From patchwork Wed Jul 26 18:49:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dragos Tatulea X-Patchwork-Id: 126547 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:a985:0:b0:3e4:2afc:c1 with SMTP id t5csp630667vqo; Wed, 26 Jul 2023 12:55:10 -0700 (PDT) X-Google-Smtp-Source: APBJJlGiO9Cw8KUaIozpSxVUtL5IGz6XrNorcD+RkoL/4V4kLlGpjJUF7bAN6jJgQL8vCgnwdHuv X-Received: by 2002:a17:903:248:b0:1ae:10bc:4ae8 with SMTP id j8-20020a170903024800b001ae10bc4ae8mr2974053plh.26.1690401310150; Wed, 26 Jul 2023 12:55:10 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1690401310; cv=pass; d=google.com; s=arc-20160816; b=ram0BeJb/aIP2yxoTSWvcbczsm9A8MIdPFjiUx4kmSFWSZqcdp+ScDPmJs6MAQjCL2 Ij3r5DqCAG77gmRxxNxplRoGZ2uS9sjlk9N1H3UA+64kCzS4PVuY6sOBx+RIwEjg8YXX NI6sKHXfdipEFNMoUFAe3xRJZ4ssEuacre6ThqIvvrK3HRMl64XZMeYgmYVEHmd1EXbU K6C0oa+Xwfg71clXzWNOJaopfVY90LANMryezY93ghWMi8e0zGa/UG7RVZ9q3GbfzpHE XSTT7nWjy5/Vhj3ly+pPkhA2a7P8o9c7sAlKjjwG+BNsenmj36E8oxvaMdHvmTgjhg7P vWeg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=OgYw3qrtHDfr4X9sCe6Uf7nDdCh0k+9B6CnmHdcieZM=; fh=ksamYSwt8+76cdDJV9KPo6XGYQ5HJzlLCQcW8ws3m8U=; b=Ju55uNvFRQGjgtqLAJfe3wd/cdpLxCeIsjzsj9Fw+hvbI4GN/P3nrYw/H0FmQWc4Al 57F9nKVA0TYOQQ+dObRWDnwSdTBG251OHHViFesbjTVimKeWrh2qAXPo/yx5gJklE9Ko zQKtpbt5q+IyuRwwzpvmN7uVBWrDex6PZs9TfUNxgyVChyJuwSeEgh4imB1YCRYNXHcM nkBAhT/JVgxhGUcR72iotRyW/pD+SQx4mWaNTWDb1HzQ/N9TJEylmSSKLf8jp/ulFJNd RqiLd8O/iv8Fo+Esfn68NhDB1APSGtjUcf3TQN2e13yDN71J9Cw4oI24NSLiHZbGZikw GDTg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@Nvidia.com header.s=selector2 header.b=PoTRX9XM; arc=pass (i=1 spf=pass spfdomain=nvidia.com dmarc=pass fromdomain=nvidia.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=nvidia.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z17-20020a170903409100b001b890417a0bsi12379408plc.410.2023.07.26.12.54.56; Wed, 26 Jul 2023 12:55:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@Nvidia.com header.s=selector2 header.b=PoTRX9XM; arc=pass (i=1 spf=pass spfdomain=nvidia.com dmarc=pass fromdomain=nvidia.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=nvidia.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232239AbjGZSvu (ORCPT + 99 others); Wed, 26 Jul 2023 14:51:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232207AbjGZSvq (ORCPT ); Wed, 26 Jul 2023 14:51:46 -0400 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2040.outbound.protection.outlook.com [40.107.236.40]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 35C1A2D76; Wed, 26 Jul 2023 11:51:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PIO0kJnDnAF7+LGbwu41kIhDaiyuphTZw6m5YEIS8RQzwJpSqgZIuscQVMYFZu2VRg0f25ALXeB86QCsbCDSN5ilA7+Sfa6R5JNajaYKGz9AXjD+qrxkE/hxT4QGKA2/jy7l6Pd9MfW5zFYbtCrZ7/XjTW3REM7UL0FiU3Kcoe3YkRvj2RLrlgOu9orctDfmt09ponPlVw6amQ+DC0kQL5Ie6xbfvKXX7uNzcxBp0dVi5SbH8S4EWkmo8HDkwWGDHL/1iv+0DxbZaCukNCXUCJpnV/bMUYDScYrYjhabHvq6jz9HciAwqbSeeCdRthBUNig1M5d4XnyIbDcdCtKugg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OgYw3qrtHDfr4X9sCe6Uf7nDdCh0k+9B6CnmHdcieZM=; b=WzpYXbX0tmkOLbvuBDmGyGWOinJO8FA5WC3tnAjQLyjcQA/lQbviojThoBWalyyAjcFJSPA5cjVIz0dksg8w7z+GWliYDjb38NJ+PhwXmPszMvimWK8cUlUxQ6lAP6Fee9rVhyRW8/jEvCgotzXNJoU0Zc/a90fVQ2cItndV//ETQdx5LkEZlvh0EMP5gWGP92EBXmtOdzpI9nl+U7HQBUehBMid3l4uo0JX05IxakiuKB9zj7DaBfZEiU1hMRRu1M1SZnDZnpgYu9I4hUR+T8uAOVQVPwHKkYgrJtT1VXVKUtSeoD/6em6aNWDHij4sJnROsCAfGjqE/KZxXnEQSQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=redhat.