An error occurred fetching the project authors.
  1. 18 Aug, 2020 1 commit
  2. 29 Jun, 2020 1 commit
  3. 09 Jun, 2020 1 commit
    • Cong Wang's avatar
      net: change addr_list_lock back to static key · 845e0ebb
      Cong Wang authored
      The dynamic key update for addr_list_lock still causes troubles,
      for example the following race condition still exists:
      
      CPU 0:				CPU 1:
      (RCU read lock)			(RTNL lock)
      dev_mc_seq_show()		netdev_update_lockdep_key()
      				  -> lockdep_unregister_key()
       -> netif_addr_lock_bh()
      
      because lockdep doesn't provide an API to update it atomically.
      Therefore, we have to move it back to static keys and use subclass
      for nest locking like before.
      
      In commit 1a33e10e ("net: partially revert dynamic lockdep key
      changes"), I already reverted most parts of commit ab92d68f
      ("net: core: add generic lockdep keys").
      
      This patch reverts the rest and also part of commit f3b0a18b
      ("net: remove unnecessary variables and callback"). After this
      patch, addr_list_lock changes back to using static keys and
      subclasses to satisfy lockdep. Thanks to dev->lower_level, we do
      not have to change back to ->ndo_get_lock_subclass().
      
      And hopefully this reduces some syzbot lockdep noises too.
      
      Reported-by: syzbot+f3a0e80c34b3fc28ac5e@syzkaller.appspotmail.com
      Cc: Taehee Yoo <ap420073@gmail.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      845e0ebb
  4. 06 May, 2020 1 commit
  5. 04 May, 2020 1 commit
  6. 01 May, 2020 1 commit
    • Scott Dial's avatar
      net: macsec: preserve ingress frame ordering · ab046a5d
      Scott Dial authored
      MACsec decryption always occurs in a softirq context. Since
      the FPU may not be usable in the softirq context, the call to
      decrypt may be scheduled on the cryptd work queue. The cryptd
      work queue does not provide ordering guarantees. Therefore,
      preserving order requires masking out ASYNC implementations
      of gcm(aes).
      
      For instance, an Intel CPU with AES-NI makes available the
      generic-gcm-aesni driver from the aesni_intel module to
      implement gcm(aes). However, this implementation requires
      the FPU, so it is not always available to use from a softirq
      context, and will fallback to the cryptd work queue, which
      does not preserve frame ordering. With this change, such a
      system would select gcm_base(ctr(aes-aesni),ghash-generic).
      While the aes-aesni implementation prefers to use the FPU, it
      will fallback to the aes-asm implementation if unavailable.
      
      By using a synchronous version of gcm(aes), the decryption
      will complete before returning from crypto_aead_decrypt().
      Therefore, the macsec_decrypt_done() callback will be called
      before returning from macsec_decrypt(). Thus, the order of
      calls to macsec_post_decrypt() for the frames is preserved.
      
      While it's presumable that the pure AES-NI version of gcm(aes)
      is more performant, the hybrid solution is capable of gigabit
      speeds on modest hardware. Regardless, preserving the order
      of frames is paramount for many network protocols (e.g.,
      triggering TCP retries). Within the MACsec driver itself, the
      replay protection is tripped by the out-of-order frames, and
      can cause frames to be dropped.
      
      This bug has been present in this code since it was added in
      v4.6, however it may not have been noticed since not all CPUs
      have FPU offload available. Additionally, the bug manifests
      as occasional out-of-order packets that are easily
      misattributed to other network phenomena.
      
      When this code was added in v4.6, the crypto/gcm.c code did
      not restrict selection of the ghash function based on the
      ASYNC flag. For instance, x86 CPUs with PCLMULQDQ would
      select the ghash-clmulni driver instead of ghash-generic,
      which submits to the cryptd work queue if the FPU is busy.
      However, this bug was was corrected in v4.8 by commit
      b30bdfa8, and was backported
      all the way back to the v3.14 stable branch, so this patch
      should be applicable back to the v4.6 stable branch.
      Signed-off-by: default avatarScott Dial <scott@scottdial.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ab046a5d
  7. 24 Apr, 2020 1 commit
    • Taehee Yoo's avatar
      macsec: avoid to set wrong mtu · 7f327080
      Taehee Yoo authored
      When a macsec interface is created, the mtu is calculated with the lower
      interface's mtu value.
      If the mtu of lower interface is lower than the length, which is needed
      by macsec interface, macsec's mtu value will be overflowed.
      So, if the lower interface's mtu is too low, macsec interface's mtu
      should be set to 0.
      
      Test commands:
          ip link add dummy0 mtu 10 type dummy
          ip link add macsec0 link dummy0 type macsec
          ip link show macsec0
      
      Before:
          11: macsec0@dummy0: <BROADCAST,MULTICAST,M-DOWN> mtu 4294967274
      After:
          11: macsec0@dummy0: <BROADCAST,MULTICAST,M-DOWN> mtu 0
      
      Fixes: c09440f7 ("macsec: introduce IEEE 802.1AE driver")
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7f327080
  8. 09 Apr, 2020 1 commit
    • Taehee Yoo's avatar
      net: macsec: fix using wrong structure in macsec_changelink() · 022e9d60
      Taehee Yoo authored
      In the macsec_changelink(), "struct macsec_tx_sa tx_sc" is used to
      store "macsec_secy.tx_sc".
      But, the struct type of tx_sc is macsec_tx_sc, not macsec_tx_sa.
      So, the macsec_tx_sc should be used instead.
      
      Test commands:
          ip link add dummy0 type dummy
          ip link add macsec0 link dummy0 type macsec
          ip link set macsec0 type macsec encrypt off
      
      Splat looks like:
      [61119.963483][ T9335] ==================================================================
      [61119.964709][ T9335] BUG: KASAN: slab-out-of-bounds in macsec_changelink.part.34+0xb6/0x200 [macsec]
      [61119.965787][ T9335] Read of size 160 at addr ffff888020d69c68 by task ip/9335
      [61119.966699][ T9335]
      [61119.966979][ T9335] CPU: 0 PID: 9335 Comm: ip Not tainted 5.6.0+ #503
      [61119.967791][ T9335] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
      [61119.968914][ T9335] Call Trace:
      [61119.969324][ T9335]  dump_stack+0x96/0xdb
      [61119.969809][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
      [61119.970554][ T9335]  print_address_description.constprop.5+0x1be/0x360
      [61119.971294][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
      [61119.971973][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
      [61119.972703][ T9335]  __kasan_report+0x12a/0x170
      [61119.973323][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
      [61119.973942][ T9335]  kasan_report+0xe/0x20
      [61119.974397][ T9335]  check_memory_region+0x149/0x1a0
      [61119.974866][ T9335]  memcpy+0x1f/0x50
      [61119.975209][ T9335]  macsec_changelink.part.34+0xb6/0x200 [macsec]
      [61119.975825][ T9335]  ? macsec_get_stats64+0x3e0/0x3e0 [macsec]
      [61119.976451][ T9335]  ? kernel_text_address+0x111/0x120
      [61119.976990][ T9335]  ? pskb_expand_head+0x25f/0xe10
      [61119.977503][ T9335]  ? stack_trace_save+0x82/0xb0
      [61119.977986][ T9335]  ? memset+0x1f/0x40
      [61119.978397][ T9335]  ? __nla_validate_parse+0x98/0x1ab0
      [61119.978936][ T9335]  ? macsec_alloc_tfm+0x90/0x90 [macsec]
      [61119.979511][ T9335]  ? __kasan_slab_free+0x111/0x150
      [61119.980021][ T9335]  ? kfree+0xce/0x2f0
      [61119.980700][ T9335]  ? netlink_trim+0x196/0x1f0
      [61119.981420][ T9335]  ? nla_memcpy+0x90/0x90
      [61119.982036][ T9335]  ? register_lock_class+0x19e0/0x19e0
      [61119.982776][ T9335]  ? memcpy+0x34/0x50
      [61119.983327][ T9335]  __rtnl_newlink+0x922/0x1270
      [ ... ]
      
      Fixes: 3cf3227a ("net: macsec: hardware offloading infrastructure")
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      022e9d60
  9. 06 Apr, 2020 1 commit
  10. 30 Mar, 2020 1 commit
  11. 27 Mar, 2020 6 commits
  12. 24 Mar, 2020 1 commit
  13. 16 Mar, 2020 2 commits
    • Era Mayflower's avatar
      macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw) · 48ef50fa
      Era Mayflower authored
      Netlink support of extended packet number cipher suites,
      allows adding and updating XPN macsec interfaces.
      
      Added support in:
          * Creating interfaces with GCM-AES-XPN-128 and GCM-AES-XPN-256 suites.
          * Setting and getting 64bit packet numbers with of SAs.
          * Setting (only on SA creation) and getting ssci of SAs.
          * Setting salt when installing a SAK.
      
      Added 2 cipher suite identifiers according to 802.1AE-2018 table 14-1:
          * MACSEC_CIPHER_ID_GCM_AES_XPN_128
          * MACSEC_CIPHER_ID_GCM_AES_XPN_256
      
      In addition, added 2 new netlink attribute types:
          * MACSEC_SA_ATTR_SSCI
          * MACSEC_SA_ATTR_SALT
      
      Depends on: macsec: Support XPN frame handling - IEEE 802.1AEbw.
      Signed-off-by: default avatarEra Mayflower <mayflowerera@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      48ef50fa
    • Era Mayflower's avatar
      macsec: Support XPN frame handling - IEEE 802.1AEbw · a21ecf0e
      Era Mayflower authored
      Support extended packet number cipher suites (802.1AEbw) frames handling.
      This does not include the needed netlink patches.
      
          * Added xpn boolean field to `struct macsec_secy`.
          * Added ssci field to `struct_macsec_tx_sa` (802.1AE figure 10-5).
          * Added ssci field to `struct_macsec_rx_sa` (802.1AE figure 10-5).
          * Added salt field to `struct macsec_key` (802.1AE 10.7 NOTE 1).
          * Created pn_t type for easy access to lower and upper halves.
          * Created salt_t type for easy access to the "ssci" and "pn" parts.
          * Created `macsec_fill_iv_xpn` function to create IV in XPN mode.
          * Support in PN recovery and preliminary replay check in XPN mode.
      
      In addition, according to IEEE 802.1AEbw figure 10-5, the PN of incoming
      frame can be 0 when XPN cipher suite is used, so fixed the function
      `macsec_validate_skb` to fail on PN=0 only if XPN is off.
      Signed-off-by: default avatarEra Mayflower <mayflowerera@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a21ecf0e
  14. 10 Mar, 2020 2 commits
  15. 03 Mar, 2020 1 commit
  16. 14 Jan, 2020 4 commits
    • Antoine Tenart's avatar
      net: macsec: PN wrap callback · 5c937de7
      Antoine Tenart authored
      Allow to call macsec_pn_wrapped from hardware drivers to notify when a
      PN rolls over. Some drivers might used an interrupt to implement this.
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5c937de7
    • Antoine Tenart's avatar
      net: macsec: add nla support for changing the offloading selection · dcb780fb
      Antoine Tenart authored
      MACsec offloading to underlying hardware devices is disabled by default
      (the software implementation is used). This patch adds support for
      changing this setting through the MACsec netlink interface. Many checks
      are done when enabling offloading on a given MACsec interface as there
      are limitations (it must be supported by the hardware, only a single
      interface can be offloaded on a given physical device at a time, rules
      can't be moved for now).
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dcb780fb
    • Antoine Tenart's avatar
      net: macsec: hardware offloading infrastructure · 3cf3227a
      Antoine Tenart authored
      This patch introduces the MACsec hardware offloading infrastructure.
      
      The main idea here is to re-use the logic and data structures of the
      software MACsec implementation. This allows not to duplicate definitions
      and structure storing the same kind of information. It also allows to
      use a unified genlink interface for both MACsec implementations (so that
      the same userspace tool, `ip macsec`, is used with the same arguments).
      The MACsec offloading support cannot be disabled if an interface
      supports it at the moment.
      
      The MACsec configuration is passed to device drivers supporting it
      through macsec_ops which are called from the MACsec genl helpers. Those
      functions call the macsec ops of PHY and Ethernet drivers in two steps:
      a preparation one, and a commit one. The first step is allowed to fail
      and should be used to check if a provided configuration is compatible
      with the features provided by a MACsec engine, while the second step is
      not allowed to fail and should only be used to enable a given MACsec
      configuration. Two extra calls are made: when a virtual MACsec interface
      is created and when it is deleted, so that the hardware driver can stay
      in sync.
      
      The Rx and TX handlers are modified to take in account the special case
      were the MACsec transformation happens in the hardware, whether in a PHY
      or in a MAC, as the packets seen by the networking stack on both the
      physical and MACsec virtual interface are exactly the same. This leads
      to some limitations: the hardware and software implementations can't be
      used on the same physical interface, as the policies would be impossible
      to fulfill (such as strict validation of the frames). Also only a single
      virtual MACsec interface can be offloaded to a physical port supporting
      hardware offloading as it would be impossible to guess onto which
      interface a given packet should go (for ingress traffic).
      
      Another limitation as of now is that the counters and statistics are not
      reported back from the hardware to the software MACsec implementation.
      This isn't an issue when using offloaded MACsec transformations, but it
      should be added in the future so that the MACsec state can be reported
      to the user (which would also improve the debug).
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3cf3227a
    • Antoine Tenart's avatar
      net: macsec: move some definitions in a dedicated header · c0e4eadf
      Antoine Tenart authored
      This patch moves some structure, type and identifier definitions into a
      MACsec specific header. This patch does not modify how the MACsec code
      is running and only move things around. This is a preparation for the
      future MACsec hardware offloading support, which will re-use those
      definitions outside macsec.c.
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c0e4eadf
  17. 24 Oct, 2019 3 commits
    • Taehee Yoo's avatar
      net: remove unnecessary variables and callback · f3b0a18b
      Taehee Yoo authored
      This patch removes variables and callback these are related to the nested
      device structure.
      devices that can be nested have their own nest_level variable that
      represents the depth of nested devices.
      In the previous patch, new {lower/upper}_level variables are added and
      they replace old private nest_level variable.
      So, this patch removes all 'nest_level' variables.
      
      In order to avoid lockdep warning, ->ndo_get_lock_subclass() was added
      to get lockdep subclass value, which is actually lower nested depth value.
      But now, they use the dynamic lockdep key to avoid lockdep warning instead
      of the subclass.
      So, this patch removes ->ndo_get_lock_subclass() callback.
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f3b0a18b
    • Taehee Yoo's avatar
      macsec: fix refcnt leak in module exit routine · 2bce1ebe
      Taehee Yoo authored
      When a macsec interface is created, it increases a refcnt to a lower
      device(real device). when macsec interface is deleted, the refcnt is
      decreased in macsec_free_netdev(), which is ->priv_destructor() of
      macsec interface.
      
      The problem scenario is this.
      When nested macsec interfaces are exiting, the exit routine of the
      macsec module makes refcnt leaks.
      
      Test commands:
          ip link add dummy0 type dummy
          ip link add macsec0 link dummy0 type macsec
          ip link add macsec1 link macsec0 type macsec
          modprobe -rv macsec
      
      [  208.629433] unregister_netdevice: waiting for macsec0 to become free. Usage count = 1
      
      Steps of exit routine of macsec module are below.
      1. Calls ->dellink() in __rtnl_link_unregister().
      2. Checks refcnt and wait refcnt to be 0 if refcnt is not 0 in
      netdev_run_todo().
      3. Calls ->priv_destruvtor() in netdev_run_todo().
      
      Step2 checks refcnt, but step3 decreases refcnt.
      So, step2 waits forever.
      
      This patch makes the macsec module do not hold a refcnt of the lower
      device because it already holds a refcnt of the lower device with
      netdev_upper_dev_link().
      
      Fixes: c09440f7 ("macsec: introduce IEEE 802.1AE driver")
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2bce1ebe
    • Taehee Yoo's avatar
      net: core: add generic lockdep keys · ab92d68f
      Taehee Yoo authored
      Some interface types could be nested.
      (VLAN, BONDING, TEAM, MACSEC, MACVLAN, IPVLAN, VIRT_WIFI, VXLAN, etc..)
      These interface types should set lockdep class because, without lockdep
      class key, lockdep always warn about unexisting circular locking.
      
      In the current code, these interfaces have their own lockdep class keys and
      these manage itself. So that there are so many duplicate code around the
      /driver/net and /net/.
      This patch adds new generic lockdep keys and some helper functions for it.
      
      This patch does below changes.
      a) Add lockdep class keys in struct net_device
         - qdisc_running, xmit, addr_list, qdisc_busylock
         - these keys are used as dynamic lockdep key.
      b) When net_device is being allocated, lockdep keys are registered.
         - alloc_netdev_mqs()
      c) When net_device is being free'd llockdep keys are unregistered.
         - free_netdev()
      d) Add generic lockdep key helper function
         - netdev_register_lockdep_key()
         - netdev_unregister_lockdep_key()
         - netdev_update_lockdep_key()
      e) Remove unnecessary generic lockdep macro and functions
      f) Remove unnecessary lockdep code of each interfaces.
      
      After this patch, each interface modules don't need to maintain
      their lockdep keys.
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ab92d68f
  18. 26 Sep, 2019 1 commit
    • Xin Long's avatar
      macsec: drop skb sk before calling gro_cells_receive · ba56d8ce
      Xin Long authored
      Fei Liu reported a crash when doing netperf on a topo of macsec
      dev over veth:
      
        [  448.919128] refcount_t: underflow; use-after-free.
        [  449.090460] Call trace:
        [  449.092895]  refcount_sub_and_test+0xb4/0xc0
        [  449.097155]  tcp_wfree+0x2c/0x150
        [  449.100460]  ip_rcv+0x1d4/0x3a8
        [  449.103591]  __netif_receive_skb_core+0x554/0xae0
        [  449.108282]  __netif_receive_skb+0x28/0x78
        [  449.112366]  netif_receive_skb_internal+0x54/0x100
        [  449.117144]  napi_gro_complete+0x70/0xc0
        [  449.121054]  napi_gro_flush+0x6c/0x90
        [  449.124703]  napi_complete_done+0x50/0x130
        [  449.128788]  gro_cell_poll+0x8c/0xa8
        [  449.132351]  net_rx_action+0x16c/0x3f8
        [  449.136088]  __do_softirq+0x128/0x320
      
      The issue was caused by skb's true_size changed without its sk's
      sk_wmem_alloc increased in tcp/skb_gro_receive(). Later when the
      skb is being freed and the skb's truesize is subtracted from its
      sk's sk_wmem_alloc in tcp_wfree(), underflow occurs.
      
      macsec is calling gro_cells_receive() to receive a packet, which
      actually requires skb->sk to be NULL. However when macsec dev is
      over veth, it's possible the skb->sk is still set if the skb was
      not unshared or expanded from the peer veth.
      
      ip_rcv() is calling skb_orphan() to drop the skb's sk for tproxy,
      but it is too late for macsec's calling gro_cells_receive(). So
      fix it by dropping the skb's sk earlier on rx path of macsec.
      
      Fixes: 5491e7c6 ("macsec: enable GRO and RPS on macsec devices")
      Reported-by: default avatarXiumei Mu <xmu@redhat.com>
      Reported-by: default avatarFei Liu <feliu@redhat.com>
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ba56d8ce
  19. 02 Jul, 2019 2 commits
  20. 30 May, 2019 1 commit
  21. 27 Apr, 2019 3 commits
    • Johannes Berg's avatar
      genetlink: optionally validate strictly/dumps · ef6243ac
      Johannes Berg authored
      Add options to strictly validate messages and dump messages,
      sometimes perhaps validating dump messages non-strictly may
      be required, so add an option for that as well.
      
      Since none of this can really be applied to existing commands,
      set the options everwhere using the following spatch:
      
          @@
          identifier ops;
          expression X;
          @@
          struct genl_ops ops[] = {
          ...,
           {
                  .cmd = X,
          +       .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
                  ...
           },
          ...
          };
      
      For new commands one should just not copy the .validate 'opt-out'
      flags and thus get strict validation.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ef6243ac
    • Johannes Berg's avatar
      netlink: make validation more configurable for future strictness · 8cb08174
      Johannes Berg authored
      We currently have two levels of strict validation:
      
       1) liberal (default)
           - undefined (type >= max) & NLA_UNSPEC attributes accepted
           - attribute length >= expected accepted
           - garbage at end of message accepted
       2) strict (opt-in)
           - NLA_UNSPEC attributes accepted
           - attribute length >= expected accepted
      
      Split out parsing strictness into four different options:
       * TRAILING     - check that there's no trailing data after parsing
                        attributes (in message or nested)
       * MAXTYPE      - reject attrs > max known type
       * UNSPEC       - reject attributes with NLA_UNSPEC policy entries
       * STRICT_ATTRS - strictly validate attribute size
      
      The default for future things should be *everything*.
      The current *_strict() is a combination of TRAILING and MAXTYPE,
      and is renamed to _deprecated_strict().
      The current regular parsing has none of this, and is renamed to
      *_parse_deprecated().
      
      Additionally it allows us to selectively set one of the new flags
      even on old policies. Notably, the UNSPEC flag could be useful in
      this case, since it can be arranged (by filling in the policy) to
      not be an incompatible userspace ABI change, but would then going
      forward prevent forgetting attribute entries. Similar can apply
      to the POLICY flag.
      
      We end up with the following renames:
       * nla_parse           -> nla_parse_deprecated
       * nla_parse_strict    -> nla_parse_deprecated_strict
       * nlmsg_parse         -> nlmsg_parse_deprecated
       * nlmsg_parse_strict  -> nlmsg_parse_deprecated_strict
       * nla_parse_nested    -> nla_parse_nested_deprecated
       * nla_validate_nested -> nla_validate_nested_deprecated
      
      Using spatch, of course:
          @@
          expression TB, MAX, HEAD, LEN, POL, EXT;
          @@
          -nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
          +nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
      
          @@
          expression NLH, HDRLEN, TB, MAX, POL, EXT;
          @@
          -nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
          +nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
      
          @@
          expression NLH, HDRLEN, TB, MAX, POL, EXT;
          @@
          -nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
          +nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
      
          @@
          expression TB, MAX, NLA, POL, EXT;
          @@
          -nla_parse_nested(TB, MAX, NLA, POL, EXT)
          +nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
      
          @@
          expression START, MAX, POL, EXT;
          @@
          -nla_validate_nested(START, MAX, POL, EXT)
          +nla_validate_nested_deprecated(START, MAX, POL, EXT)
      
          @@
          expression NLH, HDRLEN, MAX, POL, EXT;
          @@
          -nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
          +nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
      
      For this patch, don't actually add the strict, non-renamed versions
      yet so that it breaks compile if I get it wrong.
      
      Also, while at it, make nla_validate and nla_parse go down to a
      common __nla_validate_parse() function to avoid code duplication.
      
      Ultimately, this allows us to have very strict validation for every
      new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
      next patch, while existing things will continue to work as is.
      
      In effect then, this adds fully strict validation for any new command.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8cb08174
    • Michal Kubecek's avatar
      netlink: make nla_nest_start() add NLA_F_NESTED flag · ae0be8de
      Michal Kubecek authored
      Even if the NLA_F_NESTED flag was introduced more than 11 years ago, most
      netlink based interfaces (including recently added ones) are still not
      setting it in kernel generated messages. Without the flag, message parsers
      not aware of attribute semantics (e.g. wireshark dissector or libmnl's
      mnl_nlmsg_fprintf()) cannot recognize nested attributes and won't display
      the structure of their contents.
      
      Unfortunately we cannot just add the flag everywhere as there may be
      userspace applications which check nlattr::nla_type directly rather than
      through a helper masking out the flags. Therefore the patch renames
      nla_nest_start() to nla_nest_start_noflag() and introduces nla_nest_start()
      as a wrapper adding NLA_F_NESTED. The calls which add NLA_F_NESTED manually
      are rewritten to use nla_nest_start().
      
      Except for changes in include/net/netlink.h, the patch was generated using
      this semantic patch:
      
      @@ expression E1, E2; @@
      -nla_nest_start(E1, E2)
      +nla_nest_start_noflag(E1, E2)
      
      @@ expression E1, E2; @@
      -nla_nest_start_noflag(E1, E2 | NLA_F_NESTED)
      +nla_nest_start(E1, E2)
      Signed-off-by: default avatarMichal Kubecek <mkubecek@suse.cz>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Acked-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ae0be8de
  22. 02 Apr, 2019 1 commit
  23. 22 Mar, 2019 1 commit
    • Johannes Berg's avatar
      genetlink: make policy common to family · 3b0f31f2
      Johannes Berg authored
      Since maxattr is common, the policy can't really differ sanely,
      so make it common as well.
      
      The only user that did in fact manage to make a non-common policy
      is taskstats, which has to be really careful about it (since it's
      still using a common maxattr!). This is no longer supported, but
      we can fake it using pre_doit.
      
      This reduces the size of e.g. nl80211.o (which has lots of commands):
      
         text	   data	    bss	    dec	    hex	filename
       398745	  14323	   2240	 415308	  6564c	net/wireless/nl80211.o (before)
       397913	  14331	   2240	 414484	  65314	net/wireless/nl80211.o (after)
      --------------------------------
         -832      +8       0    -824
      
      Which is obviously just 8 bytes for each command, and an added 8
      bytes for the new policy pointer. I'm not sure why the ops list is
      counted as .text though.
      
      Most of the code transformations were done using the following spatch:
          @ops@
          identifier OPS;
          expression POLICY;
          @@
          struct genl_ops OPS[] = {
          ...,
           {
          -	.policy = POLICY,
           },
          ...
          };
      
          @@
          identifier ops.OPS;
          expression ops.POLICY;
          identifier fam;
          expression M;
          @@
          struct genl_family fam = {
                  .ops = OPS,
                  .maxattr = M,
          +       .policy = POLICY,
                  ...
          };
      
      This also gets rid of devlink_nl_cmd_region_read_dumpit() accessing
      the cb->data as ops, which we want to change in a later genl patch.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3b0f31f2
  24. 29 Oct, 2018 2 commits