From: Petr Machata <petrm@nvidia.com> To: "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Roopa Prabhu <roopa@nvidia.com>, Nikolay Aleksandrov <razor@blackwall.org>, <netdev@vger.kernel.org> Cc: <bridge@lists.linux-foundation.org>, Petr Machata <petrm@nvidia.com>, "Ido Schimmel" <idosch@nvidia.com> Subject: [PATCH net-next v3 01/16] net: bridge: Set strict_start_type at two policies Date: Thu, 2 Feb 2023 18:59:19 +0100 [thread overview] Message-ID: <af9d9613a3febdb0210d15106e48766bf190b0a8.1675359453.git.petrm@nvidia.com> (raw) In-Reply-To: <cover.1675359453.git.petrm@nvidia.com> Make any attributes newly-added to br_port_policy or vlan_tunnel_policy parsed strictly, to prevent userspace from passing garbage. Note that this patchset only touches the former policy. The latter was adjusted for completeness' sake. There do not appear to be other _deprecated calls with non-NULL policies. Suggested-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Petr Machata <petrm@nvidia.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Acked-by: Nikolay Aleksandrov <razor@blackwall.org> --- net/bridge/br_netlink.c | 2 ++ net/bridge/br_netlink_tunnel.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index 4316cc82ae17..a6133d469885 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c @@ -858,6 +858,8 @@ static int br_afspec(struct net_bridge *br, } static const struct nla_policy br_port_policy[IFLA_BRPORT_MAX + 1] = { + [IFLA_BRPORT_UNSPEC] = { .strict_start_type = + IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT + 1 }, [IFLA_BRPORT_STATE] = { .type = NLA_U8 }, [IFLA_BRPORT_COST] = { .type = NLA_U32 }, [IFLA_BRPORT_PRIORITY] = { .type = NLA_U16 }, diff --git a/net/bridge/br_netlink_tunnel.c b/net/bridge/br_netlink_tunnel.c index 8914290c75d4..17abf092f7ca 100644 --- a/net/bridge/br_netlink_tunnel.c +++ b/net/bridge/br_netlink_tunnel.c @@ -188,6 +188,9 @@ int br_fill_vlan_tunnel_info(struct sk_buff *skb, } static const struct nla_policy vlan_tunnel_policy[IFLA_BRIDGE_VLAN_TUNNEL_MAX + 1] = { + [IFLA_BRIDGE_VLAN_TUNNEL_UNSPEC] = { + .strict_start_type = IFLA_BRIDGE_VLAN_TUNNEL_FLAGS + 1 + }, [IFLA_BRIDGE_VLAN_TUNNEL_ID] = { .type = NLA_U32 }, [IFLA_BRIDGE_VLAN_TUNNEL_VID] = { .type = NLA_U16 }, [IFLA_BRIDGE_VLAN_TUNNEL_FLAGS] = { .type = NLA_U16 }, -- 2.39.0
WARNING: multiple messages have this Message-ID (diff)
From: Petr Machata <petrm@nvidia.com> To: "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Roopa Prabhu <roopa@nvidia.com>, Nikolay Aleksandrov <razor@blackwall.org>, netdev@vger.kernel.org Cc: Petr Machata <petrm@nvidia.com>, Ido Schimmel <idosch@nvidia.com>, bridge@lists.linux-foundation.org Subject: [Bridge] [PATCH net-next v3 01/16] net: bridge: Set strict_start_type at two policies Date: Thu, 2 Feb 2023 18:59:19 +0100 [thread overview] Message-ID: <af9d9613a3febdb0210d15106e48766bf190b0a8.1675359453.git.petrm@nvidia.com> (raw) In-Reply-To: <cover.1675359453.git.petrm@nvidia.com> Make any attributes newly-added to br_port_policy or vlan_tunnel_policy parsed strictly, to prevent userspace from passing garbage. Note that this patchset only touches the former policy. The latter was adjusted for completeness' sake. There do not appear to be other _deprecated calls with non-NULL policies. Suggested-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Petr Machata <petrm@nvidia.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Acked-by: Nikolay Aleksandrov <razor@blackwall.org> --- net/bridge/br_netlink.c | 2 ++ net/bridge/br_netlink_tunnel.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index 4316cc82ae17..a6133d469885 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c @@ -858,6 +858,8 @@ static int br_afspec(struct net_bridge *br, } static const struct nla_policy br_port_policy[IFLA_BRPORT_MAX + 1] = { + [IFLA_BRPORT_UNSPEC] = { .strict_start_type = + IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT + 1 }, [IFLA_BRPORT_STATE] = { .type = NLA_U8 }, [IFLA_BRPORT_COST] = { .type = NLA_U32 }, [IFLA_BRPORT_PRIORITY] = { .type = NLA_U16 }, diff --git a/net/bridge/br_netlink_tunnel.c b/net/bridge/br_netlink_tunnel.c index 8914290c75d4..17abf092f7ca 100644 --- a/net/bridge/br_netlink_tunnel.c +++ b/net/bridge/br_netlink_tunnel.c @@ -188,6 +188,9 @@ int br_fill_vlan_tunnel_info(struct sk_buff *skb, } static const struct nla_policy vlan_tunnel_policy[IFLA_BRIDGE_VLAN_TUNNEL_MAX + 1] = { + [IFLA_BRIDGE_VLAN_TUNNEL_UNSPEC] = { + .strict_start_type = IFLA_BRIDGE_VLAN_TUNNEL_FLAGS + 1 + }, [IFLA_BRIDGE_VLAN_TUNNEL_ID] = { .type = NLA_U32 }, [IFLA_BRIDGE_VLAN_TUNNEL_VID] = { .type = NLA_U16 }, [IFLA_BRIDGE_VLAN_TUNNEL_FLAGS] = { .type = NLA_U16 }, -- 2.39.0
next prev parent reply other threads:[~2023-02-02 18:00 UTC|newest] Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-02-02 17:59 [PATCH net-next v3 00/16] bridge: Limit number of MDB entries per port, port-vlan Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-02 17:59 ` Petr Machata [this message] 2023-02-02 17:59 ` [Bridge] [PATCH net-next v3 01/16] net: bridge: Set strict_start_type at two policies Petr Machata 2023-02-02 17:59 ` [PATCH net-next v3 02/16] net: bridge: Add extack to br_multicast_new_port_group() Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-02 17:59 ` [PATCH net-next v3 03/16] net: bridge: Move extack-setting " Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-02 17:59 ` [PATCH net-next v3 04/16] net: bridge: Add br_multicast_del_port_group() Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-02 17:59 ` [PATCH net-next v3 05/16] net: bridge: Change a cleanup in br_multicast_new_port_group() to goto Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-02 17:59 ` [PATCH net-next v3 06/16] net: bridge: Add a tracepoint for MDB overflows Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-03 8:58 ` Nikolay Aleksandrov 2023-02-03 8:58 ` [Bridge] " Nikolay Aleksandrov 2023-02-02 17:59 ` [PATCH net-next v3 07/16] net: bridge: Maintain number of MDB entries in net_bridge_mcast_port Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-03 8:59 ` Nikolay Aleksandrov 2023-02-03 8:59 ` [Bridge] " Nikolay Aleksandrov 2023-02-03 14:36 ` Ido Schimmel 2023-02-03 14:36 ` [Bridge] " Ido Schimmel 2023-02-02 17:59 ` [PATCH net-next v3 08/16] net: bridge: Add netlink knobs for number / maximum MDB entries Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-03 9:02 ` Nikolay Aleksandrov 2023-02-03 9:02 ` [Bridge] " Nikolay Aleksandrov 2023-02-03 14:39 ` Ido Schimmel 2023-02-03 14:39 ` [Bridge] " Ido Schimmel 2023-02-02 17:59 ` [PATCH net-next v3 09/16] selftests: forwarding: Move IGMP- and MLD-related functions to lib Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-02 17:59 ` [PATCH net-next v3 10/16] selftests: forwarding: bridge_mdb: Fix a typo Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-02 17:59 ` [PATCH net-next v3 11/16] selftests: forwarding: lib: Add helpers for IP address handling Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-02 17:59 ` [PATCH net-next v3 12/16] selftests: forwarding: lib: Add helpers for checksum handling Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-02 17:59 ` [PATCH net-next v3 13/16] selftests: forwarding: lib: Parameterize IGMPv3/MLDv2 generation Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-02 17:59 ` [PATCH net-next v3 14/16] selftests: forwarding: lib: Allow list of IPs for IGMPv3/MLDv2 Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-02 17:59 ` [PATCH net-next v3 15/16] selftests: forwarding: lib: Add helpers to build IGMP/MLD leave packets Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-02 17:59 ` [PATCH net-next v3 16/16] selftests: forwarding: bridge_mdb_max: Add a new selftest Petr Machata 2023-02-02 17:59 ` [Bridge] " Petr Machata 2023-02-03 9:02 ` Nikolay Aleksandrov 2023-02-03 9:02 ` [Bridge] " Nikolay Aleksandrov 2023-02-06 9:00 ` [PATCH net-next v3 00/16] bridge: Limit number of MDB entries per port, port-vlan patchwork-bot+netdevbpf 2023-02-06 9:00 ` [Bridge] " patchwork-bot+netdevbpf
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=af9d9613a3febdb0210d15106e48766bf190b0a8.1675359453.git.petrm@nvidia.com \ --to=petrm@nvidia.com \ --cc=bridge@lists.linux-foundation.org \ --cc=davem@davemloft.net \ --cc=edumazet@google.com \ --cc=idosch@nvidia.com \ --cc=kuba@kernel.org \ --cc=netdev@vger.kernel.org \ --cc=pabeni@redhat.com \ --cc=razor@blackwall.org \ --cc=roopa@nvidia.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.