* [PATCH v2 0/2] vdpa: Enable strict validation for netlink ops
@ 2023-07-26 18:49 ` Dragos Tatulea via Virtualization
0 siblings, 0 replies; 11+ messages in thread
From: Dragos Tatulea @ 2023-07-26 18:49 UTC (permalink / raw)
To: Michael S . Tsirkin, Lin Ma, Jason Wang, Xuan Zhuo, Parav Pandit
Cc: virtualization, linux-kernel, stable, Dragos Tatulea
The original patch from Lin Ma enables the vdpa driver to use validation
netlink ops.
The second patch simply disables the validation skip which is no longer
neccesary. Patchset started of from this discussion [0].
[0] https://lore.kernel.org/virtualization/20230726074710-mutt-send-email-mst@kernel.org/T/#t
v2: cc'ed stable
Dragos Tatulea (1):
vdpa: Enable strict validation for netlinks ops
Lin Ma (1):
vdpa: Complement vdpa_nl_policy for nlattr length check
drivers/vdpa/vdpa.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
--
2.41.0
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH v2 0/2] vdpa: Enable strict validation for netlink ops
@ 2023-07-26 18:49 ` Dragos Tatulea via Virtualization
0 siblings, 0 replies; 11+ messages in thread
From: Dragos Tatulea via Virtualization @ 2023-07-26 18:49 UTC (permalink / raw)
To: Michael S . Tsirkin, Lin Ma, Jason Wang, Xuan Zhuo, Parav Pandit
Cc: linux-kernel, stable, virtualization
The original patch from Lin Ma enables the vdpa driver to use validation
netlink ops.
The second patch simply disables the validation skip which is no longer
neccesary. Patchset started of from this discussion [0].
[0] https://lore.kernel.org/virtualization/20230726074710-mutt-send-email-mst@kernel.org/T/#t
v2: cc'ed stable
Dragos Tatulea (1):
vdpa: Enable strict validation for netlinks ops
Lin Ma (1):
vdpa: Complement vdpa_nl_policy for nlattr length check
drivers/vdpa/vdpa.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
--
2.41.0
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH 1/2] vdpa: Complement vdpa_nl_policy for nlattr length check
2023-07-26 18:49 ` Dragos Tatulea via Virtualization
@ 2023-07-26 18:49 ` Dragos Tatulea via Virtualization
-1 siblings, 0 replies; 11+ messages in thread
From: Dragos Tatulea @ 2023-07-26 18:49 UTC (permalink / raw)
To: Michael S . Tsirkin, Lin Ma, Jason Wang, Xuan Zhuo, Parav Pandit
Cc: virtualization, linux-kernel, stable, Dragos Tatulea
Author: Lin Ma <linma@zju.edu.cn>
The vdpa_nl_policy structure is used to validate the nlattr when parsing
the incoming nlmsg. It will ensure the attribute being described produces
a valid nlattr pointer in info->attrs before entering into each handler
in vdpa_nl_ops.
That is to say, the missing part in vdpa_nl_policy may lead to illegal
nlattr after parsing, which could lead to OOB read just like CVE-2023-3773.
This patch adds three missing nla_policy to avoid such bugs.
Fixes: 90fea5a800c3 ("vdpa: device feature provisioning")
Fixes: 13b00b135665 ("vdpa: Add support for querying vendor statistics")
Fixes: ad69dd0bf26b ("vdpa: Introduce query of device config layout")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
---
drivers/vdpa/vdpa.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c
index 965e32529eb8..f2f654fd84e5 100644
--- a/drivers/vdpa/vdpa.c
+++ b/drivers/vdpa/vdpa.c
@@ -1247,8 +1247,11 @@ static const struct nla_policy vdpa_nl_policy[VDPA_ATTR_MAX + 1] = {
[VDPA_ATTR_MGMTDEV_DEV_NAME] = { .type = NLA_STRING },
[VDPA_ATTR_DEV_NAME] = { .type = NLA_STRING },
[VDPA_ATTR_DEV_NET_CFG_MACADDR] = NLA_POLICY_ETH_ADDR,
+ [VDPA_ATTR_DEV_NET_CFG_MAX_VQP] = { .type = NLA_U16 },
/* virtio spec 1.1 section 5.1.4.1 for valid MTU range */
[VDPA_ATTR_DEV_NET_CFG_MTU] = NLA_POLICY_MIN(NLA_U16, 68),
+ [VDPA_ATTR_DEV_QUEUE_INDEX] = { .type = NLA_U32 },
+ [VDPA_ATTR_DEV_FEATURES] = { .type = NLA_U64 },
};
static const struct genl_ops vdpa_nl_ops[] = {
--
2.41.0
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 1/2] vdpa: Complement vdpa_nl_policy for nlattr length check
@ 2023-07-26 18:49 ` Dragos Tatulea via Virtualization
0 siblings, 0 replies; 11+ messages in thread
From: Dragos Tatulea via Virtualization @ 2023-07-26 18:49 UTC (permalink / raw)
To: Michael S . Tsirkin, Lin Ma, Jason Wang, Xuan Zhuo, Parav Pandit
Cc: linux-kernel, stable, virtualization
Author: Lin Ma <linma@zju.edu.cn>
The vdpa_nl_policy structure is used to validate the nlattr when parsing
the incoming nlmsg. It will ensure the attribute being described produces
a valid nlattr pointer in info->attrs before entering into each handler
in vdpa_nl_ops.
