diff mbox series

[net-next] tcp_metrics: use netlink policy for IPv6 addr len validation

Message ID 20240816212245.467745-1-kuba@kernel.org (mailing list archive)
State Accepted
Commit a2901083b1490a45df0700ac0aaa0730811cbf15
Delegated to: Netdev Maintainers
Headers show
Series [net-next] tcp_metrics: use netlink policy for IPv6 addr len validation | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 16 this patch: 16
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 5 of 5 maintainers
netdev/build_clang success Errors and warnings before: 16 this patch: 16
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 16 this patch: 16
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 23 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-08-17--00-00 (tests: 710)

Commit Message

Jakub Kicinski Aug. 16, 2024, 9:22 p.m. UTC 
Use the netlink policy to validate IPv6 address length.
Destination address currently has policy for max len set,
and source has no policy validation. In both cases
the code does the real check. With correct policy
check the code can be removed.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
CC: dsahern@kernel.org
---
 net/ipv4/tcp_metrics.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

Comments

Stephen Hemminger Aug. 16, 2024, 9:35 p.m. UTC | #1 
On Fri, 16 Aug 2024 14:22:44 -0700
Jakub Kicinski <kuba@kernel.org> wrote:

> Use the netlink policy to validate IPv6 address length.
> Destination address currently has policy for max len set,
> and source has no policy validation. In both cases
> the code does the real check. With correct policy
> check the code can be removed.
> 
> Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Reviewed-by: Stephen Hemminger <stephen@networkplumber.org>
David Ahern Aug. 17, 2024, 1:30 a.m. UTC | #2 
On 8/16/24 3:22 PM, Jakub Kicinski wrote:
> Use the netlink policy to validate IPv6 address length.
> Destination address currently has policy for max len set,
> and source has no policy validation. In both cases
> the code does the real check. With correct policy
> check the code can be removed.
> 
> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
> ---
> CC: dsahern@kernel.org
> ---
>  net/ipv4/tcp_metrics.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 

Reviewed-by: David Ahern <dsahern@kernel.org>
patchwork-bot+netdevbpf@kernel.org Aug. 20, 2024, 1 a.m. UTC | #3 
Hello:

This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Fri, 16 Aug 2024 14:22:44 -0700 you wrote:
> Use the netlink policy to validate IPv6 address length.
> Destination address currently has policy for max len set,
> and source has no policy validation. In both cases
> the code does the real check. With correct policy
> check the code can be removed.
> 
> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
> 
> [...]

Here is the summary with links:
  - [net-next] tcp_metrics: use netlink policy for IPv6 addr len validation
    https://git.kernel.org/netdev/net-next/c/a2901083b149

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
index b01eb6d94413..95669935494e 100644
--- a/net/ipv4/tcp_metrics.c
+++ b/net/ipv4/tcp_metrics.c
@@ -617,9 +617,13 @@  static struct genl_family tcp_metrics_nl_family;
 
 static const struct nla_policy tcp_metrics_nl_policy[TCP_METRICS_ATTR_MAX + 1] = {
 	[TCP_METRICS_ATTR_ADDR_IPV4]	= { .type = NLA_U32, },
-	[TCP_METRICS_ATTR_ADDR_IPV6]	= { .type = NLA_BINARY,
-					    .len = sizeof(struct in6_addr), },
+	[TCP_METRICS_ATTR_ADDR_IPV6]	=
+		NLA_POLICY_EXACT_LEN(sizeof(struct in6_addr)),
+
 	[TCP_METRICS_ATTR_SADDR_IPV4]	= { .type = NLA_U32, },
+	[TCP_METRICS_ATTR_SADDR_IPV6]	=
+		NLA_POLICY_EXACT_LEN(sizeof(struct in6_addr)),
+
 	/* Following attributes are not received for GET/DEL,
 	 * we keep them for reference
 	 */
@@ -811,8 +815,6 @@  static int __parse_nl_addr(struct genl_info *info, struct inetpeer_addr *addr,
 	if (a) {
 		struct in6_addr in6;
 
-		if (nla_len(a) != sizeof(struct in6_addr))
-			return -EINVAL;
 		in6 = nla_get_in6_addr(a);
 		inetpeer_set_addr_v6(addr, &in6);
 		if (hash)