netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [RFC] netlink: add NLA_REJECT policy type
@ 2018-09-12  7:32 Johannes Berg
  2018-09-12  8:16 ` Michal Kubecek
  0 siblings, 1 reply; 3+ messages in thread
From: Johannes Berg @ 2018-09-12  7:32 UTC (permalink / raw)
  To: linux-wireless-u79uwXL29TY76Z2rM5mHXA, netdev-u79uwXL29TY76Z2rM5mHXA
  Cc: Johannes Berg

From: Johannes Berg <johannes.berg-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>

In some situations some netlink attributes may be used for output
only (kernel->userspace) or may be reserved for future use. It's
then helpful to be able to prevent userspace from using them in
messages sent to the kernel, since they'd otherwise be ignored and
any future will become impossible if this happens.

Add NLA_REJECT to the policy which does nothing but reject (with
EINVAL) validation of any messages containing this attribute.

The specific case I have in mind now is a shared nested attribute
containing request/response data, and it would be pointless and
potentially confusing to have userspace include response data in
the messages that actually contain a request.

Signed-off-by: Johannes Berg <johannes.berg-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
---
 include/net/netlink.h | 1 +
 lib/nlattr.c          | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/include/net/netlink.h b/include/net/netlink.h
index 0c154f98e987..ea7e87564f59 100644
--- a/include/net/netlink.h
+++ b/include/net/netlink.h
@@ -180,6 +180,7 @@ enum {
 	NLA_S32,
 	NLA_S64,
 	NLA_BITFIELD32,
+	NLA_REJECT,
 	__NLA_TYPE_MAX,
 };
 
diff --git a/lib/nlattr.c b/lib/nlattr.c
index e335bcafa9e4..4644ae74bf63 100644
--- a/lib/nlattr.c
+++ b/lib/nlattr.c
@@ -87,6 +87,9 @@ static int validate_nla(const struct nlattr *nla, int maxtype,
 	}
 
 	switch (pt->type) {
+	case NLA_REJECT:
+		return -EINVAL;
+
 	case NLA_FLAG:
 		if (attrlen > 0)
 			return -ERANGE;
-- 
2.14.4

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [RFC] netlink: add NLA_REJECT policy type
  2018-09-12  7:32 [RFC] netlink: add NLA_REJECT policy type Johannes Berg
@ 2018-09-12  8:16 ` Michal Kubecek
  2018-09-12  8:21   ` Johannes Berg
  0 siblings, 1 reply; 3+ messages in thread
From: Michal Kubecek @ 2018-09-12  8:16 UTC (permalink / raw)
  To: Johannes Berg; +Cc: linux-wireless, netdev, Johannes Berg

On Wed, Sep 12, 2018 at 09:32:45AM +0200, Johannes Berg wrote:
> From: Johannes Berg <johannes.berg@intel.com>
> 
> In some situations some netlink attributes may be used for output
> only (kernel->userspace) or may be reserved for future use. It's
> then helpful to be able to prevent userspace from using them in
> messages sent to the kernel, since they'd otherwise be ignored and
> any future will become impossible if this happens.
> 
> Add NLA_REJECT to the policy which does nothing but reject (with
> EINVAL) validation of any messages containing this attribute.
> 
> The specific case I have in mind now is a shared nested attribute
> containing request/response data, and it would be pointless and
> potentially confusing to have userspace include response data in
> the messages that actually contain a request.

I find this feature very useful. Actually, I was a bit surprised when
I found I can't mark an attribute "forbidden" using policy.

IMHO it would be even nicer if one could also specify an error message
to use in extack if NLA_REJECT is applied; the easiest way would be
using .validation_data and passing extack to validate_nla() but I'm not
sure if it wouldn't qualify as an abuse.

Michal Kubecek

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [RFC] netlink: add NLA_REJECT policy type
  2018-09-12  8:16 ` Michal Kubecek
@ 2018-09-12  8:21   ` Johannes Berg
  0 siblings, 0 replies; 3+ messages in thread
From: Johannes Berg @ 2018-09-12  8:21 UTC (permalink / raw)
  To: Michal Kubecek; +Cc: linux-wireless, netdev

On Wed, 2018-09-12 at 10:16 +0200, Michal Kubecek wrote:
> On Wed, Sep 12, 2018 at 09:32:45AM +0200, Johannes Berg wrote:
> > From: Johannes Berg <johannes.berg@intel.com>
> > 
> > In some situations some netlink attributes may be used for output
> > only (kernel->userspace) or may be reserved for future use. It's
> > then helpful to be able to prevent userspace from using them in
> > messages sent to the kernel, since they'd otherwise be ignored and
> > any future will become impossible if this happens.
> > 
> > Add NLA_REJECT to the policy which does nothing but reject (with
> > EINVAL) validation of any messages containing this attribute.
> > 
> > The specific case I have in mind now is a shared nested attribute
> > containing request/response data, and it would be pointless and
> > potentially confusing to have userspace include response data in
> > the messages that actually contain a request.
> 
> I find this feature very useful. Actually, I was a bit surprised when
> I found I can't mark an attribute "forbidden" using policy.

:-)

> IMHO it would be even nicer if one could also specify an error message
> to use in extack if NLA_REJECT is applied; the easiest way would be
> using .validation_data and passing extack to validate_nla() but I'm not
> sure if it wouldn't qualify as an abuse.

I think it's fine - validation data is by nature validation type
dependent, so we can document it here. I'll send a v2.

johannes

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-09-12 13:24 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-12  7:32 [RFC] netlink: add NLA_REJECT policy type Johannes Berg
2018-09-12  8:16 ` Michal Kubecek
2018-09-12  8:21   ` Johannes Berg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).