Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp5393367rwb; Tue, 1 Aug 2023 01:34:56 -0700 (PDT) X-Google-Smtp-Source: APBJJlE5OrN7WN2MH/mf7Mnoy40onD8dgnfFIfw9RRrsVg7upeSYyeDdQvVToSnBSdP/lVhZMsvu X-Received: by 2002:a05:6a00:130f:b0:668:8705:57dd with SMTP id j15-20020a056a00130f00b00668870557ddmr11463343pfu.28.1690878896544; Tue, 01 Aug 2023 01:34:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690878896; cv=none; d=google.com; s=arc-20160816; b=VpKNbl3PgO8yb4pTHhZ/tCQF2oMCbooX/VYrSt+q9nf0hQIDKoIbuFLL+7J+A244Pe zVHEJB2ZWBd2GyzNNteS3sBBYb2texmbFag3abLXm7FT7wpl5NDQV9UpJIVhDsscaYMO CHQpN015n7MIsdLz+m2rBy0awWH//CnSXG/HJuCC7o1hEA5uaAlwT2Clt+qstCkK88qV 2UtQ/9FlzoTG1+TO8Wo0IStOhulSOI+bV8/XNIpq4Yf3vK21tpc/YipYvjIrBW/ESWbQ /lu0LWflgPOEkLvbJAK8xjBnuWItnm7npahoPLuP+bc/WHAZcQrWbaoHBCeups3mW31o oNEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=hJojAXCm61c80Jbn+BeyeFgbGd9hCH1NppyCufrP3mM=; fh=vUqy5cGqQXuLu6UdvYBk3LZ6Z8UBCJbnKez/dMXXju0=; b=qIijbB00PJVYXzBuqmnuWsgvF+hj7c5W8bc66soyoqczgqQGiesIU1IiGwXMhK3zKi zo03OTw7Is9rH7AToz5q0poj2MMbdZrJ1j60ZOiFx80d5XOD4ZVKCWq/K8Xm/udOk3Wy 5US7I8d4JfevmvYl4e0Ew3rolkzGuecP3bdbppcKJemjLeLzAaUCD3j9iZqwxGaBlcQD 3qrDnkE9KCr51M1E6VTmk2vzoPXl0dfzShNyjvLYkFuug3yic2vjr2tGe+CADfC/PRgJ g4UQHoRx1lUo0YO1Wf99z9U7m+IYOQuQmSarqyRAzqE3W+JGLyBUJJ3CMWynmk5ULwDq h9ZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="XIPfK86/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j9-20020a056a00174900b006874bd81592si1807425pfc.139.2023.08.01.01.34.44; Tue, 01 Aug 2023 01:34:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="XIPfK86/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232165AbjHAIP6 (ORCPT + 99 others); Tue, 1 Aug 2023 04:15:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36394 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232158AbjHAIPz (ORCPT ); Tue, 1 Aug 2023 04:15:55 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 65E901FF0; Tue, 1 Aug 2023 01:15:46 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CAF1461493; Tue, 1 Aug 2023 08:15:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 67930C433C8; Tue, 1 Aug 2023 08:15:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690877745; bh=WcMY7k07HhPU+xuvq3b3NbrbeI3Y0arTLnE3joJ1lKQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=XIPfK86/vV7EtTLomxgkhmuqgbPfy194dvv6vCpANsdsCSldUvf9YOYi+24fj9KwL hUNcXa9X7gcgLTHnMrrF9aa+MvLdyHIjCRYispcmrPMxq2dS5hhvLmw9jkQi6KkFnq QkVSfXhnN8/65PXdWQ105b7w5eb7J1RIM60YiU4Rh7JLXcXURElPPvbS0fFBtBNnWw 3yiYljdHmSIf5II0J7djpinUk7vNBEekemNvilfmBY10Ct7DkwdMXCdNUqMxovz1Df LJw7SlFEj+TWlmchWyntP8UDn+8RSjrqL0d+H40+RTWlmavjJY9CSjHQ3Z3D4EloDz FWYQIScjlQ0tg== Date: Tue, 1 Aug 2023 11:15:40 +0300 From: Leon Romanovsky To: Lin Ma Cc: Jakub Kicinski , jgg@ziepe.ca, markzhang@nvidia.com, michaelgur@nvidia.com, ohartoov@nvidia.com, chenzhongjin@huawei.com, yuancan@huawei.com, linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v1] RDMA/nldev: Add length check for IFLA_BOND_ARP_IP_TARGET parsing Message-ID: <20230801081540.GB53714@unreal> References: <20230723074504.3706691-1-linma@zju.edu.cn> <20230724174707.GB11388@unreal> <3c0760b5.e264b.1898a6368f8.Coremail.linma@zju.edu.cn> <20230725052557.GI11388@unreal> <20230725101405.4cd51059@kernel.org> <20230725183924.GS11388@unreal> <7a2e7314.ee8a2.189abf00b34.Coremail.linma@zju.edu.cn> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7a2e7314.ee8a2.189abf00b34.Coremail.linma@zju.edu.cn> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 31, 2023 at 08:33:02PM +0800, Lin Ma wrote: > Hello there, > > > > > > Yeah I have seen that. Just as Jakub said, empty netlink attributes are valid > > > > > (they are viewed as flag). The point is that different attribute has different > > > > > length requirement. For this specific code, the RDMA_NLDEV_ATTR_STAT_HWCOUNTERS > > > > > attribute is a nested one whose inner attributes should be NLA_U32. But as you > > > > > can see in variable nldev_policy, the description does not use nested policy to > > > > > enfore that, which results in the bug discussed in my commit message. > > > > > > > > > > [RDMA_NLDEV_ATTR_STAT_HWCOUNTERS] = { .type = NLA_NESTED }, > > > > > > > > > > The elegant fix could be add the nested policy description to nldev_policy while > > > > > this is toublesome as no existing nla_attr has been given to this nested nlattr. > > > > > Hence, add the length check is the simplest solution and you can see such nla_len > > > > > check code all over the kernel. > > > > > > > > Right, and this is what bothers me. > > > > > > > > I would more than happy to change nla_for_each_nested() to be something > > > > like nla_for_each_nested_type(...., sizeof(u32)), which will skip empty > > > > lines, for code which can't have them. > > > > > > In general the idea of auto-skipping stuff kernel doesn't recognize > > > is a bit old school. Better direction would be extending the policy > > > validation to cover use cases for such loops. > > > > I'm all in for any solution which will help for average developer to write > > netlink code without mistakes. > > > > Thanks > > I have just come out a new solution for such length issues. Please see > * https://lore.kernel.org/all/20230731121247.3972783-1-linma@zju.edu.cn/T/#u > * https://lore.kernel.org/all/20230731121324.3973136-1-linma@zju.edu.cn/T/#u > > I'm not sure adding additional validation logic in the main nlattr code is > the best solution. Still, after investigating the code, the len field can > be very suitable for handling the NLA_NESTED cases here. And the developer > can do manual parsing with better nla_policy-based checking too. > > If this idea is applied, I will also write a script to clean up other > nla_len patches based on the nla_policy check. It looks like Jakub didn't like the idea and we will need to add your sizeof checks all other the place. Thanks > > Regards > Lin