diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2019-04-26 08:07:31 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2019-04-27 17:07:22 -0400 |
| commit | ef6243acb4782df587a4d7d6c310fa5b5d82684b (patch) | |
| tree | 81b4175fc03c61adbb8935f5f7b8ce02589c65dd /net/openvswitch/datapath.c | |
| parent | 56738f460841761abc70347c919d5c45f6f05a42 (diff) | |
genetlink: optionally validate strictly/dumps
Add options to strictly validate messages and dump messages,
sometimes perhaps validating dump messages non-strictly may
be required, so add an option for that as well.
Since none of this can really be applied to existing commands,
set the options everwhere using the following spatch:
@@
identifier ops;
expression X;
@@
struct genl_ops ops[] = {
...,
{
.cmd = X,
+ .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
...
},
...
};
For new commands one should just not copy the .validate 'opt-out'
flags and thus get strict validation.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/openvswitch/datapath.c')
| -rw-r--r-- | net/openvswitch/datapath.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c index 3b99fc3de9ac..b95015c7e999 100644 --- a/net/openvswitch/datapath.c +++ b/net/openvswitch/datapath.c | |||
| @@ -639,6 +639,7 @@ static const struct nla_policy packet_policy[OVS_PACKET_ATTR_MAX + 1] = { | |||
| 639 | 639 | ||
| 640 | static const struct genl_ops dp_packet_genl_ops[] = { | 640 | static const struct genl_ops dp_packet_genl_ops[] = { |
| 641 | { .cmd = OVS_PACKET_CMD_EXECUTE, | 641 | { .cmd = OVS_PACKET_CMD_EXECUTE, |
| 642 | .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, | ||
| 642 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ | 643 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ |
| 643 | .doit = ovs_packet_cmd_execute | 644 | .doit = ovs_packet_cmd_execute |
| 644 | } | 645 | } |
| @@ -1424,19 +1425,23 @@ static const struct nla_policy flow_policy[OVS_FLOW_ATTR_MAX + 1] = { | |||
| 1424 | 1425 | ||
| 1425 | static const struct genl_ops dp_flow_genl_ops[] = { | 1426 | static const struct genl_ops dp_flow_genl_ops[] = { |
| 1426 | { .cmd = OVS_FLOW_CMD_NEW, | 1427 | { .cmd = OVS_FLOW_CMD_NEW, |
| 1428 | .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, | ||
| 1427 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ | 1429 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ |
| 1428 | .doit = ovs_flow_cmd_new | 1430 | .doit = ovs_flow_cmd_new |
| 1429 | }, | 1431 | }, |
| 1430 | { .cmd = OVS_FLOW_CMD_DEL, | 1432 | { .cmd = OVS_FLOW_CMD_DEL, |
| 1433 | .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, | ||
| 1431 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ | 1434 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ |
| 1432 | .doit = ovs_flow_cmd_del | 1435 | .doit = ovs_flow_cmd_del |
| 1433 | }, | 1436 | }, |
| 1434 | { .cmd = OVS_FLOW_CMD_GET, | 1437 | { .cmd = OVS_FLOW_CMD_GET, |
| 1438 | .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, | ||
| 1435 | .flags = 0, /* OK for unprivileged users. */ | 1439 | .flags = 0, /* OK for unprivileged users. */ |
| 1436 | .doit = ovs_flow_cmd_get, | 1440 | .doit = ovs_flow_cmd_get, |
| 1437 | .dumpit = ovs_flow_cmd_dump | 1441 | .dumpit = ovs_flow_cmd_dump |
| 1438 | }, | 1442 | }, |
| 1439 | { .cmd = OVS_FLOW_CMD_SET, | 1443 | { .cmd = OVS_FLOW_CMD_SET, |
| 1444 | .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, | ||
| 1440 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ | 1445 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ |
| 1441 | .doit = ovs_flow_cmd_set, | 1446 | .doit = ovs_flow_cmd_set, |
| 1442 | }, | 1447 | }, |
| @@ -1814,19 +1819,23 @@ static const struct nla_policy datapath_policy[OVS_DP_ATTR_MAX + 1] = { | |||
| 1814 | 1819 | ||
| 1815 | static const struct genl_ops dp_datapath_genl_ops[] = { | 1820 | static const struct genl_ops dp_datapath_genl_ops[] = { |
| 1816 | { .cmd = OVS_DP_CMD_NEW, | 1821 | { .cmd = OVS_DP_CMD_NEW, |
| 1822 | .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, | ||
| 1817 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ | 1823 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ |
| 1818 | .doit = ovs_dp_cmd_new | 1824 | .doit = ovs_dp_cmd_new |
| 1819 | }, | 1825 | }, |
| 1820 | { .cmd = OVS_DP_CMD_DEL, | 1826 | { .cmd = OVS_DP_CMD_DEL, |
| 1827 | .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, | ||
| 1821 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ | 1828 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ |
| 1822 | .doit = ovs_dp_cmd_del | 1829 | .doit = ovs_dp_cmd_del |
| 1823 | }, | 1830 | }, |
| 1824 | { .cmd = OVS_DP_CMD_GET, | 1831 | { .cmd = OVS_DP_CMD_GET, |
| 1832 | .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, | ||
| 1825 | .flags = 0, /* OK for unprivileged users. */ | 1833 | .flags = 0, /* OK for unprivileged users. */ |
| 1826 | .doit = ovs_dp_cmd_get, | 1834 | .doit = ovs_dp_cmd_get, |
| 1827 | .dumpit = ovs_dp_cmd_dump | 1835 | .dumpit = ovs_dp_cmd_dump |
| 1828 | }, | 1836 | }, |
| 1829 | { .cmd = OVS_DP_CMD_SET, | 1837 | { .cmd = OVS_DP_CMD_SET, |
| 1838 | .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, | ||
| 1830 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ | 1839 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ |
| 1831 | .doit = ovs_dp_cmd_set, | 1840 | .doit = ovs_dp_cmd_set, |
| 1832 | }, | 1841 | }, |
| @@ -2254,19 +2263,23 @@ static const struct nla_policy vport_policy[OVS_VPORT_ATTR_MAX + 1] = { | |||
| 2254 | 2263 | ||
| 2255 | static const struct genl_ops dp_vport_genl_ops[] = { | 2264 | static const struct genl_ops dp_vport_genl_ops[] = { |
| 2256 | { .cmd = OVS_VPORT_CMD_NEW, | 2265 | { .cmd = OVS_VPORT_CMD_NEW, |
| 2266 | .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, | ||
| 2257 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ | 2267 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ |
| 2258 | .doit = ovs_vport_cmd_new | 2268 | .doit = ovs_vport_cmd_new |
| 2259 | }, | 2269 | }, |
| 2260 | { .cmd = OVS_VPORT_CMD_DEL, | 2270 | { .cmd = OVS_VPORT_CMD_DEL, |
| 2271 | .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, | ||
| 2261 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ | 2272 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ |
| 2262 | .doit = ovs_vport_cmd_del | 2273 | .doit = ovs_vport_cmd_del |
| 2263 | }, | 2274 | }, |
| 2264 | { .cmd = OVS_VPORT_CMD_GET, | 2275 | { .cmd = OVS_VPORT_CMD_GET, |
| 2276 | .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, | ||
| 2265 | .flags = 0, /* OK for unprivileged users. */ | 2277 | .flags = 0, /* OK for unprivileged users. */ |
| 2266 | .doit = ovs_vport_cmd_get, | 2278 | .doit = ovs_vport_cmd_get, |
| 2267 | .dumpit = ovs_vport_cmd_dump | 2279 | .dumpit = ovs_vport_cmd_dump |
| 2268 | }, | 2280 | }, |
| 2269 | { .cmd = OVS_VPORT_CMD_SET, | 2281 | { .cmd = OVS_VPORT_CMD_SET, |
| 2282 | .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, | ||
| 2270 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ | 2283 | .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ |
| 2271 | .doit = ovs_vport_cmd_set, | 2284 | .doit = ovs_vport_cmd_set, |
| 2272 | }, | 2285 | }, |