summaryrefslogtreecommitdiffstats
path: root/net/netlink
diff options
context:
space:
mode:
authorJakub Kicinski <kuba@kernel.org>2020-10-05 15:07:38 -0700
committerDavid S. Miller <davem@davemloft.net>2020-10-06 06:25:55 -0700
commitbdbb4e29df8b790db50cb73ce25d23543329f05f (patch)
tree78ff81363b9aec24e5199bf9082bcab104883209 /net/netlink
parentddcf3b70c5ae8444e920d28e30e7ad4e866c8015 (diff)
downloadlinux-stable-bdbb4e29df8b790db50cb73ce25d23543329f05f.tar.gz
linux-stable-bdbb4e29df8b790db50cb73ce25d23543329f05f.tar.bz2
linux-stable-bdbb4e29df8b790db50cb73ce25d23543329f05f.zip
netlink: add mask validation
We don't have good validation policy for existing unsigned int attrs which serve as flags (for new ones we could use NLA_BITFIELD32). With increased use of policy dumping having the validation be expressed as part of the policy is important. Add validation policy in form of a mask of supported/valid bits. Support u64 in the uAPI to be future-proof, but really for now the embedded mask member can only hold 32 bits, so anything with bit 32+ set will always fail validation. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netlink')
-rw-r--r--net/netlink/policy.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/net/netlink/policy.c b/net/netlink/policy.c
index cf23c0151721..ee26d01328ee 100644
--- a/net/netlink/policy.c
+++ b/net/netlink/policy.c
@@ -263,6 +263,14 @@ send_attribute:
else
type = NL_ATTR_TYPE_U64;
+ if (pt->validation_type == NLA_VALIDATE_MASK) {
+ if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MASK,
+ pt->mask,
+ NL_POLICY_TYPE_ATTR_PAD))
+ goto nla_put_failure;
+ break;
+ }
+
nla_get_range_unsigned(pt, &range);
if (nla_put_u64_64bit(skb, NL_POLICY_TYPE_ATTR_MIN_VALUE_U,