That is to say, the missing part in vdpa_nl_policy may lead to illegal
nlattr after parsing, which could lead to OOB read just like CVE-2023-3773.
This patch adds three missing nla_policy to avoid such bugs.
Fixes: 90fea5a800c3 ("vdpa: device feature provisioning")
Fixes: 13b00b135665 ("vdpa: Add support for querying vendor statistics")
Fixes: ad69dd0bf26b ("vdpa: Introduce query of device config layout")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
---
drivers/vdpa/vdpa.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c
index 965e32529eb8..f2f654fd84e5 100644
--- a/drivers/vdpa/vdpa.c
+++ b/drivers/vdpa/vdpa.c
@@ -1247,8 +1247,11 @@ static const struct nla_policy vdpa_nl_policy[VDPA_ATTR_MAX + 1] = {
[VDPA_ATTR_MGMTDEV_DEV_NAME] = { .type = NLA_STRING },
[VDPA_ATTR_DEV_NAME] = { .type = NLA_STRING },
[VDPA_ATTR_DEV_NET_CFG_MACADDR] = NLA_POLICY_ETH_ADDR,
+ [VDPA_ATTR_DEV_NET_CFG_MAX_VQP] = { .type = NLA_U16 },
/* virtio spec 1.1 section 5.1.4.1 for valid MTU range */
[VDPA_ATTR_DEV_NET_CFG_MTU] = NLA_POLICY_MIN(NLA_U16, 68),
+ [VDPA_ATTR_DEV_QUEUE_INDEX] = { .type = NLA_U32 },
+ [VDPA_ATTR_DEV_FEATURES] = { .type = NLA_U64 },
};
static const struct genl_ops vdpa_nl_ops[] = {
--
2.41.0
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 2/2] vdpa: Enable strict validation for netlinks ops
2023-07-26 18:49 ` Dragos Tatulea via Virtualization
@ 2023-07-26 18:49 ` Dragos Tatulea via Virtualization
-1 siblings, 0 replies; 11+ messages in thread
From: Dragos Tatulea @ 2023-07-26 18:49 UTC (permalink / raw)
To: Michael S . Tsirkin, Lin Ma, Jason Wang, Xuan Zhuo, Parav Pandit
Cc: virtualization, linux-kernel, stable, Dragos Tatulea
The previous patch added the missing nla policies that were required for
validation to work.
Now strict validation on netlink ops can be enabled. This patch does it.
Signed-off-by: Dragos Tatulea <dtatulea@nvidia.com>
---
drivers/vdpa/vdpa.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c
index f2f654fd84e5..a7612e0783b3 100644
--- a/drivers/vdpa/vdpa.c
+++ b/drivers/vdpa/vdpa.c
@@ -1257,37 +1257,31 @@ static const struct nla_policy vdpa_nl_policy[VDPA_ATTR_MAX + 1] = {
static const struct genl_ops vdpa_nl_ops[] = {
{
.cmd = VDPA_CMD_MGMTDEV_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_mgmtdev_get_doit,
.dumpit = vdpa_nl_cmd_mgmtdev_get_dumpit,
},
{
.cmd = VDPA_CMD_DEV_NEW,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_add_set_doit,
.flags = GENL_ADMIN_PERM,
},
{
.cmd = VDPA_CMD_DEV_DEL,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_del_set_doit,
.flags = GENL_ADMIN_PERM,
},
{
.cmd = VDPA_CMD_DEV_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_get_doit,
.dumpit = vdpa_nl_cmd_dev_get_dumpit,
},
{
.cmd = VDPA_CMD_DEV_CONFIG_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_config_get_doit,
.dumpit = vdpa_nl_cmd_dev_config_get_dumpit,
},
{
.cmd = VDPA_CMD_DEV_VSTATS_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_stats_get_doit,
.flags = GENL_ADMIN_PERM,
},
--
2.41.0
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 2/2] vdpa: Enable strict validation for netlinks ops
@ 2023-07-26 18:49 ` Dragos Tatulea via Virtualization
0 siblings, 0 replies; 11+ messages in thread
From: Dragos Tatulea via Virtualization @ 2023-07-26 18:49 UTC (permalink / raw)
To: Michael S . Tsirkin, Lin Ma, Jason Wang, Xuan Zhuo, Parav Pandit
Cc: linux-kernel, stable, virtualization
The previous patch added the missing nla policies that were required for
validation to work.
Now strict validation on netlink ops can be enabled. This patch does it.
Signed-off-by: Dragos Tatulea <dtatulea@nvidia.com>
---
drivers/vdpa/vdpa.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c
index f2f654fd84e5..a7612e0783b3 100644
--- a/drivers/vdpa/vdpa.c
+++ b/drivers/vdpa/vdpa.c
@@ -1257,37 +1257,31 @@ static const struct nla_policy vdpa_nl_policy[VDPA_ATTR_MAX + 1] = {
static const struct genl_ops vdpa_nl_ops[] = {
{
.cmd = VDPA_CMD_MGMTDEV_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_mgmtdev_get_doit,
.dumpit = vdpa_nl_cmd_mgmtdev_get_dumpit,
},
{
.cmd = VDPA_CMD_DEV_NEW,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_add_set_doit,
.flags = GENL_ADMIN_PERM,
},
{
.cmd = VDPA_CMD_DEV_DEL,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_del_set_doit,
.flags = GENL_ADMIN_PERM,
},
{
.cmd = VDPA_CMD_DEV_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_get_doit,
.dumpit = vdpa_nl_cmd_dev_get_dumpit,
},
{
.cmd = VDPA_CMD_DEV_CONFIG_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_config_get_doit,
.dumpit = vdpa_nl_cmd_dev_config_get_dumpit,
},
{
.cmd = VDPA_CMD_DEV_VSTATS_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_stats_get_doit,
.flags = GENL_ADMIN_PERM,
},
--
2.41.0
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] vdpa: Complement vdpa_nl_policy for nlattr length check
2023-07-26 18:49 ` Dragos Tatulea via Virtualization
(?)
@ 2023-07-26 18:53 ` kernel test robot
-1 siblings, 0 replies; 11+ messages in thread
From: kernel test robot @ 2023-07-26 18:53 UTC (permalink / raw)
To: Dragos Tatulea; +Cc: stable, oe-kbuild-all
Hi,
Thanks for your patch.
FYI: kernel test robot notices the stable kernel rule is not satisfied.
Rule: 'Cc: stable@vger.kernel.org' or 'commit <sha1> upstream.'
Subject: [PATCH 1/2] vdpa: Complement vdpa_nl_policy for nlattr length check
Link: https://lore.kernel.org/stable/20230726185104.12479-2-dtatulea%40nvidia.com
The check is based on https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/2] vdpa: Enable strict validation for netlinks ops
2023-07-26 18:49 ` Dragos Tatulea via Virtualization
@ 2023-07-26 19:27 ` Greg KH
-1 siblings, 0 replies; 11+ messages in thread
From: Greg KH @ 2023-07-26 19:27 UTC (permalink / raw)
To: Dragos Tatulea
Cc: Michael S . Tsirkin, Lin Ma, Jason Wang, Xuan Zhuo, Parav Pandit,
virtualization, linux-kernel, stable
On Wed, Jul 26, 2023 at 09:49:44PM +0300, Dragos Tatulea wrote:
> The previous patch added the missing nla policies that were required for
> validation to work.
>
> Now strict validation on netlink ops can be enabled. This patch does it.
