diff mbox series

[3/6] net/tap: check interface name in kvargs

Message ID	20190111180659.5972-4-stephen@networkplumber.org (mailing list archive)
State	Superseded, archived
Headers	From: Stephen Hemminger <stephen@networkplumber.org> To: dev@dpdk.org Cc: Stephen Hemminger <stephen@networkplumber.org> Date: Fri, 11 Jan 2019 10:06:56 -0800 Message-Id: <20190111180659.5972-4-stephen@networkplumber.org> In-Reply-To: <20190111180659.5972-1-stephen@networkplumber.org> References: <20190111180659.5972-1-stephen@networkplumber.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH 3/6] net/tap: check interface name in kvargs Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	net/tap: fixes and cleanups \| [0/6] net/tap: fixes and cleanups [1/6] net/tap: use strlcpy for interface name [2/6] net/tap: allow full length names [3/6] net/tap: check interface name in kvargs [4/6] net/tap: lower the priority of log messages [5/6] net/tap: let kernel choose tun device name [6/6] net/tap: get rid of global tuntap_name

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK

Commit Message

Stephen Hemminger Jan. 11, 2019, 6:06 p.m. UTC

  If interface name is passed to remote or iface then check
the length and for invalid characters. This avoids problems where
name gets truncated or rejected by kernel.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 drivers/net/tap/rte_eth_tap.c | 37 +++++++++++++++++++++++++++++++----
 1 file changed, 33 insertions(+), 4 deletions(-)

Comments

Wiles, Keith Jan. 11, 2019, 7:37 p.m. UTC | #1

> On Jan 11, 2019, at 12:06 PM, Stephen Hemminger <stephen@networkplumber.org> wrote:
> 
> If interface name is passed to remote or iface then check
> the length and for invalid characters. This avoids problems where
> name gets truncated or rejected by kernel.
> 
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> ---
> drivers/net/tap/rte_eth_tap.c | 37 +++++++++++++++++++++++++++++++----
> 1 file changed, 33 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/net/tap/rte_eth_tap.c b/drivers/net/tap/rte_eth_tap.c
> index d7f77d664502..6a388eed0dd4 100644
> --- a/drivers/net/tap/rte_eth_tap.c
> +++ b/drivers/net/tap/rte_eth_tap.c
> @@ -37,6 +37,7 @@
> #include <linux/if_tun.h>
> #include <linux/if_ether.h>
> #include <fcntl.h>
> +#include <ctype.h>
> 
> #include <tap_rss.h>
> #include <rte_eth_tap.h>
> @@ -1884,6 +1885,23 @@ eth_dev_tap_create(struct rte_vdev_device *vdev, char *tap_name,
> 	return -EINVAL;
> }
> 
> +/* make sure name is a possible Linux network device name */
> +static bool is_valid_iface(const char *name)

I am sorry, but the function name must be on the next line as per the style. I know you do not like it, but that is what the style states.
> +{
> +	if (*name == '\0')
> +		return false;
> +
> +	if (strnlen(name, IFNAMSIZ) == IFNAMSIZ)
> +		return false;
> +
> +	while (*name) {
> +		if (*name == '/' || *name == ':' || isspace(*name))
> +			return false;
> +		name++;
> +	}
> +	return true;
> +}
> +
> static int
> set_interface_name(const char *key __rte_unused,
> 		   const char *value,
> @@ -1891,12 +1909,17 @@ set_interface_name(const char *key __rte_unused,
> {
> 	char *name = (char *)extra_args;
> 
> -	if (value)
> +	if (value) {
> +		if (!is_valid_iface(value)) {
> +			TAP_LOG(ERR, "TAP invalid remote interface name (%s)",
> +				value);
> +			return -1;
> +		}
> 		strlcpy(name, value, RTE_ETH_NAME_MAX_LEN);
> -	else
> +	} else {
> 		snprintf(name, RTE_ETH_NAME_MAX_LEN, "%s%d",
> 			 DEFAULT_TAP_NAME, tun_unit - 1);
> -
> +	}

This is also a one line else and the style states to remove the {}.
> 	return 0;
> }
> 
> @@ -1907,8 +1930,14 @@ set_remote_iface(const char *key __rte_unused,
> {
> 	char *name = (char *)extra_args;
> 
> -	if (value)
> +	if (value) {
> +		if (!is_valid_iface(value)) {
> +			TAP_LOG(ERR, "TAP invalid remote interface name (%s)",
> +				value);
> +			return -1;
> +		}
> 		strlcpy(name, value, RTE_ETH_NAME_MAX_LEN);
> +	}
> 
> 	return 0;
> }
> -- 
> 2.20.1
> 

I hate having to be the style police, but until we use something to validate the DPDK coding style (as I posted the uncrustify config last month) we have to keep the style the same or change the DPDK coding standard.

