lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1dc47668cc015c5a1bff10072e64e55a3436cbb7.camel@sipsolutions.net>
Date:   Mon, 05 Oct 2020 20:58:57 +0200
From:   Johannes Berg <johannes@...solutions.net>
To:     Jakub Kicinski <kuba@...nel.org>, davem@...emloft.net
Cc:     netdev@...r.kernel.org, kernel-team@...com, jiri@...nulli.us,
        andrew@...n.ch, mkubecek@...e.cz
Subject: Re: [PATCH net-next 6/6] ethtool: specify which header flags are
 supported per command

On Mon, 2020-10-05 at 08:57 -0700, Jakub Kicinski wrote:
> 
> @@ -47,19 +61,16 @@ int ethnl_parse_header_dev_get(struct ethnl_req_info *req_info,
>  		NL_SET_ERR_MSG(extack, "request header missing");
>  		return -EINVAL;
>  	}
> +	/* Use most permissive header policy here, ops should specify their
> +	 * actual header policy via NLA_POLICY_NESTED(), and the real
> +	 * validation will happen in genetlink code.
> +	 */
>  	ret = nla_parse_nested(tb, ETHTOOL_A_HEADER_MAX, header,
> -			       ethnl_header_policy, extack);
> +			       ethnl_header_policy_stats, extack);

Would it make sense to just remove the validation here? It's already
done, so it just costs extra cycles and can't really fail, and if there
are more diverse policies in the future this might also very quickly get
out of hand?

johannes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