| Message ID | 20230723080507.3716924-1-linma@zju.edu.cn |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp1172294vqg;
Sun, 23 Jul 2023 02:12:41 -0700 (PDT)
X-Google-Smtp-Source:
APBJJlFAn1+oIdCdHycqTVXEC74bVpw6WQmqDzENWr4qzlrNYLLdqEd495BVto7rj9mDhJ6lQ0x6
X-Received: by 2002:a17:906:2216:b0:989:3e0d:89fb with SMTP id
s22-20020a170906221600b009893e0d89fbmr8064632ejs.45.1690103560860;
Sun, 23 Jul 2023 02:12:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1690103560; cv=none;
d=google.com; s=arc-20160816;
b=gMmowhygi625UHQoEAL39u/TCV5qQz/4VRsj4S6o0O6+ov9phVfYZYOaB2NWEcavAN
ZYeDXurPn9mJcpWaWodUueFot4SjukpS3TszBzlnjCXNYv1A3tRhm6RYUEytFB0/ESsd
ezuPbcDM7KGnkP+tKzrfonYU6QKSDtQVLFKrT7lgPbecSyDwXZ9RvDIUhFG5B7G94avX
X+4wNbrY278h7H1oxTahgxlc/E34OL0RbMjzYqbfPMWNtRF+oKipZWcxMa1yD0yx63yA
h0q2rTBsN52yXRzK1lG4XlBtedi2+qUHPko386PW08nkRqTV0zHHticQFwiKEYcVonTR
xf5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:message-id:date:subject:cc:to:from;
bh=UmNeBbJD4HhTYVixl5V1OGTgMkd0oVyTdJBf/4s2+5Y=;
fh=9l6kgIuX4cdjQqu0+27u0nrBPa9DSCqNapSCefYoOEU=;
b=c+k78R/kaWUmUPWckYNGWg4JAcJMK+NzVWr3DWZisMx7Gnp4VJhQTBIp842QIG5+6e
STl+272855LaLpqhXuV9tnYmwPOAwCHmB37hfIt/SnIHHbZm9K6rHni9n1W0ydD1cVdX
/QqJThnzd/ifZfHIdUrgPMuGmn9g+RD4dm5mqZmfVX3l6PmxpoxvC870TLoY8+jWWpa/
+oXixsaOitrKueT8IOFgz9kg4ZY8IQHf+IgWGwcawPiK0R8yRrRaQfkgSxRPm3EEGvDu
1yLhsVn6g5NwETgw1RVum5zgHCf1jOUhA0jAUKZJb331wADKaekoK1EKGxoogAhabBl7
fVnA==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
xa15-20020a170907b9cf00b009930e13beb8si5072012ejc.952.2023.07.23.02.12.17;
Sun, 23 Jul 2023 02:12:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229881AbjGWIFV (ORCPT <rfc822;assdfgzxcv4@gmail.com>
+ 99 others); Sun, 23 Jul 2023 04:05:21 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51952 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229452AbjGWIFS (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Sun, 23 Jul 2023 04:05:18 -0400
Received: from zju.edu.cn (spam.zju.edu.cn [61.164.42.155])
by lindbergh.monkeyblade.net (Postfix) with ESMTP id 6E9A0131
for <linux-kernel@vger.kernel.org>;
Sun, 23 Jul 2023 01:05:17 -0700 (PDT)
Received: from localhost.localdomain (unknown [39.174.92.167])
by mail-app3 (Coremail) with SMTP id cC_KCgDnmJ0237xkxIl_Cw--.19123S4;
Sun, 23 Jul 2023 16:05:11 +0800 (CST)
From: Lin Ma <linma@zju.edu.cn>
To: mst@redhat.com, jasowang@redhat.com, xuanzhuo@linux.alibaba.com,
virtualization@lists.linux-foundation.org,
linux-kernel@vger.kernel.org
Cc: Lin Ma <linma@zju.edu.cn>
Subject: [PATCH v1] vdpa: Complement vdpa_nl_policy for nlattr length check
Date: Sun, 23 Jul 2023 16:05:07 +0800
Message-Id: <20230723080507.3716924-1-linma@zju.edu.cn>
X-Mailer: git-send-email 2.17.1
X-CM-TRANSID: cC_KCgDnmJ0237xkxIl_Cw--.19123S4
X-Coremail-Antispam: 1UD129KBjvJXoW7Cw18XFW7WF1kXr13AF1rCrg_yoW8Xw17pa
95KF9rCFWDJrWjk3WDGF4F93Z7WwnrW39rKa1rG34xAw1rXasrJ3s7AayUtr1S9F1rJrWx
Ar15Ka1UJFy7CrJanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
9KBjDU0xBIdaVrnRJUUUkl14x267AKxVW8JVW5JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0
rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02
1l84ACjcxK6xIIjxv20xvE14v26w1j6s0DM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r4U
JVWxJr1l84ACjcxK6I8E87Iv67AKxVW0oVCq3wA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_Gc
CE3s1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2j2WlYx0E
2Ix0cI8IcVAFwI0_Jw0_WrylYx0Ex4A2jsIE14v26r4j6F4UMcvjeVCFs4IE7xkEbVWUJV
W8JwACjcxG0xvY0x0EwIxGrwACjI8F5VA0II8E6IAqYI8I648v4I1lc2xSY4AK67AK6r43
MxAIw28IcxkI7VAKI48JMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI0_Jr
0_Jr4lx2IqxVCjr7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVWUAVWUtwCIc40Y0x0E
wIxGrwCI42IY6xIIjxv20xvE14v26r1I6r4UMIIF0xvE2Ix0cI8IcVCY1x0267AKxVW8Jr
0_Cr1UMIIF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVW8JVWxJwCI