>
> Signed-off-by: Dragos Tatulea <dtatulea@nvidia.com>
> ---
> drivers/vdpa/vdpa.c | 6 ------
> 1 file changed, 6 deletions(-)
>
> diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c
> index f2f654fd84e5..a7612e0783b3 100644
> --- a/drivers/vdpa/vdpa.c
> +++ b/drivers/vdpa/vdpa.c
> @@ -1257,37 +1257,31 @@ static const struct nla_policy vdpa_nl_policy[VDPA_ATTR_MAX + 1] = {
> static const struct genl_ops vdpa_nl_ops[] = {
> {
> .cmd = VDPA_CMD_MGMTDEV_GET,
> - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
> .doit = vdpa_nl_cmd_mgmtdev_get_doit,
> .dumpit = vdpa_nl_cmd_mgmtdev_get_dumpit,
> },
> {
> .cmd = VDPA_CMD_DEV_NEW,
> - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
> .doit = vdpa_nl_cmd_dev_add_set_doit,
> .flags = GENL_ADMIN_PERM,
> },
> {
> .cmd = VDPA_CMD_DEV_DEL,
> - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
> .doit = vdpa_nl_cmd_dev_del_set_doit,
> .flags = GENL_ADMIN_PERM,
> },
> {
> .cmd = VDPA_CMD_DEV_GET,
> - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
> .doit = vdpa_nl_cmd_dev_get_doit,
> .dumpit = vdpa_nl_cmd_dev_get_dumpit,
> },
> {
> .cmd = VDPA_CMD_DEV_CONFIG_GET,
> - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
> .doit = vdpa_nl_cmd_dev_config_get_doit,
> .dumpit = vdpa_nl_cmd_dev_config_get_dumpit,
> },
> {
> .cmd = VDPA_CMD_DEV_VSTATS_GET,
> - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
> .doit = vdpa_nl_cmd_dev_stats_get_doit,
> .flags = GENL_ADMIN_PERM,
> },
> --
> 2.41.0
>
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
</formletter>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/2] vdpa: Enable strict validation for netlinks ops
@ 2023-07-26 19:27 ` Greg KH
0 siblings, 0 replies; 11+ messages in thread
From: Greg KH @ 2023-07-26 19:27 UTC (permalink / raw)
To: Dragos Tatulea
Cc: Xuan Zhuo, Michael S . Tsirkin, linux-kernel, stable,
virtualization, Lin Ma
On Wed, Jul 26, 2023 at 09:49:44PM +0300, Dragos Tatulea wrote:
> The previous patch added the missing nla policies that were required for
> validation to work.
>
> Now strict validation on netlink ops can be enabled. This patch does it.
>
> Signed-off-by: Dragos Tatulea <dtatulea@nvidia.com>
> ---
> drivers/vdpa/vdpa.c | 6 ------
> 1 file changed, 6 deletions(-)
>
> diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c
> index f2f654fd84e5..a7612e0783b3 100644
> --- a/drivers/vdpa/vdpa.c
> +++ b/drivers/vdpa/vdpa.c
> @@ -1257,37 +1257,31 @@ static const struct nla_policy vdpa_nl_policy[VDPA_ATTR_MAX + 1] = {
> static const struct genl_ops vdpa_nl_ops[] = {
> {
> .cmd = VDPA_CMD_MGMTDEV_GET,
> - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
> .doit = vdpa_nl_cmd_mgmtdev_get_doit,
> .dumpit = vdpa_nl_cmd_mgmtdev_get_dumpit,
> },
> {
> .cmd = VDPA_CMD_DEV_NEW,
> - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
> .doit = vdpa_nl_cmd_dev_add_set_doit,
> .flags = GENL_ADMIN_PERM,
> },
> {
> .cmd = VDPA_CMD_DEV_DEL,
> - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
> .doit = vdpa_nl_cmd_dev_del_set_doit,
> .flags = GENL_ADMIN_PERM,
> },
> {
> .cmd = VDPA_CMD_DEV_GET,
> - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
> .doit = vdpa_nl_cmd_dev_get_doit,
> .dumpit = vdpa_nl_cmd_dev_get_dumpit,
> },
> {
> .cmd = VDPA_CMD_DEV_CONFIG_GET,
> - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
> .doit = vdpa_nl_cmd_dev_config_get_doit,
> .dumpit = vdpa_nl_cmd_dev_config_get_dumpit,
> },
> {
> .cmd = VDPA_CMD_DEV_VSTATS_GET,
> - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
> .doit = vdpa_nl_cmd_dev_stats_get_doit,
> .flags = GENL_ADMIN_PERM,
> },
> --
> 2.41.0
>
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
</formletter>
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH 2/2] vdpa: Enable strict validation for netlinks ops
2023-07-26 18:30 [PATCH 0/2] vdpa: Enable strict validation for netlink ops Dragos Tatulea
@ 2023-07-26 18:30 ` Dragos Tatulea via Virtualization
0 siblings, 0 replies; 11+ messages in thread
From: Dragos Tatulea @ 2023-07-26 18:30 UTC (permalink / raw)
To: Michael S . Tsirkin, Lin Ma, Jason Wang, Xuan Zhuo, Parav Pandit
Cc: virtualization, linux-kernel, Dragos Tatulea
The previous patch added the missing nla policies that were required for
validation to work.
Now strict validation on netlink ops can be enabled. This patch does it.
