[PATCH net 0/4] tools: ynl-gen: misc fixes + wireguard ynl plan

[PATCH net 0/4] tools: ynl-gen: misc fixes + wireguard ynl plan

[Asbjørn Sloth Tønnesen]

Hi,

This is the first batch of changes related to converting
the netlink around wireguard, to be based on an YNL spec,
with the focus on making it a 1-to-1 replacement.

I will post these 28 patches in 3 batches.

This 1st series with some misc fixes for net.

Once this 1st series makes its way to net-next, then I plan
to post the 2nd series with YNL improvements for net-next,
and the 3rd series with the wireguard changes as RFC at
the same time, as many of the patches in the 2nd series is
using the 3rd series for justification, so they should be
available for reviewers.

Once the 2nd series is accepted into net-next, then
I will post the 3rd series in v1 for net-next.

Below are the diff stats for each series:

1st series (this) - misc fixes (4 patches):
 Documentation/netlink/specs/fou.yaml     | 4 ++--
 include/net/genetlink.h                  | 2 +-
 net/ipv4/fou_nl.c                        | 4 ++--
 tools/net/ynl/pyynl/ynl_gen_c.py         | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

2nd series - ynl improvements (10 patches):
 Doc../netlink/genetlink-legacy.yaml      |  2 +-
 tools/net/ynl/pyynl/lib/ynl.py           | 36 ++++++++++++---
 tools/net/ynl/pyynl/ynl_gen_c.py         | 34 ++++++++------
 3 files changed, 52 insertions(+), 20 deletions(-)

3rd series - wireguard changes (14 patches):
 Doc../netlink/specs/wireguard.yaml       | 321 ++++++++++++++
 MAINTAINERS                              |   3 +
 drivers/net/wireguard/Makefile           |   1 +
 drivers/net/wireguard/netlink.c          |  73 +--
 drivers/net/wireguard/netlink_gen.c      |  72 +++
 drivers/net/wireguard/netlink_gen.h      |  30 ++
 include/uapi/linux/wireguard.h           | 202 ++-------
 include/uapi/linux/wireguard_params.h    |  18 +
 tools/net/ynl/samples/.gitignore         |   1 +
 tools/net/ynl/samples/wireguard.c        | 104 +++++
 10 files changed, 605 insertions(+), 220 deletions(-)

Asbjørn Sloth Tønnesen (4):
  netlink: specs: fou: change local-v6/peer-v6 check
  tools: ynl-gen: use macro for binary min-len check
  tools: ynl-gen: fix nested array counting
  genetlink: fix typo in comment

 Documentation/netlink/specs/fou.yaml | 4 ++--
 include/net/genetlink.h              | 2 +-
 net/ipv4/fou_nl.c                    | 4 ++--
 tools/net/ynl/pyynl/ynl_gen_c.py     | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

-- 
2.50.1

[PATCH net 1/4] netlink: specs: fou: change local-v6/peer-v6 check

[Asbjørn Sloth Tønnesen]

While fixing the binary min-len implementaion, I noticed that
the only user, should AFAICT be using exact-len instead.

In net/ipv4/fou_core.c FOU_ATTR_LOCAL_V6 and FOU_ATTR_PEER_V6
are only used for singular IPv6 addresses, a exact-len policy,
therefore seams like a better fit.

AFAICT this was caused by lacking support for the exact-len check
at the time of the blamed commit, which was later remedied by
c63ad379526 ("tools: ynl-gen: add support for exact-len validation").

This patch therefore changes the local-v6/peer-v6 attributes to
use an exact-len check, instead of a min-len check.

Fixes: 4eb77b4ecd3c ("netlink: add a proto specification for FOU")
Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
 Documentation/netlink/specs/fou.yaml | 4 ++--
 net/ipv4/fou_nl.c                    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Documentation/netlink/specs/fou.yaml b/Documentation/netlink/specs/fou.yaml
index 57735726262ec..8e7974ec453fc 100644
--- a/Documentation/netlink/specs/fou.yaml
+++ b/Documentation/netlink/specs/fou.yaml
@@ -52,7 +52,7 @@ attribute-sets:
         name: local-v6
         type: binary
         checks:
-          min-len: 16
+          exact-len: 16
       -
         name: peer-v4
         type: u32
@@ -60,7 +60,7 @@ attribute-sets:
         name: peer-v6
         type: binary
         checks:
-          min-len: 16
+          exact-len: 16
       -
         name: peer-port
         type: u16
diff --git a/net/ipv4/fou_nl.c b/net/ipv4/fou_nl.c
index 3d9614609b2d3..506260b4a4dc2 100644
--- a/net/ipv4/fou_nl.c
+++ b/net/ipv4/fou_nl.c
@@ -18,9 +18,9 @@ const struct nla_policy fou_nl_policy[FOU_ATTR_IFINDEX + 1] = {
 	[FOU_ATTR_TYPE] = { .type = NLA_U8, },
 	[FOU_ATTR_REMCSUM_NOPARTIAL] = { .type = NLA_FLAG, },
 	[FOU_ATTR_LOCAL_V4] = { .type = NLA_U32, },
-	[FOU_ATTR_LOCAL_V6] = { .len = 16, },
+	[FOU_ATTR_LOCAL_V6] = NLA_POLICY_EXACT_LEN(16),
 	[FOU_ATTR_PEER_V4] = { .type = NLA_U32, },
-	[FOU_ATTR_PEER_V6] = { .len = 16, },
+	[FOU_ATTR_PEER_V6] = NLA_POLICY_EXACT_LEN(16),
 	[FOU_ATTR_PEER_PORT] = { .type = NLA_BE16, },
 	[FOU_ATTR_IFINDEX] = { .type = NLA_S32, },
 };
-- 
2.50.1

[PATCH net 2/4] tools: ynl-gen: use macro for binary min-len check

[Asbjørn Sloth Tønnesen]

This patch changes the generated min-len check for binary
attributes to use the NLA_POLICY_MIN_LEN() macro, and thereby
ensures that .validation_type is not left at NLA_VALIDATE_NONE.

This doesn't change any currently generated code, as it isn't
used in any specs currently used for generating code.

Fixes: be5bea1cc0bf ("net: add basic C code generators for Netlink")
Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
 tools/net/ynl/pyynl/ynl_gen_c.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/net/ynl/pyynl/ynl_gen_c.py b/tools/net/ynl/pyynl/ynl_gen_c.py
index ef032e17fec44..52f955ed84a7f 100755
--- a/tools/net/ynl/pyynl/ynl_gen_c.py
+++ b/tools/net/ynl/pyynl/ynl_gen_c.py
@@ -556,7 +556,7 @@ class TypeBinary(Type):
         elif 'exact-len' in self.checks:
             mem = 'NLA_POLICY_EXACT_LEN(' + self.get_limit_str('exact-len') + ')'
         elif 'min-len' in self.checks:
-            mem = '{ .len = ' + self.get_limit_str('min-len') + ', }'
+            mem = 'NLA_POLICY_MIN_LEN(' + self.get_limit_str('min-len') + ')'
         elif 'max-len' in self.checks:
             mem = 'NLA_POLICY_MAX_LEN(' + self.get_limit_str('max-len') + ')'
 
-- 
2.50.1

[PATCH net 3/4] tools: ynl-gen: fix nested array counting

[Asbjørn Sloth Tønnesen]

The blamed commit introduced the concept of split attribute
counting, and later allocating an array to hold them, however
TypeArrayNest wasn't updated to use the new counting variable.

Abbreviated example from tools/net/ynl/generated/nl80211-user.c:
nl80211_if_combination_attributes_parse(...):
  unsigned int n_limits = 0;
  [...]
  ynl_attr_for_each(attr, nlh, yarg->ys->family->hdr_len)
	if (type == NL80211_IFACE_COMB_LIMITS)
		ynl_attr_for_each_nested(attr2, attr)
			dst->_count.limits++;
  if (n_limits) {
	dst->_count.limits = n_limits;
	/* allocate and parse attributes */
  }

In the above example n_limits is guaranteed to always be 0,
hence the conditional is unsatisfiable and is optimized out.

This patch changes the attribute counting to use n_limits++ in the
attribute counting loop in the above example.

Fixes: 58da455b31ba ("tools: ynl-gen: improve unwind on parsing errors")
Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
 tools/net/ynl/pyynl/ynl_gen_c.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/net/ynl/pyynl/ynl_gen_c.py b/tools/net/ynl/pyynl/ynl_gen_c.py
index 52f955ed84a7f..fb7e03805a113 100755
--- a/tools/net/ynl/pyynl/ynl_gen_c.py
+++ b/tools/net/ynl/pyynl/ynl_gen_c.py
@@ -830,7 +830,7 @@ class TypeArrayNest(Type):
                      'ynl_attr_for_each_nested(attr2, attr) {',
                      '\tif (ynl_attr_validate(yarg, attr2))',
                      '\t\treturn YNL_PARSE_CB_ERROR;',
-                     f'\t{var}->_count.{self.c_name}++;',
+                     f'\tn_{self.c_name}++;',
                      '}']
         return get_lines, None, local_vars
 
-- 
2.50.1

[PATCH net 4/4] genetlink: fix typo in comment

[Asbjørn Sloth Tønnesen]

In this context "not that ..." should properly be "note that ...".

