From: Jakub Kicinski <kuba@kernel.org>
To: Petr Machata <petrm@nvidia.com>
Cc: Daniel Machon <daniel.machon@microchip.com>,
<netdev@vger.kernel.org>, <davem@davemloft.net>,
<maxime.chevallier@bootlin.com>, <thomas.petazzoni@bootlin.com>,
<edumazet@google.com>, <pabeni@redhat.com>,
<lars.povlsen@microchip.com>, <Steen.Hegelund@microchip.com>,
<UNGLinuxDriver@microchip.com>, <joe@perches.com>,
<linux@armlinux.org.uk>, <horatiu.vultur@microchip.com>,
<Julia.Lawall@inria.fr>, <vladimir.oltean@nxp.com>,
<linux-kernel@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH net-next v2 1/6] net: dcb: add new pcp selector to app object
Date: Fri, 30 Sep 2022 17:54:52 -0700 [thread overview]
Message-ID: <20220930175452.1937dadd@kernel.org> (raw)
In-Reply-To: <87leq1uiyc.fsf@nvidia.com>
On Fri, 30 Sep 2022 14:20:50 +0200 Petr Machata wrote:
> > @@ -1495,7 +1536,7 @@ static int dcbnl_ieee_set(struct net_device *netdev, struct nlmsghdr *nlh,
> > nla_for_each_nested(attr, ieee[DCB_ATTR_IEEE_APP_TABLE], rem) {
> > struct dcb_app *app_data;
> >
> > - if (nla_type(attr) != DCB_ATTR_IEEE_APP)
> > + if (!dcbnl_app_attr_type_validate(nla_type(attr)))
>
> Oh no! It wasn't validating the DCB_ATTR_IEEE_APP_TABLE nest against a
> policy! Instead it was just skipping whatever is not DCB_ATTR_IEEE_APP.
>
> So userspace was permitted to shove random crap down here, and it would
> just quietly be ignored. We can't start reinterpreting some of that crap
> as information. We also can't start bouncing it.
Are you saying that we can't start interpreting new attr types?
"Traditionally" netlink ignored new attr types so from that perspective
starting to interpret new types is pretty "run of the mill" for netlink.
IOW *_deprecated() parsing routines do not use NL_VALIDATE_MAXTYPE.
That does put netlink in a bit of a special category when it comes to
input validation, but really putting in a random but valid attr is much
harder than not initializing a struct member. Is there user space which
does that?
Sorry if I'm misinterpreting the situation.
> This needs to be done differently.
>
> One API "hole" that I see is that payload with size < struct dcb_app
> gets bounced.
>
> We can pack the new stuff into a smaller payload. The inner attribute
> would not be DCB_ATTR_DCB_APP, but say DCB_ATTR_DCB_PCP, which would
> imply the selector. The payload can be struct { u8 prio; u16 proto; }.
> This would have been bounced by the old UAPI, so we know no userspace
> makes use of that.
>
> We can treat the output similarly.
next prev parent reply other threads:[~2022-10-01 0:55 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-29 18:52 [PATCH net-next v2 0/6] Add new PCP and APPTRUST attributes to dcbnl Daniel Machon
2022-09-29 18:52 ` [PATCH net-next v2 1/6] net: dcb: add new pcp selector to app object Daniel Machon
2022-09-30 12:20 ` Petr Machata
2022-09-30 15:41 ` Petr Machata
2022-10-01 0:54 ` Jakub Kicinski [this message]
2022-10-03 7:52 ` Petr Machata
2022-10-03 16:25 ` Jakub Kicinski
2022-10-03 21:59 ` Daniel.Machon
2022-10-03 23:34 ` Jakub Kicinski
2022-10-04 10:56 ` Petr Machata
2022-10-04 10:20 ` Petr Machata
2022-10-04 10:52 ` Petr Machata
2022-10-04 19:51 ` Jakub Kicinski
2022-10-03 6:48 ` Daniel.Machon
2022-10-03 8:22 ` Petr Machata
2022-10-03 9:33 ` Daniel.Machon
2022-10-05 10:09 ` Petr Machata
2022-09-29 18:52 ` [PATCH net-next v2 2/6] net: dcb: add new apptrust attribute Daniel Machon
2022-09-30 13:03 ` Petr Machata
2022-09-29 18:52 ` [PATCH net-next v2 3/6] net: microchip: sparx5: add support for offloading pcp table Daniel Machon
2022-09-30 20:44 ` kernel test robot
2022-09-29 18:52 ` [PATCH net-next v2 4/6] net: microchip: sparx5: add support for apptrust Daniel Machon
2022-09-30 15:49 ` Petr Machata
2022-10-03 6:52 ` Daniel.Machon
2022-10-03 8:01 ` Petr Machata
2022-10-03 8:17 ` Daniel.Machon
2022-10-03 9:34 ` Petr Machata
2022-09-29 18:52 ` [PATCH net-next v2 5/6] net: microchip: sparx5: add support for offloading dscp table Daniel Machon
2022-09-30 23:23 ` kernel test robot
2022-09-29 18:52 ` [PATCH net-next v2 6/6] net: microchip: sparx5: add support for offloading default prio Daniel Machon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220930175452.1937dadd@kernel.org \
--to=kuba@kernel.org \
--cc=Julia.Lawall@inria.fr \
--cc=Steen.Hegelund@microchip.com \
--cc=UNGLinuxDriver@microchip.com \
--cc=daniel.machon@microchip.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horatiu.vultur@microchip.com \
--cc=joe@perches.com \
--cc=lars.povlsen@microchip.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=maxime.chevallier@bootlin.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=petrm@nvidia.com \
--cc=thomas.petazzoni@bootlin.com \
--cc=vladimir.oltean@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).