wireguard: netlink: use NLA_POLICY_MASK where possible

Rather than manually validating flags against the various __ALL_*
constants, put this in the netlink policy description and have the upper
layer machinery check it for us.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://patch.msgid.link/20250521212707.1767879-4-Jason@zx2c4.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c
index f7055180ba4aab5a0952357a334217e3cd6af078..bbb1a7fe1c57205401d80f4a8b975f9683539340 100644 (file)
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -24,7 +24,7 @@ static const struct nla_policy device_policy[WGDEVICE_A_MAX + 1] = {
        [WGDEVICE_A_IFNAME]             = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
        [WGDEVICE_A_PRIVATE_KEY]        = NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN),
        [WGDEVICE_A_PUBLIC_KEY]         = NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN),
-       [WGDEVICE_A_FLAGS]              = { .type = NLA_U32 },
+       [WGDEVICE_A_FLAGS]              = NLA_POLICY_MASK(NLA_U32, __WGDEVICE_F_ALL),
        [WGDEVICE_A_LISTEN_PORT]        = { .type = NLA_U16 },
        [WGDEVICE_A_FWMARK]             = { .type = NLA_U32 },
        [WGDEVICE_A_PEERS]              = { .type = NLA_NESTED }
@@ -33,7 +33,7 @@ static const struct nla_policy device_policy[WGDEVICE_A_MAX + 1] = {
 static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] = {
        [WGPEER_A_PUBLIC_KEY]                           = NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN),
        [WGPEER_A_PRESHARED_KEY]                        = NLA_POLICY_EXACT_LEN(NOISE_SYMMETRIC_KEY_LEN),
-       [WGPEER_A_FLAGS]                                = { .type = NLA_U32 },
+       [WGPEER_A_FLAGS]                                = NLA_POLICY_MASK(NLA_U32, __WGPEER_F_ALL),
        [WGPEER_A_ENDPOINT]                             = NLA_POLICY_MIN_LEN(sizeof(struct sockaddr)),
        [WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL]        = { .type = NLA_U16 },
        [WGPEER_A_LAST_HANDSHAKE_TIME]                  = NLA_POLICY_EXACT_LEN(sizeof(struct __kernel_timespec)),
@@ -373,9 +373,6 @@ static int set_peer(struct wg_device *wg, struct nlattr **attrs)
 
        if (attrs[WGPEER_A_FLAGS])
                flags = nla_get_u32(attrs[WGPEER_A_FLAGS]);
-       ret = -EOPNOTSUPP;
-       if (flags & ~__WGPEER_F_ALL)
-               goto out;
 
        ret = -EPFNOSUPPORT;
        if (attrs[WGPEER_A_PROTOCOL_VERSION]) {
@@ -506,9 +503,6 @@ static int wg_set_device(struct sk_buff *skb, struct genl_info *info)
 
        if (info->attrs[WGDEVICE_A_FLAGS])
                flags = nla_get_u32(info->attrs[WGDEVICE_A_FLAGS]);
-       ret = -EOPNOTSUPP;
-       if (flags & ~__WGDEVICE_F_ALL)
-               goto out;
 
        if (info->attrs[WGDEVICE_A_LISTEN_PORT] || info->attrs[WGDEVICE_A_FWMARK]) {
                struct net *net;