Signed-off-by: Dragos Tatulea <dtatulea@nvidia.com>
---
drivers/vdpa/vdpa.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c
index f2f654fd84e5..a7612e0783b3 100644
--- a/drivers/vdpa/vdpa.c
+++ b/drivers/vdpa/vdpa.c
@@ -1257,37 +1257,31 @@ static const struct nla_policy vdpa_nl_policy[VDPA_ATTR_MAX + 1] = {
static const struct genl_ops vdpa_nl_ops[] = {
{
.cmd = VDPA_CMD_MGMTDEV_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_mgmtdev_get_doit,
.dumpit = vdpa_nl_cmd_mgmtdev_get_dumpit,
},
{
.cmd = VDPA_CMD_DEV_NEW,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_add_set_doit,
.flags = GENL_ADMIN_PERM,
},
{
.cmd = VDPA_CMD_DEV_DEL,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_del_set_doit,
.flags = GENL_ADMIN_PERM,
},
{
.cmd = VDPA_CMD_DEV_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_get_doit,
.dumpit = vdpa_nl_cmd_dev_get_dumpit,
},
{
.cmd = VDPA_CMD_DEV_CONFIG_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_config_get_doit,
.dumpit = vdpa_nl_cmd_dev_config_get_dumpit,
},
{
.cmd = VDPA_CMD_DEV_VSTATS_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_stats_get_doit,
.flags = GENL_ADMIN_PERM,
},
--
2.41.0
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 2/2] vdpa: Enable strict validation for netlinks ops
@ 2023-07-26 18:30 ` Dragos Tatulea via Virtualization
0 siblings, 0 replies; 11+ messages in thread
From: Dragos Tatulea via Virtualization @ 2023-07-26 18:30 UTC (permalink / raw)
To: Michael S . Tsirkin, Lin Ma, Jason Wang, Xuan Zhuo, Parav Pandit
Cc: linux-kernel, virtualization
The previous patch added the missing nla policies that were required for
validation to work.
Now strict validation on netlink ops can be enabled. This patch does it.
Signed-off-by: Dragos Tatulea <dtatulea@nvidia.com>
---
drivers/vdpa/vdpa.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c
index f2f654fd84e5..a7612e0783b3 100644
--- a/drivers/vdpa/vdpa.c
+++ b/drivers/vdpa/vdpa.c
@@ -1257,37 +1257,31 @@ static const struct nla_policy vdpa_nl_policy[VDPA_ATTR_MAX + 1] = {
static const struct genl_ops vdpa_nl_ops[] = {
{
.cmd = VDPA_CMD_MGMTDEV_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_mgmtdev_get_doit,
.dumpit = vdpa_nl_cmd_mgmtdev_get_dumpit,
},
{
.cmd = VDPA_CMD_DEV_NEW,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_add_set_doit,
.flags = GENL_ADMIN_PERM,
},
{
.cmd = VDPA_CMD_DEV_DEL,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_del_set_doit,
.flags = GENL_ADMIN_PERM,
},
{
.cmd = VDPA_CMD_DEV_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_get_doit,
.dumpit = vdpa_nl_cmd_dev_get_dumpit,
},
{
.cmd = VDPA_CMD_DEV_CONFIG_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_config_get_doit,
.dumpit = vdpa_nl_cmd_dev_config_get_dumpit,
},
{
.cmd = VDPA_CMD_DEV_VSTATS_GET,
- .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = vdpa_nl_cmd_dev_stats_get_doit,
.flags = GENL_ADMIN_PERM,
},
--
2.41.0
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply related [flat|nested] 11+ messages in thread
end of thread, other threads:[~2023-07-26 19:28 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-26 18:49 [PATCH v2 0/2] vdpa: Enable strict validation for netlink ops Dragos Tatulea
2023-07-26 18:49 ` Dragos Tatulea via Virtualization
2023-07-26 18:49 ` [PATCH 1/2] vdpa: Complement vdpa_nl_policy for nlattr length check Dragos Tatulea
2023-07-26 18:49 ` Dragos Tatulea via Virtualization
2023-07-26 18:53 ` kernel test robot
2023-07-26 18:49 ` [PATCH 2/2] vdpa: Enable strict validation for netlinks ops Dragos Tatulea
2023-07-26 18:49 ` Dragos Tatulea via Virtualization
2023-07-26 19:27 ` Greg KH
2023-07-26 19:27 ` Greg KH
-- strict thread matches above, loose matches on Subject: below --
2023-07-26 18:30 [PATCH 0/2] vdpa: Enable strict validation for netlink ops Dragos Tatulea
2023-07-26 18:30 ` [PATCH 2/2] vdpa: Enable strict validation for netlinks ops Dragos Tatulea
2023-07-26 18:30 ` Dragos Tatulea via Virtualization
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.