++++++++++---------
 net/wireless/pmsr.c                         |  12 +-
 114 files changed, 565 insertions(+), 494 deletions(-)

-- 
2.21.0

Powered by blists - more mailing lists