Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp10644524ybi; Thu, 25 Jul 2019 02:59:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqztlBnn60P2sT9oOPJtVt6CmT0aB+29HGEmNoL1VbfnCbggmKKmMdKJJ4xqVdmg2DZa67Ji X-Received: by 2002:a62:e801:: with SMTP id c1mr15928283pfi.41.1564048787542; Thu, 25 Jul 2019 02:59:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564048787; cv=none; d=google.com; s=arc-20160816; b=yci/gp/ouCVdx8Hq6jrF4ahwR2vR4HlCURn95MwEGMvRRaoFZZeo2Y1frbPyHUaH1Q PevzmxshxIoErYXpOvMYDg37yDgfzRzzjLKsR6YiNnXdge+Xsc+ih0al5i2hxMaIkQ7p lFQpWwqzPZ93Mu9Me1j0ttQVz6TCegRE5VgX2gVaGb3r70Ydur3MMo8LyyI6IkLZnu5N 2McS3zxYRwZ+2CV+BMaKDtOunRX6mJ/RpnwypHeysEqPuaunYUq17BGbOOkVgvCZG1Om RAS0RBMoUui3VVOBDxPHGXkbOfU15MlxUJAQNF9U4wYhPnApLEfgKxzoxhIixos2emNY icwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=aGeqbbaRQz52Mrxm18aXtkYJrSyeGJbcuPy0BL4Y1Vs=; b=Rcrl+0jr2/QQOzWHi+6SUbfL53fclxpgBdTYf9SAwLA8nG14ATZEvYnFJ0ecfEm0i0 9ge7BkFHOH7MfFQwNk89AbZYWNn9HSOb+ri5bDioy5VzO5HwugkqZ+uDXntqh0M34XeN 49jxFXw1KR7hJaBbDvKUzGc9ViF09XAK7Eg7so/uZF2w1K1VrUq62QTSBUXUTkNChLmx +ubaucXQAE9MWWXShXYeKGDf6oVy5AQPMOp8IFTx8n+W/r+tANfHo9agWPiSsRpQVDjD NyFtWuZ4r39jDjQyrChUylRPfAhS59LjZ+u6fRUGELS2GRF+4nZRCK82WUIr8ZXhTi1z ovOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=uEwcJavH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l62si15917134pgd.24.2019.07.25.02.59.29; Thu, 25 Jul 2019 02:59:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=uEwcJavH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389334AbfGYCq2 (ORCPT + 99 others); Wed, 24 Jul 2019 22:46:28 -0400 Received: from mail-pl1-f193.google.com ([209.85.214.193]:34131 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388165AbfGYCq1 (ORCPT ); Wed, 24 Jul 2019 22:46:27 -0400 Received: by mail-pl1-f193.google.com with SMTP id i2so22793904plt.1; Wed, 24 Jul 2019 19:46:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=aGeqbbaRQz52Mrxm18aXtkYJrSyeGJbcuPy0BL4Y1Vs=; b=uEwcJavHy2kklEv19UdZJTg8zda6WO/bZLW9FDuWCcIXLJCQz1IYlkWkQFwiJXgaSr z2Ew6K9ayMT6PYMIW8SaX0ASAjZHghbYNkPsc6zYcJylNVC2cFJYVyBxrvThd0xAp6gd mOXZOpzhvGy+u0bar9h7GDanOG1NQXF6DrpbIrkKY6p9GfWTJKMzpNU30MODTgRYgVYj 6NnFwXJO0yrRfCuMqna6kieSCzG9sXYdgxPiZ6GPbUHeUmPnferi5Q+e9sarf2n7ayNS 8GHQXgSuGsTBk3nqdL42iyCJ6gsiSFaFa2E0C0L9Aqpz8JgrHjN2MEXEzATMO2fRfbe6 Ylrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=aGeqbbaRQz52Mrxm18aXtkYJrSyeGJbcuPy0BL4Y1Vs=; b=kOoXG/DcrsWf77KLDYy3iP6e+4PFO7JtDFXKUoqrDYekE5fAM4ot2z9BoTuzyz4yXR fTOFt0OMsl9E18UeTg6zWg2SK8ouWetrR+h7rdPG0Aa7Dja/hovaixMJx18oxxkofM8K T+0ASSMIjJ8HBIMWvTohDpYLsHdKoR4EdfGY1c7Qc+rEIlaX/4xT+t/lFis+pZBT57v2 g3SsOd4/6PH/mfGpFehLPQYMW3Ost1aiub1lAYpv8M7nFhIzffP9sC4y4eAZ0vNQwdxu 5754nv311sTQ+MEY8DKyk5s2h03hzt9CJE7VK9TJxKl1HkHi1y+dJTgWVuEi3dEdR8sa UEAA== X-Gm-Message-State: APjAAAWPjg0qeeYhhPm1NbFqpc+7UlrlvzDlUnibotSkRIQlKVhH77NT tVddQ5R0vPvy7rAJ96A3ZU7MzsOkAEA= X-Received: by 2002:a17:902:8490:: with SMTP id c16mr90566604plo.1.1564022786580; Wed, 24 Jul 2019 19:46:26 -0700 (PDT) Received: from [172.27.227.155] ([216.129.126.118]) by smtp.googlemail.com with ESMTPSA id 14sm46295162pfy.40.2019.07.24.19.46.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Jul 2019 19:46:25 -0700 (PDT) Subject: Re: [PATCH net-next v2 3/3] netlink: add validation of NLA_F_NESTED flag To: Thomas Haller , Michal Kubecek , "David S. Miller" Cc: netdev@vger.kernel.org, Johannes Berg , linux-kernel@vger.kernel.org References: <6b6ead21c5d8436470b82ab40355f6bd7dbbf14b.1556806084.git.mkubecek@suse.cz> <0fc58a4883f6656208b9250876e53d723919e342.camel@redhat.com> From: David Ahern Message-ID: <8e4ba571-de11-8448-c44c-cbc7024ab9a4@gmail.com> Date: Wed, 24 Jul 2019 19:46:22 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <0fc58a4883f6656208b9250876e53d723919e342.camel@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7/23/19 1:57 AM, Thomas Haller wrote: > Does this flag and strict validation really provide any value? Commonly a netlink message > is a plain TLV blob, and the meaning depends entirely on the policy. Strict checking enables kernel side filtering and other features that require passing attributes as part of the dump request - like address dumps in a specific namespace.