From: "Asbjørn Sloth Tønnesen" <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>
Cc: "Asbjørn Sloth Tønnesen" <ast@fiberby.net>,
"Donald Hunter" <donald.hunter@gmail.com>,
"Simon Horman" <horms@kernel.org>,
"Jacob Keller" <jacob.e.keller@intel.com>,
"Sabrina Dubroca" <sd@queasysnail.net>,
wireguard@lists.zx2c4.com, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH net-next v3 08/13] tools: ynl-gen: only validate nested array payload
Date: Thu, 11 Sep 2025 20:05:01 +0000 [thread overview]
Message-ID: <20250911200508.79341-9-ast@fiberby.net> (raw)
In-Reply-To: <20250911200508.79341-1-ast@fiberby.net>
In nested arrays don't require that the intermediate attribute
type should be a valid attribute type, it might just be zero
or an incrementing index, it is often not even used.
See include/net/netlink.h about NLA_NESTED_ARRAY:
> The difference to NLA_NESTED is the structure:
> NLA_NESTED has the nested attributes directly inside
> while an array has the nested attributes at another
> level down and the attribute types directly in the
> nesting don't matter.
Example based on include/uapi/linux/wireguard.h:
> WGDEVICE_A_PEERS: NLA_NESTED
> 0: NLA_NESTED
> WGPEER_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
> [..]
> 0: NLA_NESTED
> ...
> ...
Previous the check required that the nested type was valid in
the parent attribute set, which in this case resolves to
WGDEVICE_A_UNSPEC, which is YNL_PT_REJECT, and it took the
early exit and returned YNL_PARSE_CB_ERROR.
This patch adds a new helper, ynl_attr_validate_payload(),
which we can use to validate the payload of the nested
attribute, in the context of the parents attribute type,
and it's policy, which in the above case is generated as:
[WGDEVICE_A_PEERS] = {
.name = "peers",
.type = YNL_PT_NEST,
.nest = &wireguard_wgpeer_nest,
},
Some other examples are NL80211_BAND_ATTR_FREQS (nest) and
NL80211_ATTR_SUPPORTED_COMMANDS (u32).
Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
tools/net/ynl/lib/ynl-priv.h | 2 ++
tools/net/ynl/lib/ynl.c | 17 ++++++++++++++---
tools/net/ynl/pyynl/ynl_gen_c.py | 2 +-
3 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/tools/net/ynl/lib/ynl-priv.h b/tools/net/ynl/lib/ynl-priv.h
index 824777d7e05e..70ea14c0a0e9 100644
--- a/tools/net/ynl/lib/ynl-priv.h
+++ b/tools/net/ynl/lib/ynl-priv.h
@@ -107,6 +107,8 @@ struct nlmsghdr *
ynl_gemsg_start_dump(struct ynl_sock *ys, __u32 id, __u8 cmd, __u8 version);
int ynl_attr_validate(struct ynl_parse_arg *yarg, const struct nlattr *attr);
+int ynl_attr_validate_payload(struct ynl_parse_arg *yarg,
+ const struct nlattr *attr, unsigned int type);
int ynl_submsg_failed(struct ynl_parse_arg *yarg, const char *field_name,
const char *sel_name);
diff --git a/tools/net/ynl/lib/ynl.c b/tools/net/ynl/lib/ynl.c
index 2a169c3c0797..0daf39229587 100644
--- a/tools/net/ynl/lib/ynl.c
+++ b/tools/net/ynl/lib/ynl.c
@@ -360,15 +360,15 @@ static int ynl_cb_done(const struct nlmsghdr *nlh, struct ynl_parse_arg *yarg)
/* Attribute validation */
-int ynl_attr_validate(struct ynl_parse_arg *yarg, const struct nlattr *attr)
+static int __ynl_attr_validate(struct ynl_parse_arg *yarg,
+ const struct nlattr *attr, unsigned int type)
{
const struct ynl_policy_attr *policy;
- unsigned int type, len;
unsigned char *data;
+ unsigned int len;
data = ynl_attr_data(attr);
len = ynl_attr_data_len(attr);
- type = ynl_attr_type(attr);
if (type > yarg->rsp_policy->max_attr) {
yerr(yarg->ys, YNL_ERROR_INTERNAL,
"Internal error, validating unknown attribute");
@@ -450,6 +450,17 @@ int ynl_attr_validate(struct ynl_parse_arg *yarg, const struct nlattr *attr)
