diff options
author | Jakub Kicinski <kuba@kernel.org> | 2020-10-05 15:07:38 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2020-10-06 06:25:55 -0700 |
commit | bdbb4e29df8b790db50cb73ce25d23543329f05f (patch) | |
tree | 78ff81363b9aec24e5199bf9082bcab104883209 /net/netlink | |
parent | ddcf3b70c5ae8444e920d28e30e7ad4e866c8015 (diff) | |
download | linux-stable-bdbb4e29df8b790db50cb73ce25d23543329f05f.tar.gz linux-stable-bdbb4e29df8b790db50cb73ce25d23543329f05f.tar.bz2 linux-stable-bdbb4e29df8b790db50cb73ce25d23543329f05f.zip |
netlink: add mask validation
We don't have good validation policy for existing unsigned int attrs
which serve as flags (for new ones we could use NLA_BITFIELD32).
With increased use of policy dumping having the validation be
expressed as part of the policy is important. Add validation
policy in form of a mask of supported/valid bits.
Support u64 in the uAPI to be future-proof, but really for now
the embedded mask member can only hold 32 bits, so anything with
bit 32+ set will always fail validation.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netlink')
-rw-r--r-- | net/netlink/policy.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/net/netlink/policy.c b/net/netlink/policy.c index cf23c0151721..ee26d01328ee 100644 --- a/net/netlink/policy.c +++ b/net/netlink/policy.c @@ -263,6 +263,14 @@ send_attribute: else type = NL_ATTR_TYPE_U64; + if (pt->validation_type == NLA_VALIDATE_MASK) { + if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MASK, + pt->mask, + NL_POLICY_TYPE_ATTR_PAD)) + goto nla_put_failure; + break; + } + nla_get_range_unsigned(pt, &range); if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_U, |