[net-next,v8,01/24] netlink: add NLA_POLICY_MAX_LEN macro

Message ID	20241002-b4-ovpn-v8-1-37ceffcffbde@openvpn.net (mailing list archive)
State	New
Headers	show Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A12BF19755A for <linux-kselftest@vger.kernel.org>; Wed, 2 Oct 2024 09:03:20 +0000 (UTC) From: Antonio Quartulli <antonio@openvpn.net> Date: Wed, 02 Oct 2024 11:02:15 +0200 Subject: [PATCH net-next v8 01/24] netlink: add NLA_POLICY_MAX_LEN macro Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20241002-b4-ovpn-v8-1-37ceffcffbde@openvpn.net> References: <20241002-b4-ovpn-v8-0-37ceffcffbde@openvpn.net> In-Reply-To: <20241002-b4-ovpn-v8-0-37ceffcffbde@openvpn.net> To: Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Donald Hunter <donald.hunter@gmail.com>, Antonio Quartulli <antonio@openvpn.net>, Shuah Khan <shuah@kernel.org> Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, sd@queasysnail.net, ryazanov.s.a@gmail.com
Series	Introducing OpenVPN Data Channel Offload \| expand [net-next,v8,00/24] Introducing OpenVPN Data Channel Offload [net-next,v8,01/24] netlink: add NLA_POLICY_MAX_LEN macro [net-next,v8,02/24] net: introduce OpenVPN Data Channel Offload (ovpn) [net-next,v8,03/24] ovpn: add basic netlink support [net-next,v8,04/24] ovpn: add basic interface creation/destruction/management routines [net-next,v8,05/24] ovpn: implement interface creation/destruction via netlink [net-next,v8,06/24] ovpn: keep carrier always on [net-next,v8,07/24] ovpn: introduce the ovpn_peer object [net-next,v8,08/24] ovpn: introduce the ovpn_socket object [net-next,v8,09/24] ovpn: implement basic TX path (UDP) [net-next,v8,10/24] ovpn: implement basic RX path (UDP) [net-next,v8,11/24] ovpn: implement packet processing [net-next,v8,12/24] ovpn: store tunnel and transport statistics [net-next,v8,13/24] ovpn: implement TCP transport [net-next,v8,14/24] ovpn: implement multi-peer support [net-next,v8,15/24] ovpn: implement peer lookup logic [net-next,v8,16/24] ovpn: implement keepalive mechanism [net-next,v8,17/24] ovpn: add support for updating local UDP endpoint [net-next,v8,18/24] ovpn: add support for peer floating [net-next,v8,19/24] ovpn: implement peer add/dump/delete via netlink [net-next,v8,20/24] ovpn: implement key add/del/swap via netlink [net-next,v8,21/24] ovpn: kill key and notify userspace in case of IV exhaustion [net-next,v8,22/24] ovpn: notify userspace when a peer is deleted [net-next,v8,23/24] ovpn: add basic ethtool support [net-next,v8,24/24] testing/selftest: add test tool and scripts for ovpn module

Antonio Quartulli Oct. 2, 2024, 9:02 a.m. UTC

Similarly to NLA_POLICY_MIN_LEN, NLA_POLICY_MAX_LEN defines a policy
with a maximum length value.

The netlink generator for YAML specs has been extended accordingly.

Cc: donald.hunter@gmail.com
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
 include/net/netlink.h      | 1 +
 tools/net/ynl/ynl-gen-c.py | 2 ++
 2 files changed, 3 insertions(+)

Donald Hunter Oct. 4, 2024, 12:58 p.m. UTC | #1

Antonio Quartulli <antonio@openvpn.net> writes:

> Similarly to NLA_POLICY_MIN_LEN, NLA_POLICY_MAX_LEN defines a policy
> with a maximum length value.
>
> The netlink generator for YAML specs has been extended accordingly.
>
> Cc: donald.hunter@gmail.com
> Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
> ---
>  include/net/netlink.h      | 1 +
>  tools/net/ynl/ynl-gen-c.py | 2 ++
>  2 files changed, 3 insertions(+)
>
> diff --git a/include/net/netlink.h b/include/net/netlink.h
> index db6af207287c839408c58cb28b82408e0548eaca..2dc671c977ff3297975269d236264907009703d3 100644
> --- a/include/net/netlink.h
> +++ b/include/net/netlink.h
> @@ -469,6 +469,7 @@ struct nla_policy {
>  	.max = _len						\
>  }
>  #define NLA_POLICY_MIN_LEN(_len)	NLA_POLICY_MIN(NLA_BINARY, _len)
> +#define NLA_POLICY_MAX_LEN(_len)	NLA_POLICY_MAX(NLA_BINARY, _len)
>  
>  /**
>   * struct nl_info - netlink source information
> diff --git a/tools/net/ynl/ynl-gen-c.py b/tools/net/ynl/ynl-gen-c.py
> index 717530bc9c52e7cfa897814870b4583c88618a27..3ccbb301be87f80bbcf03da63d60f58c4fedc1c8 100755
> --- a/tools/net/ynl/ynl-gen-c.py
> +++ b/tools/net/ynl/ynl-gen-c.py
> @@ -466,6 +466,8 @@ class TypeBinary(Type):
>      def _attr_policy(self, policy):
>          if 'exact-len' in self.checks:
>              mem = 'NLA_POLICY_EXACT_LEN(' + str(self.get_limit('exact-len')) + ')'
> +        elif 'max-len' in self.checks:
> +            mem = 'NLA_POLICY_MAX_LEN(' + str(self.get_limit('max-len')) + ')'

This takes precedence over min-length. What if both are set? The logic
should probably check and use NLA_POLICY_RANGE

>          else:
>              mem = '{ '
>              if len(self.checks) == 1 and 'min-len' in self.checks:

Perhaps this should use NLA_POLICY_MIN_LEN ? In fact the current code
looks broken to me because the NLA_BINARY len check in validate_nla() is
a max length check, right?

https://elixir.bootlin.com/linux/v6.11.1/source/lib/nlattr.c#L499

The alternative is you emit an explicit initializer that includes the
correct NLA_VALIDATE_* type and sets type, min and/or max.

Jakub Kicinski Oct. 4, 2024, 1:38 p.m. UTC | #2

On Fri, 04 Oct 2024 13:58:04 +0100 Donald Hunter wrote:
> > @@ -466,6 +466,8 @@ class TypeBinary(Type):
> >      def _attr_policy(self, policy):
> >          if 'exact-len' in self.checks:
> >              mem = 'NLA_POLICY_EXACT_LEN(' + str(self.get_limit('exact-len')) + ')'
> > +        elif 'max-len' in self.checks:
> > +            mem = 'NLA_POLICY_MAX_LEN(' + str(self.get_limit('max-len')) + ')'  
> 
> This takes precedence over min-length. What if both are set? The logic
> should probably check and use NLA_POLICY_RANGE

Or we could check if len(self.checks) <= 1 early and throw our hands up
if there is more, for now?

> >          else:
> >              mem = '{ '
> >              if len(self.checks) == 1 and 'min-len' in self.checks:  
> 
> Perhaps this should use NLA_POLICY_MIN_LEN ? In fact the current code
> looks broken to me because the NLA_BINARY len check in validate_nla() is
> a max length check, right?
> 
> https://elixir.bootlin.com/linux/v6.11.1/source/lib/nlattr.c#L499
> 
> The alternative is you emit an explicit initializer that includes the
> correct NLA_VALIDATE_* type and sets type, min and/or max.

Yeah, this code leads to endless confusion. We use NLA_UNSPEC (0) 
if min-len is set (IOW we don't set .type to NLA_BINARY). NLA_UNSPEC 
has different semantics for len.

Agreed that we should probably clean this up, but no bug AFAICT.

Donald Hunter Oct. 4, 2024, 2:41 p.m. UTC | #3

On Fri, 4 Oct 2024 at 14:38, Jakub Kicinski <kuba@kernel.org> wrote:
>
> On Fri, 04 Oct 2024 13:58:04 +0100 Donald Hunter wrote:
> > > @@ -466,6 +466,8 @@ class TypeBinary(Type):
> > >      def _attr_policy(self, policy):
> > >          if 'exact-len' in self.checks:
> > >              mem = 'NLA_POLICY_EXACT_LEN(' + str(self.get_limit('exact-len')) + ')'
> > > +        elif 'max-len' in self.checks:
> > > +            mem = 'NLA_POLICY_MAX_LEN(' + str(self.get_limit('max-len')) + ')'
> >
> > This takes precedence over min-length. What if both are set? The logic
> > should probably check and use NLA_POLICY_RANGE
>
> Or we could check if len(self.checks) <= 1 early and throw our hands up
> if there is more, for now?
>
> > >          else:
> > >              mem = '{ '
> > >              if len(self.checks) == 1 and 'min-len' in self.checks:
> >
> > Perhaps this should use NLA_POLICY_MIN_LEN ? In fact the current code
> > looks broken to me because the NLA_BINARY len check in validate_nla() is
> > a max length check, right?
> >
> > https://elixir.bootlin.com/linux/v6.11.1/source/lib/nlattr.c#L499
> >
> > The alternative is you emit an explicit initializer that includes the
> > correct NLA_VALIDATE_* type and sets type, min and/or max.
>
> Yeah, this code leads to endless confusion. We use NLA_UNSPEC (0)
> if min-len is set (IOW we don't set .type to NLA_BINARY). NLA_UNSPEC
> has different semantics for len.

