diff options
| author | David S. Miller <davem@davemloft.net> | 2020-08-18 12:28:45 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2020-08-18 12:28:45 -0700 |
| commit | 396fc59e390429e87584d162462c1555fd64576a (patch) | |
| tree | d82231bd12bd50475c0eada026b3220f445292ec /net/sched/act_ct.c | |
| parent | 06a4ec1d9dc652e17ee3ac2ceb6c7cf6c2b75cdd (diff) | |
| parent | 8aa26c575fb343ebde810b30dad0cba7d8121efb (diff) | |
| download | linux-396fc59e390429e87584d162462c1555fd64576a.tar.gz linux-396fc59e390429e87584d162462c1555fd64576a.tar.bz2 linux-396fc59e390429e87584d162462c1555fd64576a.zip | |
Merge branch 'netlink-allow-NLA_BINARY-length-range-validation'
Johannes Berg says:
====================
netlink: allow NLA_BINARY length range validation
In quite a few places (perhaps particularly in wireless) we need to
validation an NLA_BINARY attribute with both a minimum and a maximum
length. Currently, we can do either of the two, but not both, given
that we have NLA_MIN_LEN (minimum length) and NLA_BINARY (maximum).
Extend the range mechanisms that we use for integer validation to
apply to NLA_BINARY as well.
After converting everything to use NLA_POLICY_MIN_LEN() we can thus
get rid of the NLA_MIN_LEN type since that's now a special case of
NLA_BINARY with a minimum length validation. Similarly, NLA_EXACT_LEN
can be specified using NLA_POLICY_EXACT_LEN() and also maps to the
new NLA_BINARY validation (min == max == desired length).
Finally, NLA_POLICY_EXACT_LEN_WARN() also gets to be a somewhat
special case of this.
I haven't included the patch here now that converts nl82011 to use
this because it doesn't apply without another cleanup patch, but
we can remove a number of hand-coded min/max length checks and get
better error messages from the general validation code while doing
that.
As I had originally built the netlink policy export to userspace in
a way that has min/max length for NLA_BINARY (for the types that we
used to call NLA_MIN_LEN, NLA_BINARY and NLA_EXACT_LEN) anyway, it
doesn't really change anything there except that now there's a chance
that userspace sees min length < max length, which previously wasn't
possible.
v2:
* fix the min<max comment to correctly say min<=max
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sched/act_ct.c')
| -rw-r--r-- | net/sched/act_ct.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c index e6ad42b11835..db25a0dc0f57 100644 --- a/net/sched/act_ct.c +++ b/net/sched/act_ct.c @@ -1039,7 +1039,7 @@ drop: static const struct nla_policy ct_policy[TCA_CT_MAX + 1] = { [TCA_CT_ACTION] = { .type = NLA_U16 }, - [TCA_CT_PARMS] = { .type = NLA_EXACT_LEN, .len = sizeof(struct tc_ct) }, + [TCA_CT_PARMS] = NLA_POLICY_EXACT_LEN(sizeof(struct tc_ct)), [TCA_CT_ZONE] = { .type = NLA_U16 }, [TCA_CT_MARK] = { .type = NLA_U32 }, [TCA_CT_MARK_MASK] = { .type = NLA_U32 }, @@ -1049,10 +1049,8 @@ static const struct nla_policy ct_policy[TCA_CT_MAX + 1] = { .len = 128 / BITS_PER_BYTE }, [TCA_CT_NAT_IPV4_MIN] = { .type = NLA_U32 }, [TCA_CT_NAT_IPV4_MAX] = { .type = NLA_U32 }, - [TCA_CT_NAT_IPV6_MIN] = { .type = NLA_EXACT_LEN, - .len = sizeof(struct in6_addr) }, - [TCA_CT_NAT_IPV6_MAX] = { .type = NLA_EXACT_LEN, - .len = sizeof(struct in6_addr) }, + [TCA_CT_NAT_IPV6_MIN] = NLA_POLICY_EXACT_LEN(sizeof(struct in6_addr)), + [TCA_CT_NAT_IPV6_MAX] = NLA_POLICY_EXACT_LEN(sizeof(struct in6_addr)), [TCA_CT_NAT_PORT_MIN] = { .type = NLA_U16 }, [TCA_CT_NAT_PORT_MAX] = { .type = NLA_U16 }, }; |