42IY6I8E87Iv6xkF7I0E14v26r4UJVWxJrUvcSsGvfC2KfnxnUUI43ZEXa7VUjYLvtUUUU
U==
X-CM-SenderInfo: qtrwiiyqvtljo62m3hxhgxhubq/
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1772202031655881953
X-GMAIL-MSGID: 1772202031655881953
|
| Series |
[v1] vdpa: Complement vdpa_nl_policy for nlattr length check
|
|
Commit Message
Lin Ma
July 23, 2023, 8:05 a.m. UTC
The vdpa_nl_policy structure is used to validate the nlattr when parsing
the incoming nlmsg. It will ensure the attribute being described produces
a valid nlattr pointer in info->attrs before entering into each handler
in vdpa_nl_ops.
That is to say, the missing part in vdpa_nl_policy may lead to illegal
nlattr after parsing, which could lead to OOB read just like CVE-2023-3773.
This patch adds three missing nla_policy to avoid such bugs.
Fixes: 90fea5a800c3 ("vdpa: device feature provisioning")
Fixes: 13b00b135665 ("vdpa: Add support for querying vendor statistics")
Fixes: ad69dd0bf26b ("vdpa: Introduce query of device config layout")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
---
drivers/vdpa/vdpa.c | 3 +++
1 file changed, 3 insertions(+)
Comments
On Sun, Jul 23, 2023 at 04:05:07PM +0800, Lin Ma wrote: > The vdpa_nl_policy structure is used to validate the nlattr when parsing > the incoming nlmsg. It will ensure the attribute being described produces > a valid nlattr pointer in info->attrs before entering into each handler > in vdpa_nl_ops. > > That is to say, the missing part in vdpa_nl_policy may lead to illegal > nlattr after parsing, which could lead to OOB read just like CVE-2023-3773. Hmm. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3773 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. > This patch adds three missing nla_policy to avoid such bugs. > > Fixes: 90fea5a800c3 ("vdpa: device feature provisioning") > Fixes: 13b00b135665 ("vdpa: Add support for querying vendor statistics") > Fixes: ad69dd0bf26b ("vdpa: Introduce query of device config layout") > Signed-off-by: Lin Ma <linma@zju.edu.cn> I don't know how OOB triggers but this duplication is problematic I think: we are likely to forget again in the future. Isn't there a way to block everything that is not listed? > --- > drivers/vdpa/vdpa.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c > index 965e32529eb8..f2f654fd84e5 100644 > --- a/drivers/vdpa/vdpa.c > +++ b/drivers/vdpa/vdpa.c > @@ -1247,8 +1247,11 @@ static const struct nla_policy vdpa_nl_policy[VDPA_ATTR_MAX + 1] = { > [VDPA_ATTR_MGMTDEV_DEV_NAME] = { .type = NLA_STRING }, > [VDPA_ATTR_DEV_NAME] = { .type = NLA_STRING }, > [VDPA_ATTR_DEV_NET_CFG_MACADDR] = NLA_POLICY_ETH_ADDR, > + [VDPA_ATTR_DEV_NET_CFG_MAX_VQP] = { .type = NLA_U16 }, > /* virtio spec 1.1 section 5.1.4.1 for valid MTU range */ > [VDPA_ATTR_DEV_NET_CFG_MTU] = NLA_POLICY_MIN(NLA_U16, 68), > + [VDPA_ATTR_DEV_QUEUE_INDEX] = { .type = NLA_U32 }, > + [VDPA_ATTR_DEV_FEATURES] = { .type = NLA_U64 }, > }; > > static const struct genl_ops vdpa_nl_ops[] = { > -- > 2.17.1
Hello Michael, > > > > The vdpa_nl_policy structure is used to validate the nlattr when parsing > > the incoming nlmsg. It will ensure the attribute being described produces > > a valid nlattr pointer in info->attrs before entering into each handler > > in vdpa_nl_ops. > > > > That is to say, the missing part in vdpa_nl_policy may lead to illegal > > nlattr after parsing, which could lead to OOB read just like CVE-2023-3773. > > Hmm. > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3773 > > ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. > Yeah, that CVE is assigned while fix not upstream yet. FYI, the fix is pending too. See, https://marc.info/?l=linux-kernel&m=169009801131058&w=2. > > > This patch adds three missing nla_policy to avoid such bugs. > > > > Fixes: 90fea5a800c3 ("vdpa: device feature provisioning") > > Fixes: 13b00b135665 ("vdpa: Add support for querying vendor statistics") > > Fixes: ad69dd0bf26b ("vdpa: Introduce query of device config layout") > > Signed-off-by: Lin Ma <linma@zju.edu.cn> > > I don't know how OOB triggers but this duplication is problematic I > think: we are likely to forget again in the future. Isn't there a way > to block everything that is not listed? > Sure, that is another undergoing task I'm working on. If the nlattr is parsed with NL_VALIDATE_UNSPEC, any forgotten nlattr will be rejected, therefore (which is the default for modern nla_parse). The problem here is that there are still consumers for nla_parse_deprecated. And we cannot simply replace all *_deprecated to modern ones as it may break userspace. See the commit message in 8cb081746c03 ("netlink: make validation more configurable for future strictness") I believe if we can do enough test against userspace toolchains, we can ultimately upgrade all *_depprecated parsers to modern ones, which costs time and efforts. This send patch is a much simpler (but temporary) solution for now. Regards Lin
> Sure, that is another undergoing task I'm working on. If the nlattr is parsed with > NL_VALIDATE_UNSPEC, any forgotten nlattr will be rejected, therefore (which is the default > for modern nla_parse). For the general netlink interface, the deciding flag should be genl_ops.validate defined in each ops. The default validate flag is strict, while the developer can overwrite the flag with GENL_DONT_VALIDATE_STRICT to ease the validation. That is to say, safer code should enforce NL_VALIDATE_STRICT by not overwriting the validate flag. Regrads Lin
On Sun, Jul 23, 2023 at 05:33:54PM +0800, Lin Ma wrote: > Hello Michael, > > > > > > > The vdpa_nl_policy structure is used to validate the nlattr when parsing > > > the incoming nlmsg. It will ensure the attribute being described produces > > > a valid nlattr pointer in info->attrs before entering into each handler > > > in vdpa_nl_ops. > > > > > > That is to say, the missing part in vdpa_nl_policy may lead to illegal > > > nlattr after parsing, which could lead to OOB read just like CVE-2023-3773. > > > > Hmm. > > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3773 > > > > ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. > > > > Yeah, that CVE is assigned while fix not upstream yet. FYI, the fix is pending too. > See, https://marc.info/?l=linux-kernel&m=169009801131058&w=2. > > > > > > This patch adds three missing nla_policy to avoid such bugs. > > > > > > Fixes: 90fea5a800c3 ("vdpa: device feature provisioning") > > > Fixes: 13b00b135665 ("vdpa: Add support for querying vendor statistics") > > > Fixes: ad69dd0bf26b ("vdpa: Introduce query of device config layout") > > > Signed-off-by: Lin Ma <linma@zju.edu.cn> > > > > I don't know how OOB triggers but this duplication is problematic I > > think: we are likely to forget again in the future. Isn't there a way > > to block everything that is not listed? > > > > Sure, that is another undergoing task I'm working on. If the nlattr is parsed with > NL_VALIDATE_UNSPEC, any forgotten nlattr will be rejected, therefore (which is the default > for modern nla_parse). The problem here is that there are still consumers for > nla_parse_deprecated. And we cannot simply replace all *_deprecated to modern ones > as it may break userspace. See the commit message in 8cb081746c03 ("netlink: make > validation more configurable for future strictness") > > I believe if we can do enough test against userspace toolchains, we can ultimately > upgrade all *_depprecated parsers to modern ones, which costs time and efforts. This > send patch is a much simpler (but temporary) solution for now. > > Regards > Lin Hmm but vdpa does not use nla_parse_deprecated does it? And in fact was introduced after 8cb081746c031fb164089322e2336a0bf5b3070c. So why is there an issue in vdpa?