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OgYw3qrtHDfr4X9sCe6Uf7nDdCh0k+9B6CnmHdcieZM=; b=PoTRX9XMPl4nBfyUZLwciGu6X65T5ngNT7UWBUHUbVhmwoMm807dU6W/LPmaSnR/1ELnC/q4L1LV7QTOE+ab5Gd6uBQF+bn/HwzJB/U1M5iwiVfPPe5WUbtXN66tUfQHpZJFg3CS6wC3S8m1fUqYTer7++aR4eiBKglF3H91mbUWtuepf2WjxAqrNWwNJWCHAkDe7BqobdKdJfJTCAvHFfBzHD9379g6Y8sM0qcNustNntumq47AEdzpwXzGp//W8VgOFQ4jkZubsYjkUqvNwGmSAJ08qz9Wy/2/ePaUcOOC7WIYwZUuYT8nOZlA8nk3G0HFAedja9+R/YsozB7/KQ== Received: from BN8PR04CA0020.namprd04.prod.outlook.com (2603:10b6:408:70::33) by LV3PR12MB9094.namprd12.prod.outlook.com (2603:10b6:408:19e::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6631.29; Wed, 26 Jul 2023 18:51:38 +0000 Received: from BN8NAM11FT094.eop-nam11.prod.protection.outlook.com (2603:10b6:408:70:cafe::12) by BN8PR04CA0020.outlook.office365.com (2603:10b6:408:70::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6609.31 via Frontend Transport; Wed, 26 Jul 2023 18:51:38 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by BN8NAM11FT094.mail.protection.outlook.com (10.13.176.131) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6631.29 via Frontend Transport; Wed, 26 Jul 2023 18:51:38 +0000 Received: from rnnvmail205.nvidia.com (10.129.68.10) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Wed, 26 Jul 2023 11:51:24 -0700 Received: from rnnvmail201.nvidia.com (10.129.68.8) by rnnvmail205.nvidia.com (10.129.68.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Wed, 26 Jul 2023 11:51:23 -0700 Received: from c-237-113-220-225.mtl.labs.mlnx (10.127.8.12) by mail.nvidia.com (10.129.68.8) with Microsoft SMTP Server id 15.2.986.37 via Frontend Transport; Wed, 26 Jul 2023 11:51:21 -0700 From: Dragos Tatulea To: "Michael S . Tsirkin" , Lin Ma , "Jason Wang" , Xuan Zhuo , "Parav Pandit" CC: , , , Dragos Tatulea Subject: [PATCH 1/2] vdpa: Complement vdpa_nl_policy for nlattr length check Date: Wed, 26 Jul 2023 21:49:43 +0300 Message-ID: <20230726185104.12479-2-dtatulea@nvidia.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230726185104.12479-1-dtatulea@nvidia.com> References: <20230726185104.12479-1-dtatulea@nvidia.com> MIME-Version: 1.0 X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT094:EE_|LV3PR12MB9094:EE_ X-MS-Office365-Filtering-Correlation-Id: 867b7717-4857-4e58-e522-08db8e0957ec X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dzBivChLV5M0y3nQzRC46OpmgWZwI31RymQKYL5x4+WfOWGoay1mai4WbNbKjo+OzQTiosQr6qF256R7UoZwU1zpY10YbHW/jypj9k0fU6uiEpnXNnDiBDXcadbK5CBJfxqRjpV90TjM8MN2jwsQcqeltvKK2uYTN/UvRV3RJ7pHJwjLFkx34F6Xa1PcJTe7q0MevMd0UUuBl2yS8iFGuoeFHOArBUfRBU1frr0M5JzwlTVDhnPg7eKx0d1XhIQBsmNYfaSZAcBy0MIZFnNcU6cUoaWYoys9M42vEDq3lZE46AzvxphpsYiUbFtc9HskyddeKdIz7VEmXQgzYq7Dez+cVv1NuBGaCPBed6aA+wYdHPKivdSc16eis4dvUg0M25OKBW9hpXga2UaMZWJC6iptUfdoAa+rSnJOx4W27LfxF6zscN55js1btDFVY87TMN8UaXl4qHolMYBC60iUwGAmuQPeX6Yvw9eTFHy08TZED3LYYrPW7BVP2Hvx3Iz/y9u3/Rf3+9gCzFQWVyLICjdjVkVX8ecHrft91ciDB5yMtfLVR+I9El/8mz/ePbGxzrdLOEdnKC9PwOxo+ZueyBBacmPqFm8RwFXbB+r7EIdVLhmtdMSGwaKo0NuBHUEQqLJ6aq4dkDYBbNKCBxLkAuoj1A/z6l05XSkp+2XpVJXe6e2MqXg+6YzXGLbgcOxqoqJWTmBmCj2z2fkqzYwlSdRnrAoImWrFy2fFL4DzFb8Glqv+OHkIozR7bb8WLvWM X-Forefront-Antispam-Report: CIP:216.228.117.161;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge2.nvidia.com;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(346002)(136003)(376002)(396003)(82310400008)(451199021)(40470700004)(36840700001)(46966006)(2906002)(40460700003)(36756003)(82740400003)(107886003)(336012)(1076003)(186003)(86362001)(26005)(83380400001)(47076005)(2616005)(426003)(36860700001)(7636003)(356005)(6666004)(478600001)(110136005)(40480700001)(54906003)(70206006)(70586007)(8936002)(41300700001)(8676002)(4326008)(316002)(6636002)(5660300002);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jul 2023 18:51:38.1862 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 867b7717-4857-4e58-e522-08db8e0957ec X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.161];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT094.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR12MB9094 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772514244189453023 X-GMAIL-MSGID: 1772514244189453023 Author: Lin Ma The vdpa_nl_policy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr pointer in info->attrs before entering into each handler in vdpa_nl_ops. That is to say, the missing part in vdpa_nl_policy may lead to illegal nlattr after parsing, which could lead to OOB read just like CVE-2023-3773. This patch adds three missing nla_policy to avoid such bugs. Fixes: 90fea5a800c3 ("vdpa: device feature provisioning") Fixes: 13b00b135665 ("vdpa: Add support for querying vendor statistics") Fixes: ad69dd0bf26b ("vdpa: Introduce query of device config layout") Signed-off-by: Lin Ma --- drivers/vdpa/vdpa.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c index 965e32529eb8..f2f654fd84e5 100644 --- a/drivers/vdpa/vdpa.c +++ b/drivers/vdpa/vdpa.c @@ -1247,8 +1247,11 @@ static const struct nla_policy vdpa_nl_policy[VDPA_ATTR_MAX + 1] = { [VDPA_ATTR_MGMTDEV_DEV_NAME] = { .type = NLA_STRING }, [VDPA_ATTR_DEV_NAME] = { .type = NLA_STRING }, [VDPA_ATTR_DEV_NET_CFG_MACADDR] = NLA_POLICY_ETH_ADDR, + [VDPA_ATTR_DEV_NET_CFG_MAX_VQP] = { .type = NLA_U16 }, /* virtio spec 1.1 section 5.1.4.1 for valid MTU range */ [VDPA_ATTR_DEV_NET_CFG_MTU] = NLA_POLICY_MIN(NLA_U16, 68), + [VDPA_ATTR_DEV_QUEUE_INDEX] = { .type = NLA_U32 }, + [VDPA_ATTR_DEV_FEATURES] = { .type = NLA_U64 }, }; static const struct genl_ops vdpa_nl_ops[] = { From patchwork Wed Jul 26 18:49:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dragos Tatulea X-Patchwork-Id: 126543 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:a985:0:b0:3e4:2afc:c1 with SMTP id t5csp621834vqo; Wed, 26 Jul 2023 12:35:49 -0700 (PDT) X-Google-Smtp-Source: APBJJlE+WwlXUhXNN7wTzN7MDxcfgf9AYLpcHFra1Eym8FK90V08/aBFZzGE6bOKYInMZV7NhhpN X-Received: by 2002:a17:90b:2394:b0:262:fe45:860b with SMTP id mr20-20020a17090b239400b00262fe45860bmr2977509pjb.0.1690400149462; Wed, 26 Jul 2023 12:35:49 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1690400149; cv=pass; d=google.com; s=arc-20160816; b=VzdoVBLFy0V/15Y5IbR2ntxi4rDqXxoJ3tm3ufRFfT/2NhyQOjD91CvH+otXbz8Pu0 S1+VyOL36TZ0j8/TtSIDl9PWYPLtwVvUrSw2H/obAzLBL01YCtz3arxgftNZhY9hBoWB 9X1coRUikJIo5dx66tIXKKebg/8Z7wHY3gg0yLw3oWVF+VKhTlkr7mZNu0f8YdfcpF3Y EDsE5ejI082ZesINYxr/vG9M75UBvOfSIVv6ZxUk7LU9vJBX3yKaRSM08Uv1UNlUNV6o xiRkz1ZdOnOfnotq2vKsoMTibSighg23bl3zpHfzXHR10P3bzJX4VUMN/nWWKCQ9ZHHb alOQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NesKOVXikCLA4XF5mUs58QdvbPAAsWL7QAypABjWcLU=; fh=ksamYSwt8+76cdDJV9KPo6XGYQ5HJzlLCQcW8ws3m8U=; b=YfT2MWWNerTpM5DRiXu6A5c3EmKnebx9fcS05FPcIh35xnKr1Hit89cgH1A4jyB/Qr 3YPTBB5LESEBXiX1lgb2lWgxymr8uNTrbaU4Rvn4imNwB/yEpa44TyPf2A3RKOG6MX+t 2kA6VGcp5BKI+Q3OYq3s3V7Qe6j93jFTiYwSYO67eVkbrt8WgrjzD4KPWgVf5umdYtCy EyPO8Z8BP5omI9LGHYcAkfpMRJg2+ugbE2WQugoQHyuvYnxW4TmKrRimwsAulw75uldd Ut7BSXDIKZSljvkDJflmoM8N4JN93mZD0DzvhVH10iXiLht94PTGGIIUh8uUIJLGwvLj YBow== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@Nvidia.com header.s=selector2 header.b=QTY4s8Us; arc=pass (i=1 spf=pass spfdomain=nvidia.com dmarc=pass fromdomain=nvidia.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=nvidia.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ct17-20020a17090af59100b002683fd38fd4si1517870pjb.31.2023.07.26.12.35.34; Wed, 26 Jul 2023 12:35:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@Nvidia.com header.s=selector2 header.b=QTY4s8Us; arc=pass (i=1 spf=pass spfdomain=nvidia.com dmarc=pass fromdomain=nvidia.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=nvidia.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232227AbjGZSwE (ORCPT + 99 others); Wed, 26 Jul 2023 14:52:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47150 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232196AbjGZSwC (ORCPT ); Wed, 26 Jul 2023 14:52:02 -0400 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2047.outbound.protection.outlook.com [40.107.94.47]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 50ACA30E1; Wed, 26 Jul 2023 11:51:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CymFOL+xyVi/V35jVe7QFDic8ETkT5/koHwxTVzbVW3GEYfqwdW0iMjHKOHd2970rEVffVpuJc/Tat9de1V3enSkAdtHRQC6okW65bi05e5IlEojZ2UQEr6/kWxlKgqmuFJiboMCoShauJzjMPLCc5ettvkTjesE63sR4ENjCjVABM+M3drdxImpeU1vlLACJziTHZ+vIAD//jbF1hCzGXIgIFuWf6rFUv6orcK+BHe8SMJ5wnBsKBlLvsI5za3/+A2+RQF6VJRhN3S4aD0fahYnW5ZeUQhdy6fPNi9LOIl4pBx2A71fSz3qGYF1bqfAYFnjiv821gko2LSaEkDyrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NesKOVXikCLA4XF5mUs58QdvbPAAsWL7QAypABjWcLU=; b=ggFjt6WZLSlydDC6+1I2CmhdTStg3pZn6w6myNWpJIkbfi1jWDhXAWPoFjZfR2FxFG1uGUbEl1loWkwS7x1tugrD9i8KNL2Mp7q76zNUUxk5ztZDCTw/c8AppgdVOvEbdXWMja+4AERLWP8UaeercUqjyGhBtv38gYpBf7ITCBNZEaVvG6kbR52kA7NumcYHPzkFOz+BIu9Manq4PyI1sWCwRHUG+B7piP6HdCkRO1R5l+xPD0D+APDyPkkxtRcjLukj1ueFhC+oMC+5bF0qpZqpVTfD7vbEMkZQE9FTyYM1GdoGJTnQKUapWUb0+DD8kUCJdtWw+APE1A6bLNFADw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=redhat.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NesKOVXikCLA4XF5mUs58QdvbPAAsWL7QAypABjWcLU=; b=QTY4s8UsOHxnzKZtSfE4/NFtzVU+IpyG2bugPR3KCFWvuAfPAh5EFDY8XXm6/aSpX+Np5T1dSH6U2pTy6g7bdQUuwN5YgTjq5QxAhJYpZWWMT0b7fYZ7fCCuPkstmd2kBUDjzD9599mM+wyu52N7kTIlHI82wU1njNigKhVp8ZMUhllVpSDK/8M/P5mDHtCTQgCbdNzDx922XeWS8MOa2gfpAn7dgNJhgzqHfXfFY6S9cO+o7u8Bv/cm0v1aCKIOCvnzRpNnY2/h/SOr3SQwTqrljT9wA6sHCPjz+VjsbGwDuWDvHjyRWfaqtoxXX+2cgAl6Dl3k5+FS0snXYMGbcQ== Received: from BN8PR04CA0033.namprd04.prod.outlook.com (2603:10b6:408:70::46) by IA1PR12MB7567.namprd12.prod.outlook.com (2603:10b6:208:42d::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6609.33; Wed, 26 Jul 2023 18:51:43 +0000 Received: from BN8NAM11FT094.eop-nam11.prod.protection.outlook.com (2603:10b6:408:70:cafe::2a) by BN8PR04CA0033.outlook.office365.com (2603:10b6:408:70::46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6609.31 via Frontend Transport; Wed, 26 Jul 2023 18:51:43 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by BN8NAM11FT094.mail.protection.outlook.com (10.13.176.131) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6631.29 via Frontend Transport; Wed, 26 Jul 2023 18:51:43 +0000 Received: from rnnvmail205.nvidia.com (10.129.68.10) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Wed, 26 Jul 2023 11:51:28 -0700 Received: from rnnvmail201.nvidia.com (10.129.68.8) by rnnvmail205.nvidia.com (10.129.68.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Wed, 26 Jul 2023 11:51:27 -0700 Received: from c-237-113-220-225.mtl.labs.mlnx (10.127.8.12) by mail.nvidia.com (10.129.68.8) with Microsoft SMTP Server id 15.2.986.37 via Frontend Transport; Wed, 26 Jul 2023 11:51:25 -0700 From: Dragos Tatulea To: "Michael S . Tsirkin" , Lin Ma , "Jason Wang" , Xuan Zhuo , "Parav Pandit" CC: , , , Dragos Tatulea Subject: [PATCH 2/2] vdpa: Enable strict validation for netlinks ops Date: Wed, 26 Jul 2023 21:49:44 +0300 Message-ID: <20230726185104.12479-3-dtatulea@nvidia.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230726185104.12479-1-dtatulea@nvidia.com> References: <20230726185104.12479-1-dtatulea@nvidia.com> MIME-Version: 1.0 X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT094:EE_|IA1PR12MB7567:EE_ X-MS-Office365-Filtering-Correlation-Id: 90135bd9-2844-4ad3-5cf3-08db8e095af1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: T7Hr9EnvY5vtRoXYMeaXnR9qJ429uzpiIGLoeSJJn85Y94Tlbd6jY3mHuuXUUlMIQq0RS1tDA9o9SNVHKTOl0StFP2pjkCTwDg0PtK16Zlu8y5SHr8r4Z4QqP65ogRKd3+K9qrs09OxC1vr68ZwzJk2qvIJnxwiAm7WLYTXshZ7H36HkBZN7DiA6ab5ho5qVI2X0oMZkGBvLJWvePf6d97Oz7vN68ZhAFkODRnoBUE06aCUpyYvHZTSeRR17SKnY3/WpysZ3A6GvGgJPPGXjjftYvxPBEVxgGG02hRG3hZ9aB2lWDBwBJwMV0xxwu/hKIx/rSc4BOwW5h8N8N6SPuLg2yhdnyaioGcUmaCvQGqmZt4wafrczFzaxcv19Zt6ea0veCF3CXyDFNm0P0+X6OM/5W6UU3bXe44KXUOooWT0LCPlilt6uhnUsXBrUUbyyjf8S2Juz1/LhFvLcQC3camlwxLTuvZjFSwWUXdcfQuVark5tu0/jor6hVjOwEA2Bl1aQEhkNi6idb0ZuM4LCt+0qF8t1UCjLILVQRy2K0mhZoz5vf5njay8MyBOsKHeyyK8udqdyDlkGtvMkO9GJNLnUN4azdHjR++8mMwTCREDzCJAxJC1P666txbZ6xUG/abCl7scQrvnkkY4XCdNOX3o9xs7nThymvVaQ4mG8nBbuKoTP1dBij39vOu5Zl3wN4tj/Zm1J+x0X1WdVCapkun6bZE/wpv9JPGbe1ls7eONaJEmsMcW/LZ8WkT1WMuKF X-Forefront-Antispam-Report: CIP:216.228.117.161;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge2.nvidia.com;CAT:NONE;SFS:(13230028)(4636009)(136003)(346002)(39860400002)(396003)(376002)(451199021)(82310400008)(36840700001)(46966006)(40470700004)(336012)(2906002)(1076003)(26005)(186003)(356005)(7636003)(107886003)(36860700001)(47076005)(2616005)(426003)(6636002)(316002)(86362001)(40480700001)(5660300002)(41300700001)(83380400001)(40460700003)(70206006)(70586007)(4326008)(8936002)(36756003)(8676002)(54906003)(82740400003)(110136005)(6666004)(478600001);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jul 2023 18:51:43.2643 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 90135bd9-2844-4ad3-5cf3-08db8e095af1 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.161];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT094.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB7567 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772513026911393145 X-GMAIL-MSGID: 1772513026911393145 The previous patch added the missing nla policies that were required for validation to work. Now strict validation on netlink ops can be enabled. This patch does it. Signed-off-by: Dragos Tatulea --- drivers/vdpa/vdpa.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c index f2f654fd84e5..a7612e0783b3 100644 --- a/drivers/vdpa/vdpa.c +++ b/drivers/vdpa/vdpa.c @@ -1257,37 +1257,31 @@ static const struct nla_policy vdpa_nl_policy[VDPA_ATTR_MAX + 1] = { static const struct genl_ops vdpa_nl_ops[] = { { .cmd = VDPA_CMD_MGMTDEV_GET, - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .doit = vdpa_nl_cmd_mgmtdev_get_doit, .dumpit = vdpa_nl_cmd_mgmtdev_get_dumpit, }, { .cmd = VDPA_CMD_DEV_NEW, - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .doit = vdpa_nl_cmd_dev_add_set_doit, .flags = GENL_ADMIN_PERM, }, { .cmd = VDPA_CMD_DEV_DEL, - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .doit = vdpa_nl_cmd_dev_del_set_doit, .flags = GENL_ADMIN_PERM, }, { .cmd = VDPA_CMD_DEV_GET, - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .doit = vdpa_nl_cmd_dev_get_doit, .dumpit = vdpa_nl_cmd_dev_get_dumpit, }, { .cmd = VDPA_CMD_DEV_CONFIG_GET, - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .doit = vdpa_nl_cmd_dev_config_get_doit, .dumpit = vdpa_nl_cmd_dev_config_get_dumpit, }, { .cmd = VDPA_CMD_DEV_VSTATS_GET, - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .doit = vdpa_nl_cmd_dev_stats_get_doit, .flags = GENL_ADMIN_PERM, },