[PATCH net v2 0/2] tools: ynl: fix impossible errors

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH net v2 0/2] tools: ynl: fix impossible errors
@ 2024-02-20 16:11 Jakub Kicinski
  2024-02-20 16:11 ` [PATCH net v2 1/2] tools: ynl: make sure we always pass yarg to mnl_cb_run Jakub Kicinski
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Jakub Kicinski @ 2024-02-20 16:11 UTC (permalink / raw)
  To: davem
  Cc: netdev, edumazet, pabeni, chuck.lever, jiri, nicolas.dichtel,
	willemb, Jakub Kicinski

Fix bugs discovered while I was hacking in low level stuff in YNL
and kept breaking the socket, exercising the "impossible" error paths.

v2:
 - drop the first patch, the bad header guards only exist in net-next
v1: https://lore.kernel.org/all/20240217001742.2466993-1-kuba@kernel.org/

Jakub Kicinski (2):
  tools: ynl: make sure we always pass yarg to mnl_cb_run
  tools: ynl: don't leak mcast_groups on init error

 tools/net/ynl/lib/ynl.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

-- 
2.43.0


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH net v2 1/2] tools: ynl: make sure we always pass yarg to mnl_cb_run
  2024-02-20 16:11 [PATCH net v2 0/2] tools: ynl: fix impossible errors Jakub Kicinski
@ 2024-02-20 16:11 ` Jakub Kicinski
  2024-02-20 16:11 ` [PATCH net v2 2/2] tools: ynl: don't leak mcast_groups on init error Jakub Kicinski
  2024-02-22  1:20 ` [PATCH net v2 0/2] tools: ynl: fix impossible errors patchwork-bot+netdevbpf
  2 siblings, 0 replies; 4+ messages in thread
From: Jakub Kicinski @ 2024-02-20 16:11 UTC (permalink / raw)
  To: davem
  Cc: netdev, edumazet, pabeni, chuck.lever, jiri, nicolas.dichtel,
	willemb, Jakub Kicinski

There is one common error handler in ynl - ynl_cb_error().
It expects priv to be a pointer to struct ynl_parse_arg AKA yarg.
To avoid potential crashes if we encounter a stray NLMSG_ERROR
always pass yarg as priv (or a struct which has it as the first
member).

ynl_cb_null() has a similar problem directly - it expects yarg
but priv passed by the caller is ys.

Found by code inspection.

Fixes: 86878f14d71a ("tools: ynl: user space helpers")
Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
Further cleanup to enforce the types in net-next..
---
CC: nicolas.dichtel@6wind.com
CC: willemb@google.com
---
 tools/net/ynl/lib/ynl.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/tools/net/ynl/lib/ynl.c b/tools/net/ynl/lib/ynl.c
index c82a7f41b31c..9e41c8c0cc99 100644
--- a/tools/net/ynl/lib/ynl.c
+++ b/tools/net/ynl/lib/ynl.c
@@ -466,6 +466,8 @@ ynl_gemsg_start_dump(struct ynl_sock *ys, __u32 id, __u8 cmd, __u8 version)
 
 int ynl_recv_ack(struct ynl_sock *ys, int ret)
 {
+	struct ynl_parse_arg yarg = { .ys = ys, };
+
 	if (!ret) {
 		yerr(ys, YNL_ERROR_EXPECT_ACK,
 		     "Expecting an ACK but nothing received");
@@ -478,7 +480,7 @@ int ynl_recv_ack(struct ynl_sock *ys, int ret)
 		return ret;
 	}
 	return mnl_cb_run(ys->rx_buf, ret, ys->seq, ys->portid,
-			  ynl_cb_null, ys);
+			  ynl_cb_null, &yarg);
 }
 
 int ynl_cb_null(const struct nlmsghdr *nlh, void *data)
@@ -741,11 +743,14 @@ static int ynl_ntf_parse(struct ynl_sock *ys, const struct nlmsghdr *nlh)
 
 static int ynl_ntf_trampoline(const struct nlmsghdr *nlh, void *data)
 {
-	return ynl_ntf_parse((struct ynl_sock *)data, nlh);
+	struct ynl_parse_arg *yarg = data;
+
+	return ynl_ntf_parse(yarg->ys, nlh);
 }
 
 int ynl_ntf_check(struct ynl_sock *ys)
 {
+	struct ynl_parse_arg yarg = { .ys = ys, };
 	ssize_t len;
 	int err;
 
