From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
Michal Kubecek <mkubecek@suse.cz>,
Johannes Berg <johannes.berg@intel.com>
Subject: Re: [PATCH 1/2] netlink: add NLA_REJECT policy type
Date: Thu, 13 Sep 2018 16:30:04 -0300 [thread overview]
Message-ID: <20180913193004.GF4590@localhost.localdomain> (raw)
In-Reply-To: <20180913084603.7979-1-johannes@sipsolutions.net>
On Thu, Sep 13, 2018 at 10:46:02AM +0200, Johannes Berg wrote:
> From: Johannes Berg <johannes.berg@intel.com>
>
> In some situations some netlink attributes may be used for output
> only (kernel->userspace) or may be reserved for future use. It's
> then helpful to be able to prevent userspace from using them in
> messages sent to the kernel, since they'd otherwise be ignored and
> any future will become impossible if this happens.
I don't follow, what's the issue with simply ignoring such attributes?
>
> Add NLA_REJECT to the policy which does nothing but reject (with
> EINVAL) validation of any messages containing this attribute.
> Allow for returning a specific extended ACK error message in the
> validation_data pointer.
This has potential to create confusion because we can't use it on
{output,reserved} attributes that are already there (as we must always
ignore them now) and we will end up with a mix of it.
>
> While at it fix the indentation of NLA_BITFIELD32 and describe the
> validation_data pointer for it.
>
> The specific case I have in mind now is a shared nested attribute
> containing request/response data, and it would be pointless and
> potentially confusing to have userspace include response data in
> the messages that actually contain a request.
Would be nice to see some patches for it too. Maybe it helps.
>
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
> ---
> include/net/netlink.h | 6 +++++-
> lib/nlattr.c | 22 +++++++++++++++-------
> 2 files changed, 20 insertions(+), 8 deletions(-)
>
> diff --git a/include/net/netlink.h b/include/net/netlink.h
> index 0c154f98e987..04e40fcc70d6 100644
> --- a/include/net/netlink.h
> +++ b/include/net/netlink.h
> @@ -180,6 +180,7 @@ enum {
> NLA_S32,
> NLA_S64,
> NLA_BITFIELD32,
> + NLA_REJECT,
> __NLA_TYPE_MAX,
> };
>
> @@ -208,7 +209,10 @@ enum {
> * NLA_MSECS Leaving the length field zero will verify the
> * given type fits, using it verifies minimum length
> * just like "All other"
> - * NLA_BITFIELD32 A 32-bit bitmap/bitselector attribute
> + * NLA_BITFIELD32 A 32-bit bitmap/bitselector attribute, validation
> + * data must point to a u32 value of valid flags
> + * NLA_REJECT Reject this attribute, validation data may point
> + * to a string to report as the error in extended ACK.
> * All other Minimum length of attribute payload
> *
> * Example:
> diff --git a/lib/nlattr.c b/lib/nlattr.c
> index e335bcafa9e4..56e0aae5cf23 100644
> --- a/lib/nlattr.c
> +++ b/lib/nlattr.c
> @@ -69,7 +69,8 @@ static int validate_nla_bitfield32(const struct nlattr *nla,
> }
>
> static int validate_nla(const struct nlattr *nla, int maxtype,
> - const struct nla_policy *policy)
> + const struct nla_policy *policy,
> + struct netlink_ext_ack *extack)
> {
> const struct nla_policy *pt;
> int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla);
> @@ -87,6 +88,11 @@ static int validate_nla(const struct nlattr *nla, int maxtype,
> }
>
> switch (pt->type) {
> + case NLA_REJECT:
> + if (pt->validation_data && extack)
> + extack->_msg = pt->validation_data;
> + return -EINVAL;
> +
> case NLA_FLAG:
> if (attrlen > 0)
> return -ERANGE;
> @@ -180,11 +186,10 @@ int nla_validate(const struct nlattr *head, int len, int maxtype,
> int rem;
>
> nla_for_each_attr(nla, head, len, rem) {
> - int err = validate_nla(nla, maxtype, policy);
> + int err = validate_nla(nla, maxtype, policy, extack);
>
> if (err < 0) {
> - if (extack)
> - extack->bad_attr = nla;
> + NL_SET_BAD_ATTR(extack, nla);
> return err;
> }
> }
> @@ -251,10 +256,13 @@ int nla_parse(struct nlattr **tb, int maxtype, const struct nlattr *head,
>
> if (type > 0 && type <= maxtype) {
> if (policy) {
> - err = validate_nla(nla, maxtype, policy);
> + err = validate_nla(nla, maxtype, policy,
> + extack);
> if (err < 0) {
> - NL_SET_ERR_MSG_ATTR(extack, nla,
> - "Attribute failed policy validation");
> + NL_SET_BAD_ATTR(extack, nla);
> + if (extack && !extack->_msg)
> + NL_SET_ERR_MSG(extack,
> + "Attribute failed policy validation");
> goto errout;
> }
> }
> --
> 2.14.4
>
next prev parent reply other threads:[~2018-09-14 0:41 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-13 8:46 [PATCH 1/2] netlink: add NLA_REJECT policy type Johannes Berg
2018-09-13 8:46 ` Johannes Berg
2018-09-13 8:46 ` [PATCH 2/2] netlink: add ethernet address policy types Johannes Berg
2018-09-13 11:58 ` Michal Kubecek
2018-09-13 11:58 ` Michal Kubecek
2018-09-13 12:02 ` Johannes Berg
2018-09-13 12:12 ` Michal Kubecek
2018-09-13 12:16 ` Johannes Berg
2018-09-13 12:24 ` Michal Kubecek
2018-09-13 12:24 ` Michal Kubecek
2018-09-13 12:46 ` Johannes Berg
2018-09-13 12:46 ` Johannes Berg
2018-09-13 16:03 ` Michal Kubecek
2018-09-13 19:41 ` Marcelo Ricardo Leitner
2018-09-13 20:39 ` Michal Kubecek
2018-09-17 7:45 ` Johannes Berg
2018-09-13 10:49 ` [PATCH 1/2] netlink: add NLA_REJECT policy type Michal Kubecek
2018-09-13 11:25 ` Johannes Berg
2018-09-13 11:25 ` Johannes Berg
2018-09-13 12:05 ` Michal Kubecek
2018-09-13 19:20 ` Marcelo Ricardo Leitner
2018-09-13 20:43 ` Michal Kubecek
2018-09-13 19:30 ` Marcelo Ricardo Leitner [this message]
2018-09-13 21:27 ` Michal Kubecek
2018-09-13 21:58 ` Marcelo Ricardo Leitner
2018-09-17 9:38 ` Johannes Berg
2018-09-17 9:38 ` Johannes Berg
2018-09-17 20:17 ` Marcelo Ricardo Leitner
2018-09-18 12:34 ` Jamal Hadi Salim
2018-09-18 12:34 ` Jamal Hadi Salim
2018-09-18 12:39 ` Johannes Berg
2018-09-18 12:55 ` Jamal Hadi Salim
2018-09-18 12:57 ` Johannes Berg
2018-09-18 13:12 ` Jamal Hadi Salim
2018-09-18 16:42 ` Johannes Berg
2018-09-13 22:59 ` David Miller
2018-09-17 9:39 ` Johannes Berg
2018-09-17 9:39 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180913193004.GF4590@localhost.localdomain \
--to=marcelo.leitner@gmail.com \
--cc=johannes.berg@intel.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=mkubecek@suse.cz \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.