From patchwork Mon Jun 17 10:03:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kevin 'ldir' Darbyshire-Bryant X-Patchwork-Id: 1116928 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=darbyshire-bryant.me.uk Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=darbyshire-bryant.me.uk header.i=@darbyshire-bryant.me.uk header.b="RFHgOn0p"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45S6HZ5wN3z9sN4 for ; Mon, 17 Jun 2019 20:03:54 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727842AbfFQKDx (ORCPT ); Mon, 17 Jun 2019 06:03:53 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:53735 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726708AbfFQKDw (ORCPT ); Mon, 17 Jun 2019 06:03:52 -0400 Received: by mail-wm1-f66.google.com with SMTP id x15so8572820wmj.3 for ; Mon, 17 Jun 2019 03:03:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=darbyshire-bryant.me.uk; s=google; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=rEHLzZ23khG4P5uM+JS/w5AzON/xWAmRBd/wtio95bM=; b=RFHgOn0pbdq+TsTK3jq2Fcq7lMheEZMgJ/MQGJ7TmB+TsQhY8nlXOM95+D1y0ICCxp lEAiqaCQHu/9TmMOFH4ViOlC8S0xU1Ca2cdIk7RRVvgXw0QI16ZMOficK48d4ackchLm fYZigyKg0GrtPZR1eoQGZ0SKUaXD4I5w/nIWw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=rEHLzZ23khG4P5uM+JS/w5AzON/xWAmRBd/wtio95bM=; b=t4hyFSjWXep/KCou6g9qPrcwr3YVVBcJyHKuXiZ2AYENK8sYBYq9HTy9ZMQ7Y/j1cQ cBwzimoUFKZe8xA25RHmGKnHKmhdYvcqjWDqBcSnH1whagjAdmK0RveiVDu8ofpPh9Qx AOWmhqONXJB8qbr2kABFy2sYYs/KufxjOBsLG/Nb6TNPlUS66ZyisnHWcTmygiT2ZRnS fX5q2DYeinaS7I/QUE6fw5yK83JCNTgTmDdfAQ/umATZSCQT/4H4OJ8wByWEWEzjCwdH +uuVPwXDWIcYPE5Z9eY66ZJxHdc2FCApmpfxSbOGPnm7/CkoOyHi33z1Wb52cBEErlLD pPvQ== X-Gm-Message-State: APjAAAXCiY1RxGuxZDVvkhsdVHUYbi0TAkR9oAQUTBc/6gzE/bQ5xBRj DvZNs0rxsB6u4VcCXEHwBwH2RWS7om/xXw== X-Google-Smtp-Source: APXvYqzu83iwtSjh+We1ok7PdNrF6xHxIAXHQACjyv+6DUiybj3ozRyXpmnErMR/LzJGtUwioXeLtg== X-Received: by 2002:a1c:ca06:: with SMTP id a6mr18317470wmg.48.1560765828975; Mon, 17 Jun 2019 03:03:48 -0700 (PDT) Received: from Kevins-MBP.lan.darbyshire-bryant.me.uk ([2a02:c7f:1268:6500::dc83]) by smtp.gmail.com with ESMTPSA id n1sm9791302wrx.39.2019.06.17.03.03.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 03:03:48 -0700 (PDT) From: Kevin Darbyshire-Bryant To: netdev@vger.kernel.org Cc: Kevin Darbyshire-Bryant Subject: [PATCH net-next 1/2] net: sched: act_ctinfo: fix action creation Date: Mon, 17 Jun 2019 11:03:26 +0100 Message-Id: <20190617100327.24796-2-ldir@darbyshire-bryant.me.uk> X-Mailer: git-send-email 2.20.1 (Apple Git-117) In-Reply-To: <20190617100327.24796-1-ldir@darbyshire-bryant.me.uk> References: <20190617100327.24796-1-ldir@darbyshire-bryant.me.uk> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Use correct return value on action creation: ACT_P_CREATED. The use of incorrect return value could result in a situation where the system thought a ctinfo module was listening but actually wasn't instantiated correctly leading to an OOPS in tcf_generic_walker(). Confession time: Until very recently, development of this module has been done on 'net-next' tree to 'clean compile' level with run-time testing on backports to 4.14 & 4.19 kernels under openwrt. During the back & forward porting during development & testing, the critical ACT_P_CREATED return code got missed despite being in the 4.14 & 4.19 backports. I have now gone through the init functions, using act_csum as reference with a fine toothed comb. Bonus, no more OOPSes. I managed to also miss this issue till now due to the new strict nla_parse_nested function failing validation before action creation. As an inexperienced developer I've learned that copy/pasting/backporting/forward porting code correctly is hard. If I ever get to a developer conference I shall don the cone of shame. Signed-off-by: Kevin Darbyshire-Bryant --- net/sched/act_ctinfo.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/sched/act_ctinfo.c b/net/sched/act_ctinfo.c index a7d3679d7e2e..2c17f6843107 100644 --- a/net/sched/act_ctinfo.c +++ b/net/sched/act_ctinfo.c @@ -213,6 +213,7 @@ static int tcf_ctinfo_init(struct net *net, struct nlattr *nla, tcf_idr_cleanup(tn, actparm->index); return ret; } + ret = ACT_P_CREATED; } else if (err > 0) { if (bind) /* don't override defaults */ return 0; From patchwork Mon Jun 17 10:03:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kevin 'ldir' Darbyshire-Bryant X-Patchwork-Id: 1116929 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=darbyshire-bryant.me.uk Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=darbyshire-bryant.me.uk header.i=@darbyshire-bryant.me.uk header.b="NBJe3jqC"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45S6Hc0qz1z9sND for ; Mon, 17 Jun 2019 20:03:56 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727906AbfFQKDy (ORCPT ); Mon, 17 Jun 2019 06:03:54 -0400 Received: from mail-wm1-f67.google.com ([209.85.128.67]:33585 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726048AbfFQKDw (ORCPT ); Mon, 17 Jun 2019 06:03:52 -0400 Received: by mail-wm1-f67.google.com with SMTP id h19so4138725wme.0 for ; Mon, 17 Jun 2019 03:03:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=darbyshire-bryant.me.uk; s=google; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=XSnr4K06XaXQiHBSG5XsdS31khp1+3dvwaPcAvNNqU8=; b=NBJe3jqCLrwaHd9uU5nWZbSuPq1B+Emtmz9e84Agb0hKsEUkA1CT1i6m9qw8MB1BSI uM/KO+iCFK4D0D6j3B/0B2wJq87pGBOLbBCQWCI9aqiA/ktGqKoGpuiyTGshX4aHhyV1 5dfvX1qEfOjEY/+b/itlGOM7GvCCa2FlpVWsk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=XSnr4K06XaXQiHBSG5XsdS31khp1+3dvwaPcAvNNqU8=; b=l00d3+ILtdo3LCuIR8siTFhH5lwkt+132fHfrJHGVwtMzySd6hqqls/DX9TdSUllT1 3u7H9rKskACJiB6V7zTOJw1wEG9kw7obHX5UUfJ8GomFZEYYzaatrBqUqoKxW4mcfoRS HyR256/jE69yUDQxWxa4X7VQuU4YaCdWL3tvUlW8DekK7zY5tAjfO5o6S+LIDcuO65cE mguixibd2Li7haXbBrirUck8EBw4cAJR578zqmprqo0osVYs2/AL+HF91ABJhtzDhcd3 4z9zXUL+yfTX6ISVFW9kKI9ikhL6kpfoKS43ziDWZnvzRVVY62miHIo4MbVB2c99Hgaf ZG5g== X-Gm-Message-State: APjAAAXHy9leJ5mkA/2bPguPbnbpKqAsHlq0UwllPt5X4hZavxn68ZVU 6w7ECqopJI/S/2PH0oULdLj6+7qrtNDh7A== X-Google-Smtp-Source: APXvYqyGbj4M19gSaNLhT8SPwwtGdksRoz7QOa2Q+F/OpvfwgZj1B3v1YNoNlPzDeg+fyJ/qmm4p+g== X-Received: by 2002:a1c:a6d1:: with SMTP id p200mr18644743wme.169.1560765830616; Mon, 17 Jun 2019 03:03:50 -0700 (PDT) Received: from Kevins-MBP.lan.darbyshire-bryant.me.uk ([2a02:c7f:1268:6500::dc83]) by smtp.gmail.com with ESMTPSA id n1sm9791302wrx.39.2019.06.17.03.03.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 03:03:49 -0700 (PDT) From: Kevin Darbyshire-Bryant To: netdev@vger.kernel.org Cc: Kevin Darbyshire-Bryant Subject: [PATCH net-next 2/2] net: sched: act_ctinfo: fix policy validation Date: Mon, 17 Jun 2019 11:03:27 +0100 Message-Id: <20190617100327.24796-3-ldir@darbyshire-bryant.me.uk> X-Mailer: git-send-email 2.20.1 (Apple Git-117) In-Reply-To: <20190617100327.24796-1-ldir@darbyshire-bryant.me.uk> References: <20190617100327.24796-1-ldir@darbyshire-bryant.me.uk> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Fix nla_policy definition by specifying an exact length type attribute to CTINFO action paraneter block structure. Without this change, netlink parsing will fail validation and the action will not be instantiated. 8cb081746c03 ("netlink: make validation more configurable for future") introduced much stricter checking to attributes being passed via netlink. Existing actions were updated to use less restrictive deprecated versions of nla_parse_nested. As a new module, act_ctinfo should be designed to use the strict checking model otherwise, well, what was the point of implementing it. Confession time: Until very recently, development of this module has been done on 'net-next' tree to 'clean compile' level with run-time testing on backports to 4.14 & 4.19 kernels under openwrt. This is how I managed to miss the run-time impacts of the new strict nla_parse_nested function. I hopefully have learned something from this (glances toward laptop running a net-next kernel) There is however a still outstanding implication on iproute2 user space in that it needs to be told to pass nested netlink messages with the nested attribute actually set. So even with this kernel fix to do things correctly you still cannot instantiate a new 'strict' nla_parse_nested based action such as act_ctinfo with iproute2's tc. Signed-off-by: Kevin Darbyshire-Bryant --- net/sched/act_ctinfo.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/sched/act_ctinfo.c b/net/sched/act_ctinfo.c index 2c17f6843107..10eb2bb99861 100644 --- a/net/sched/act_ctinfo.c +++ b/net/sched/act_ctinfo.c @@ -141,7 +141,8 @@ static int tcf_ctinfo_act(struct sk_buff *skb, const struct tc_action *a, } static const struct nla_policy ctinfo_policy[TCA_CTINFO_MAX + 1] = { - [TCA_CTINFO_ACT] = { .len = sizeof(struct + [TCA_CTINFO_ACT] = { .type = NLA_EXACT_LEN, + .len = sizeof(struct tc_ctinfo) }, [TCA_CTINFO_ZONE] = { .type = NLA_U16 }, [TCA_CTINFO_PARMS_DSCP_MASK] = { .type = NLA_U32 },