On Wed, 2020-04-29 at 11:10 -0700, Jakub Kicinski wrote:
> > +static int nla_validate_int_range_unsigned(const struct nla_policy *pt,
> > + const struct nlattr *nla,
> > + struct netlink_ext_ack *extack)
> > {
> > - bool validate_min, validate_max;
> > - s64 value;
> > + struct netlink_range_validation _range = {
> > + .min = 0,
> > + .max = U64_MAX,
> > + }, *range = &_range;
> > + u64 value;
> >
> > - validate_min = pt->validation_type == NLA_VALIDATE_RANGE ||
> > - pt->validation_type == NLA_VALIDATE_MIN;
> > - validate_max = pt->validation_type == NLA_VALIDATE_RANGE ||
> > - pt->validation_type == NLA_VALIDATE_MAX;
> > + WARN_ON_ONCE(pt->min < 0 || pt->max < 0);
>
> I'm probably missing something, but in case of NLA_VALIDATE_RANGE_PTR
> aren't min and max invalid (union has the range pointer set, so this
> will read 2 bytes of the pointer).
No, you're right of course. It's reading 4 bytes, actually, they're both
s16. Which I did because that's the maximum range that doesn't increase
the size on 32-bit.
I could move it into the switch, but, hm.. the unused ones (min/max if
only one is used) should be 0, so I guess just
WARN_ON_ONCE(pt->validation_type != NLA_VALIDATE_RANGE_PTR &&
(pt->min < 0 || pt->max < 0));
will be fine.
Thanks!
johannes
