Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/980270/?format=api
{ "id": 980270, "url": "http://patchwork.ozlabs.org/api/patches/980270/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/patch/20181008031644.15989-7-dsahern@kernel.org/", "project": { "id": 7, "url": "http://patchwork.ozlabs.org/api/projects/7/?format=api", "name": "Linux network development", "link_name": "netdev", "list_id": "netdev.vger.kernel.org", "list_email": "netdev@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20181008031644.15989-7-dsahern@kernel.org>", "list_archive_url": null, "date": "2018-10-08T03:16:27", "name": "[v2,net-next,06/23] netlink: Add new socket option to enable strict checking on dumps", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "3ae2a07243ee35e7e2a6afb6e78308be052c7c1f", "submitter": { "id": 74101, "url": "http://patchwork.ozlabs.org/api/people/74101/?format=api", "name": "David Ahern", "email": "dsahern@kernel.org" }, "delegate": { "id": 34, "url": "http://patchwork.ozlabs.org/api/users/34/?format=api", "username": "davem", "first_name": "David", "last_name": "Miller", "email": "davem@davemloft.net" }, "mbox": "http://patchwork.ozlabs.org/project/netdev/patch/20181008031644.15989-7-dsahern@kernel.org/mbox/", "series": [ { "id": 69470, "url": "http://patchwork.ozlabs.org/api/series/69470/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/list/?series=69470", "date": "2018-10-08T03:16:21", "name": "rtnetlink: Add support for rigid checking of data in dump request", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/69470/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/980270/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/980270/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<netdev-owner@vger.kernel.org>", "X-Original-To": "patchwork-incoming-netdev@ozlabs.org", "Delivered-To": "patchwork-incoming-netdev@ozlabs.org", "Authentication-Results": [ "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)", "ozlabs.org;\n\tdmarc=pass (p=none dis=none) header.from=kernel.org", "ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=kernel.org header.i=@kernel.org\n\theader.b=\"JPvYogwQ\"; dkim-atps=neutral" ], "Received": [ "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 42T5Bm1wkSz9sCV\n\tfor <patchwork-incoming-netdev@ozlabs.org>;\n\tMon, 8 Oct 2018 14:17:20 +1100 (AEDT)", "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1726955AbeJHK0U (ORCPT\n\t<rfc822;patchwork-incoming-netdev@ozlabs.org>);\n\tMon, 8 Oct 2018 06:26:20 -0400", "from mail.kernel.org ([198.145.29.99]:42550 \"EHLO mail.kernel.org\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S1726903AbeJHK0S (ORCPT <rfc822;netdev@vger.kernel.org>);\n\tMon, 8 Oct 2018 06:26:18 -0400", "from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com\n\t[216.129.126.126])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128\n\tbits)) (No client certificate requested)\n\tby mail.kernel.org (Postfix) with ESMTPSA id 6ED212089D;\n\tMon, 8 Oct 2018 03:16:48 +0000 (UTC)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=default; t=1538968608;\n\tbh=W1U1Zt1ekY1Rj8Mj4eDpZU7J9KIGZiGzIU1Llzdh2p0=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=JPvYogwQ+SAM9ioRwUWtipTPLwd/94OcQ7voE4vaVgRnZYnAhQCc309qwfp6M097j\n\tE+Mzz8rrEHye8Kd9LvFxXriuRMN867rIFCR6LiGoagnKw3JWROOsmmojLsKr9OQ/0J\n\tmef4Xo0HLskZzyhCyk3Vm6PCZiJqe3a7z+kR/sCI=", "From": "David Ahern <dsahern@kernel.org>", "To": "netdev@vger.kernel.org, davem@davemloft.net", "Cc": "christian@brauner.io, jbenc@redhat.com, stephen@networkplumber.org,\n\tDavid Ahern <dsahern@gmail.com>", "Subject": "[PATCH v2 net-next 06/23] netlink: Add new socket option to enable\n\tstrict checking on dumps", "Date": "Sun, 7 Oct 2018 20:16:27 -0700", "Message-Id": "<20181008031644.15989-7-dsahern@kernel.org>", "X-Mailer": "git-send-email 2.11.0", "In-Reply-To": "<20181008031644.15989-1-dsahern@kernel.org>", "References": "<20181008031644.15989-1-dsahern@kernel.org>", "Sender": "netdev-owner@vger.kernel.org", "Precedence": "bulk", "List-ID": "<netdev.vger.kernel.org>", "X-Mailing-List": "netdev@vger.kernel.org" }, "content": "From: David Ahern <dsahern@gmail.com>\n\nAdd a new socket option, NETLINK_DUMP_STRICT_CHK, that userspace\ncan use via setsockopt to request strict checking of headers and\nattributes on dump requests.\n\nTo get dump features such as kernel side filtering based on data in\nthe header or attributes appended to the dump request, userspace\nmust call setsockopt() for NETLINK_DUMP_STRICT_CHK and a non-zero\nvalue. Since the netlink sock and its flags are private to the\naf_netlink code, the strict checking flag is passed to dump handlers\nvia a flag in the netlink_callback struct.\n\nFor old userspace on new kernel there is no impact as all of the data\nchecks in later patches are wrapped in a check on the new strict flag.\n\nFor new userspace on old kernel, the setsockopt will fail and even if\nnew userspace sets data in the headers and appended attributes the\nkernel will silently ignore it. Moving forward when the setsockopt\nsucceeds, the new userspace on old kernel means the dump request can\npass an attribute the kernel does not understand. The dump will then\nfail as the older kernel does not understand it.\n\nNew userspace on new kernel setting the socket option gets the benefit\nof the improved data dump.\n\nKernel side the NETLINK_DUMP_STRICT_CHK uapi is converted to a generic\nNETLINK_F_STRICT_CHK flag which can potentially be leveraged for tighter\nchecking on the NEW, DEL, and SET commands.\n\nSigned-off-by: David Ahern <dsahern@gmail.com>\n---\n include/linux/netlink.h | 1 +\n include/uapi/linux/netlink.h | 1 +\n net/netlink/af_netlink.c | 21 ++++++++++++++++++++-\n net/netlink/af_netlink.h | 1 +\n 4 files changed, 23 insertions(+), 1 deletion(-)", "diff": "diff --git a/include/linux/netlink.h b/include/linux/netlink.h\nindex 88c8a2d83eb3..72580f1a72a2 100644\n--- a/include/linux/netlink.h\n+++ b/include/linux/netlink.h\n@@ -179,6 +179,7 @@ struct netlink_callback {\n \tstruct netlink_ext_ack\t*extack;\n \tu16\t\t\tfamily;\n \tu16\t\t\tmin_dump_alloc;\n+\tbool\t\t\tstrict_check;\n \tunsigned int\t\tprev_seq, seq;\n \tlong\t\t\targs[6];\n };\ndiff --git a/include/uapi/linux/netlink.h b/include/uapi/linux/netlink.h\nindex 776bc92e9118..486ed1f0c0bc 100644\n--- a/include/uapi/linux/netlink.h\n+++ b/include/uapi/linux/netlink.h\n@@ -155,6 +155,7 @@ enum nlmsgerr_attrs {\n #define NETLINK_LIST_MEMBERSHIPS\t9\n #define NETLINK_CAP_ACK\t\t\t10\n #define NETLINK_EXT_ACK\t\t\t11\n+#define NETLINK_DUMP_STRICT_CHK\t\t12\n \n struct nl_pktinfo {\n \t__u32\tgroup;\ndiff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c\nindex 7ac585f33a9e..e613a9f89600 100644\n--- a/net/netlink/af_netlink.c\n+++ b/net/netlink/af_netlink.c\n@@ -1706,6 +1706,13 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname,\n \t\t\tnlk->flags &= ~NETLINK_F_EXT_ACK;\n \t\terr = 0;\n \t\tbreak;\n+\tcase NETLINK_DUMP_STRICT_CHK:\n+\t\tif (val)\n+\t\t\tnlk->flags |= NETLINK_F_STRICT_CHK;\n+\t\telse\n+\t\t\tnlk->flags &= ~NETLINK_F_STRICT_CHK;\n+\t\terr = 0;\n+\t\tbreak;\n \tdefault:\n \t\terr = -ENOPROTOOPT;\n \t}\n@@ -1799,6 +1806,15 @@ static int netlink_getsockopt(struct socket *sock, int level, int optname,\n \t\t\treturn -EFAULT;\n \t\terr = 0;\n \t\tbreak;\n+\tcase NETLINK_DUMP_STRICT_CHK:\n+\t\tif (len < sizeof(int))\n+\t\t\treturn -EINVAL;\n+\t\tlen = sizeof(int);\n+\t\tval = nlk->flags & NETLINK_F_STRICT_CHK ? 1 : 0;\n+\t\tif (put_user(len, optlen) || put_user(val, optval))\n+\t\t\treturn -EFAULT;\n+\t\terr = 0;\n+\t\tbreak;\n \tdefault:\n \t\terr = -ENOPROTOOPT;\n \t}\n@@ -2282,9 +2298,9 @@ int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb,\n \t\t\t const struct nlmsghdr *nlh,\n \t\t\t struct netlink_dump_control *control)\n {\n+\tstruct netlink_sock *nlk, *nlk2;\n \tstruct netlink_callback *cb;\n \tstruct sock *sk;\n-\tstruct netlink_sock *nlk;\n \tint ret;\n \n \trefcount_inc(&skb->users);\n@@ -2318,6 +2334,9 @@ int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb,\n \tcb->min_dump_alloc = control->min_dump_alloc;\n \tcb->skb = skb;\n \n+\tnlk2 = nlk_sk(NETLINK_CB(skb).sk);\n+\tcb->strict_check = !!(nlk2->flags & NETLINK_F_STRICT_CHK);\n+\n \tif (control->start) {\n \t\tret = control->start(cb);\n \t\tif (ret)\ndiff --git a/net/netlink/af_netlink.h b/net/netlink/af_netlink.h\nindex 962de7b3c023..5f454c8de6a4 100644\n--- a/net/netlink/af_netlink.h\n+++ b/net/netlink/af_netlink.h\n@@ -15,6 +15,7 @@\n #define NETLINK_F_LISTEN_ALL_NSID\t0x10\n #define NETLINK_F_CAP_ACK\t\t0x20\n #define NETLINK_F_EXT_ACK\t\t0x40\n+#define NETLINK_F_STRICT_CHK\t\t0x80\n \n #define NLGRPSZ(x)\t(ALIGN(x, sizeof(unsigned long) * 8) / 8)\n #define NLGRPLONGS(x)\t(NLGRPSZ(x)/sizeof(unsigned long))\n", "prefixes": [ "v2", "net-next", "06/23" ] }