| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Nov 2021 13:02:41 +0100 From: Sabrina Dubroca <sd@...asysnail.net> To: netdev@...r.kernel.org Cc: steffen.klassert@...unet.com, Sabrina Dubroca <sd@...asysnail.net> Subject: [RFC PATCH ipsec-next 0/6] xfrm: start adding netlink extack support XFRM states and policies are complex objects, and there are many reasons why the kernel can reject userspace's request to create one. This series makes it a bit clearer by providing extended ack messages for policy creation. A few other operations that reuse the same helper functions are also getting partial extack support in this series. More patches will follow to complete extack support, in particular for state creation. Note: The policy->share attribute seems to be entirely ignored in the kernel outside of checking its value in verify_newpolicy_info(). There are some (very) old comments in copy_from_user_policy and copy_to_user_policy suggesting that it should at least be copied to/from userspace. I don't know what it was intended for. Sabrina Dubroca (6): xfrm: propagate extack to all netlink doit handlers xfrm: add extack support to verify_newpolicy_info xfrm: add extack to verify_policy_dir xfrm: add extack to validate_tmpl xfrm: add extack to verify_policy_type xfrm: add extack to verify_sec_ctx_len net/xfrm/xfrm_user.c | 163 +++++++++++++++++++++++++++---------------- 1 file changed, 103 insertions(+), 60 deletions(-) -- 2.33.1
Powered by blists - more mailing lists