@@ -767,7 +772,7 @@ int ynl_ntf_check(struct ynl_sock *ys)
 			return len;
 
 		err = mnl_cb_run2(ys->rx_buf, len, ys->seq, ys->portid,
-				  ynl_ntf_trampoline, ys,
+				  ynl_ntf_trampoline, &yarg,
 				  ynl_cb_array, NLMSG_MIN_TYPE);
 		if (err < 0)
 			return err;
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH net v2 2/2] tools: ynl: don't leak mcast_groups on init error
  2024-02-20 16:11 [PATCH net v2 0/2] tools: ynl: fix impossible errors Jakub Kicinski
  2024-02-20 16:11 ` [PATCH net v2 1/2] tools: ynl: make sure we always pass yarg to mnl_cb_run Jakub Kicinski
@ 2024-02-20 16:11 ` Jakub Kicinski
  2024-02-22  1:20 ` [PATCH net v2 0/2] tools: ynl: fix impossible errors patchwork-bot+netdevbpf
  2 siblings, 0 replies; 4+ messages in thread
From: Jakub Kicinski @ 2024-02-20 16:11 UTC (permalink / raw)
  To: davem
  Cc: netdev, edumazet, pabeni, chuck.lever, jiri, nicolas.dichtel,
	willemb, Jakub Kicinski

Make sure to free the already-parsed mcast_groups if
we don't get an ack from the kernel when reading family info.
This is part of the ynl_sock_create() error path, so we won't
get a call to ynl_sock_destroy() to free them later.

Fixes: 86878f14d71a ("tools: ynl: user space helpers")
Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
CC: nicolas.dichtel@6wind.com
CC: willemb@google.com
---
 tools/net/ynl/lib/ynl.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tools/net/ynl/lib/ynl.c b/tools/net/ynl/lib/ynl.c
index 9e41c8c0cc99..6e6d474c8366 100644
--- a/tools/net/ynl/lib/ynl.c
+++ b/tools/net/ynl/lib/ynl.c
@@ -588,7 +588,13 @@ static int ynl_sock_read_family(struct ynl_sock *ys, const char *family_name)
 		return err;
 	}
 
-	return ynl_recv_ack(ys, err);
+	err = ynl_recv_ack(ys, err);
+	if (err < 0) {
+		free(ys->mcast_groups);
+		return err;
+	}
+
+	return 0;
 }
 
 struct ynl_sock *
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH net v2 0/2] tools: ynl: fix impossible errors
  2024-02-20 16:11 [PATCH net v2 0/2] tools: ynl: fix impossible errors Jakub Kicinski
  2024-02-20 16:11 ` [PATCH net v2 1/2] tools: ynl: make sure we always pass yarg to mnl_cb_run Jakub Kicinski
  2024-02-20 16:11 ` [PATCH net v2 2/2] tools: ynl: don't leak mcast_groups on init error Jakub Kicinski
@ 2024-02-22  1:20 ` patchwork-bot+netdevbpf
  2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-02-22  1:20 UTC (permalink / raw)
  To: Jakub Kicinski
  Cc: davem, netdev, edumazet, pabeni, chuck.lever, jiri,
	nicolas.dichtel, willemb

Hello:

This series was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Tue, 20 Feb 2024 08:11:10 -0800 you wrote:
> Fix bugs discovered while I was hacking in low level stuff in YNL
> and kept breaking the socket, exercising the "impossible" error paths.
> 
> v2:
>  - drop the first patch, the bad header guards only exist in net-next
> v1: https://lore.kernel.org/all/20240217001742.2466993-1-kuba@kernel.org/
> 
> [...]

Here is the summary with links:
  - [net,v2,1/2] tools: ynl: make sure we always pass yarg to mnl_cb_run
    https://git.kernel.org/netdev/net/c/e4fe082c38cd
  - [net,v2,2/2] tools: ynl: don't leak mcast_groups on init error
    https://git.kernel.org/netdev/net/c/5d78b73e8514

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-02-22  1:20 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-20 16:11 [PATCH net v2 0/2] tools: ynl: fix impossible errors Jakub Kicinski
2024-02-20 16:11 ` [PATCH net v2 1/2] tools: ynl: make sure we always pass yarg to mnl_cb_run Jakub Kicinski
2024-02-20 16:11 ` [PATCH net v2 2/2] tools: ynl: don't leak mcast_groups on init error Jakub Kicinski
2024-02-22  1:20 ` [PATCH net v2 0/2] tools: ynl: fix impossible errors patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).