From: Ido Schimmel <idosch@nvidia.com>
To: netdev@vger.kernel.org, bridge@lists.linux-foundation.org
Cc: petrm@nvidia.com, mlxsw@nvidia.com, razor@blackwall.org,
Ido Schimmel <idosch@nvidia.com>,
edumazet@google.com, roopa@nvidia.com, kuba@kernel.org,
pabeni@redhat.com, davem@davemloft.net
Subject: [Bridge] [RFC PATCH net-next 03/13] bridge: mcast: Move validation to a policy
Date: Sat, 4 Feb 2023 19:07:51 +0200 [thread overview]
Message-ID: <20230204170801.3897900-4-idosch@nvidia.com> (raw)
In-Reply-To: <20230204170801.3897900-1-idosch@nvidia.com>
Subsequent patches are going to move parts of the bridge MDB code to the
common rtnetlink code in preparation for VXLAN MDB support. To
facilitate code sharing between both drivers, move the validation of the
top level attributes in RTM_{NEW,DEL}MDB messages to a policy that will
eventually be moved to the rtnetlink code.
Use 'NLA_NESTED' for 'MDBA_SET_ENTRY_ATTRS' instead of
NLA_POLICY_NESTED() as this attribute is going to be validated using
different policies in the underlying drivers.
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
---
net/bridge/br_mdb.c | 45 +++++++++++++++++++++++++++------------------
1 file changed, 27 insertions(+), 18 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index e40a4c275d63..b1ece209cfca 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -683,51 +683,58 @@ static const struct nla_policy br_mdbe_attrs_pol[MDBE_ATTR_MAX + 1] = {
[MDBE_ATTR_RTPROT] = NLA_POLICY_MIN(NLA_U8, RTPROT_STATIC),
};
-static bool is_valid_mdb_entry(struct br_mdb_entry *entry,
- struct netlink_ext_ack *extack)
+static int validate_mdb_entry(const struct nlattr *attr,
+ struct netlink_ext_ack *extack)
{
+ struct br_mdb_entry *entry = nla_data(attr);
+
+ if (nla_len(attr) != sizeof(struct br_mdb_entry)) {
+ NL_SET_ERR_MSG_MOD(extack, "Invalid MDBA_SET_ENTRY attribute length");
+ return -EINVAL;
+ }
+
if (entry->ifindex == 0) {
NL_SET_ERR_MSG_MOD(extack, "Zero entry ifindex is not allowed");
- return false;
+ return -EINVAL;
}
if (entry->addr.proto == htons(ETH_P_IP)) {
if (!ipv4_is_multicast(entry->addr.u.ip4)) {
NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is not multicast");
- return false;
+ return -EINVAL;
}
if (ipv4_is_local_multicast(entry->addr.u.ip4)) {
NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is local multicast");
- return false;
+ return -EINVAL;
}
#if IS_ENABLED(CONFIG_IPV6)
} else if (entry->addr.proto == htons(ETH_P_IPV6)) {
if (ipv6_addr_is_ll_all_nodes(&entry->addr.u.ip6)) {
NL_SET_ERR_MSG_MOD(extack, "IPv6 entry group address is link-local all nodes");
- return false;
+ return -EINVAL;
}
#endif
} else if (entry->addr.proto == 0) {
/* L2 mdb */
if (!is_multicast_ether_addr(entry->addr.u.mac_addr)) {
NL_SET_ERR_MSG_MOD(extack, "L2 entry group is not multicast");
- return false;
+ return -EINVAL;
}
} else {
NL_SET_ERR_MSG_MOD(extack, "Unknown entry protocol");
- return false;
+ return -EINVAL;
}
if (entry->state != MDB_PERMANENT && entry->state != MDB_TEMPORARY) {
NL_SET_ERR_MSG_MOD(extack, "Unknown entry state");
- return false;
+ return -EINVAL;
}
if (entry->vid >= VLAN_VID_MASK) {
NL_SET_ERR_MSG_MOD(extack, "Invalid entry VLAN id");
- return false;
+ return -EINVAL;
}
- return true;
+ return 0;
}
static bool is_valid_mdb_source(struct nlattr *attr, __be16 proto,
@@ -1295,6 +1302,14 @@ static int br_mdb_config_attrs_init(struct nlattr *set_attrs,
return 0;
