Cover Letter Detail

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 980253,
    "url": "http://patchwork.ozlabs.org/api/covers/980253/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/netdev/cover/20181008031644.15989-1-dsahern@kernel.org/",
    "project": {
        "id": 7,
        "url": "http://patchwork.ozlabs.org/api/projects/7/?format=api",
        "name": "Linux network development",
        "link_name": "netdev",
        "list_id": "netdev.vger.kernel.org",
        "list_email": "netdev@vger.kernel.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20181008031644.15989-1-dsahern@kernel.org>",
    "list_archive_url": null,
    "date": "2018-10-08T03:16:21",
    "name": "[v2,net-next,00/23] rtnetlink: Add support for rigid checking of data in dump request",
    "submitter": {
        "id": 74101,
        "url": "http://patchwork.ozlabs.org/api/people/74101/?format=api",
        "name": "David Ahern",
        "email": "dsahern@kernel.org"
    },
    "mbox": "http://patchwork.ozlabs.org/project/netdev/cover/20181008031644.15989-1-dsahern@kernel.org/mbox/",
    "series": [
        {
            "id": 69470,
            "url": "http://patchwork.ozlabs.org/api/series/69470/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/netdev/list/?series=69470",
            "date": "2018-10-08T03:16:21",
            "name": "rtnetlink: Add support for rigid checking of data in dump request",
            "version": 2,
            "mbox": "http://patchwork.ozlabs.org/series/69470/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/covers/980253/comments/",
    "headers": {
        "Return-Path": "<netdev-owner@vger.kernel.org>",
        "X-Original-To": "patchwork-incoming-netdev@ozlabs.org",
        "Delivered-To": "patchwork-incoming-netdev@ozlabs.org",
        "Authentication-Results": [
            "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)",
            "ozlabs.org;\n\tdmarc=pass (p=none dis=none) header.from=kernel.org",
            "ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=kernel.org header.i=@kernel.org\n\theader.b=\"JEUysSjO\"; dkim-atps=neutral"
        ],
        "Received": [
            "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 42T5B95nmBz9sCV\n\tfor <patchwork-incoming-netdev@ozlabs.org>;\n\tMon,  8 Oct 2018 14:16:49 +1100 (AEDT)",
            "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1726896AbeJHK0R (ORCPT\n\t<rfc822;patchwork-incoming-netdev@ozlabs.org>);\n\tMon, 8 Oct 2018 06:26:17 -0400",
            "from mail.kernel.org ([198.145.29.99]:42512 \"EHLO mail.kernel.org\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S1725993AbeJHK0R (ORCPT <rfc822;netdev@vger.kernel.org>);\n\tMon, 8 Oct 2018 06:26:17 -0400",
            "from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com\n\t[216.129.126.126])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128\n\tbits)) (No client certificate requested)\n\tby mail.kernel.org (Postfix) with ESMTPSA id BCC7D20841;\n\tMon,  8 Oct 2018 03:16:46 +0000 (UTC)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=default; t=1538968606;\n\tbh=+USldtQ+pPhMH0gzma3JJgircT0LY6FSsILSHtkv0bA=;\n\th=From:To:Cc:Subject:Date:From;\n\tb=JEUysSjOXd1/hT5yxj8qfZyDWDixuYDC26kVv6dxnqPiqVNr4F+VhUIyFjmzYBVYh\n\taCaNLMEb2hFImMe3hMZ0soPn1HcldOPKNFQA5tcM/KtU1nXbjun9HHyI8iNhpD6pag\n\tNUZqeBbqBPvjNlWahxbH0uPX/Lns09dpHqbxgVRo=",
        "From": "David Ahern <dsahern@kernel.org>",
        "To": "netdev@vger.kernel.org, davem@davemloft.net",
        "Cc": "christian@brauner.io, jbenc@redhat.com, stephen@networkplumber.org,\n\tDavid Ahern <dsahern@gmail.com>",
        "Subject": "[PATCH v2 net-next 00/23] rtnetlink: Add support for rigid checking\n\tof data in dump request",
        "Date": "Sun,  7 Oct 2018 20:16:21 -0700",
        "Message-Id": "<20181008031644.15989-1-dsahern@kernel.org>",
        "X-Mailer": "git-send-email 2.11.0",
        "Sender": "netdev-owner@vger.kernel.org",
