On Wed, 2018-09-12 at 10:16 +0200, Michal Kubecek wrote: > On Wed, Sep 12, 2018 at 09:32:45AM +0200, Johannes Berg wrote: > > From: Johannes Berg <johannes.berg@xxxxxxxxx> > > > > In some situations some netlink attributes may be used for output > > only (kernel->userspace) or may be reserved for future use. It's > > then helpful to be able to prevent userspace from using them in > > messages sent to the kernel, since they'd otherwise be ignored and > > any future will become impossible if this happens. > > > > Add NLA_REJECT to the policy which does nothing but reject (with > > EINVAL) validation of any messages containing this attribute. > > > > The specific case I have in mind now is a shared nested attribute > > containing request/response data, and it would be pointless and > > potentially confusing to have userspace include response data in > > the messages that actually contain a request. > > I find this feature very useful. Actually, I was a bit surprised when > I found I can't mark an attribute "forbidden" using policy. :-) > IMHO it would be even nicer if one could also specify an error message > to use in extack if NLA_REJECT is applied; the easiest way would be > using .validation_data and passing extack to validate_nla() but I'm not > sure if it wouldn't qualify as an abuse. I think it's fine - validation data is by nature validation type dependent, so we can document it here. I'll send a v2. johannes
