Repository : ssh://git@open-mesh.org/batman-adv
On branch : master
commit 2ee47abaeb35ca62bb909830e10b0e973393b853 Author: Johannes Berg johannes.berg@intel.com Date: Sun Apr 28 20:28:09 2019 +0200
batman-adv: genetlink: optionally validate strictly/dumps
Add options to strictly validate messages and dump messages, sometimes perhaps validating dump messages non-strictly may be required, so add an option for that as well.
Since none of this can really be applied to existing commands, set the options everwhere using the following spatch:
@@ identifier ops; expression X; @@ struct genl_ops ops[] = { ..., { .cmd = X, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, ... }, ... };
For new commands one should just not copy the .validate 'opt-out' flags and thus get strict validation.
Signed-off-by: Johannes Berg johannes.berg@intel.com Signed-off-by: David S. Miller davem@davemloft.net [sven@narfation.org: Add compat code] Signed-off-by: Sven Eckelmann sven@narfation.org
2ee47abaeb35ca62bb909830e10b0e973393b853 compat-include/net/genetlink.h | 46 +++++++++++++++++++++++++++++++++++++----- net/batman-adv/netlink.c | 18 +++++++++++++++++ 2 files changed, 59 insertions(+), 5 deletions(-)
diff --git a/compat-include/net/genetlink.h b/compat-include/net/genetlink.h index 7d17a705..fbfdb733 100644 --- a/compat-include/net/genetlink.h +++ b/compat-include/net/genetlink.h @@ -33,6 +33,25 @@ void batadv_genl_dump_check_consistent(struct netlink_callback *cb,
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 2, 0)
+enum genl_validate_flags { + GENL_DONT_VALIDATE_STRICT = BIT(0), + GENL_DONT_VALIDATE_DUMP = BIT(1), + GENL_DONT_VALIDATE_DUMP_STRICT = BIT(2), +}; + +struct batadv_genl_ops { + int (*doit)(struct sk_buff *skb, + struct genl_info *info); + int (*start)(struct netlink_callback *cb); + int (*dumpit)(struct sk_buff *skb, + struct netlink_callback *cb); + int (*done)(struct netlink_callback *cb); + u8 cmd; + u8 internal_flags; + u8 flags; + u8 validate; +}; + struct batadv_genl_family { /* data handled by the actual kernel */ struct genl_family family; @@ -50,7 +69,7 @@ struct batadv_genl_family { struct genl_info *info); void (*post_doit)(const struct genl_ops *ops, struct sk_buff *skb, struct genl_info *info); - const struct genl_ops *ops; + const struct batadv_genl_ops *ops; const struct genl_multicast_group *mcgrps; unsigned int n_ops; unsigned int n_mcgrps; @@ -63,8 +82,6 @@ struct batadv_genl_family { struct genl_ops *copy_ops; };
-#define genl_family batadv_genl_family - static inline int batadv_genl_register_family(struct batadv_genl_family *family) { struct genl_ops *ops; @@ -82,12 +99,20 @@ static inline int batadv_genl_register_family(struct batadv_genl_family *family) family->family.n_mcgrps = family->n_mcgrps; family->family.module = family->module;
- ops = kmemdup(family->ops, sizeof(*ops) * family->n_ops, GFP_KERNEL); + ops = kzalloc(sizeof(*ops) * family->n_ops, GFP_KERNEL); if (!ops) return -ENOMEM;
- for (i = 0; i < family->family.n_ops; i++) + for (i = 0; i < family->family.n_ops; i++) { + ops[i].doit = family->ops[i].doit; + ops[i].start = family->ops[i].start; + ops[i].dumpit = family->ops[i].dumpit; + ops[i].done = family->ops[i].done; + ops[i].cmd = family->ops[i].cmd; + ops[i].internal_flags = family->ops[i].internal_flags; + ops[i].flags = family->ops[i].flags; ops[i].policy = family->policy; + }
family->family.ops = ops; family->copy_ops = ops; @@ -95,6 +120,17 @@ static inline int batadv_genl_register_family(struct batadv_genl_family *family) return genl_register_family(&family->family); }
+typedef struct genl_ops batadv_genl_ops_old; + +#define batadv_pre_doit(__x, __y, __z) \ + batadv_pre_doit(const batadv_genl_ops_old *ops, __y, __z) + +#define batadv_post_doit(__x, __y, __z) \ + batadv_post_doit(const batadv_genl_ops_old *ops, __y, __z) + +#define genl_ops batadv_genl_ops +#define genl_family batadv_genl_family + #define genl_register_family(family) \ batadv_genl_register_family((family))
diff --git a/net/batman-adv/netlink.c b/net/batman-adv/netlink.c index e7907308..a67720fa 100644 --- a/net/batman-adv/netlink.c +++ b/net/batman-adv/netlink.c @@ -1343,29 +1343,34 @@ static void batadv_post_doit(const struct genl_ops *ops, struct sk_buff *skb, static const struct genl_ops batadv_netlink_ops[] = { { .cmd = BATADV_CMD_GET_MESH, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, /* can be retrieved by unprivileged users */ .doit = batadv_netlink_get_mesh, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_TP_METER, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .doit = batadv_netlink_tp_meter_start, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_TP_METER_CANCEL, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .doit = batadv_netlink_tp_meter_cancel, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_GET_ROUTING_ALGOS, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .dumpit = batadv_algo_dump, }, { .cmd = BATADV_CMD_GET_HARDIF, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, /* can be retrieved by unprivileged users */ .dumpit = batadv_netlink_dump_hardif, .doit = batadv_netlink_get_hardif, @@ -1374,57 +1379,68 @@ static const struct genl_ops batadv_netlink_ops[] = { }, { .cmd = BATADV_CMD_GET_TRANSTABLE_LOCAL, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .dumpit = batadv_tt_local_dump, }, { .cmd = BATADV_CMD_GET_TRANSTABLE_GLOBAL, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .dumpit = batadv_tt_global_dump, }, { .cmd = BATADV_CMD_GET_ORIGINATORS, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .dumpit = batadv_orig_dump, }, { .cmd = BATADV_CMD_GET_NEIGHBORS, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .dumpit = batadv_hardif_neigh_dump, }, { .cmd = BATADV_CMD_GET_GATEWAYS, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .dumpit = batadv_gw_dump, }, { .cmd = BATADV_CMD_GET_BLA_CLAIM, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .dumpit = batadv_bla_claim_dump, }, { .cmd = BATADV_CMD_GET_BLA_BACKBONE, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .dumpit = batadv_bla_backbone_dump, }, { .cmd = BATADV_CMD_GET_DAT_CACHE, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .dumpit = batadv_dat_cache_dump, }, { .cmd = BATADV_CMD_GET_MCAST_FLAGS, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .dumpit = batadv_mcast_flags_dump, }, { .cmd = BATADV_CMD_SET_MESH, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .doit = batadv_netlink_set_mesh, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_SET_HARDIF, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .doit = batadv_netlink_set_hardif, .internal_flags = BATADV_FLAG_NEED_MESH | @@ -1432,6 +1448,7 @@ static const struct genl_ops batadv_netlink_ops[] = { }, { .cmd = BATADV_CMD_GET_VLAN, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, /* can be retrieved by unprivileged users */ .doit = batadv_netlink_get_vlan, .internal_flags = BATADV_FLAG_NEED_MESH | @@ -1439,6 +1456,7 @@ static const struct genl_ops batadv_netlink_ops[] = { }, { .cmd = BATADV_CMD_SET_VLAN, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .flags = GENL_ADMIN_PERM, .doit = batadv_netlink_set_vlan, .internal_flags = BATADV_FLAG_NEED_MESH |