lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6ba9f727e555fd376623a298d5d305ad408c3d47.camel@sipsolutions.net>
Date:   Fri, 21 Oct 2022 21:57:53 +0200
From:   Johannes Berg <johannes@...solutions.net>
To:     Jakub Kicinski <kuba@...nel.org>, davem@...emloft.net
Cc:     netdev@...r.kernel.org, edumazet@...gle.com, pabeni@...hat.com,
        jacob.e.keller@...el.com, fw@...len.de, jiri@...dia.com
Subject: Re: [PATCH net] genetlink: piggy back on resv_op to default to a
 reject policy

On Fri, 2022-10-21 at 12:35 -0700, Jakub Kicinski wrote:
> 
> +/* We need the last attribute with non-zero ID therefore a 2-entry array */
> +static struct nla_policy genl_policy_reject_all[] = {
> +	{ .type = NLA_REJECT },
> +	{ .type = NLA_REJECT },
> +};
> +
>  static int genl_ctrl_event(int event, const struct genl_family *family,
>  			   const struct genl_multicast_group *grp,
>  			   int grp_id);
>  
> +static void
> +genl_op_fill_in_reject_policy(const struct genl_family *family,
> +			      struct genl_ops *op)
> +{
> +	BUILD_BUG_ON(ARRAY_SIZE(genl_policy_reject_all) - 1 != 1);
> +
> +	if (op->policy || op->cmd < family->resv_start_op)
> +		return;
> +
> +	op->policy = genl_policy_reject_all;
> +	op->maxattr = 1;
> +}

It feels it might've been easier to implement as simply, apart from the
doc changes:

--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -529,6 +529,10 @@ genl_family_rcv_msg_attrs_parse(const struct genl_family *family,
 	struct nlattr **attrbuf;
 	int err;
 
+	if (ops->cmd >= family->resv_start_op && !ops->maxattr &&
+	    nlmsg_attrlen(nlh, hdrlen))
+		return ERR_PTR(-EINVAL);
+
 	if (!ops->maxattr)
 		return NULL;
 


But maybe I'm missing something in the relation with the new split ops
etc.

Also, technically, you could now have an op that is >= resv_start_op,
but sets one of GENL_DONT_VALIDATE{_DUMP,}_STRICT and then gets the old
behaviour except that attributes 0 and 1 are rejected?

Any particular reason you chose this implementation here? I can
understand having chosen it with the yaml things since then you can be
sure you're not setting GENL_DONT_VALIDATE{_DUMP,}_STRICT and you don't
have another choice anyway, but here?

Hmm.

Then again, maybe anyway we should make sure that
GENL_DONT_VALIDATE{_DUMP,}_STRICT aren't set for ops >= resv_start_op?


Anyway, for the intended use it works, and I guess it'd be a stupid
family that makes sure to set this but then still uses non-strict
validation, though I've seen people (try to) copy/paste non-strict
validation into new ops ...

johannes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