From: Petr Machata <petrm@nvidia.com>
To: "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Roopa Prabhu <roopa@nvidia.com>,
Nikolay Aleksandrov <razor@blackwall.org>,
<netdev@vger.kernel.org>
Cc: <bridge@lists.linux-foundation.org>,
Petr Machata <petrm@nvidia.com>,
"Ido Schimmel" <idosch@nvidia.com>
Subject: [PATCH net-next v3 01/16] net: bridge: Set strict_start_type at two policies
Date: Thu, 2 Feb 2023 18:59:19 +0100 [thread overview]
Message-ID: <af9d9613a3febdb0210d15106e48766bf190b0a8.1675359453.git.petrm@nvidia.com> (raw)
In-Reply-To: <cover.1675359453.git.petrm@nvidia.com>
Make any attributes newly-added to br_port_policy or vlan_tunnel_policy
parsed strictly, to prevent userspace from passing garbage. Note that this
patchset only touches the former policy. The latter was adjusted for
completeness' sake. There do not appear to be other _deprecated calls
with non-NULL policies.
Suggested-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
---
net/bridge/br_netlink.c | 2 ++
net/bridge/br_netlink_tunnel.c | 3 +++
2 files changed, 5 insertions(+)
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 4316cc82ae17..a6133d469885 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -858,6 +858,8 @@ static int br_afspec(struct net_bridge *br,
}
static const struct nla_policy br_port_policy[IFLA_BRPORT_MAX + 1] = {
+ [IFLA_BRPORT_UNSPEC] = { .strict_start_type =
+ IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT + 1 },
[IFLA_BRPORT_STATE] = { .type = NLA_U8 },
[IFLA_BRPORT_COST] = { .type = NLA_U32 },
[IFLA_BRPORT_PRIORITY] = { .type = NLA_U16 },
diff --git a/net/bridge/br_netlink_tunnel.c b/net/bridge/br_netlink_tunnel.c
index 8914290c75d4..17abf092f7ca 100644
--- a/net/bridge/br_netlink_tunnel.c
+++ b/net/bridge/br_netlink_tunnel.c
@@ -188,6 +188,9 @@ int br_fill_vlan_tunnel_info(struct sk_buff *skb,
}
static const struct nla_policy vlan_tunnel_policy[IFLA_BRIDGE_VLAN_TUNNEL_MAX + 1] = {
+ [IFLA_BRIDGE_VLAN_TUNNEL_UNSPEC] = {
+ .strict_start_type = IFLA_BRIDGE_VLAN_TUNNEL_FLAGS + 1
+ },
[IFLA_BRIDGE_VLAN_TUNNEL_ID] = { .type = NLA_U32 },
[IFLA_BRIDGE_VLAN_TUNNEL_VID] = { .type = NLA_U16 },
[IFLA_BRIDGE_VLAN_TUNNEL_FLAGS] = { .type = NLA_U16 },
--
2.39.0
WARNING: multiple messages have this Message-ID (diff)
From: Petr Machata <petrm@nvidia.com>
To: "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Roopa Prabhu <roopa@nvidia.com>,
Nikolay Aleksandrov <razor@blackwall.org>,
netdev@vger.kernel.org
Cc: Petr Machata <petrm@nvidia.com>, Ido Schimmel <idosch@nvidia.com>,
bridge@lists.linux-foundation.org
Subject: [Bridge] [PATCH net-next v3 01/16] net: bridge: Set strict_start_type at two policies
Date: Thu, 2 Feb 2023 18:59:19 +0100 [thread overview]
Message-ID: <af9d9613a3febdb0210d15106e48766bf190b0a8.1675359453.git.petrm@nvidia.com> (raw)
In-Reply-To: <cover.1675359453.git.petrm@nvidia.com>
Make any attributes newly-added to br_port_policy or vlan_tunnel_policy
parsed strictly, to prevent userspace from passing garbage. Note that this
patchset only touches the former policy. The latter was adjusted for
completeness' sake. There do not appear to be other _deprecated calls
with non-NULL policies.
