From mboxrd@z Thu Jan 1 00:00:00 1970 From: Johannes Berg Subject: Re: [PATCH] netlink: add policy attribute range validation Date: Wed, 26 Sep 2018 22:17:46 +0200 Message-ID: <1537993066.28767.29.camel@sipsolutions.net> References: <20180926200630.23399-1-johannes@sipsolutions.net> (sfid-20180926_220654_781731_7A389A4D) Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit To: linux-wireless@vger.kernel.org, netdev@vger.kernel.org Return-path: Received: from s3.sipsolutions.net ([144.76.43.62]:46102 "EHLO sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726421AbeI0Ccn (ORCPT ); Wed, 26 Sep 2018 22:32:43 -0400 In-Reply-To: <20180926200630.23399-1-johannes@sipsolutions.net> (sfid-20180926_220654_781731_7A389A4D) Sender: netdev-owner@vger.kernel.org List-ID: On Wed, 2018-09-26 at 22:06 +0200, Johannes Berg wrote: > From: Johannes Berg > > Without further bloating the policy structs, we can overload > the `validation_data' pointer with a struct of s16 min, max > and use those to validate ranges in NLA_{U,S}{8,16,32,64} > attributes. > > It may sound strange to validate NLA_U32 with a s16 max, but > in many cases NLA_U32 is used for enums etc. since there's no > size benefit in using a smaller attribute width anyway, due > to netlink attribute alignment; in cases like that it's still > useful, particularly when the attribute really transports an > enum value. That said, I did find a few places where we could benefit from a larger type here - e.g. having a NLA_U16 that must be non-zero cannot be represented in the policy as is, since you can't set max to 65535. However, I don't think we want to push the policy struct to 12 bytes on 32-bit platforms? It's currently 16 bytes on 64-bit due to the pointer (and alignment), but only 8 bytes on 32-bit. Keeping the few places that needed this validation is unlikely to be a larger win than the policy size increase due to the larger type. johannes