On Thu, 21 Nov 2019 21:41:13 +0100 Florian Westphal <fw@xxxxxxxxx> wrote: > Yes, exactly, we should only reject what either > 1. would crash kernel > 2. makes obviously no sense (missing or contradiction attributes). > > anything more than that isn't needed. > > > We could opt to be stricter indeed, by checking that a single netlink > > batch contains a corresponding number of start and end elements. This > > can't be done by the insert function though, we don't have enough > > context there. > > Yes. If such 'single element with no end interval' can't happen or > won't cause any problems then no action is needed. Yeah, I don't expect that to cause any problem. I don't have a kselftest or nft test for it, because that would require nft to send invalid elements, so I only tested those two cases manually. The nastiest thing I could come up with was start > end, and it's now covered by: if (memcmp(start, end, f->groups / NFT_PIPAPO_GROUPS_PER_BYTE) > 0) return -EINVAL; while: - start == end is allowed, explicitly handled below - end without any previous start (somewhat) correctly maps to < 0 > to end - start without end won't trigger any insertion -- Stefano
