Commit 8cca3397 authored by David S. Miller's avatar David S. Miller

Merge branch 'netlink-strict-attribute-checking-follow-up'

Michal Kubecek says:

====================
netlink: strict attribute checking follow-up

Three follow-up patches for recent strict netlink validation series.

Patch 1 fixes dump handling for genetlink families which validate and parse
messages themselves (e.g. because they need different policies for diferent
commands).

Patch 2 sets bad_attr in extack in one place where this was omitted.

Patch 3 adds new NL_VALIDATE_NESTED flags for strict validation to enable
checking that NLA_F_NESTED value in received messages matches expectations
and includes this flag in NL_VALIDATE_STRICT. This would change userspace
visible behavior but the previous switching to NL_VALIDATE_STRICT for new
code is still only in net-next at the moment.

v2: change error messages to mention NLA_F_NESTED explicitly
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 5eabc27d b424e432
...@@ -401,6 +401,8 @@ struct nl_info { ...@@ -401,6 +401,8 @@ struct nl_info {
* are enforced going forward. * are enforced going forward.
* @NL_VALIDATE_STRICT_ATTRS: strict attribute policy parsing (e.g. * @NL_VALIDATE_STRICT_ATTRS: strict attribute policy parsing (e.g.
* U8, U16, U32 must have exact size, etc.) * U8, U16, U32 must have exact size, etc.)
* @NL_VALIDATE_NESTED: Check that NLA_F_NESTED is set for NLA_NESTED(_ARRAY)
* and unset for other policies.
*/ */
enum netlink_validation { enum netlink_validation {
NL_VALIDATE_LIBERAL = 0, NL_VALIDATE_LIBERAL = 0,
...@@ -408,6 +410,7 @@ enum netlink_validation { ...@@ -408,6 +410,7 @@ enum netlink_validation {
NL_VALIDATE_MAXTYPE = BIT(1), NL_VALIDATE_MAXTYPE = BIT(1),
NL_VALIDATE_UNSPEC = BIT(2), NL_VALIDATE_UNSPEC = BIT(2),
NL_VALIDATE_STRICT_ATTRS = BIT(3), NL_VALIDATE_STRICT_ATTRS = BIT(3),
NL_VALIDATE_NESTED = BIT(4),
}; };
#define NL_VALIDATE_DEPRECATED_STRICT (NL_VALIDATE_TRAILING |\ #define NL_VALIDATE_DEPRECATED_STRICT (NL_VALIDATE_TRAILING |\
...@@ -415,7 +418,8 @@ enum netlink_validation { ...@@ -415,7 +418,8 @@ enum netlink_validation {
#define NL_VALIDATE_STRICT (NL_VALIDATE_TRAILING |\ #define NL_VALIDATE_STRICT (NL_VALIDATE_TRAILING |\
NL_VALIDATE_MAXTYPE |\ NL_VALIDATE_MAXTYPE |\
NL_VALIDATE_UNSPEC |\ NL_VALIDATE_UNSPEC |\
NL_VALIDATE_STRICT_ATTRS) NL_VALIDATE_STRICT_ATTRS |\
NL_VALIDATE_NESTED)
int netlink_rcv_skb(struct sk_buff *skb, int netlink_rcv_skb(struct sk_buff *skb,
int (*cb)(struct sk_buff *, struct nlmsghdr *, int (*cb)(struct sk_buff *, struct nlmsghdr *,
...@@ -1132,6 +1136,11 @@ static inline int nla_parse_nested(struct nlattr *tb[], int maxtype, ...@@ -1132,6 +1136,11 @@ static inline int nla_parse_nested(struct nlattr *tb[], int maxtype,
const struct nla_policy *policy, const struct nla_policy *policy,
struct netlink_ext_ack *extack) struct netlink_ext_ack *extack)
{ {
if (!(nla->nla_type & NLA_F_NESTED)) {
NL_SET_ERR_MSG_ATTR(extack, nla, "NLA_F_NESTED is missing");
return -EINVAL;
}
return __nla_parse(tb, maxtype, nla_data(nla), nla_len(nla), policy, return __nla_parse(tb, maxtype, nla_data(nla), nla_len(nla), policy,
NL_VALIDATE_STRICT, extack); NL_VALIDATE_STRICT, extack);
} }
......
...@@ -184,6 +184,21 @@ static int validate_nla(const struct nlattr *nla, int maxtype, ...@@ -184,6 +184,21 @@ static int validate_nla(const struct nlattr *nla, int maxtype,
} }
} }
if (validate & NL_VALIDATE_NESTED) {
if ((pt->type == NLA_NESTED || pt->type == NLA_NESTED_ARRAY) &&
!(nla->nla_type & NLA_F_NESTED)) {
NL_SET_ERR_MSG_ATTR(extack, nla,
"NLA_F_NESTED is missing");
return -EINVAL;
}
if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY &&
pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) {
NL_SET_ERR_MSG_ATTR(extack, nla,
"NLA_F_NESTED not expected");
return -EINVAL;
}
}
switch (pt->type) { switch (pt->type) {
case NLA_EXACT_LEN: case NLA_EXACT_LEN:
if (attrlen != pt->len) if (attrlen != pt->len)
...@@ -356,7 +371,8 @@ static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype, ...@@ -356,7 +371,8 @@ static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype,
if (type == 0 || type > maxtype) { if (type == 0 || type > maxtype) {
if (validate & NL_VALIDATE_MAXTYPE) { if (validate & NL_VALIDATE_MAXTYPE) {
NL_SET_ERR_MSG(extack, "Unknown attribute type"); NL_SET_ERR_MSG_ATTR(extack, nla,
"Unknown attribute type");
return -EINVAL; return -EINVAL;
} }
continue; continue;
......
...@@ -537,22 +537,26 @@ static int genl_family_rcv_msg(const struct genl_family *family, ...@@ -537,22 +537,26 @@ static int genl_family_rcv_msg(const struct genl_family *family,
return -EOPNOTSUPP; return -EOPNOTSUPP;
if (!(ops->validate & GENL_DONT_VALIDATE_DUMP)) { if (!(ops->validate & GENL_DONT_VALIDATE_DUMP)) {
unsigned int validate = NL_VALIDATE_STRICT;
int hdrlen = GENL_HDRLEN + family->hdrsize; int hdrlen = GENL_HDRLEN + family->hdrsize;
if (ops->validate & GENL_DONT_VALIDATE_DUMP_STRICT)
validate = NL_VALIDATE_LIBERAL;
if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen))
return -EINVAL; return -EINVAL;
if (family->maxattr) {
unsigned int validate = NL_VALIDATE_STRICT;
if (ops->validate &
GENL_DONT_VALIDATE_DUMP_STRICT)
validate = NL_VALIDATE_LIBERAL;
rc = __nla_validate(nlmsg_attrdata(nlh, hdrlen), rc = __nla_validate(nlmsg_attrdata(nlh, hdrlen),
nlmsg_attrlen(nlh, hdrlen), nlmsg_attrlen(nlh, hdrlen),
family->maxattr, family->policy, family->maxattr,
family->policy,
validate, extack); validate, extack);
if (rc) if (rc)
return rc; return rc;
} }
}
if (!family->parallel_ops) { if (!family->parallel_ops) {
struct netlink_dump_control c = { struct netlink_dump_control c = {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment