public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/lib
History
Johannes Berg 56738f4608 netlink: add strict parsing for future attributes 
Unfortunately, we cannot add strict parsing for all attributes, as
that would break existing userspace. We currently warn about it, but
that's about all we can do.

For new attributes, however, the story is better: nobody is using
them, so we can reject bad sizes.

Also, for new attributes, we need not accept them when the policy
doesn't declare their usage.

David Ahern and I went back and forth on how to best encode this, and
the best way we found was to have a "boundary type", from which point
on new attributes have all possible validation applied, and NLA_UNSPEC
is rejected.

As we didn't want to add another argument to all functions that get a
netlink policy, the workaround is to encode that boundary in the first
entry of the policy array (which is for type 0 and thus probably not
really valid anyway). I put it into the validation union for the rare
possibility that somebody is actually using attribute 0, which would
continue to work fine unless they tried to use the extended validation,
which isn't likely. We also didn't find any in-tree users with type 0.

The reason for setting the "start strict here" attribute is that we
never really need to start strict from 0, which is invalid anyway (or
in legacy families where that isn't true, it cannot be set to strict),
so we can thus reserve the value 0 for "don't do this check" and don't
have to add the tag to all policies right now.

Thus, policies can now opt in to this validation, which we should do
for all existing policies, at least when adding new attributes.

Note that entirely *new* policies won't need to set it, as the use
of that should be using nla_parse()/nlmsg_parse() etc. which anyway
do fully strict validation now, regardless of this.