        "Precedence": "bulk",
        "List-ID": "<netdev.vger.kernel.org>",
        "X-Mailing-List": "netdev@vger.kernel.org"
    },
    "content": "From: David Ahern <dsahern@gmail.com>\n\nThere are many use cases where a user wants to influence what is\nreturned in a dump for some rtnetlink command: one is wanting data\nfor a different namespace than the one the request is received and\nanother is limiting the amount of data returned in the dump to a\nspecific set of interest to userspace, reducing the cpu overhead of\nboth kernel and userspace. Unfortunately, the kernel has historically\nnot been strict with checking for the proper header or checking the\nvalues passed in the header. This lenient implementation has allowed\niproute2 and other packages to pass any struct or data in the dump\nrequest as long as the family is the first byte. For example, ifinfomsg\nstruct is used by iproute2 for all generic dump requests - links,\naddresses, routes and rules when it is really only valid for link\nrequests.\n\nThere is 1 is example where the kernel deals with the wrong struct: link\ndumps after VF support was added. Older iproute2 was sending rtgenmsg as\nthe header instead of ifinfomsg so a patch was added to try and detect\nold userspace vs new:\ne5eca6d41f53 (\"rtnetlink: fix userspace API breakage for iproute2 < v3.9.0\")\n\nThe latest example is Christian's patch set wanting to return addresses for\na target namespace. It guesses the header struct is an ifaddrmsg and if it\nguesses wrong a netlink warning is generated in the kernel log on every\naddress dump which is unacceptable.\n\nAnother example where the kernel is a bit lenient is route dumps: iproute2\ncan send either a request with either ifinfomsg or a rtmsg as the header\nstruct, yet the kernel always treats the header as an rtmsg (see\ninet_dump_fib and rtm_flags check). The header inconsistency impacts the\nability to add kernel side filters for route dumps - a necessary feature\nfor scale setups with 100k+ routes.\n\nHow to resolve the problem of not breaking old userspace yet be able to\nmove forward with new features such as kernel side filtering which are\ncrucial for efficient operation at high scale?\n\nThis patch set addresses the problem by adding a new socket flag,\nNETLINK_DUMP_STRICT_CHK, that userspace can use with setsockopt to\nrequest strict checking of headers and attributes on dump requests and\nhence unlock the ability to use kernel side filters as they are added.\n\nKernel side, the dump handlers are updated to verify the message contains\nat least the expected header struct:\n    RTM_GETLINK:       ifinfomsg\n    RTM_GETADDR:       ifaddrmsg\n    RTM_GETMULTICAST:  ifaddrmsg\n    RTM_GETANYCAST:    ifaddrmsg\n    RTM_GETADDRLABEL:  ifaddrlblmsg\n    RTM_GETROUTE:      rtmsg\n    RTM_GETSTATS:      if_stats_msg\n    RTM_GETNEIGH:      ndmsg\n    RTM_GETNEIGHTBL:   ndtmsg\n    RTM_GETNSID:       rtgenmsg\n    RTM_GETRULE:       fib_rule_hdr\n    RTM_GETNETCONF:    netconfmsg\n    RTM_GETMDB:        br_port_msg\n\nAnd then every field in the header struct should be 0 with the exception\nof the family. There are a few exceptions to this rule where the kernel\nalready influences the data returned by values in the struct. Next the\nmessage should not contain attributes unless the kernel implements\nfiltering for it. Any unexpected data causes the dump to fail with EINVAL.\nIf the new flag is honored by the kernel and the dump contents adjusted\nby any data passed in the request, the dump handler can set the\nNLM_F_DUMP_FILTERED flag in the netlink message header.\n\nFor old userspace on new kernel there is no impact as all checks are\nwrapped in a check on the new strict flag. For new userspace on old\nkernel, the data in the headers and any appended attributes are\nsilently ignored though the setsockopt failing is the clue to userspace\nthe feature is not supported. New userspace on new kernel gets the\nrequested data dump.