lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CO1PR11MB50899080E3A33882F9630C98D6B39@CO1PR11MB5089.namprd11.prod.outlook.com>
Date:   Sat, 9 Oct 2021 00:32:49 +0000
From:   "Keller, Jacob E" <jacob.e.keller@...el.com>
To:     Jakub Kicinski <kuba@...nel.org>
CC:     Jiri Pirko <jiri@...nulli.us>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: RE: [net-next 0/4] devlink: add dry run support for flash update



> -----Original Message-----
> From: Jakub Kicinski <kuba@...nel.org>
> Sent: Friday, October 08, 2021 5:18 PM
> To: Keller, Jacob E <jacob.e.keller@...el.com>
> Cc: Jiri Pirko <jiri@...nulli.us>; netdev@...r.kernel.org
> Subject: Re: [net-next 0/4] devlink: add dry run support for flash update
> 
> On Fri, 8 Oct 2021 23:58:45 +0000 Keller, Jacob E wrote:
> > > > Doesn't the policy checks prevent any unknown attributes?
> > > > Or are unknown attributes silently ignored?
> > >
> > > Did you test it?
> > >
> > > DEVLINK_CMD_FLASH_UPDATE has GENL_DONT_VALIDATE_STRICT set.
> >
> > Hmm. I did run into an issue while initially testing where
> > DEVLINK_ATTR_DRY_RUN wasn't in the devlink_nla_policy table and it
> > rejected the command with an unknown attribute. I had to add the
> > attribute to the policy table to fix this.
> >
> > I'm double checking on a different kernel now with the new userspace
> > to see if I get the same behavior.
> 
> Weird.
> 
> > I'm not super familiar with the validation code or what
> > GENL_DONT_VALIDATE_STRICT means...
> >
> > Indeed.. I just did a search for GENL_DONT_VALIDATE_STRICT and the
> > only uses I can find are ones which *set* the flag. Nothing ever
> > checks it!!
> >
> > I suspect it got removed at some point.. still digging into exact
> > history though...
> 
> 
>  It's passed by genl_family_rcv_msg_doit() to
> genl_family_rcv_msg_attrs_parse() where it chooses the netlink policy.

Ah.. I see how its done. It's passed as the argument so you  don't see a direct comparison which makes it look like there isn't one... Feels like there could probably be a better abstraction that was more readable here...

Anyways. I'll confirm what happens on the kernel that doesn't have the attribute defined at all.

I wonder if the thing I saw differently was because the attribute *was* known but wasn't in policy. I.e. because it was defined it was validated....

Yep, I confirm that on a kernel without the DRY_RUN flag that it would allow the run because we aren't being strict.

I am guessing that we can't convert devlink over to strict validation?

Thanks,
Jake

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