On Sun, Jul 23, 2023 at 05:48:46PM +0800, Lin Ma wrote: > > > Sure, that is another undergoing task I'm working on. If the nlattr is parsed with > > NL_VALIDATE_UNSPEC, any forgotten nlattr will be rejected, therefore (which is the default > > for modern nla_parse). > > For the general netlink interface, the deciding flag should be genl_ops.validate defined in > each ops. The default validate flag is strict, while the developer can overwrite the flag > with GENL_DONT_VALIDATE_STRICT to ease the validation. That is to say, safer code should > enforce NL_VALIDATE_STRICT by not overwriting the validate flag. > > Regrads > Lin Oh I see. It started here: commit 33b347503f014ebf76257327cbc7001c6b721956 Author: Parav Pandit <parav@nvidia.com> Date: Tue Jan 5 12:32:00 2021 +0200 vdpa: Define vdpa mgmt device, ops and a netlink interface which did: + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, which was most likely just a copy paste from somewhere, right Parav? and then everyone kept copying this around. Parav, Eli can we drop these? There's a tiny chance of breaking something but I feel there aren't that many users outside mlx5 yet, so if you guys can test on mlx5 and confirm no breakage, I think we are good.
On Sun, Jul 23, 2023 at 6:02 PM Michael S. Tsirkin <mst@redhat.com> wrote: > > On Sun, Jul 23, 2023 at 05:48:46PM +0800, Lin Ma wrote: > > > > > Sure, that is another undergoing task I'm working on. If the nlattr is parsed with > > > NL_VALIDATE_UNSPEC, any forgotten nlattr will be rejected, therefore (which is the default > > > for modern nla_parse). > > > > For the general netlink interface, the deciding flag should be genl_ops.validate defined in > > each ops. The default validate flag is strict, while the developer can overwrite the flag > > with GENL_DONT_VALIDATE_STRICT to ease the validation. That is to say, safer code should > > enforce NL_VALIDATE_STRICT by not overwriting the validate flag. > > > > Regrads > > Lin > > > Oh I see. > > It started here: > > commit 33b347503f014ebf76257327cbc7001c6b721956 > Author: Parav Pandit <parav@nvidia.com> > Date: Tue Jan 5 12:32:00 2021 +0200 > > vdpa: Define vdpa mgmt device, ops and a netlink interface > > which did: > > + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, > > > which was most likely just a copy paste from somewhere, right Parav? > > and then everyone kept copying this around. > > Parav, Eli can we drop these? There's a tiny chance of breaking something > but I feel there aren't that many users outside mlx5 yet, so if you > guys can test on mlx5 and confirm no breakage, I think we are good. Adding Dragos. Thanks > > -- > MST >
On Mon, 2023-07-24 at 15:11 +0800, Jason Wang wrote: > On Sun, Jul 23, 2023 at 6:02 PM Michael S. Tsirkin <mst@redhat.com> wrote: > > > > On Sun, Jul 23, 2023 at 05:48:46PM +0800, Lin Ma wrote: > > > > > > > Sure, that is another undergoing task I'm working on. If the nlattr is > > > > parsed with > > > > NL_VALIDATE_UNSPEC, any forgotten nlattr will be rejected, therefore > > > > (which is the default > > > > for modern nla_parse). > > > > > > For the general netlink interface, the deciding flag should be > > > genl_ops.validate defined in > > > each ops. The default validate flag is strict, while the developer can > > > overwrite the flag > > > with GENL_DONT_VALIDATE_STRICT to ease the validation. That is to say, > > > safer code should > > > enforce NL_VALIDATE_STRICT by not overwriting the validate flag. > > > > > > Regrads > > > Lin > > > > > > Oh I see. > > > > It started here: > > > > commit 33b347503f014ebf76257327cbc7001c6b721956 > > Author: Parav Pandit <parav@nvidia.com> > > Date: Tue Jan 5 12:32:00 2021 +0200 > > > > vdpa: Define vdpa mgmt device, ops and a netlink interface > > > > which did: > > > > + .validate = GENL_DONT_VALIDATE_STRICT | > > GENL_DONT_VALIDATE_DUMP, > > > > > > which was most likely just a copy paste from somewhere, right Parav? > > > > and then everyone kept copying this around. > > > > Parav, Eli can we drop these? There's a tiny chance of breaking something > > but I feel there aren't that many users outside mlx5 yet, so if you > > guys can test on mlx5 and confirm no breakage, I think we are good. > > Adding Dragos. > I will check. Just to make sure I understand correctly: you want me to drop the .validate flags all together in all vdpa ops and check, right? Thanks, Dragos
On Mon, Jul 24, 2023 at 08:38:04AM +0000, Dragos Tatulea wrote: > > On Mon, 2023-07-24 at 15:11 +0800, Jason Wang wrote: > > On Sun, Jul 23, 2023 at 6:02 PM Michael S. Tsirkin <mst@redhat.com> wrote: > > > > > > On Sun, Jul 23, 2023 at 05:48:46PM +0800, Lin Ma wrote: > > > > > > > > > Sure, that is another undergoing task I'm working on. If the nlattr is > > > > > parsed with > > > > > NL_VALIDATE_UNSPEC, any forgotten nlattr will be rejected, therefore > > > > > (which is the default > > > > > for modern nla_parse). > > > > > > > > For the general netlink interface, the deciding flag should be > > > > genl_ops.validate defined in > > > > each ops. The default validate flag is strict, while the developer can > > > > overwrite the flag > > > > with GENL_DONT_VALIDATE_STRICT to ease the validation. That is to say, > > > > safer code should > > > > enforce NL_VALIDATE_STRICT by not overwriting the validate flag. > > > > > > > > Regrads > > > > Lin > > > > > > > > > Oh I see. > > > > > > It started here: > > > > > > commit 33b347503f014ebf76257327cbc7001c6b721956 > > > Author: Parav Pandit <parav@nvidia.com> > > > Date: Tue Jan 5 12:32:00 2021 +0200 > > > > > > vdpa: Define vdpa mgmt device, ops and a netlink interface > > > > > > which did: > > > > > > + .validate = GENL_DONT_VALIDATE_STRICT | > > > GENL_DONT_VALIDATE_DUMP, > > > > > > > > > which was most likely just a copy paste from somewhere, right Parav? > > > > > > and then everyone kept copying this around. > > > > > > Parav, Eli can we drop these? There's a tiny chance of breaking something > > > but I feel there aren't that many users outside mlx5 yet, so if you > > > guys can test on mlx5 and confirm no breakage, I think we are good. > > > > Adding Dragos. > > > I will check. Just to make sure I understand correctly: you want me to drop the > .validate flags all together in all vdpa ops and check, right? > > Thanks, > Dragos yes - I suspect you will then need this patch to make things work.
On Mon, 2023-07-24 at 05:16 -0400, Michael S. Tsirkin wrote: > On Mon, Jul 24, 2023 at 08:38:04AM +0000, Dragos Tatulea wrote: > > > > On Mon, 2023-07-24 at 15:11 +0800, Jason Wang wrote: > > > On Sun, Jul 23, 2023 at 6:02 PM Michael S. Tsirkin <mst@redhat.com> wrote: > > > > > > > > On Sun, Jul 23, 2023 at 05:48:46PM +0800, Lin Ma wrote: > > > > > > > > > > > Sure, that is another undergoing task I'm working on. If the nlattr > > > > > > is > > > > > > parsed with > > > > > > NL_VALIDATE_UNSPEC, any forgotten nlattr will be rejected, therefore > > > > > > (which is the default > > > > > > for modern nla_parse). > > > > > > > > > > For the general netlink interface, the deciding flag should be > > > > > genl_ops.validate defined in > > > > > each ops. The default validate flag is strict, while the developer can > > > > > overwrite the flag > > > > > with GENL_DONT_VALIDATE_STRICT to ease the validation. That is to say, > > > > > safer code should > > > > > enforce NL_VALIDATE_STRICT by not overwriting the validate flag. > > > > > > > > > > Regrads > > > > > Lin > > > > > > > > > > > > Oh I see. > > > > > > > > It started here: > > > > > > > > commit 33b347503f014ebf76257327cbc7001c6b721956 > > > > Author: Parav Pandit <parav@nvidia.com> > > > > Date: Tue Jan 5 12:32:00 2021 +0200 > > > > > > > > vdpa: Define vdpa mgmt device, ops and a netlink interface > > > > > > > > which did: > > > > > > > > + .validate = GENL_DONT_VALIDATE_STRICT | > > > > GENL_DONT_VALIDATE_DUMP, > > > > > > > > > > > > which was most likely just a copy paste from somewhere, right Parav? > > > > > > > > and then everyone kept copying this around. > > > > > > > > Parav, Eli can we drop these? There's a tiny chance of breaking > > > > something > > > > but I feel there aren't that many users outside mlx5 yet, so if you > > > > guys can test on mlx5 and confirm no breakage, I think we are good. > > > > > > Adding Dragos. > > > > > I will check. Just to make sure I understand correctly: you want me to drop > > the > > .validate flags all together in all vdpa ops and check, right? > > > > Thanks, > > Dragos > > yes - I suspect you will then need this patch to make things work. > Yep. Adding the patch and removing the .validate config on the vdpa_nl_ops seems to work just fine. Thanks, Dragos
On Mon, Jul 24, 2023 at 11:42:42AM +0000, Dragos Tatulea wrote: > On Mon, 2023-07-24 at 05:16 -0400, Michael S. Tsirkin wrote: > > On Mon, Jul 24, 2023 at 08:38:04AM +0000, Dragos Tatulea wrote: > > > > > > On Mon, 2023-07-24 at 15:11 +0800, Jason Wang wrote: > > > > On Sun, Jul 23, 2023 at 6:02 PM Michael S. Tsirkin <mst@redhat.com> wrote: > > > > > > > > > > On Sun, Jul 23, 2023 at 05:48:46PM +0800, Lin Ma wrote: > > > > > > > > > > > > > Sure, that is another undergoing task I'm working on. If the nlattr > > > > > > > is > > > > > > > parsed with > > > > > > > NL_VALIDATE_UNSPEC, any forgotten nlattr will be rejected, therefore > > > > > > > (which is the default > > > > > > > for modern nla_parse). > > > > > > > > > > > > For the general netlink interface, the deciding flag should be > > > > > > genl_ops.validate defined in > > > > > > each ops. The default validate flag is strict, while the developer can > > > > > > overwrite the flag > > > > > > with GENL_DONT_VALIDATE_STRICT to ease the validation. That is to say, > > > > > > safer code should > > > > > > enforce NL_VALIDATE_STRICT by not overwriting the validate flag. > > > > > > > > > > > > Regrads > > > > > > Lin > > > > > > > > > > > > > > > Oh I see. > > > > > > > > > > It started here: > > > > > > > > > > commit 33b347503f014ebf76257327cbc7001c6b721956 > > > > > Author: Parav Pandit <parav@nvidia.com> > > > > > Date: Tue Jan 5 12:32:00 2021 +0200 > > > > > > > > > > vdpa: Define vdpa mgmt device, ops and a netlink interface > > > > > > > > > > which did: > > > > > > > > > > + .validate = GENL_DONT_VALIDATE_STRICT | > > > > > GENL_DONT_VALIDATE_DUMP, > > > > > > > > > > > > > > > which was most likely just a copy paste from somewhere, right Parav? > > > > > > > > > > and then everyone kept copying this around. > > > > > > > > > > Parav, Eli can we drop these? There's a tiny chance of breaking > > > > > something > > > > > but I feel there aren't that many users outside mlx5 yet, so if you > > > > > guys can test on mlx5 and confirm no breakage, I think we are good. > > > > > > > > Adding Dragos. > > > > > > > I will check. Just to make sure I understand correctly: you want me to drop > > > the > > > .validate flags all together in all vdpa ops and check, right? > > > > > > Thanks, > > > Dragos > > > > yes - I suspect you will then need this patch to make things work. > > > Yep. Adding the patch and removing the .validate config on the vdpa_nl_ops > seems to work just fine. > > Thanks, > Dragos OK, post a patch?
On Mon, 2023-07-24 at 16:08 -0400, Michael S. Tsirkin wrote: > On Mon, Jul 24, 2023 at 11:42:42AM +0000, Dragos Tatulea wrote: > > On Mon, 2023-07-24 at 05:16 -0400, Michael S. Tsirkin wrote: > > > On Mon, Jul 24, 2023 at 08:38:04AM +0000, Dragos Tatulea wrote: > > > > > > > > On Mon, 2023-07-24 at 15:11 +0800, Jason Wang wrote: > > > > > On Sun, Jul 23, 2023 at 6:02 PM Michael S. Tsirkin <mst@redhat.com> > > > > > wrote: > > > > > > > > > > > > On Sun, Jul 23, 2023 at 05:48:46PM +0800, Lin Ma wrote: > > > > > > > > > > > > > > > Sure, that is another undergoing task I'm working on. If the > > > > > > > > nlattr > > > > > > > > is > > > > > > > > parsed with > > > > > > > > NL_VALIDATE_UNSPEC, any forgotten nlattr will be rejected, > > > > > > > > therefore > > > > > > > > (which is the default > > > > > > > > for modern nla_parse). > > > > > > > > > > > > > > For the general netlink interface, the deciding flag should be > > > > > > > genl_ops.validate defined in > > > > > > > each ops. The default validate flag is strict, while the developer > > > > > > > can > > > > > > > overwrite the flag > > > > > > > with GENL_DONT_VALIDATE_STRICT to ease the validation. That is to > > > > > > > say, > > > > > > > safer code should > > > > > > > enforce NL_VALIDATE_STRICT by not overwriting the validate flag. > > > > > > > > > > > > > > Regrads > > > > > > > Lin > > > > > > > > > > > > > > > > > > Oh I see. > > > > > > > > > > > > It started here: > > > > > > > > > > > > commit 33b347503f014ebf76257327cbc7001c6b721956 > > > > > > Author: Parav Pandit <parav@nvidia.com> > > > > > > Date: Tue Jan 5 12:32:00 2021 +0200 > > > > > > > > > > > > vdpa: Define vdpa mgmt device, ops and a netlink interface > > > > > > > > > > > > which did: > > > > > > > > > > > > + .validate = GENL_DONT_VALIDATE_STRICT | > > > > > > GENL_DONT_VALIDATE_DUMP, > > > > > > > > > > > > > > > > > > which was most likely just a copy paste from somewhere, right Parav? > > > > > > > > > > > > and then everyone kept copying this around. > > > > > > > > > > > > Parav, Eli can we drop these? There's a tiny chance of breaking > > > > > > something > > > > > > but I feel there aren't that many users outside mlx5 yet, so if you > > > > > > guys can test on mlx5 and confirm no breakage, I think we are good. > > > > > > > > > > Adding Dragos. > > > > > > > > > I will check. Just to make sure I understand correctly: you want me to > > > > drop > > > > the > > > > .validate flags all together in all vdpa ops and check, right? > > > > > > > > Thanks, > > > > Dragos > > > > > > yes - I suspect you will then need this patch to make things work. > > > > > Yep. Adding the patch and removing the .validate config on the vdpa_nl_ops > > seems to work just fine. > > > > Thanks, > > Dragos > > OK, post a patch? > Sure, but how do I make it depend on this patch? Otherwise it will break things. Thanks, Dragos