\n\niproute2 patches can be found here:\n    https://github.com/dsahern/iproute2 dump-enhancements\n\nMajor changes since v1\n- inner header is supposed to be 4-bytes aligned. So for dumps that\n  should not have attributes appended changed the check to use:\n        if (nlmsg_attrlen(nlh, sizeof(hdr)))\n  Only impacts patches with headers that are not multiples of 4-bytes\n  (rtgenmsg, netconfmsg), but applied the change to all patches not\n  calling nlmsg_parse for consistency.\n\n- Added nlmsg_parse_strict and nla_parse_strict for tighter control on\n  attribute parsing. There should be no unknown attribute types or extra\n  bytes.\n\n- Moved validation to a helper in most cases\n\nChanges since rfc-v2\n- dropped the NLM_F_DUMP_FILTERED flag from target nsid dumps per\n  Jiri's objections\n- changed the opt-in uapi from a netlink message flag to a socket\n  flag. setsockopt provides an api for userspace to definitively\n  know if the kernel supports strict checking on dumps.\n- re-ordered patches to peel off the extack on dumps if needed to\n  keep this set size within limits\n- misc cleanups in patches based on testing\n\nDavid Ahern (23):\n  netlink: Pass extack to dump handlers\n  netlink: Add extack message to nlmsg_parse for invalid header length\n  net: Add extack to nlmsg_parse\n  netlink: Add strict version of nlmsg_parse and nla_parse\n  net/ipv6: Refactor address dump to push inet6_fill_args to\n    in6_dump_addrs\n  netlink: Add new socket option to enable strict checking on dumps\n  net/ipv4: Update inet_dump_ifaddr for strict data checking\n  net/ipv6: Update inet6_dump_addr for strict data checking\n  rtnetlink: Update rtnl_dump_ifinfo for strict data checking\n  rtnetlink: Update rtnl_bridge_getlink for strict data checking\n  rtnetlink: Update rtnl_stats_dump for strict data checking\n  rtnetlink: Update inet6_dump_ifinfo for strict data checking\n  rtnetlink: Update ipmr_rtm_dumplink for strict data checking\n  rtnetlink: Update fib dumps for strict data checking\n  net/neighbor: Update neigh_dump_info for strict data checking\n  net/neighbor: Update neightbl_dump_info for strict data checking\n  net/namespace: Update rtnl_net_dumpid for strict data checking\n  net/fib_rules: Update fib_nl_dumprule for strict data checking\n  net/ipv6: Update ip6addrlbl_dump for strict data checking\n  net: Update netconf dump handlers for strict data checking\n  net/bridge: Update br_mdb_dump for strict data checking\n  rtnetlink: Move input checking for rtnl_fdb_dump to helper\n  rtnetlink: Update rtnl_fdb_dump for strict data checking\n\n include/linux/netlink.h        |   2 +\n include/net/ip_fib.h           |   2 +\n include/net/netlink.h          |  21 ++-\n include/uapi/linux/netlink.h   |   1 +\n lib/nlattr.c                   |  48 +++++--\n net/bridge/br_mdb.c            |  30 ++++\n net/core/devlink.c             |   2 +-\n net/core/fib_rules.c           |  36 ++++-\n net/core/neighbour.c           | 119 ++++++++++++---\n net/core/net_namespace.c       |   6 +\n net/core/rtnetlink.c           | 318 ++++++++++++++++++++++++++++++++---------\n net/ipv4/devinet.c             | 101 ++++++++++---\n net/ipv4/fib_frontend.c        |  42 +++++-\n net/ipv4/ipmr.c                |  39 +++++\n net/ipv6/addrconf.c            | 177 ++++++++++++++++++-----\n net/ipv6/addrlabel.c           |  34 ++++-\n net/ipv6/ip6_fib.c             |   8 ++\n net/ipv6/ip6mr.c               |   9 ++\n net/ipv6/route.c               |   2 +-\n net/mpls/af_mpls.c             |  28 +++-\n net/netfilter/ipvs/ip_vs_ctl.c |   2 +-\n net/netlink/af_netlink.c       |  33 ++++-\n net/netlink/af_netlink.h       |   1 +\n net/sched/act_api.c            |   2 +-\n net/sched/cls_api.c            |   6 +-\n net/sched/sch_api.c            |   2 +-\n net/xfrm/xfrm_user.c           |   2 +-\n 27 files changed, 908 insertions(+), 165 deletions(-)"
}