Fri, Jul 28, 2017 at 03:41:44PM CEST, j...@mojatatu.com wrote:
>On 17-07-25 08:37 AM, Jiri Pirko wrote:
>> Tue, Jul 25, 2017 at 02:34:58PM CEST, j...@mojatatu.com wrote:
>> > On 17-07-25 07:33 AM, Jiri Pirko wrote:
>> > > Tue, Jul 25, 2017 at 01:22:44PM CEST, j...@mojatatu.com wrote:
>
>[..]
>> > > What if I pass val 0x1 and selector 0x0 from userspace. I don't have the
>> > > bit selected, so you should not process it in kernel, no?
>> > >
>> >
>> > Yes, valid point. I am not sure - should we reject?
>>
>> I think that the validation might check this and reject. Makes sense to
>> me.
>>
>
>How does this look? I havent tested it but covers all angles
Looks like a big mess to be honest. Mixing up u32* u32 void*. I don't
understand ****. Would be probably good to first apply my review comment
on the function itselt, then to add the checks :)
>I can think of.
>
>static int validate_nla_bitfield32(const struct nlattr *nla,
> void *valid_flags_allowed)
>{
> const struct nla_bitfield32 *bf = nla_data(nla);
> u32 *valid_flags_mask = valid_flags_allowed;
>
> if (!valid_flags_allowed)
> return -EINVAL;
> /*disallow invalid selector */
> if ((bf->selector & valid_flags_allowed) >*valid_flags_allowed)
> return -EINVAL;
> /*disallow invalid bit values */
> if (bf->value & ~*valid_flags_mask)
> return -EINVAL;
> /*disallow valid bit values that are not selected*/
> if (bf->value & ~nbf->selector)
> return -EINVAL;
>
> return 0;
>}
>
>cheers,
>jamal