}
+static const struct nla_policy mdba_policy[MDBA_SET_ENTRY_MAX + 1] = {
+ [MDBA_SET_ENTRY_UNSPEC] = { .strict_start_type = MDBA_SET_ENTRY_ATTRS + 1 },
+ [MDBA_SET_ENTRY] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
+ validate_mdb_entry,
+ sizeof(struct br_mdb_entry)),
+ [MDBA_SET_ENTRY_ATTRS] = { .type = NLA_NESTED },
+};
+
static int br_mdb_config_init(struct net *net, const struct nlmsghdr *nlh,
struct br_mdb_config *cfg,
struct netlink_ext_ack *extack)
@@ -1305,7 +1320,7 @@ static int br_mdb_config_init(struct net *net, const struct nlmsghdr *nlh,
int err;
err = nlmsg_parse_deprecated(nlh, sizeof(*bpm), tb,
- MDBA_SET_ENTRY_MAX, NULL, extack);
+ MDBA_SET_ENTRY_MAX, mdba_policy, extack);
if (err)
return err;
@@ -1347,14 +1362,8 @@ static int br_mdb_config_init(struct net *net, const struct nlmsghdr *nlh,
NL_SET_ERR_MSG_MOD(extack, "Missing MDBA_SET_ENTRY attribute");
return -EINVAL;
}
- if (nla_len(tb[MDBA_SET_ENTRY]) != sizeof(struct br_mdb_entry)) {
- NL_SET_ERR_MSG_MOD(extack, "Invalid MDBA_SET_ENTRY attribute length");
- return -EINVAL;
- }
cfg->entry = nla_data(tb[MDBA_SET_ENTRY]);
- if (!is_valid_mdb_entry(cfg->entry, extack))
- return -EINVAL;
if (cfg->entry->ifindex != cfg->br->dev->ifindex) {
struct net_device *pdev;
--
2.37.3
next prev parent reply other threads:[~2023-02-04 17:07 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-04 17:07 [Bridge] [RFC PATCH net-next 00/13] vxlan: Add MDB support Ido Schimmel
2023-02-04 17:07 ` [Bridge] [RFC PATCH net-next 01/13] bridge: mcast: Use correct define in MDB dump Ido Schimmel
2023-02-04 17:07 ` [Bridge] [RFC PATCH net-next 02/13] bridge: mcast: Remove pointless sequence generation counter assignment Ido Schimmel
2023-02-04 17:07 ` Ido Schimmel [this message]
2023-02-04 17:07 ` [Bridge] [RFC PATCH net-next 04/13] net: Add MDB net device operations Ido Schimmel
2023-02-04 17:07 ` [Bridge] [RFC PATCH net-next 05/13] bridge: mcast: Implement " Ido Schimmel
2023-02-04 17:07 ` [Bridge] [RFC PATCH net-next 06/13] rtnetlink: bridge: mcast: Move MDB handlers out of bridge driver Ido Schimmel
2023-02-04 17:07 ` [Bridge] [RFC PATCH net-next 07/13] rtnetlink: bridge: mcast: Relax group address validation in common code Ido Schimmel
2023-02-04 17:07 ` [Bridge] [RFC PATCH net-next 08/13] vxlan: Move address helpers to private headers Ido Schimmel
2023-02-04 17:07 ` [Bridge] [RFC PATCH net-next 09/13] vxlan: Expose vxlan_xmit_one() Ido Schimmel
2023-02-04 17:07 ` [Bridge] [RFC PATCH net-next 10/13] vxlan: mdb: Add MDB control path support Ido Schimmel
2023-02-04 17:07 ` [Bridge] [RFC PATCH net-next 11/13] vxlan: mdb: Add an internal flag to indicate MDB usage Ido Schimmel
2023-02-04 17:08 ` [Bridge] [RFC PATCH net-next 12/13] vxlan: Add MDB data path support Ido Schimmel
2023-02-04 17:08 ` [Bridge] [RFC PATCH net-next 13/13] vxlan: Enable MDB support Ido Schimmel
2023-02-06 23:24 ` [Bridge] [RFC PATCH net-next 00/13] vxlan: Add " Nikolay Aleksandrov
2023-02-07 9:25 ` Ido Schimmel
2023-02-07 21:02 ` Nikolay Aleksandrov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230204170801.3897900-4-idosch@nvidia.com \
--to=idosch@nvidia.com \
--cc=bridge@lists.linux-foundation.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=mlxsw@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=petrm@nvidia.com \
--cc=razor@blackwall.org \
--cc=roopa@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox