From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Ahern <dsahern@gmail.com>
Subject: Re: [PATCH net] net/sched: cls_api: add missing validation of netlink
 attributes
Date: Tue, 9 Oct 2018 08:46:14 -0600
Message-ID: <72e8eeea-a4e7-e80d-217d-7ccf4cd71e0d@gmail.com>
References: <05f98d2d220d443c157fc797fecc22692eeaa0da.1539090183.git.dcaratti@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: netdev@vger.kernel.org
To: Davide Caratti <dcaratti@redhat.com>,
        "David S. Miller" <davem@davemloft.net>,
        Jamal Hadi Salim <jhs@mojatatu.com>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-pf1-f196.google.com ([209.85.210.196]:41247 "EHLO
        mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726415AbeJIWDf (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 9 Oct 2018 18:03:35 -0400
Received: by mail-pf1-f196.google.com with SMTP id m77-v6so958746pfi.8
        for <netdev@vger.kernel.org>; Tue, 09 Oct 2018 07:46:18 -0700 (PDT)
In-Reply-To: <05f98d2d220d443c157fc797fecc22692eeaa0da.1539090183.git.dcaratti@redhat.com>
Content-Language: en-US
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On 10/9/18 7:10 AM, Davide Caratti wrote:
> Similarly to what has been done in 8b4c3cdd9dd8 ("net: sched: Add policy
> validation for tc attributes"), add validation for TCA_CHAIN and TCA_KIND
> netlink attributes.
> 
> tested with:
>  # ./tdc.py -c filter
> 
> Fixes: 5bc1701881e39 ("net: sched: introduce multichain support for filters")
> Signed-off-by: Davide Caratti <dcaratti@redhat.com>
> ---
>  net/sched/cls_api.c | 16 +++++++++++-----
>  1 file changed, 11 insertions(+), 5 deletions(-)
> 
> diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
> index 0a75cb2e5e7b..fb1afc0e130d 100644
> --- a/net/sched/cls_api.c
> +++ b/net/sched/cls_api.c
> @@ -37,6 +37,11 @@ static LIST_HEAD(tcf_proto_base);
>  /* Protects list of registered TC modules. It is pure SMP lock. */
>  static DEFINE_RWLOCK(cls_mod_lock);
>  
> +const struct nla_policy cls_tca_policy[TCA_MAX + 1] = {
> +	[TCA_KIND]	= { .type = NLA_STRING },
> +	[TCA_CHAIN]	= { .type = NLA_U32 },
> +};
> +

That should be static since it can not be used outside this module.

it be nice to have a tc_common module so this stuff does not have to be
defined multiple times.