So in effect, this patch only covers the "existing command with new
attribute" case.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-27 17:07:22 -04:00
..
842
fonts Fonts: New Terminus large console font 2018-12-19 10:42:08 +01:00
livepatch livepatch: Proper error handling in the shadow variables selftest 2019-02-06 11:01:57 +01:00
lz4 lib/lz4: update LZ4 decompressor module 2018-10-31 08:54:14 -07:00
lzo lib/lzo: fix bugs for very short or empty input 2019-04-05 16:02:30 -10:00
mpi
raid6 ARM updates for 5.1-rc1 2019-03-15 14:37:46 -07:00
reed_solomon
xz lib/xz: Put CRC32_POLY_LE in xz_private.h 2018-10-02 08:44:59 +10:00
zlib_deflate
zlib_inflate lib/zlib_inflate/inflate.c: remove fall through warnings 2018-10-31 08:54:13 -07:00
zstd
.gitignore
argv_split.c
ashldi3.c
ashrdi3.c
asn1_decoder.c
assoc_array.c lib/assoc_array.c: mark expected switch fall-through 2019-03-07 18:32:00 -08:00
atomic64.c
atomic64_test.c
audit.c
bcd.c
bch.c lib/bch: fix possible stack overrun 2018-10-12 09:17:46 +02:00
bitmap.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
bitrev.c
bsearch.c kprobes: Prohibit probing on bsearch() 2019-02-13 08:16:41 +01:00
btree.c
bucket_locks.c
bug.c
build_OID_registry
bust_spinlocks.c s390: use common bust_spinlocks() 2018-11-30 07:22:05 +01:00
chacha.c crypto: chacha - add XChaCha12 support 2018-11-20 14:26:55 +08:00
check_signature.c
checksum.c
clz_ctz.c
clz_tab.c
cmdline.c
cmpdi2.c
compat_audit.c
cordic.c lib: cordic: Move cordic macros and defines to header file 2018-11-29 17:30:48 +02:00
cpu_rmap.c
cpumask.c treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c
crc4.c
crc7.c
crc8.c
crc16.c
crc32.c lib/crc32.c: mark crc32_le_base/__crc32c_le_base aliases as __pure 2019-02-15 19:50:07 +01:00
crc32defs.h
crc32test.c
crc64.c
ctype.c
debug_info.c
debug_locks.c locking/lockdep: Make global debug_locks* variables read-mostly 2018-10-19 07:53:18 +02:00
debugobjects.c debugobjects: call debug_objects_mem_init eariler 2018-12-28 12:11:45 -08:00
dec_and_lock.c
decompress.c
decompress_bunzip2.c
decompress_inflate.c
decompress_unlz4.c
decompress_unlzma.c
decompress_unlzo.c
decompress_unxz.c
devres.c devres: always use dev_name() in devm_ioremap_resource() 2019-01-31 19:28:40 +01:00
digsig.c
div64.c lib/div64.c: off by one in shift 2019-03-07 18:32:00 -08:00
dump_stack.c
dynamic_debug.c dynamic_debug: move pr_err from module.c to ddebug_add_module 2019-03-07 18:32:00 -08:00
dynamic_queue_limits.c
earlycpio.c
error-inject.c
errseq.c
extable.c
fault-inject.c
fdt.c
fdt_empty_tree.c
fdt_ro.c
fdt_rw.c
fdt_strerror.c
fdt_sw.c
fdt_wip.c
find_bit.c
find_bit_benchmark.c lib/find_bit_benchmark.c: align test_find_next_and_bit with others 2019-01-04 13:13:46 -08:00
flex_proportions.c
gcd.c lib/gcd: Remove use of CPU_NO_EFFICIENT_FFS macro 2018-11-12 14:26:21 -08:00
gen_crc32table.c
gen_crc64table.c lib: don't depend on linux headers being installed. 2018-12-29 11:36:44 -08:00
genalloc.c lib/genalloc.c: include vmalloc.h 2019-01-05 13:54:53 -08:00
generic-radix-tree.c generic radix trees 2019-03-12 10:04:02 -07:00
glob.c
globtest.c
hexdump.c
hweight.c
idr.c radix tree: Remove radix_tree_update_node_t 2018-10-21 10:46:44 -04:00
inflate.c
int_sqrt.c fix int_sqrt64() for very large numbers 2019-01-21 07:20:18 +13:00
interval_tree.c
interval_tree_test.c
iomap.c iomap: introduce io{read|write}64_{lo_hi|hi_lo} 2019-01-22 13:39:59 +01:00
iomap_copy.c
iommu-helper.c
ioremap.c lib/ioremap: ensure break-before-make is used for huge p4d mappings 2018-12-28 12:11:50 -08:00
iov_iter.c iov_iter: Fix build error without CONFIG_CRYPTO 2019-04-03 22:37:41 -04:00
irq_poll.c lib/irq_poll: Support schedules in non-interrupt contexts 2019-02-19 20:52:19 -07:00
irq_regs.c
is_single_threaded.c
jedec_ddr_data.c
kasprintf.c
Kconfig Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md into for-linus 2019-01-03 08:21:02 -07:00
Kconfig.debug Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-04-25 23:52:29 -04:00
Kconfig.kasan kasan: remove use after scope bugs detection. 2019-03-05 21:07:13 -08:00
Kconfig.kgdb
Kconfig.ubsan lib/ubsan: default UBSAN_ALIGNMENT to not set 2019-03-07 18:32:02 -08:00
kfifo.c
klist.c
kobject.c kobject: make kset_get_ownership() 'static' 2019-01-22 14:25:26 +01:00
kobject_uevent.c kobject: drop newline from msg string 2019-01-22 14:25:26 +01:00
kstrtox.c lib/kstrtox.c: delete unnecessary casts 2018-10-31 08:54:13 -07:00
kstrtox.h
lcm.c
libcrc32c.c
list_debug.c
list_sort.c
llist.c
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-rtmutex.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c locking/lockdep: Make it easy to detect whether or not inside a selftest 2019-02-28 07:55:43 +01:00
lockref.c
logic_pio.c
lru_cache.c
lshrdi3.c
Makefile libfdt: prefix header search paths with $(srctree)/ 2019-03-14 02:36:04 +09:00
memcat_p.c lib: Fix ia64 bootloader linkage 2018-10-16 13:45:44 +02:00
memory-notifier-error-inject.c
memweight.c
muldi3.c
net_utils.c
netdev-notifier-error-inject.c
nlattr.c netlink: add strict parsing for future attributes 2019-04-27 17:07:22 -04:00
nmi_backtrace.c
nodemask.c
notifier-error-inject.c
notifier-error-inject.h
objagg.c lib: objagg: fix handling of object with 0 users when assembling hints 2019-02-14 12:41:54 -05:00
of-reconfig-notifier-error-inject.c
oid_registry.c
once.c
parman.c
parser.c lib/parser.c: switch match_number() over to use match_strdup() 2018-10-31 08:54:12 -07:00
pci_iomap.c
percpu-refcount.c percpu-refcount: Replace call_rcu_sched() with call_rcu() 2018-11-27 09:21:45 -08:00
percpu_counter.c
percpu_test.c
plist.c
pm-notifier-error-inject.c
prime_numbers.c
radix-tree.c radix tree: Don't return retry entries from lookup 2018-12-06 08:26:16 -05:00
random32.c
ratelimit.c
rational.c
rbtree.c
rbtree_test.c
reciprocal_div.c
refcount.c refcount_t: Add ACQUIRE ordering on success for dec(sub)_and_test() variants 2019-02-04 09:03:31 +01:00
rhashtable.c rhashtable: use BIT(0) for locking. 2019-04-12 17:34:45 -07:00
sbitmap.c sbitmap: order READ/WRITE freed instance and setting clear bit 2019-03-25 13:05:47 -06:00
scatterlist.c lib/scatterlist: Provide a DMA page iterator 2019-02-11 15:02:33 -07:00
seq_buf.c seq_buf: Use size_t for len in seq_buf_puts() 2018-12-22 08:21:03 -05:00
sg_pool.c lib/sg_pool.c: remove unnecessary null check when freeing object 2018-10-31 08:54:13 -07:00
sg_split.c
sha1.c
sha256.c
show_mem.c lib/show_mem.c: drop pgdat_resize_lock in show_mem() 2018-12-28 12:11:49 -08:00
siphash.c
smp_processor_id.c kprobes: Prohibit probing on preemption checking debug functions 2019-02-13 08:16:40 +01:00
sort.c
stackdepot.c
stmp_device.c
string.c lib/string.c: implement a basic bcmp 2019-04-05 16:02:30 -10:00
string_helpers.c
strncpy_from_user.c make 'user_access_begin()' do 'access_ok()' 2019-01-04 12:56:09 -08:00
strnlen_user.c make 'user_access_begin()' do 'access_ok()' 2019-01-04 12:56:09 -08:00
syscall.c syscalls: Remove start and number from syscall_get_arguments() args 2019-04-05 09:26:43 -04:00
test-kstrtox.c
test-string_helpers.c
test_bitfield.c
test_bitmap.c
test_bpf.c bpf: test_bpf: turn off preemption in function __run_once 2019-02-25 22:18:07 +01:00
test_debug_virtual.c lib: fix build failure in CONFIG_DEBUG_VIRTUAL test 2018-12-17 22:12:30 +11:00
test_firmware.c lib/test_firmware.c: remove some dead code 2019-03-07 18:32:00 -08:00
test_hash.c
test_hexdump.c test_hexdump: use memcpy instead of strncpy 2018-11-30 12:13:15 -08:00
test_ida.c test_ida: Fix lockdep warning 2018-10-15 16:31:29 -04:00
test_kasan.c kasan: remove use after scope bugs detection. 2019-03-05 21:07:13 -08:00
test_kmod.c lib/test_kmod.c: potential double free in error handling 2019-02-01 15:46:23 -08:00
test_list_sort.c
test_memcat_p.c lib: Fix ia64 bootloader linkage 2018-10-16 13:45:44 +02:00
test_module.c
test_objagg.c test_objagg: Uninitialized variable in error handling 2019-02-13 22:13:29 -08:00
test_overflow.c
test_parman.c
test_printf.c lib/vsprintf: Print time and date in human readable format via %pt 2018-12-10 22:39:34 +01:00
test_rhashtable.c rhashtable: move dereference inside rht_ptr() 2019-04-12 17:34:45 -07:00
test_siphash.c
test_sort.c
test_stackinit.c lib: Introduce test_stackinit module 2019-03-04 09:29:52 -08:00
test_static_key_base.c
test_static_keys.c
test_string.c
test_sysctl.c
test_ubsan.c lib/test_ubsan.c: VLA no longer used in kernel 2019-03-07 18:32:00 -08:00
test_user_copy.c
test_uuid.c
test_vmalloc.c vmalloc: add test driver to analyse vmalloc allocator 2019-03-05 21:07:15 -08:00
test_xarray.c XArray: Fix xa_reserve for 2-byte aligned entries 2019-02-21 17:54:44 -05:00
textsearch.c
timerqueue.c
ts_bm.c
ts_fsm.c
ts_kmp.c
ubsan.c lib/ubsan.c: don't mark __ubsan_handle_builtin_unreachable as noreturn 2018-11-18 10:15:10 -08:00
ubsan.h
ucmpdi2.c
ucs2_string.c
usercopy.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
uuid.c
vsprintf.c Printk changes for 5.1 2019-03-09 09:22:42 -08:00
win_minmax.c
xarray.c XArray: Fix xa_reserve for 2-byte aligned entries 2019-02-21 17:54:44 -05:00
xxhash.c