| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZTpzfckQ5n4o2F7D@shredder>
Date: Thu, 26 Oct 2023 17:11:09 +0300
From: Ido Schimmel <idosch@...sch.org>
To: Nikolay Aleksandrov <razor@...ckwall.org>
Cc: bpf@...r.kernel.org, jiri@...nulli.us, netdev@...r.kernel.org,
martin.lau@...ux.dev, ast@...nel.org, andrii@...nel.org,
john.fastabend@...il.com, kuba@...nel.org, andrew@...n.ch,
toke@...nel.org, toke@...hat.com, sdf@...gle.com,
daniel@...earbox.net
Subject: Re: [PATCH bpf-next 2/2] netkit: use netlink policy for mode and
policy attributes validation
On Thu, Oct 26, 2023 at 12:41:06PM +0300, Nikolay Aleksandrov wrote:
> static const struct nla_policy netkit_policy[IFLA_NETKIT_MAX + 1] = {
> [IFLA_NETKIT_PEER_INFO] = { .len = sizeof(struct ifinfomsg) },
> - [IFLA_NETKIT_POLICY] = { .type = NLA_U32 },
> - [IFLA_NETKIT_MODE] = { .type = NLA_U32 },
> - [IFLA_NETKIT_PEER_POLICY] = { .type = NLA_U32 },
> + [IFLA_NETKIT_POLICY] = NLA_POLICY_VALIDATE_FN(NLA_U32,
> + netkit_check_policy),
Nik, it's problematic to use NLA_POLICY_VALIDATE_FN() with anything
other than NLA_BINARY. See commit 9e17f99220d1 ("net/sched: act_mpls:
Fix warning during failed attribute validation").
> + [IFLA_NETKIT_MODE] = NLA_POLICY_VALIDATE_FN(NLA_U32,
> + netkit_check_mode),
> + [IFLA_NETKIT_PEER_POLICY] = NLA_POLICY_VALIDATE_FN(NLA_U32,
> + netkit_check_policy),
> [IFLA_NETKIT_PRIMARY] = { .type = NLA_REJECT,
> .reject_message = "Primary attribute is read-only" },
> };
> --
> 2.38.1
>
>
Powered by blists - more mailing lists