From: Jakub Kicinski <kuba@kernel.org>
To: Petr Machata <petrm@nvidia.com>
Cc: <netdev@vger.kernel.org>, David Ahern <dsahern@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Ido Schimmel <idosch@nvidia.com>
Subject: Re: [PATCH net-next 1/3] nexthop: Use a dedicated policy for nh_valid_get_del_req()
Date: Tue, 19 Jan 2021 12:55:04 -0800 [thread overview]
Message-ID: <20210119125504.0b306d97@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com> (raw)
In-Reply-To: <ec93d227609126c98805e52ba3821b71f8bb338d.1610978306.git.petrm@nvidia.org>
On Mon, 18 Jan 2021 15:05:23 +0100 Petr Machata wrote:
> This function uses the global nexthop policy only to then bounce all
> arguments except for NHA_ID. Instead, just create a new policy that
> only includes the one allowed attribute.
>
> Signed-off-by: Petr Machata <petrm@nvidia.com>
> Reviewed-by: Ido Schimmel <idosch@nvidia.com>
> ---
> net/ipv4/nexthop.c | 21 ++++++---------------
> 1 file changed, 6 insertions(+), 15 deletions(-)
>
> diff --git a/net/ipv4/nexthop.c b/net/ipv4/nexthop.c
> index e53e43aef785..d5d88f7c5c11 100644
> --- a/net/ipv4/nexthop.c
> +++ b/net/ipv4/nexthop.c
> @@ -36,6 +36,10 @@ static const struct nla_policy rtm_nh_policy[NHA_MAX + 1] = {
> [NHA_FDB] = { .type = NLA_FLAG },
> };
>
> +static const struct nla_policy rtm_nh_policy_get[NHA_MAX + 1] = {
This is an unnecessary waste of memory if you ask me.
NHA_ID is 1, so we're creating an array of 10 extra NULL elements.
Can you leave the size to the compiler and use ARRAY_SIZE() below?
> + [NHA_ID] = { .type = NLA_U32 },
> +};
> +
> static bool nexthop_notifiers_is_empty(struct net *net)
> {
> return !net->nexthop.notifier_chain.head;
> @@ -1843,27 +1847,14 @@ static int nh_valid_get_del_req(struct nlmsghdr *nlh, u32 *id,
> {
> struct nhmsg *nhm = nlmsg_data(nlh);
> struct nlattr *tb[NHA_MAX + 1];
> - int err, i;
> + int err;
>
> - err = nlmsg_parse(nlh, sizeof(*nhm), tb, NHA_MAX, rtm_nh_policy,
> + err = nlmsg_parse(nlh, sizeof(*nhm), tb, NHA_MAX, rtm_nh_policy_get,
> extack);
> if (err < 0)
> return err;
>
> err = -EINVAL;
> - for (i = 0; i < __NHA_MAX; ++i) {
> - if (!tb[i])
> - continue;
> -
> - switch (i) {
> - case NHA_ID:
> - break;
> - default:
> - NL_SET_ERR_MSG_ATTR(extack, tb[i],
> - "Unexpected attribute in request");
> - goto out;
> - }
> - }
> if (nhm->nh_protocol || nhm->resvd || nhm->nh_scope || nhm->nh_flags) {
> NL_SET_ERR_MSG(extack, "Invalid values in header");
> goto out;
next prev parent reply other threads:[~2021-01-19 20:56 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-18 14:05 [PATCH net-next 0/3] nexthop: More fine-grained policies for netlink message validation Petr Machata
2021-01-18 14:05 ` [PATCH net-next 1/3] nexthop: Use a dedicated policy for nh_valid_get_del_req() Petr Machata
2021-01-18 17:41 ` David Ahern
2021-01-19 20:55 ` Jakub Kicinski [this message]
2021-01-20 2:28 ` David Ahern
2021-01-20 2:35 ` Jakub Kicinski
2021-01-20 10:45 ` Petr Machata
2021-01-18 14:05 ` [PATCH net-next 2/3] nexthop: Use a dedicated policy for nh_valid_dump_req() Petr Machata
2021-01-18 17:41 ` David Ahern
2021-01-19 20:55 ` Jakub Kicinski
2021-01-20 10:46 ` Petr Machata
2021-01-18 14:05 ` [PATCH net-next 3/3] nexthop: Specialize rtm_nh_policy Petr Machata
2021-01-18 17:42 ` David Ahern
2021-01-18 17:43 ` [PATCH net-next 0/3] nexthop: More fine-grained policies for netlink message validation David Ahern
2021-01-18 18:29 ` Ido Schimmel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210119125504.0b306d97@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com \
--to=kuba@kernel.org \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=idosch@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=petrm@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.