| Message ID | 20231228064358.3042747-1-linma@zju.edu.cn (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 2ab1efad60ad119b616722b81eeb73060728028c |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net-next,v2] net/sched: cls_api: complement tcf_tfilter_dump_policy | expand |
On Thu, Dec 28, 2023 at 1:44 AM Lin Ma <linma@zju.edu.cn> wrote: > > In function `tc_dump_tfilter`, the attributes array is parsed via > tcf_tfilter_dump_policy which only describes TCA_DUMP_FLAGS. However, > the NLA TCA_CHAIN is also accessed with `nla_get_u32`. > > The access to TCA_CHAIN is introduced in commit 5bc1701881e3 ("net: > sched: introduce multichain support for filters") and no nla_policy is > provided for parsing at that point. Later on, tcf_tfilter_dump_policy is > introduced in commit f8ab1807a9c9 ("net: sched: introduce terse dump > flag") while still ignoring the fact that TCA_CHAIN needs a check. This > patch does that by complementing the policy to allow the access > discussed here can be safe as other cases just choose rtm_tca_policy as > the parsing policy. > > Signed-off-by: Lin Ma <linma@zju.edu.cn> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> cheers, jamal > --- > V1 -> V2: send to net-next as told by Jamal <jhs@mojatatu.com> > > net/sched/cls_api.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c > index 1976bd163986..2b5b8eca2ee3 100644 > --- a/net/sched/cls_api.c > +++ b/net/sched/cls_api.c > @@ -2732,6 +2732,7 @@ static bool tcf_chain_dump(struct tcf_chain *chain, struct Qdisc *q, u32 parent, > } > > static const struct nla_policy tcf_tfilter_dump_policy[TCA_MAX + 1] = { > + [TCA_CHAIN] = { .type = NLA_U32 }, > [TCA_DUMP_FLAGS] = NLA_POLICY_BITFIELD32(TCA_DUMP_FLAGS_TERSE), > }; > > -- > 2.17.1 >
On Thu, Dec 28, 2023 at 02:43:58PM +0800, Lin Ma wrote: > In function `tc_dump_tfilter`, the attributes array is parsed via > tcf_tfilter_dump_policy which only describes TCA_DUMP_FLAGS. However, > the NLA TCA_CHAIN is also accessed with `nla_get_u32`. > > The access to TCA_CHAIN is introduced in commit 5bc1701881e3 ("net: > sched: introduce multichain support for filters") and no nla_policy is > provided for parsing at that point. Later on, tcf_tfilter_dump_policy is > introduced in commit f8ab1807a9c9 ("net: sched: introduce terse dump > flag") while still ignoring the fact that TCA_CHAIN needs a check. This > patch does that by complementing the policy to allow the access > discussed here can be safe as other cases just choose rtm_tca_policy as > the parsing policy. > This patch looks good but you could use NLA_POLICY_MAX() to validate TCA_CHAIN while you are on it. Thanks.
Hello: This patch was applied to netdev/net-next.git (main) by David S. Miller <davem@davemloft.net>: On Thu, 28 Dec 2023 14:43:58 +0800 you wrote: > In function `tc_dump_tfilter`, the attributes array is parsed via > tcf_tfilter_dump_policy which only describes TCA_DUMP_FLAGS. However, > the NLA TCA_CHAIN is also accessed with `nla_get_u32`. > > The access to TCA_CHAIN is introduced in commit 5bc1701881e3 ("net: > sched: introduce multichain support for filters") and no nla_policy is > provided for parsing at that point. Later on, tcf_tfilter_dump_policy is > introduced in commit f8ab1807a9c9 ("net: sched: introduce terse dump > flag") while still ignoring the fact that TCA_CHAIN needs a check. This > patch does that by complementing the policy to allow the access > discussed here can be safe as other cases just choose rtm_tca_policy as > the parsing policy. > > [...] Here is the summary with links: - [net-next,v2] net/sched: cls_api: complement tcf_tfilter_dump_policy https://git.kernel.org/netdev/net-next/c/2ab1efad60ad You are awesome, thank you!
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c index 1976bd163986..2b5b8eca2ee3 100644 --- a/net/sched/cls_api.c +++ b/net/sched/cls_api.c @@ -2732,6 +2732,7 @@ static bool tcf_chain_dump(struct tcf_chain *chain, struct Qdisc *q, u32 parent, } static const struct nla_policy tcf_tfilter_dump_policy[TCA_MAX + 1] = { + [TCA_CHAIN] = { .type = NLA_U32 }, [TCA_DUMP_FLAGS] = NLA_POLICY_BITFIELD32(TCA_DUMP_FLAGS_TERSE), };
In function `tc_dump_tfilter`, the attributes array is parsed via tcf_tfilter_dump_policy which only describes TCA_DUMP_FLAGS. However, the NLA TCA_CHAIN is also accessed with `nla_get_u32`. The access to TCA_CHAIN is introduced in commit 5bc1701881e3 ("net: sched: introduce multichain support for filters") and no nla_policy is provided for parsing at that point. Later on, tcf_tfilter_dump_policy is introduced in commit f8ab1807a9c9 ("net: sched: introduce terse dump flag") while still ignoring the fact that TCA_CHAIN needs a check. This patch does that by complementing the policy to allow the access discussed here can be safe as other cases just choose rtm_tca_policy as the parsing policy. Signed-off-by: Lin Ma <linma@zju.edu.cn> --- V1 -> V2: send to net-next as told by Jamal <jhs@mojatatu.com> net/sched/cls_api.c | 1 + 1 file changed, 1 insertion(+)