On Tue, Jul 25, 2023 at 08:26:32AM +0000, Dragos Tatulea wrote: > On Mon, 2023-07-24 at 16:08 -0400, Michael S. Tsirkin wrote: > > On Mon, Jul 24, 2023 at 11:42:42AM +0000, Dragos Tatulea wrote: > > > On Mon, 2023-07-24 at 05:16 -0400, Michael S. Tsirkin wrote: > > > > On Mon, Jul 24, 2023 at 08:38:04AM +0000, Dragos Tatulea wrote: > > > > > > > > > > On Mon, 2023-07-24 at 15:11 +0800, Jason Wang wrote: > > > > > > On Sun, Jul 23, 2023 at 6:02 PM Michael S. Tsirkin <mst@redhat.com> > > > > > > wrote: > > > > > > > > > > > > > > On Sun, Jul 23, 2023 at 05:48:46PM +0800, Lin Ma wrote: > > > > > > > > > > > > > > > > > Sure, that is another undergoing task I'm working on. If the > > > > > > > > > nlattr > > > > > > > > > is > > > > > > > > > parsed with > > > > > > > > > NL_VALIDATE_UNSPEC, any forgotten nlattr will be rejected, > > > > > > > > > therefore > > > > > > > > > (which is the default > > > > > > > > > for modern nla_parse). > > > > > > > > > > > > > > > > For the general netlink interface, the deciding flag should be > > > > > > > > genl_ops.validate defined in > > > > > > > > each ops. The default validate flag is strict, while the developer > > > > > > > > can > > > > > > > > overwrite the flag > > > > > > > > with GENL_DONT_VALIDATE_STRICT to ease the validation. That is to > > > > > > > > say, > > > > > > > > safer code should > > > > > > > > enforce NL_VALIDATE_STRICT by not overwriting the validate flag. > > > > > > > > > > > > > > > > Regrads > > > > > > > > Lin > > > > > > > > > > > > > > > > > > > > > Oh I see. > > > > > > > > > > > > > > It started here: > > > > > > > > > > > > > > commit 33b347503f014ebf76257327cbc7001c6b721956 > > > > > > > Author: Parav Pandit <parav@nvidia.com> > > > > > > > Date: Tue Jan 5 12:32:00 2021 +0200 > > > > > > > > > > > > > > vdpa: Define vdpa mgmt device, ops and a netlink interface > > > > > > > > > > > > > > which did: > > > > > > > > > > > > > > + .validate = GENL_DONT_VALIDATE_STRICT | > > > > > > > GENL_DONT_VALIDATE_DUMP, > > > > > > > > > > > > > > > > > > > > > which was most likely just a copy paste from somewhere, right Parav? > > > > > > > > > > > > > > and then everyone kept copying this around. > > > > > > > > > > > > > > Parav, Eli can we drop these? There's a tiny chance of breaking > > > > > > > something > > > > > > > but I feel there aren't that many users outside mlx5 yet, so if you > > > > > > > guys can test on mlx5 and confirm no breakage, I think we are good. > > > > > > > > > > > > Adding Dragos. > > > > > > > > > > > I will check. Just to make sure I understand correctly: you want me to > > > > > drop > > > > > the > > > > > .validate flags all together in all vdpa ops and check, right? > > > > > > > > > > Thanks, > > > > > Dragos > > > > > > > > yes - I suspect you will then need this patch to make things work. > > > > > > > Yep. Adding the patch and removing the .validate config on the vdpa_nl_ops > > > seems to work just fine. > > > > > > Thanks, > > > Dragos > > > > OK, post a patch? > > > Sure, but how do I make it depend on this patch? Otherwise it will break things. > > Thanks, > Dragos Send a patch series with this as patch 1/2 that one 2/2.
diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c index 965e32529eb8..f2f654fd84e5 100644 --- a/drivers/vdpa/vdpa.c +++ b/drivers/vdpa/vdpa.c @@ -1247,8 +1247,11 @@ static const struct nla_policy vdpa_nl_policy[VDPA_ATTR_MAX + 1] = { [VDPA_ATTR_MGMTDEV_DEV_NAME] = { .type = NLA_STRING }, [VDPA_ATTR_DEV_NAME] = { .type = NLA_STRING }, [VDPA_ATTR_DEV_NET_CFG_MACADDR] = NLA_POLICY_ETH_ADDR, + [VDPA_ATTR_DEV_NET_CFG_MAX_VQP] = { .type = NLA_U16 }, /* virtio spec 1.1 section 5.1.4.1 for valid MTU range */ [VDPA_ATTR_DEV_NET_CFG_MTU] = NLA_POLICY_MIN(NLA_U16, 68), + [VDPA_ATTR_DEV_QUEUE_INDEX] = { .type = NLA_U32 }, + [VDPA_ATTR_DEV_FEATURES] = { .type = NLA_U64 }, }; static const struct genl_ops vdpa_nl_ops[] = {