Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v5.11.9 2020-11-16T16:08:54Z 2020-11-16T16:08:54Z Francis Laniel laniel_francis@privacyrequired.com 2020-11-15T17:08:06Z urn:sha1:872f690341948b502c93318f806d821c56772c42 Calls to nla_strlcpy are now replaced by calls to nla_strscpy which is the new name of this function. Signed-off-by: Francis Laniel <laniel_francis@privacyrequired.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2020-11-16T16:08:54Z Francis Laniel laniel_francis@privacyrequired.com 2020-11-15T17:08:05Z urn:sha1:9ca718743ad8402958637bfc196d7b62371a1b9f nla_strlcpy now returns -E2BIG if src was truncated when written to dst. It also returns this error value if dstsize is 0 or higher than INT_MAX. For example, if src is "foo\0" and dst is 3 bytes long, the result will be: 1. "foG" after memcpy (G means garbage). 2. "fo\0" after memset. 3. -E2BIG is returned because src was not completely written into dst. The callers of nla_strlcpy were modified to take into account this modification. Signed-off-by: Francis Laniel <laniel_francis@privacyrequired.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2020-10-10T03:22:32Z Johannes Berg johannes.berg@intel.com 2020-10-08T10:45:17Z urn:sha1:44f3625bc61653ea3bde9960298faf2f5518fda5 Add a new attribute NLMSGERR_ATTR_POLICY to the extended ACK to advertise the policy, e.g. if an attribute was out of range, you'll know the range that's permissible. Add new NL_SET_ERR_MSG_ATTR_POL() and NL_SET_ERR_MSG_ATTR_POL() macros to set this, since realistically it's only useful to do this when the bad attribute (offset) is also returned. Use it in lib/nlattr.c which practically does all the policy validation. v2: - add and use netlink_policy_dump_attr_size_estimate() v3: - remove redundant break v4: - really remove redundant break ... sorry Reviewed-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2020-10-06T13:25:55Z Jakub Kicinski kuba@kernel.org 2020-10-05T22:07:38Z urn:sha1:bdbb4e29df8b790db50cb73ce25d23543329f05f We don't have good validation policy for existing unsigned int attrs which serve as flags (for new ones we could use NLA_BITFIELD32). With increased use of policy dumping having the validation be expressed as part of the policy is important. Add validation policy in form of a mask of supported/valid bits. Support u64 in the uAPI to be future-proof, but really for now the embedded mask member can only hold 32 bits, so anything with bit 32+ set will always fail validation. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-10-06T13:25:55Z Jakub Kicinski kuba@kernel.org 2020-10-05T22:07:37Z urn:sha1:ddcf3b70c5ae8444e920d28e30e7ad4e866c8015 There's a number of policies which check if type is a uint or sint. Factor the checking against the list of value sizes to a helper for easier reuse. v2: - new patch Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-10-03T21:18:29Z Johannes Berg johannes.berg@intel.com 2020-10-03T08:44:43Z urn:sha1:04a351a62bd4be1dbcc88fae69b990362d88ffe5 Rework the policy dump code a bit to support adding multiple policies to a single dump, in order to e.g. support per-op policies in generic netlink. v2: - move kernel-doc to implementation [Jakub] - squash the first patch to not flip-flop on the prototype [Jakub] - merge netlink_policy_dump_get_policy_idx() with the old get_policy_idx() we already had - rebase without Jakub's patch to have per-op dump Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-10-03T02:11:12Z Jakub Kicinski kuba@kernel.org 2020-10-02T21:49:55Z urn:sha1:adc848450ff84e961cf7966b8a475889a92a9fd3 Whenever netlink dump uses more than 2 cb->args[] entries code gets hard to read. We're about to add more state to ctrl_dumppolicy() so create a structure. Since the structure is typed and clearly named we can remove the local fam_id variable and use ctx->fam_id directly. v3: - rebase onto explicit free fix v1: - s/nl_policy_dump/netlink_policy_dump_state/ - forward declare struct netlink_policy_dump_state, and move from passing unsigned long to actual pointer type - add build bug on - u16 fam_id - s/args/ctx/ Signed-off-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-10-02T20:07:42Z Johannes Berg johannes.berg@intel.com 2020-10-02T07:46:04Z urn:sha1:949ca6b82e43b342dba153a9fd643fb1b5e9f034 [ Upstream commit a95bc734e60449e7b073ff7ff70c35083b290ae9 ] If userspace doesn't complete the policy dump, we leak the allocated state. Fix this. Fixes: d07dcf9aadd6 ("netlink: add infrastructure to expose policies to userspace") Signed-off-by: Johannes Berg <johannes.berg@intel.com> Reviewed-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-09-22T23:45:34Z David S. Miller davem@davemloft.net 2020-09-22T23:45:34Z urn:sha1:3ab0a7a0c349a1d7beb2bb371a62669d1528269d Two minor conflicts: 1) net/ipv4/route.c, adding a new local variable while moving another local variable and removing it's initial assignment. 2) drivers/net/dsa/microchip/ksz9477.c, overlapping changes. One pretty prints the port mode differently, whilst another changes the driver to try and obtain the port mode from the port node rather than the switch node. Signed-off-by: David S. Miller <davem@davemloft.net> 2020-09-10T22:13:43Z Nicolas Dichtel nicolas.dichtel@6wind.com 2020-09-10T13:34:39Z urn:sha1:553d87b658fed0e22a0f86b4f1b093c39d3e3074 There is no @validate argument. CC: Johannes Berg <johannes.berg@intel.com> Fixes: 3de644035446 ("netlink: re-add parse/validate functions in strict mode") Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>