Suggested-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
---
net/bridge/br_netlink.c | 2 ++
net/bridge/br_netlink_tunnel.c | 3 +++
2 files changed, 5 insertions(+)
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 4316cc82ae17..a6133d469885 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -858,6 +858,8 @@ static int br_afspec(struct net_bridge *br,
}
static const struct nla_policy br_port_policy[IFLA_BRPORT_MAX + 1] = {
+ [IFLA_BRPORT_UNSPEC] = { .strict_start_type =
+ IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT + 1 },
[IFLA_BRPORT_STATE] = { .type = NLA_U8 },
[IFLA_BRPORT_COST] = { .type = NLA_U32 },
[IFLA_BRPORT_PRIORITY] = { .type = NLA_U16 },
diff --git a/net/bridge/br_netlink_tunnel.c b/net/bridge/br_netlink_tunnel.c
index 8914290c75d4..17abf092f7ca 100644
--- a/net/bridge/br_netlink_tunnel.c
+++ b/net/bridge/br_netlink_tunnel.c
@@ -188,6 +188,9 @@ int br_fill_vlan_tunnel_info(struct sk_buff *skb,
}
static const struct nla_policy vlan_tunnel_policy[IFLA_BRIDGE_VLAN_TUNNEL_MAX + 1] = {
+ [IFLA_BRIDGE_VLAN_TUNNEL_UNSPEC] = {
+ .strict_start_type = IFLA_BRIDGE_VLAN_TUNNEL_FLAGS + 1
+ },
[IFLA_BRIDGE_VLAN_TUNNEL_ID] = { .type = NLA_U32 },
[IFLA_BRIDGE_VLAN_TUNNEL_VID] = { .type = NLA_U16 },
[IFLA_BRIDGE_VLAN_TUNNEL_FLAGS] = { .type = NLA_U16 },
--
2.39.0
next prev parent reply other threads:[~2023-02-02 18:00 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-02 17:59 [PATCH net-next v3 00/16] bridge: Limit number of MDB entries per port, port-vlan Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-02 17:59 ` Petr Machata [this message]
2023-02-02 17:59 ` [Bridge] [PATCH net-next v3 01/16] net: bridge: Set strict_start_type at two policies Petr Machata
2023-02-02 17:59 ` [PATCH net-next v3 02/16] net: bridge: Add extack to br_multicast_new_port_group() Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-02 17:59 ` [PATCH net-next v3 03/16] net: bridge: Move extack-setting " Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-02 17:59 ` [PATCH net-next v3 04/16] net: bridge: Add br_multicast_del_port_group() Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-02 17:59 ` [PATCH net-next v3 05/16] net: bridge: Change a cleanup in br_multicast_new_port_group() to goto Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-02 17:59 ` [PATCH net-next v3 06/16] net: bridge: Add a tracepoint for MDB overflows Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-03 8:58 ` Nikolay Aleksandrov
2023-02-03 8:58 ` [Bridge] " Nikolay Aleksandrov
2023-02-02 17:59 ` [PATCH net-next v3 07/16] net: bridge: Maintain number of MDB entries in net_bridge_mcast_port Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-03 8:59 ` Nikolay Aleksandrov
2023-02-03 8:59 ` [Bridge] " Nikolay Aleksandrov
2023-02-03 14:36 ` Ido Schimmel
2023-02-03 14:36 ` [Bridge] " Ido Schimmel
2023-02-02 17:59 ` [PATCH net-next v3 08/16] net: bridge: Add netlink knobs for number / maximum MDB entries Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-03 9:02 ` Nikolay Aleksandrov
2023-02-03 9:02 ` [Bridge] " Nikolay Aleksandrov
2023-02-03 14:39 ` Ido Schimmel
2023-02-03 14:39 ` [Bridge] " Ido Schimmel
2023-02-02 17:59 ` [PATCH net-next v3 09/16] selftests: forwarding: Move IGMP- and MLD-related functions to lib Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-02 17:59 ` [PATCH net-next v3 10/16] selftests: forwarding: bridge_mdb: Fix a typo Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-02 17:59 ` [PATCH net-next v3 11/16] selftests: forwarding: lib: Add helpers for IP address handling Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-02 17:59 ` [PATCH net-next v3 12/16] selftests: forwarding: lib: Add helpers for checksum handling Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-02 17:59 ` [PATCH net-next v3 13/16] selftests: forwarding: lib: Parameterize IGMPv3/MLDv2 generation Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-02 17:59 ` [PATCH net-next v3 14/16] selftests: forwarding: lib: Allow list of IPs for IGMPv3/MLDv2 Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-02 17:59 ` [PATCH net-next v3 15/16] selftests: forwarding: lib: Add helpers to build IGMP/MLD leave packets Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-02 17:59 ` [PATCH net-next v3 16/16] selftests: forwarding: bridge_mdb_max: Add a new selftest Petr Machata
2023-02-02 17:59 ` [Bridge] " Petr Machata
2023-02-03 9:02 ` Nikolay Aleksandrov
2023-02-03 9:02 ` [Bridge] " Nikolay Aleksandrov
2023-02-06 9:00 ` [PATCH net-next v3 00/16] bridge: Limit number of MDB entries per port, port-vlan patchwork-bot+netdevbpf
2023-02-06 9:00 ` [Bridge] " patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=af9d9613a3febdb0210d15106e48766bf190b0a8.1675359453.git.petrm@nvidia.com \
--to=petrm@nvidia.com \
--cc=bridge@lists.linux-foundation.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=idosch@nvidia.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=razor@blackwall.org \
--cc=roopa@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.