Message ID | 151e504b32f5005652c64cdde5186ef8f96303e5.1610978306.git.petrm@nvidia.org (mailing list archive) |
---|---|
State | Superseded |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | nexthop: More fine-grained policies for netlink message validation | expand |
Context | Check | Description |
---|---|---|
netdev/cover_letter | success | Link |
netdev/fixes_present | success | Link |
netdev/patch_count | success | Link |
netdev/tree_selection | success | Clearly marked for net-next |
netdev/subject_prefix | success | Link |
netdev/cc_maintainers | warning | 1 maintainers not CCed: yoshfuji@linux-ipv6.org |
netdev/source_inline | success | Was 0 now: 0 |
netdev/verify_signedoff | success | Link |
netdev/module_param | success | Was 0 now: 0 |
netdev/build_32bit | success | Errors and warnings before: 2 this patch: 2 |
netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
netdev/verify_fixes | success | Link |
netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 78 lines checked |
netdev/build_allmodconfig_warn | success | Errors and warnings before: 2 this patch: 2 |
netdev/header_inline | success | Link |
netdev/stable | success | Stable not CCed |
On 1/18/21 7:05 AM, Petr Machata wrote: > This function uses the global nexthop policy, but only accepts four > particular attributes. Create a new policy that only includes the four > supported attributes, and use it. Convert the loop to a series of ifs. > > Signed-off-by: Petr Machata <petrm@nvidia.com> > Reviewed-by: Ido Schimmel <idosch@nvidia.com> > --- > net/ipv4/nexthop.c | 57 +++++++++++++++++++++------------------------- > 1 file changed, 26 insertions(+), 31 deletions(-) > Reviewed-by: David Ahern <dsahern@kernel.org>
On Mon, 18 Jan 2021 15:05:24 +0100 Petr Machata wrote: > + if (tb[NHA_GROUPS]) > + *group_filter = true; > + if (tb[NHA_FDB]) > + *fdb_filter = true; nla_get_flag()
Jakub Kicinski <kuba@kernel.org> writes: > On Mon, 18 Jan 2021 15:05:24 +0100 Petr Machata wrote: >> + if (tb[NHA_GROUPS]) >> + *group_filter = true; >> + if (tb[NHA_FDB]) >> + *fdb_filter = true; > > nla_get_flag() OK.
diff --git a/net/ipv4/nexthop.c b/net/ipv4/nexthop.c index d5d88f7c5c11..226d73cbc468 100644 --- a/net/ipv4/nexthop.c +++ b/net/ipv4/nexthop.c @@ -40,6 +40,13 @@ static const struct nla_policy rtm_nh_policy_get[NHA_MAX + 1] = { [NHA_ID] = { .type = NLA_U32 }, }; +static const struct nla_policy rtm_nh_policy_dump[NHA_MAX + 1] = { + [NHA_OIF] = { .type = NLA_U32 }, + [NHA_GROUPS] = { .type = NLA_FLAG }, + [NHA_MASTER] = { .type = NLA_U32 }, + [NHA_FDB] = { .type = NLA_FLAG }, +}; + static bool nexthop_notifiers_is_empty(struct net *net) { return !net->nexthop.notifier_chain.head; @@ -1984,46 +1991,34 @@ static int nh_valid_dump_req(const struct nlmsghdr *nlh, int *dev_idx, struct netlink_ext_ack *extack = cb->extack; struct nlattr *tb[NHA_MAX + 1]; struct nhmsg *nhm; - int err, i; + int err; u32 idx; - err = nlmsg_parse(nlh, sizeof(*nhm), tb, NHA_MAX, rtm_nh_policy, + err = nlmsg_parse(nlh, sizeof(*nhm), tb, NHA_MAX, rtm_nh_policy_dump, NULL); if (err < 0) return err; - for (i = 0; i <= NHA_MAX; ++i) { - if (!tb[i]) - continue; - - switch (i) { - case NHA_OIF: - idx = nla_get_u32(tb[i]); - if (idx > INT_MAX) { - NL_SET_ERR_MSG(extack, "Invalid device index"); - return -EINVAL; - } - *dev_idx = idx; - break; - case NHA_MASTER: - idx = nla_get_u32(tb[i]); - if (idx > INT_MAX) { - NL_SET_ERR_MSG(extack, "Invalid master device index"); - return -EINVAL; - } - *master_idx = idx; - break; - case NHA_GROUPS: - *group_filter = true; - break; - case NHA_FDB: - *fdb_filter = true; - break; - default: - NL_SET_ERR_MSG(extack, "Unsupported attribute in dump request"); + if (tb[NHA_OIF]) { + idx = nla_get_u32(tb[NHA_OIF]); + if (idx > INT_MAX) { + NL_SET_ERR_MSG(extack, "Invalid device index"); + return -EINVAL; + } + *dev_idx = idx; + } + if (tb[NHA_MASTER]) { + idx = nla_get_u32(tb[NHA_MASTER]); + if (idx > INT_MAX) { + NL_SET_ERR_MSG(extack, "Invalid master device index"); return -EINVAL; } + *master_idx = idx; } + if (tb[NHA_GROUPS]) + *group_filter = true; + if (tb[NHA_FDB]) + *fdb_filter = true; nhm = nlmsg_data(nlh); if (nhm->nh_protocol || nhm->resvd || nhm->nh_scope || nhm->nh_flags) {