[net-next,v4,3/3] Validate all netlink attributes and return error if any of the validation fails.

This patch validates all netlink attributes and return error if any of the
validation fails.

Signed-off-by: Siva Mannem <siva.mannem.lnx@gmail.com>
Suggested-by: David Miller <davem@davemloft.net>
---
 net/bridge/br_netlink.c | 39 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

On Mon, Mar 16, 2015 at 4:02 PM, Siva Mannem <siva.mannem.lnx@gmail.com> wrote:
> This patch validates all netlink attributes and return error if any of the
> validation fails.
>
> Signed-off-by: Siva Mannem <siva.mannem.lnx@gmail.com>
> Suggested-by: David Miller <davem@davemloft.net>
> ---
>  net/bridge/br_netlink.c | 39 ++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 38 insertions(+), 1 deletion(-)
>
> diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
> index d80e802..0b18c0d 100644
> --- a/net/bridge/br_netlink.c
> +++ b/net/bridge/br_netlink.c
> @@ -740,12 +740,49 @@ static int br_changelink(struct net_device *brdev, struct nlattr *tb[],
>                          struct nlattr *data[])
>  {
>         struct net_bridge *br = netdev_priv(brdev);
> -       int err;
> +       unsigned long forward_delay;
> +       unsigned long hello_time;
> +       unsigned long max_age;
> +       unsigned long ageing_time;
> +       u32 t;
> +       int err = -ERANGE;
>
>         if (!data)
>                 return 0;
>
>         if (data[IFLA_BR_FORWARD_DELAY]) {
> +               t = nla_get_u32(data[IFLA_BR_FORWARD_DELAY]);
> +               forward_delay = clock_t_to_jiffies(t);
> +               if (forward_delay < BR_MIN_FORWARD_DELAY ||
> +                   forward_delay > BR_MAX_FORWARD_DELAY)
> +                       return err;

Is there a way to avoiding duplicate range checking code by passing an
extra arg to br_set_forward_delay(..., bool validate_only) and
friends?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

From: Siva Mannem <siva.mannem.lnx@gmail.com>
Date: Tue, 17 Mar 2015 04:32:44 +0530

> This patch validates all netlink attributes and return error if any of the
> validation fails.
> 
> Signed-off-by: Siva Mannem <siva.mannem.lnx@gmail.com>
> Suggested-by: David Miller <davem@davemloft.net>

You have to remove the range checking code from all the other
functions too.

Then no errors can be returned by them at all actually and that's an
really nice cleanup.

Please don't make microscopic narrow changes like this, think about
the higher level implications and the things that are no longer
necessary as a result.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Also, this should be the first change in your patch series.

Your current first patch just adds more bogus range checking to the
helper functions, which this patch makes %100 unnecessary.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On Tue, Mar 17, 2015 at 9:54 AM, David Miller <davem@davemloft.net> wrote:
> From: Siva Mannem <siva.mannem.lnx@gmail.com>
> Date: Tue, 17 Mar 2015 04:32:44 +0530
>
>> This patch validates all netlink attributes and return error if any of the
>> validation fails.
>>
>> Signed-off-by: Siva Mannem <siva.mannem.lnx@gmail.com>
>> Suggested-by: David Miller <davem@davemloft.net>
>
> You have to remove the range checking code from all the other
> functions too.
>
> Then no errors can be returned by them at all actually and that's an
> really nice cleanup.
>
> Please don't make microscopic narrow changes like this, think about
> the higher level implications and the things that are no longer
> necessary as a result.
>
> Thanks.

These functions(br_set_forward_delay/hello_time/max_age/ageing_time)
are also called from other places i.e old_dev_ioctl() and sysfs code. If
range checking has to be removed from these functions, then the same
has to be added in the path from where they are being invoked.

As Scott mentioned,  these functions can be enhanced to take
extra argument to avoid extra range checking happening in br_changelink()
path. Is this approach ok?

From: Siva Mannem <siva.mannem.lnx@gmail.com>
Date: Tue, 17 Mar 2015 10:29:28 +0530

> As Scott mentioned,  these functions can be enhanced to take
> extra argument to avoid extra range checking happening in br_changelink()
> path. Is this approach ok?

Make validation helper inline functions, call them from the individual
sysfs call sites and from br_changelink().
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html