On Mon, 2020-10-05 at 21:53 +0200, Johannes Berg wrote:
> On Mon, 2020-10-05 at 12:40 -0700, Jakub Kicinski wrote:
>
> > > I would totally support doing that here in the general validation code,
> > > but (again) don't really think NLMSGERR_ATTR_COOKIE is an appropriate
> > > attribute for it.
> >
> > Hm. Perhaps we can do a partial policy dump into the extack?
>
> Hm. I like that idea.
>
> If we have NLMSGERR_ATTR_OFFS we could accompany that with the sub-
> policy for that particular attribute, something like
>
> [NLMSGERR_ATTR_POLICY] = nested {
> [NL_POLICY_TYPE_ATTR_TYPE] = ...
> [NL_POLICY_TYPE_ATTR_MASK] = ...
> }
>
> which we could basically do by factoring out the inner portion of
> netlink_policy_dump_write():
>
> attr = nla_nest_start(skb, state->attr_idx);
> if (!attr)
> goto nla_put_failure;
> ...
> nla_nest_end(skb, attr);
>
> from there into a separate function, give it the pt and the nested
> attribute (what's "state->attr_idx" here) as arguments, and then we call
> it with NLMSGERR_ATTR_POLICY from here, and with "state->attr_idx" from
> netlink_policy_dump_write() :-)
>
> Nice, easy & useful, maybe I'll code it up tomorrow.
OK I thought about it a bit more and looked at the code, and it's not
actually possible to do easily right now, because we can't actually
point to the bad attribute from the general lib/nlattr.c code ...
Why? Because we don't know right now, e.g. for nla_validate(), where in
the message we started validation, i.e. the offset of the "head" inside
the particular message.
For nlmsg_parse() and friends that's a bit easier, but it needs more
rejiggering than I'm willing to do tonight ;)
johannes