return 0;
}
+int ynl_attr_validate(struct ynl_parse_arg *yarg, const struct nlattr *attr)
+{
+ return __ynl_attr_validate(yarg, attr, ynl_attr_type(attr));
+}
+
+int ynl_attr_validate_payload(struct ynl_parse_arg *yarg,
+ const struct nlattr *attr, unsigned int type)
+{
+ return __ynl_attr_validate(yarg, attr, type);
+}
+
int ynl_submsg_failed(struct ynl_parse_arg *yarg, const char *field_name,
const char *sel_name)
{
diff --git a/tools/net/ynl/pyynl/ynl_gen_c.py b/tools/net/ynl/pyynl/ynl_gen_c.py
index d63b63ac0b8e..ab5b8d98cbda 100755
--- a/tools/net/ynl/pyynl/ynl_gen_c.py
+++ b/tools/net/ynl/pyynl/ynl_gen_c.py
@@ -831,7 +831,7 @@ class TypeArrayNest(Type):
local_vars = ['const struct nlattr *attr2;']
get_lines = [f'attr_{self.c_name} = attr;',
'ynl_attr_for_each_nested(attr2, attr) {',
- '\tif (ynl_attr_validate(yarg, attr2))',
+ '\tif (ynl_attr_validate_payload(yarg, attr2, type))',
'\t\treturn YNL_PARSE_CB_ERROR;',
f'\tn_{self.c_name}++;',
'}']
--
2.51.0
next prev parent reply other threads:[~2025-09-11 20:05 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-11 20:04 [PATCH net-next v3 00/13] tools: ynl: prepare for wireguard Asbjørn Sloth Tønnesen
2025-09-11 20:04 ` [PATCH net-next v3 01/13] tools: ynl-gen: allow overriding name-prefix for constants Asbjørn Sloth Tønnesen
2025-09-11 20:04 ` [PATCH net-next v3 02/13] tools: ynl-gen: generate nested array policies Asbjørn Sloth Tønnesen
2025-09-11 20:04 ` [PATCH net-next v3 03/13] tools: ynl-gen: add sub-type check Asbjørn Sloth Tønnesen
2025-09-11 20:04 ` [PATCH net-next v3 04/13] tools: ynl-gen: refactor local vars for .attr_put() callers Asbjørn Sloth Tønnesen
2025-09-12 11:23 ` Donald Hunter
2025-09-13 0:19 ` Jakub Kicinski
2025-09-13 23:14 ` Asbjørn Sloth Tønnesen
2025-09-11 20:04 ` [PATCH net-next v3 05/13] tools: ynl-gen: add CodeWriter.p_lines() helper Asbjørn Sloth Tønnesen
2025-09-13 0:21 ` Jakub Kicinski
2025-09-13 23:14 ` Asbjørn Sloth Tønnesen
2025-09-11 20:04 ` [PATCH net-next v3 06/13] tools: ynl-gen: deduplicate fixed_header handling Asbjørn Sloth Tønnesen
2025-09-12 11:24 ` Donald Hunter
2025-09-13 0:24 ` Jakub Kicinski
2025-09-13 23:14 ` Asbjørn Sloth Tønnesen
2025-09-11 20:05 ` [PATCH net-next v3 07/13] tools: ynl-gen: avoid repetitive variables definitions Asbjørn Sloth Tønnesen
2025-09-12 11:30 ` Donald Hunter
2025-09-11 20:05 ` Asbjørn Sloth Tønnesen [this message]
2025-09-13 0:27 ` [PATCH net-next v3 08/13] tools: ynl-gen: only validate nested array payload Jakub Kicinski
2025-09-13 23:14 ` Asbjørn Sloth Tønnesen
2025-09-11 20:05 ` [PATCH net-next v3 09/13] tools: ynl-gen: rename TypeArrayNest to TypeIndexedArray Asbjørn Sloth Tønnesen
2025-09-12 12:00 ` Donald Hunter
2025-09-11 20:05 ` [PATCH net-next v3 10/13] tools: ynl: move nest packing to a helper function Asbjørn Sloth Tønnesen
2025-09-11 20:05 ` [PATCH net-next v3 11/13] tools: ynl: encode indexed-arrays Asbjørn Sloth Tønnesen
2025-09-12 12:01 ` Donald Hunter
2025-09-11 20:05 ` [PATCH net-next v3 12/13] tools: ynl: decode hex input Asbjørn Sloth Tønnesen
2025-09-12 12:01 ` Donald Hunter
2025-09-11 20:05 ` [PATCH net-next v3 13/13] tools: ynl: add ipv4-or-v6 display hint Asbjørn Sloth Tønnesen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250911200508.79341-9-ast@fiberby.net \
--to=ast@fiberby.net \
--cc=Jason@zx2c4.com \
--cc=davem@davemloft.net \
--cc=donald.hunter@gmail.com \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=jacob.e.keller@intel.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sd@queasysnail.net \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).