Regards,
Keith

Stephen Hemminger Jan. 11, 2019, 7:49 p.m. UTC | #2

On Fri, 11 Jan 2019 19:37:00 +0000
"Wiles, Keith" <keith.wiles@intel.com> wrote:

> > +/* make sure name is a possible Linux network device name */
> > +static bool is_valid_iface(const char *name)  
> 
> I am sorry, but the function name must be on the next line as per the style. I know you do not like it, but that is what the style states.

I am surprised because most of the DPDK follows kernel style.
And in kernel style one line is preferred if line is not too long.

Wiles, Keith Jan. 11, 2019, 7:50 p.m. UTC | #3

> On Jan 11, 2019, at 1:49 PM, Stephen Hemminger <stephen@networkplumber.org> wrote:
> 
> On Fri, 11 Jan 2019 19:37:00 +0000
> "Wiles, Keith" <keith.wiles@intel.com> wrote:
> 
>>> +/* make sure name is a possible Linux network device name */
>>> +static bool is_valid_iface(const char *name)  
>> 
>> I am sorry, but the function name must be on the next line as per the style. I know you do not like it, but that is what the style states.
> 
> I am surprised because most of the DPDK follows kernel style.
> And in kernel style one line is preferred if line is not too long.

Last time I looked at the DPDK coding style it is not the case. We do not really follow Linux coding style only started with it and made changes :-(

Regards,
Keith

Luse, Paul E Jan. 11, 2019, 10:20 p.m. UTC | #4

Thanks Jim!!

-from my iPhone 

> On Jan 11, 2019, at 11:37 AM, Wiles, Keith <keith.wiles@intel.com> wrote:
> 
> 
> 
>> On Jan 11, 2019, at 12:06 PM, Stephen Hemminger <stephen@networkplumber.org> wrote:
>> 
>> If interface name is passed to remote or iface then check
>> the length and for invalid characters. This avoids problems where
>> name gets truncated or rejected by kernel.
>> 
>> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
>> ---
>> drivers/net/tap/rte_eth_tap.c | 37 +++++++++++++++++++++++++++++++----
>> 1 file changed, 33 insertions(+), 4 deletions(-)
>> 
>> diff --git a/drivers/net/tap/rte_eth_tap.c b/drivers/net/tap/rte_eth_tap.c
>> index d7f77d664502..6a388eed0dd4 100644
>> --- a/drivers/net/tap/rte_eth_tap.c
>> +++ b/drivers/net/tap/rte_eth_tap.c
>> @@ -37,6 +37,7 @@
>> #include <linux/if_tun.h>
>> #include <linux/if_ether.h>
>> #include <fcntl.h>
>> +#include <ctype.h>
>> 
>> #include <tap_rss.h>
>> #include <rte_eth_tap.h>
>> @@ -1884,6 +1885,23 @@ eth_dev_tap_create(struct rte_vdev_device *vdev, char *tap_name,
>>    return -EINVAL;
>> }
>> 
>> +/* make sure name is a possible Linux network device name */
>> +static bool is_valid_iface(const char *name)
> 
> I am sorry, but the function name must be on the next line as per the style. I know you do not like it, but that is what the style states.
>> +{
>> +    if (*name == '\0')
>> +        return false;
>> +
>> +    if (strnlen(name, IFNAMSIZ) == IFNAMSIZ)
>> +        return false;
>> +
>> +    while (*name) {
>> +        if (*name == '/' || *name == ':' || isspace(*name))
>> +            return false;
>> +        name++;
>> +    }
>> +    return true;
>> +}
>> +
>> static int
>> set_interface_name(const char *key __rte_unused,
>>           const char *value,
>> @@ -1891,12 +1909,17 @@ set_interface_name(const char *key __rte_unused,
>> {
>>    char *name = (char *)extra_args;
>> 
>> -    if (value)
>> +    if (value) {
>> +        if (!is_valid_iface(value)) {
>> +            TAP_LOG(ERR, "TAP invalid remote interface name (%s)",
>> +                value);
>> +            return -1;
>> +        }
>>        strlcpy(name, value, RTE_ETH_NAME_MAX_LEN);
>> -    else
>> +    } else {
>>        snprintf(name, RTE_ETH_NAME_MAX_LEN, "%s%d",
>>             DEFAULT_TAP_NAME, tun_unit - 1);
>> -
>> +    }
> 
> This is also a one line else and the style states to remove the {}.
>>    return 0;
>> }
>> 
>> @@ -1907,8 +1930,14 @@ set_remote_iface(const char *key __rte_unused,
>> {
>>    char *name = (char *)extra_args;
>> 
>> -    if (value)
>> +    if (value) {
>> +        if (!is_valid_iface(value)) {
>> +            TAP_LOG(ERR, "TAP invalid remote interface name (%s)",
>> +                value);
>> +            return -1;
>> +        }
>>        strlcpy(name, value, RTE_ETH_NAME_MAX_LEN);
>> +    }
>> 
>>    return 0;
>> }
>> -- 
>> 2.20.1
>> 
> 
> I hate having to be the style police, but until we use something to validate the DPDK coding style (as I posted the uncrustify config last month) we have to keep the style the same or change the DPDK coding standard.
> 
> Regards,
> Keith
>

Thomas Monjalon Jan. 15, 2019, 2:01 a.m. UTC | #5

11/01/2019 20:50, Wiles, Keith:
> 
> > On Jan 11, 2019, at 1:49 PM, Stephen Hemminger <stephen@networkplumber.org> wrote:
> > 
> > On Fri, 11 Jan 2019 19:37:00 +0000
> > "Wiles, Keith" <keith.wiles@intel.com> wrote:
> > 
> >>> +/* make sure name is a possible Linux network device name */
> >>> +static bool is_valid_iface(const char *name)  
> >> 
> >> I am sorry, but the function name must be on the next line as per the style. I know you do not like it, but that is what the style states.
> > 
> > I am surprised because most of the DPDK follows kernel style.
> > And in kernel style one line is preferred if line is not too long.
> 
> Last time I looked at the DPDK coding style it is not the case. We do not really follow Linux coding style only started with it and made changes :-(

Not really. The original code style is borrowed from FreeBSD:
	https://www.freebsd.org/cgi/man.cgi?query=style&sektion=9

diff mbox series

Patch

diff --git a/drivers/net/tap/rte_eth_tap.c b/drivers/net/tap/rte_eth_tap.c
index d7f77d664502..6a388eed0dd4 100644
--- a/drivers/net/tap/rte_eth_tap.c
+++ b/drivers/net/tap/rte_eth_tap.c
@@ -37,6 +37,7 @@ 
 #include <linux/if_tun.h>
 #include <linux/if_ether.h>
 #include <fcntl.h>
+#include <ctype.h>
 
 #include <tap_rss.h>
 #include <rte_eth_tap.h>
@@ -1884,6 +1885,23 @@  eth_dev_tap_create(struct rte_vdev_device *vdev, char *tap_name,
 	return -EINVAL;
 }
 
+/* make sure name is a possible Linux network device name */
+static bool is_valid_iface(const char *name)
+{
+	if (*name == '\0')
+		return false;
+
+	if (strnlen(name, IFNAMSIZ) == IFNAMSIZ)
+		return false;
+
+	while (*name) {
+		if (*name == '/' || *name == ':' || isspace(*name))
+			return false;
+		name++;
+	}
+	return true;
+}
+
 static int
 set_interface_name(const char *key __rte_unused,
 		   const char *value,
@@ -1891,12 +1909,17 @@  set_interface_name(const char *key __rte_unused,
 {
 	char *name = (char *)extra_args;
 
-	if (value)
+	if (value) {
+		if (!is_valid_iface(value)) {
+			TAP_LOG(ERR, "TAP invalid remote interface name (%s)",
+				value);
+			return -1;
+		}
 		strlcpy(name, value, RTE_ETH_NAME_MAX_LEN);
-	else
+	} else {
 		snprintf(name, RTE_ETH_NAME_MAX_LEN, "%s%d",
 			 DEFAULT_TAP_NAME, tun_unit - 1);
-
+	}
 	return 0;
 }
 
@@ -1907,8 +1930,14 @@  set_remote_iface(const char *key __rte_unused,
 {
 	char *name = (char *)extra_args;
 
-	if (value)
+	if (value) {
+		if (!is_valid_iface(value)) {
+			TAP_LOG(ERR, "TAP invalid remote interface name (%s)",
+				value);
+			return -1;
+		}
 		strlcpy(name, value, RTE_ETH_NAME_MAX_LEN);
+	}
 
 	return 0;
 }