From: Jamal Hadi Salim <j...@mojatatu.com> Date: Thu, 20 Apr 2017 13:38:14 -0400
> On 17-04-20 11:50 AM, David Miller wrote: >> From: Jamal Hadi Salim <j...@mojatatu.com> >> Date: Thu, 20 Apr 2017 09:27:00 -0400 >> >>> The issue Jiri is bringing up is unrelated. He is talking about >>> a bitmap and conflating it with a data structure. They are not >>> the same issue. >> >> Bitmaps can have the same exact problem as padding if we didn't code >> it correctly. >> >> The issue is _purely_, "did we check unused 'fields' and enforce them >> to be a certain value" >> >> If not, we lose, and can't use those "fields" in the future. >> >> This rule applies whether you are speaking about padding or a bitmask. >> > > There are no examples of such issues with bitmasks encapsulated in > TLVs > that exist. > I grep iproute2 code and there are tons of example of bitmask flags > being sent in TLVs. They all start with: > > u64/32/16 mybitflags = 0; > > if i want foo then > mybitflags |= BRIDGE_FLAGS_SELF; > if i want bar then > mybitflags |= xxxx > > addattr16/32/64(&req.n, sizeof(req), ATTR_XXX, mybitflags); > > It does not make much sense to have a TLV for each of these > bits when i can fit a bunch of them in u16/32/64. I have not ruled out bitmasks. I'm only saying that the kernel must properly reject bits it doesn't recognize when they are set. Each bit must have a strict semantic, even unused ones, otherwise unused ones may never safely be used in the future.
