* [PATCH net-next v2] openvswitch: Stricter validation for the userspace action
@ 2025-05-12 8:08 Eelco Chaudron
2025-05-12 17:18 ` Simon Horman
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Eelco Chaudron @ 2025-05-12 8:08 UTC (permalink / raw)
To: netdev
Cc: dev, aconole, echaudro, i.maximets, davem, edumazet, kuba, pabeni,
horms
This change enhances the robustness of validate_userspace() by ensuring
that all Netlink attributes are fully contained within the parent
attribute. The previous use of nla_parse_nested_deprecated() could
silently skip trailing or malformed attributes, as it stops parsing at
the first invalid entry.
By switching to nla_parse_deprecated_strict(), we make sure only fully
validated attributes are copied for later use.
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
---
v2: Changed commit message based on Ilya's feedback.
---
net/openvswitch/flow_netlink.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
index 518be23e48ea..ad64bb9ab5e2 100644
--- a/net/openvswitch/flow_netlink.c
+++ b/net/openvswitch/flow_netlink.c
@@ -3049,7 +3049,8 @@ static int validate_userspace(const struct nlattr *attr)
struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1];
int error;
- error = nla_parse_nested_deprecated(a, OVS_USERSPACE_ATTR_MAX, attr,
+ error = nla_parse_deprecated_strict(a, OVS_USERSPACE_ATTR_MAX,
+ nla_data(attr), nla_len(attr),
userspace_policy, NULL);
if (error)
return error;
--
2.47.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH net-next v2] openvswitch: Stricter validation for the userspace action
2025-05-12 8:08 [PATCH net-next v2] openvswitch: Stricter validation for the userspace action Eelco Chaudron
@ 2025-05-12 17:18 ` Simon Horman
2025-05-12 19:19 ` Ilya Maximets
2025-05-15 2:20 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Simon Horman @ 2025-05-12 17:18 UTC (permalink / raw)
To: Eelco Chaudron
Cc: netdev, dev, aconole, i.maximets, davem, edumazet, kuba, pabeni
On Mon, May 12, 2025 at 10:08:24AM +0200, Eelco Chaudron wrote:
> This change enhances the robustness of validate_userspace() by ensuring
> that all Netlink attributes are fully contained within the parent
> attribute. The previous use of nla_parse_nested_deprecated() could
> silently skip trailing or malformed attributes, as it stops parsing at
> the first invalid entry.
>
> By switching to nla_parse_deprecated_strict(), we make sure only fully
> validated attributes are copied for later use.
>
> Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
> ---
> v2: Changed commit message based on Ilya's feedback.
Reviewed-by: Simon Horman <horms@kernel.org>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net-next v2] openvswitch: Stricter validation for the userspace action
2025-05-12 8:08 [PATCH net-next v2] openvswitch: Stricter validation for the userspace action Eelco Chaudron
2025-05-12 17:18 ` Simon Horman
@ 2025-05-12 19:19 ` Ilya Maximets
2025-05-15 2:20 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Ilya Maximets @ 2025-05-12 19:19 UTC (permalink / raw)
To: Eelco Chaudron, netdev
Cc: i.maximets, dev, aconole, davem, edumazet, kuba, pabeni, horms
On 5/12/25 10:08 AM, Eelco Chaudron wrote:
> This change enhances the robustness of validate_userspace() by ensuring
> that all Netlink attributes are fully contained within the parent
> attribute. The previous use of nla_parse_nested_deprecated() could
> silently skip trailing or malformed attributes, as it stops parsing at
> the first invalid entry.
>
> By switching to nla_parse_deprecated_strict(), we make sure only fully
> validated attributes are copied for later use.
Just to re-iterate for anyone reading this thread, copying non-validated
attributes is not a problem as they will be ignored during execution.
The change looks fine to me, thanks!
Acked-by: Ilya Maximets <i.maximets@ovn.org>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net-next v2] openvswitch: Stricter validation for the userspace action
2025-05-12 8:08 [PATCH net-next v2] openvswitch: Stricter validation for the userspace action Eelco Chaudron
2025-05-12 17:18 ` Simon Horman
2025-05-12 19:19 ` Ilya Maximets
@ 2025-05-15 2:20 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2025-05-15 2:20 UTC (permalink / raw)
To: Eelco Chaudron
Cc: netdev, dev, aconole, i.maximets, davem, edumazet, kuba, pabeni,
horms
Hello:
This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Mon, 12 May 2025 10:08:24 +0200 you wrote:
> This change enhances the robustness of validate_userspace() by ensuring
> that all Netlink attributes are fully contained within the parent
> attribute. The previous use of nla_parse_nested_deprecated() could
> silently skip trailing or malformed attributes, as it stops parsing at
> the first invalid entry.
>
> By switching to nla_parse_deprecated_strict(), we make sure only fully
> validated attributes are copied for later use.
>
> [...]
Here is the summary with links:
- [net-next,v2] openvswitch: Stricter validation for the userspace action
https://git.kernel.org/netdev/net-next/c/88906f559541
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-05-15 2:19 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-12 8:08 [PATCH net-next v2] openvswitch: Stricter validation for the userspace action Eelco Chaudron
2025-05-12 17:18 ` Simon Horman
2025-05-12 19:19 ` Ilya Maximets
2025-05-15 2:20 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).