From: Jakub Kicinski <kuba@kernel.org>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, edumazet@google.com, pabeni@redhat.com,
andrew+netdev@lunn.ch, horms@kernel.org,
Jakub Kicinski <kuba@kernel.org>,
kees@kernel.org, alok.a.tiwari@oracle.com
Subject: [PATCH net-next 1/2] genetlink: apply reject policy for split ops on the dispatch path
Date: Sat, 7 Mar 2026 12:44:24 -0800 [thread overview]
Message-ID: <20260307204425.1900467-1-kuba@kernel.org> (raw)
Commit 4fa86555d1cd ("genetlink: piggy back on resv_op to default to
a reject policy") added genl_policy_reject_all to ensure that ops
without an explicit policy reject all attributes rather than silently
accepting them. This change was applied to net.
When split ops were later introduced in net-next in
commit b8fd60c36a44 ("genetlink: allow families to use split ops directly"),
genl_op_fill_in_reject_policy_split() was added and called from
genl_op_from_split() (used for policy dumping and registration).
However, genl_get_cmd_split(), which is called for incoming messages,
copies split_ops entries as-is without applying the reject policy.
This means that split ops without policy accept all inputs.
This looks like an omission / mistake made when splitting the changes
between net and net-next. Let's try to re-introduce the checking.
Not considering this a fix given the regression potential.
If anyone reports issues we should probably fill in fake policies
for specific ops rather than reverting this.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
CC: kees@kernel.org
CC: alok.a.tiwari@oracle.com
---
net/netlink/genetlink.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index a23d4c51c089..656d32046147 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -250,6 +250,7 @@ genl_get_cmd_split(u32 cmd, u8 flag, const struct genl_family *family,
if (family->split_ops[i].cmd == cmd &&
family->split_ops[i].flags & flag) {
*op = family->split_ops[i];
+ genl_op_fill_in_reject_policy_split(family, op);
return 0;
}
--
2.53.0
next reply other threads:[~2026-03-07 20:44 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-07 20:44 Jakub Kicinski [this message]
2026-03-07 20:44 ` [PATCH net-next 2/2] selftests: net: make sure that Netlink rejects unknown attrs in dump Jakub Kicinski
2026-03-08 13:19 ` [syzbot ci] Re: genetlink: apply reject policy for split ops on the dispatch path syzbot ci
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260307204425.1900467-1-kuba@kernel.org \
--to=kuba@kernel.org \
--cc=alok.a.tiwari@oracle.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kees@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox