On Fri, Jan 27, 2017 at 4:58 PM, Sowmini Varadhan <sowmini.varad...@oracle.com> wrote: > On (01/27/17 15:51), Willem de Bruijn wrote: > : >> - limit capable() check to drivers with with .validate callback > (aka second option below) > : >> - let privileged applications shoot themselves in the foot (change nothing). > >> The second will break variable length header protocols unless >> you exhaustively search for all variable length protocols and add >> validate callbacks first. > > other than ax25, are there variable length header protocols out there > without ->validate, and which need the CAP_RAW_SYSIO branch?
I don't know. An exhaustive search of protocols (by header_ops) may be needed to say for sure. If there are none, then the solution indeed is quite simple. > I realize that, to an extent, even ethernet is a protocol whose > header is > 14 with vlan, but from the google search, seems like it > was mostly ax25 that really triggered a large part of the check. > > If we think that there are a large number of these (that dont have a > ->validate, to fix up things as desired) I'd just go for the "change > nothing in pf_packet" option. > > As I found out many drivers like ixgbe and sunvnet have defensive checks > in the Tx path anyway, and xen_netfront can also join that group with > a few simple checks. Okay. I suspect that there are few, if any. But this is fragile code.
