Re: [RFC PATCH net-next 2/2] net: dcb: add new apptrust attribute

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Petr Machata <petrm@nvidia•com>
To: <Daniel.Machon@microchip•com>
Cc: <petrm@nvidia•com>, <netdev@vger•kernel.org>,
	<Allan.Nielsen@microchip•com>, <UNGLinuxDriver@microchip•com>,
	<maxime.chevallier@bootlin•com>, <vladimir.oltean@nxp•com>,
	<kuba@kernel•org>, <vinicius.gomes@intel•com>,
	<thomas.petazzoni@bootlin•com>
Subject: Re: [RFC PATCH net-next 2/2] net: dcb: add new apptrust attribute
Date: Tue, 13 Sep 2022 13:25:07 +0200	[thread overview]
Message-ID: <87sfkvcubi.fsf@nvidia.com> (raw)
In-Reply-To: <YyBI/tF5x+3OE2dB@DEN-LT-70577>


<Daniel.Machon@microchip•com> writes:
>
> Petr Machata <petrm@nvidia•com> writes:
>>
>> But of course this will never get anywhere close to that. We will end up
>> passing maybe one, two entries. So the UAPI seems excessive in how it
>> hands around this large array.
>> 
>> I wonder if it would be better to make the DCB_ATTR_IEEE_APP_TABLE
>> payload be an array of bytes, each byte a selector? Or something similar
>> to DCB_ATTR_IEEE_APP_TABLE / DCB_ATTR_IEEE_APP, a nest and an array of
>> payload attributes?
>
> Hmm. It might seem excessive, but a quick few thoughts on your proposed solution:
>   - We need more code to define and parse the new DCB_ATTR_IEEE_APP_TRUST_TABLE /
>     DCB_ATTR_IEEE_APP_TRUST attributes.

Yes, a bit. But it's not too bad IMHO. Am I forgetting something here?

	u8 selectors[256];
	int nselectors;
	int rem;

	nla_for_each_nested(attr, ieee[DCB_ATTR_DCB_APP_TRUST_TABLE], rem) {
		if (nla_type(attr) != DCB_ATTR_DCB_APP_TRUST ||
		    nla_len(attr) != 1 ||
		    nselectors >= sizeof(selectors)) {
			err = -EINVAL;
			goto err;
		}

		selectors[nselectors++] = nla_get_u8(attr);
	}

... and you have reconstructed the array.

>   - If the selectors are passed individually to the driver, we need a 
>     dcbnl_delapptrust(), because now, the driver have to add and del from the
>     driver maintained array. You could of course accumulate selectors in an array
>     before passing them to the driver, but then why go away from the array in the
>     first place.

I have no problem with using an array for the in-kernel API. There it's
easy to change. UAPI can't ever change.

>> > +             struct ieee_apptrust *trust =
>> > +                     nla_data(ieee[DCB_ATTR_IEEE_APP_TRUST]);
>> 
>> Besides invoking the OP, this should validate the payload. E.g. no
>> driver is supposed to accept trust policies that contain invalid
>> selectors. Pretty sure there's no value in repeated entries either.
>
> Validation (bogus input and unique selectors) is done in userspace (dcb-apptrust).

Using iproute2 dcb is not mandatory, the UAPI is client-agnostic. The
kernel needs to bounce bogons as well. Otherwise they will become part
of the UAPI with the meaning "this doesn't do anything".

And yeah, drivers will validate supported configurations. But still the
requests that go to the driver should already be sanitized, so that the
driver code doesn't need to worry about this.

next prev parent reply	other threads:[~2022-09-13 12:51 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-08 12:04 [RFC PATCH net-next 0/2] Add PCP selector and new APPTRUST attribute Daniel Machon
2022-09-08 12:04 ` [RFC PATCH net-next 1/2] net: dcb: add new pcp selector to app object Daniel Machon
2022-09-12 16:15   ` Petr Machata
2022-09-13  6:33     ` Daniel.Machon
2022-09-08 12:04 ` [RFC PATCH net-next 2/2] net: dcb: add new apptrust attribute Daniel Machon
2022-09-09 12:29   ` Vladimir Oltean
2022-09-12  7:03     ` Daniel.Machon
2022-09-12 16:30       ` Petr Machata
2022-09-12 17:16         ` Vladimir Oltean
2022-09-12 14:31   ` Petr Machata
2022-09-13  9:01     ` Daniel.Machon
2022-09-13 11:25       ` Petr Machata [this message]
2022-09-13 19:22         ` Daniel.Machon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87sfkvcubi.fsf@nvidia.com \
    --to=petrm@nvidia$(echo .)com \
    --cc=Allan.Nielsen@microchip$(echo .)com \
    --cc=Daniel.Machon@microchip$(echo .)com \
    --cc=UNGLinuxDriver@microchip$(echo .)com \
    --cc=kuba@kernel$(echo .)org \
    --cc=maxime.chevallier@bootlin$(echo .)com \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=thomas.petazzoni@bootlin$(echo .)com \
    --cc=vinicius.gomes@intel$(echo .)com \
    --cc=vladimir.oltean@nxp$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox