Linux Ethernet Bridging - Jan 2023 - [Bridge] [PATCH net-next 01/16] net: bridge: Set strict_start_type at two policies

Make any attributes newly-added to br_port_policy or vlan_tunnel_policy
parsed strictly, to prevent userspace from passing garbage. Note that this
patchset only touches the former policy. The latter was adjusted for
completeness' sake. There do not appear to be other _deprecated calls
with non-NULL policies.

Suggested-by: Ido Schimmel <idosch at nvidia.com>
Signed-off-by: Petr Machata <petrm at nvidia.com>
Reviewed-by: Ido Schimmel <idosch at nvidia.com>
---
 net/bridge/br_netlink.c        | 2 ++
 net/bridge/br_netlink_tunnel.c | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 4316cc82ae17..a6133d469885 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -858,6 +858,8 @@ static int br_afspec(struct net_bridge *br,
 }
 
 static const struct nla_policy br_port_policy[IFLA_BRPORT_MAX + 1] = {
+	[IFLA_BRPORT_UNSPEC]	= { .strict_start_type +				
IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT + 1 },
 	[IFLA_BRPORT_STATE]	= { .type = NLA_U8 },
 	[IFLA_BRPORT_COST]	= { .type = NLA_U32 },
 	[IFLA_BRPORT_PRIORITY]	= { .type = NLA_U16 },
diff --git a/net/bridge/br_netlink_tunnel.c b/net/bridge/br_netlink_tunnel.c
index 8914290c75d4..17abf092f7ca 100644
--- a/net/bridge/br_netlink_tunnel.c
+++ b/net/bridge/br_netlink_tunnel.c
@@ -188,6 +188,9 @@ int br_fill_vlan_tunnel_info(struct sk_buff *skb,
 }
 
 static const struct nla_policy vlan_tunnel_policy[IFLA_BRIDGE_VLAN_TUNNEL_MAX +
1] = {
+	[IFLA_BRIDGE_VLAN_TUNNEL_UNSPEC] = {
+		.strict_start_type = IFLA_BRIDGE_VLAN_TUNNEL_FLAGS + 1
+	},
 	[IFLA_BRIDGE_VLAN_TUNNEL_ID] = { .type = NLA_U32 },
 	[IFLA_BRIDGE_VLAN_TUNNEL_VID] = { .type = NLA_U16 },
 	[IFLA_BRIDGE_VLAN_TUNNEL_FLAGS] = { .type = NLA_U16 },
-- 
2.39.0

On Thu, 26 Jan 2023 18:01:09 +0100
Petr Machata <petrm at nvidia.com> wrote:
>  static const struct nla_policy br_port_policy[IFLA_BRPORT_MAX + 1] = {
> +	[IFLA_BRPORT_UNSPEC]	= { .strict_start_type > +				
IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT + 1 },
Is the original IFLA_BRPORT a typo? ETH not EHT

On 26/01/2023 19:01, Petr Machata wrote:
> Make any attributes newly-added to br_port_policy or vlan_tunnel_policy
> parsed strictly, to prevent userspace from passing garbage. Note that this
> patchset only touches the former policy. The latter was adjusted for
> completeness' sake. There do not appear to be other _deprecated calls
> with non-NULL policies.
> 
> Suggested-by: Ido Schimmel <idosch at nvidia.com>
> Signed-off-by: Petr Machata <petrm at nvidia.com>
> Reviewed-by: Ido Schimmel <idosch at nvidia.com>
> ---
>  net/bridge/br_netlink.c        | 2 ++
>  net/bridge/br_netlink_tunnel.c | 3 +++
>  2 files changed, 5 insertions(+)
> 
> diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
> index 4316cc82ae17..a6133d469885 100644
> --- a/net/bridge/br_netlink.c
> +++ b/net/bridge/br_netlink.c
> @@ -858,6 +858,8 @@ static int br_afspec(struct net_bridge *br,
>  }
>  
>  static const struct nla_policy br_port_policy[IFLA_BRPORT_MAX + 1] = {
> +	[IFLA_BRPORT_UNSPEC]	= { .strict_start_type > +				
IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT + 1 },
>  	[IFLA_BRPORT_STATE]	= { .type = NLA_U8 },
>  	[IFLA_BRPORT_COST]	= { .type = NLA_U32 },
>  	[IFLA_BRPORT_PRIORITY]	= { .type = NLA_U16 },
> diff --git a/net/bridge/br_netlink_tunnel.c
b/net/bridge/br_netlink_tunnel.c
> index 8914290c75d4..17abf092f7ca 100644
> --- a/net/bridge/br_netlink_tunnel.c
> +++ b/net/bridge/br_netlink_tunnel.c
> @@ -188,6 +188,9 @@ int br_fill_vlan_tunnel_info(struct sk_buff *skb,
>  }
>  
>  static const struct nla_policy
vlan_tunnel_policy[IFLA_BRIDGE_VLAN_TUNNEL_MAX + 1] = {
> +	[IFLA_BRIDGE_VLAN_TUNNEL_UNSPEC] = {
> +		.strict_start_type = IFLA_BRIDGE_VLAN_TUNNEL_FLAGS + 1
> +	},
>  	[IFLA_BRIDGE_VLAN_TUNNEL_ID] = { .type = NLA_U32 },
>  	[IFLA_BRIDGE_VLAN_TUNNEL_VID] = { .type = NLA_U16 },
>  	[IFLA_BRIDGE_VLAN_TUNNEL_FLAGS] = { .type = NLA_U16 },
Acked-by: Nikolay Aleksandrov <razor at blackwall.org>