Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp7278344yba; Thu, 2 May 2019 07:18:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqwmbQGJJAoFkUrTqPKJDPnO5ZQvab4vIliWeux+3MtTWrw6NZSAiGx6+pLopSKdy93Lsk67 X-Received: by 2002:a63:6942:: with SMTP id e63mr4223863pgc.102.1556806727770; Thu, 02 May 2019 07:18:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556806727; cv=none; d=google.com; s=arc-20160816; b=0TmH9EMKRVCg3/9LLhTB4Fensw/hN46PqlMF+MaX1sy9stQD+w9XC0ngEqg0Ta+Fo0 uod/61mfp6q6NMsmWz0TolvMjelOxvJzpeBW1CzDJJWTIL+oNeFATvZazumTaaFKhk8G XMonPVEM9sVBqHS9ShqH99jcTAyvejhK7hKv24jUTaSqX+CTie22YRu33WKSLtDK42Qy Lc5BGK+PP8il3gInXmkTVwS/J3uoapPGlBv6+N6jxM1neu6gByC8YDASzHElqnnsnbuC LYGcf3hk75s9xiH+zB8ND+Mcwr9RkWKke8RoohIHoIou3L1plv7xyd5VJOYD2LN3FbRO 6Lwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:date:cc:to:subject:from:message-id; bh=UHmF/x4T8XpgsmXsTexmutLkRWnIypQ4MiUbazZYfxw=; b=A6RXsfggMmQ5zJKbi7v9qmxH/d4doPgiBCBRqWo3M8mrsd4194iBwC6HnmORS/BlV9 VdmGeVlHWdcP3GO/buvKCROnuYYVU2M9rHuUGUu55EZujIpJPlMZSdN1vtcVyujmqOu1 GtJaiPDZW+BctGfXNPdRwPvSuEAy+67oKGXEiBeO0VUzZih/JcAPKMRJKvinMAKKi4kL 31upEbSRZKI3jNHFabpvoYuCvO/TzVIlGNIzpIxT8qAZUypgDT43Uk3vAVb0p25YuBNK rAvyr053NtOslq1sPLoJXZ2QulcDH0XAIOEp2rlNGSZPquohaAA3tlP8zHKRMhZsWNDL l+gA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j127si47518484pfb.25.2019.05.02.07.18.32; Thu, 02 May 2019 07:18:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726501AbfEBOPb (ORCPT + 99 others); Thu, 2 May 2019 10:15:31 -0400 Received: from mx2.suse.de ([195.135.220.15]:51418 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726385AbfEBOPM (ORCPT ); Thu, 2 May 2019 10:15:12 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id A6FF9AE47; Thu, 2 May 2019 14:15:11 +0000 (UTC) Received: by unicorn.suse.cz (Postfix, from userid 1000) id CA511E0117; Thu, 2 May 2019 16:15:10 +0200 (CEST) Message-Id: From: Michal Kubecek Subject: [PATCH net-next v2 0/3] netlink: strict attribute checking follow-up To: "David S. Miller" Cc: netdev@vger.kernel.org, Johannes Berg , David Ahern , linux-kernel@vger.kernel.org Date: Thu, 2 May 2019 16:15:10 +0200 (CEST) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Three follow-up patches for recent strict netlink validation series. Patch 1 fixes dump handling for genetlink families which validate and parse messages themselves (e.g. because they need different policies for diferent commands). Patch 2 sets bad_attr in extack in one place where this was omitted. Patch 3 adds new NL_VALIDATE_NESTED flags for strict validation to enable checking that NLA_F_NESTED value in received messages matches expectations and includes this flag in NL_VALIDATE_STRICT. This would change userspace visible behavior but the previous switching to NL_VALIDATE_STRICT for new code is still only in net-next at the moment. v2: change error messages to mention NLA_F_NESTED explicitly Michal Kubecek (3): genetlink: do not validate dump requests if there is no policy netlink: set bad attribute also on maxtype check netlink: add validation of NLA_F_NESTED flag include/net/netlink.h | 11 ++++++++++- lib/nlattr.c | 18 +++++++++++++++++- net/netlink/genetlink.c | 24 ++++++++++++++---------- 3 files changed, 41 insertions(+), 12 deletions(-) -- 2.21.0