diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2023-08-15 19:18:36 -0700 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2023-08-15 19:18:36 -0700 |
| commit | 9cf3db3cd898a256247ad9f0661f14c05003b57f (patch) | |
| tree | 46f99a18fecd1ef445092b7db1b9e4b00e55f047 | |
| parent | cf74eb5a5bc867258e7d0b0d1c3c4a60e1e3de2f (diff) | |
| parent | 7582113c6917c280c90352d1935cfa451e74376a (diff) | |
Merge branch 'net-warn-about-attempts-to-register-negative-ifindex'
Jakub Kicinski says:
====================
net: warn about attempts to register negative ifindex
Follow up to the recently posted fix for OvS lacking input
validation:
https://lore.kernel.org/all/20230814203840.2908710-1-kuba@kernel.org/
Warn about negative ifindex more explicitly and misc YNL updates.
====================
Link: https://lore.kernel.org/r/20230814205627.2914583-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
| -rw-r--r-- | Documentation/netlink/specs/ovs_vport.yaml | 18 | ||||
| -rw-r--r-- | net/core/dev.c | 5 | ||||
| -rw-r--r-- | tools/net/ynl/lib/ynl.py | 15 |
3 files changed, 35 insertions, 3 deletions
diff --git a/Documentation/netlink/specs/ovs_vport.yaml b/Documentation/netlink/specs/ovs_vport.yaml index 17336455bec1..ef298b001445 100644 --- a/Documentation/netlink/specs/ovs_vport.yaml +++ b/Documentation/netlink/specs/ovs_vport.yaml @@ -82,6 +82,10 @@ attribute-sets: enum-name: ovs-vport-attr attributes: - + name: unspec + type: unused + value: 0 + - name: port-no type: u32 - @@ -121,6 +125,20 @@ operations: name-prefix: ovs-vport-cmd- list: - + name: new + doc: Create a new OVS vport + attribute-set: vport + fixed-header: ovs-header + do: + request: + attributes: + - name + - type + - upcall-pid + - dp-ifindex + - ifindex + - options + - name: get doc: Get / dump OVS vport configuration and state value: 3 diff --git a/net/core/dev.c b/net/core/dev.c index 636b41f0b32d..17e6281e408c 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -9589,6 +9589,11 @@ static int dev_index_reserve(struct net *net, u32 ifindex) { int err; + if (ifindex > INT_MAX) { + DEBUG_NET_WARN_ON_ONCE(1); + return -EINVAL; + } + if (!ifindex) err = xa_alloc_cyclic(&net->dev_by_index, &ifindex, NULL, xa_limit_31b, &net->ifindex, GFP_KERNEL); diff --git a/tools/net/ynl/lib/ynl.py b/tools/net/ynl/lib/ynl.py index 3ca28d4bcb18..6951bcc7efdc 100644 --- a/tools/net/ynl/lib/ynl.py +++ b/tools/net/ynl/lib/ynl.py @@ -395,7 +395,10 @@ class YnlFamily(SpecFamily): self.family.genl_family['mcast'][mcast_name]) def _add_attr(self, space, name, value): - attr = self.attr_sets[space][name] + try: + attr = self.attr_sets[space][name] + except KeyError: + raise Exception(f"Space '{space}' has no attribute '{name}'") nl_type = attr.value if attr["type"] == 'nest': nl_type |= Netlink.NLA_F_NESTED @@ -450,7 +453,10 @@ class YnlFamily(SpecFamily): attr_space = self.attr_sets[space] rsp = dict() for attr in attrs: - attr_spec = attr_space.attrs_by_val[attr.type] + try: + attr_spec = attr_space.attrs_by_val[attr.type] + except KeyError: + raise Exception(f"Space '{space}' has no attribute with value '{attr.type}'") if attr_spec["type"] == 'nest': subdict = self._decode(NlAttrs(attr.raw), attr_spec['nested-attributes']) decoded = subdict @@ -479,7 +485,10 @@ class YnlFamily(SpecFamily): def _decode_extack_path(self, attrs, attr_set, offset, target): for attr in attrs: - attr_spec = attr_set.attrs_by_val[attr.type] + try: + attr_spec = attr_set.attrs_by_val[attr.type] + except KeyError: + raise Exception(f"Space '{attr_set.name}' has no attribute with value '{attr.type}'") if offset > target: break if offset == target: |