Oh, I see it now. So it's dropping through to here:

https://elixir.bootlin.com/linux/v6.11.1/source/lib/nlattr.c#L555

> Agreed that we should probably clean this up, but no bug AFAICT.

Yeah, it's definitely surprising that the meaning of .len varies.

Antonio Quartulli Oct. 7, 2024, 10:04 a.m. UTC | #4

Hi,

On 04/10/2024 15:38, Jakub Kicinski wrote:
> On Fri, 04 Oct 2024 13:58:04 +0100 Donald Hunter wrote:
>>> @@ -466,6 +466,8 @@ class TypeBinary(Type):
>>>       def _attr_policy(self, policy):
>>>           if 'exact-len' in self.checks:
>>>               mem = 'NLA_POLICY_EXACT_LEN(' + str(self.get_limit('exact-len')) + ')'
>>> +        elif 'max-len' in self.checks:
>>> +            mem = 'NLA_POLICY_MAX_LEN(' + str(self.get_limit('max-len')) + ')'
>>
>> This takes precedence over min-length. What if both are set? The logic
>> should probably check and use NLA_POLICY_RANGE
> 
> Or we could check if len(self.checks) <= 1 early and throw our hands up
> if there is more, for now?

We already perform the same check in the 'else' branch below.
It'd be about moving it at the beginning of the function and bail out if 
true, right?

Should I modify this patch and move the check above?


Cheers,

> 
>>>           else:
>>>               mem = '{ '
>>>               if len(self.checks) == 1 and 'min-len' in self.checks:
>>
>> Perhaps this should use NLA_POLICY_MIN_LEN ? In fact the current code
>> looks broken to me because the NLA_BINARY len check in validate_nla() is
>> a max length check, right?
>>
>> https://elixir.bootlin.com/linux/v6.11.1/source/lib/nlattr.c#L499
>>
>> The alternative is you emit an explicit initializer that includes the
>> correct NLA_VALIDATE_* type and sets type, min and/or max.
> 
> Yeah, this code leads to endless confusion. We use NLA_UNSPEC (0)
> if min-len is set (IOW we don't set .type to NLA_BINARY). NLA_UNSPEC
> has different semantics for len.
> 
> Agreed that we should probably clean this up, but no bug AFAICT.

Jakub Kicinski Oct. 7, 2024, 3:53 p.m. UTC | #5

On Mon, 7 Oct 2024 12:04:22 +0200 Antonio Quartulli wrote:
> > Or we could check if len(self.checks) <= 1 early and throw our hands up
> > if there is more, for now?  
> 
> We already perform the same check in the 'else' branch below.
> It'd be about moving it at the beginning of the function and bail out if 
> true, right?
> 
> Should I modify this patch and move the check above?

I just sent the refactor patch, that seemed easier than explaining ;)

Antonio Quartulli Oct. 8, 2024, 7:51 a.m. UTC | #6

On 07/10/24 17:53, Jakub Kicinski wrote:
> On Mon, 7 Oct 2024 12:04:22 +0200 Antonio Quartulli wrote:
>>> Or we could check if len(self.checks) <= 1 early and throw our hands up
>>> if there is more, for now?
>>
>> We already perform the same check in the 'else' branch below.
>> It'd be about moving it at the beginning of the function and bail out if
>> true, right?
>>
>> Should I modify this patch and move the check above?
> 
> I just sent the refactor patch, that seemed easier than explaining ;)

Great, thanks :-)

[net-next,v8,01/24] netlink: add NLA_POLICY_MAX_LEN macro

Commit Message

Comments

Patch