Fixes: b8fd60c36a44 ("genetlink: allow families to use split ops directly")
Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
 include/net/genetlink.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/net/genetlink.h b/include/net/genetlink.h
index a03d567658328..7b84f2cef8b1f 100644
--- a/include/net/genetlink.h
+++ b/include/net/genetlink.h
@@ -62,7 +62,7 @@ struct genl_info;
  * @small_ops: the small-struct operations supported by this family
  * @n_small_ops: number of small-struct operations supported by this family
  * @split_ops: the split do/dump form of operation definition
- * @n_split_ops: number of entries in @split_ops, not that with split do/dump
+ * @n_split_ops: number of entries in @split_ops, note that with split do/dump
  *	ops the number of entries is not the same as number of commands
  * @sock_priv_size: the size of per-socket private memory
  * @sock_priv_init: the per-socket private memory initializer
-- 
2.50.1

Re: [PATCH net 1/4] netlink: specs: fou: change local-v6/peer-v6 check

[Jakub Kicinski]

On Mon,  1 Sep 2025 14:50:20 +0000 Asbjørn Sloth Tønnesen wrote:
> While fixing the binary min-len implementaion, I noticed that
> the only user, should AFAICT be using exact-len instead.
> 
> In net/ipv4/fou_core.c FOU_ATTR_LOCAL_V6 and FOU_ATTR_PEER_V6
> are only used for singular IPv6 addresses, a exact-len policy,
> therefore seams like a better fit.
> 
> AFAICT this was caused by lacking support for the exact-len check
> at the time of the blamed commit, which was later remedied by
> c63ad379526 ("tools: ynl-gen: add support for exact-len validation").

No, take a look at 1d562c32e43. The intention was to keep the code
before and after the same. I agree that the check is not ideal but
it's not really a bug to ignore some input. So if you want to clean
this up -- net-next and no Fixes tag..

> This patch therefore changes the local-v6/peer-v6 attributes to
> use an exact-len check, instead of a min-len check.

Re: [PATCH net 2/4] tools: ynl-gen: use macro for binary min-len check

[Jakub Kicinski]

On Mon,  1 Sep 2025 14:50:21 +0000 Asbjørn Sloth Tønnesen wrote:
> This patch changes the generated min-len check for binary
> attributes to use the NLA_POLICY_MIN_LEN() macro, and thereby
> ensures that .validation_type is not left at NLA_VALIDATE_NONE.

Please test this well and include the results in the commit message.
I'm pretty sure it's fine as is.

Re: [PATCH net 3/4] tools: ynl-gen: fix nested array counting

[Jakub Kicinski]

On Mon,  1 Sep 2025 14:50:22 +0000 Asbjørn Sloth Tønnesen wrote:
> The blamed commit introduced the concept of split attribute
> counting, and later allocating an array to hold them, however
> TypeArrayNest wasn't updated to use the new counting variable.
> 
> Abbreviated example from tools/net/ynl/generated/nl80211-user.c:
> nl80211_if_combination_attributes_parse(...):
>   unsigned int n_limits = 0;
>   [...]
>   ynl_attr_for_each(attr, nlh, yarg->ys->family->hdr_len)
> 	if (type == NL80211_IFACE_COMB_LIMITS)
> 		ynl_attr_for_each_nested(attr2, attr)
> 			dst->_count.limits++;
>   if (n_limits) {
> 	dst->_count.limits = n_limits;
> 	/* allocate and parse attributes */
>   }
> 
> In the above example n_limits is guaranteed to always be 0,
> hence the conditional is unsatisfiable and is optimized out.
> 
> This patch changes the attribute counting to use n_limits++ in the
> attribute counting loop in the above example.

Looks good, thanks!

Reviewed-by: Jakub Kicinski <kuba@kernel.org>

Re: [PATCH net 4/4] genetlink: fix typo in comment

[Jakub Kicinski]

On Mon,  1 Sep 2025 14:50:23 +0000 Asbjørn Sloth Tønnesen wrote:
> In this context "not that ..." should properly be "note that ...".
> 
> Fixes: b8fd60c36a44 ("genetlink: allow families to use split ops directly")

Looks good, but this is not a fix, please repost without the Fixes tag
and for net-next.

Re: [PATCH net 2/4] tools: ynl-gen: use macro for binary min-len check

[Asbjørn Sloth Tønnesen]

Thank you for the quick reviews.

On 9/1/25 6:52 PM, Jakub Kicinski wrote:
> On Mon,  1 Sep 2025 14:50:21 +0000 Asbjørn Sloth Tønnesen wrote:
>> This patch changes the generated min-len check for binary
>> attributes to use the NLA_POLICY_MIN_LEN() macro, and thereby
>> ensures that .validation_type is not left at NLA_VALIDATE_NONE.
> 
> Please test this well and include the results in the commit message.
> I'm pretty sure it's fine as is.

You are right, because .type is unset, then .validation_type doesn't matter.

Sorry, I didn't do enough testing for the fixes, I had looked at the NLA_BINARY
case in validate_nla(), not NLA_UNSPEC.

Will re-post for net-next without fixes, and a new commit message.