Netdev Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: Xie He <xie.he.0141@gmail.com>
Cc: Willem de Bruijn <willemdebruijn.kernel@gmail.com>,
Eric Dumazet <eric.dumazet@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Linux Kernel Network Developers <netdev@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: Question about dev_validate_header used in af_packet.c
Date: Tue, 8 Sep 2020 13:52:38 +0200 [thread overview]
Message-ID: <CA+FuTSfgxt6uqcxy=wnOXo8HxMJ3J0HAqQNiDJBLCs22Ukb_gQ@mail.gmail.com> (raw)
In-Reply-To: <CAJht_EN7SXAex-1W49eY7q5p2UqLYvXA8D6hptJGquXdJULLcA@mail.gmail.com>
On Tue, Sep 8, 2020 at 1:04 PM Xie He <xie.he.0141@gmail.com> wrote:
>
> On Tue, Sep 8, 2020 at 1:41 AM Willem de Bruijn
> <willemdebruijn.kernel@gmail.com> wrote:
> >
> > The intent is to bypass such validation to be able to test device
> > drivers. Note that removing that may cause someone's test to start
> > failing.
> >
> > > So there's no point in
> > > keeping the ability to test this, either.
> >
> > I don't disagree in principle, but do note the failing tests. Bar any
> > strong reasons for change, I'd leave as is.
>
> OK. I got what you mean. You don't want to make people's test cases fail.
>
> I was recently looking at some drivers, and I felt that if af_packet.c
> could help me filter out the invalid RAW frames, I didn't need to
> check the validity of the frames myself (in the driver when
> transmitting). But now I guess I still need to check that.
>
> I feel this makes the dev_validate_header's variable-length header
> check not very useful, because drivers need to do this check again
> (when transmitting) anyway.
>
> I was thinking, after I saw dev_validate_header, that we could
> eventually make it completely take over the responsibility for a
> driver to validate the header when transmitting RAW frames. But now it
> seems we would not be able to do this.
Agreed. As is, it is mainly useful to block users who are ns_capable,
but not capable.
A third option is to move it behind a sysctl (with static_branch). Your
point is valid that there really is no need for testing of drivers against
bad packets if the data is validated directly on kernel entry.
next prev parent reply other threads:[~2020-09-08 11:56 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-05 22:24 Question about dev_validate_header used in af_packet.c Xie He
2020-09-05 23:20 ` Xie He
2020-09-07 9:05 ` Willem de Bruijn
2020-09-07 21:16 ` Xie He
2020-09-08 8:40 ` Willem de Bruijn
2020-09-08 11:00 ` Xie He
2020-09-08 11:52 ` Willem de Bruijn [this message]
2020-09-08 12:45 ` Xie He
2020-09-08 17:08 ` Willem de Bruijn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+FuTSfgxt6uqcxy=wnOXo8HxMJ3J0HAqQNiDJBLCs22Ukb_gQ@mail.gmail.com' \
--to=willemdebruijn.kernel@gmail.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=xie.he.0141@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).