From nobody Thu Apr  2 01:08:59 2026
Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com
 [209.85.214.174])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id AE44928468E
	for <linux-kernel@vger.kernel.org>; Tue, 31 Mar 2026 03:57:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.174
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1774929428; cv=none;
 b=RPtThBf6Ld7QVRG1XiVCsItu6ZikvVEKYCfYd3TSLA/NjGOzB24/G5rNJC9s5qF41LOIxqyOFEfkdb6GOSvM8TtjhZ50lw2vR1vh49vsUcjOor1tMJwillX34KIBjyatdOngYCUWmYp/mUhAP4jrMWmWpWQnPbbzNXaiFgXEaBc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1774929428; c=relaxed/simple;
	bh=MKlnOkMzX+oq1WW0maV3Su1eTE5/Q6WgY2md3Hs/x2k=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:
	 In-Reply-To:To:Cc;
 b=Nr1gF4d3hVwN4eYlXqRtVsaK3EyPkSDOUsLTnnpeSHoZEDiNrdZp8MaiYRFaVDCnBis/hZYcpmKrb3CNNhZIy2kQUqH2zXmVINWXnk5O/aSr8sMJN7EQOX9d2SA8Pt8WyLMQVkBULxrV+CzUzwS1oO43mW3FGBldplcH4b0cJk8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=Sj20Yv4V; arc=none smtp.client-ip=209.85.214.174
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="Sj20Yv4V"
Received: by mail-pl1-f174.google.com with SMTP id
 d9443c01a7336-2b24fede2acso12415715ad.3
        for <linux-kernel@vger.kernel.org>;
 Mon, 30 Mar 2026 20:57:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1774929427; x=1775534227;
 darn=vger.kernel.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=XqQrrFc2/Gtic83J7TRLhKhXWW3jOenRMDXaQ79Hua4=;
        b=Sj20Yv4V/5L3DMaRt3mHC94faIpMJDaXNTRaSMsLxmgUqrh+ifiRwNf6Its2ndvXza
         NMNv/d4Sv1+QZzCjjd/O1jYmgiNiBKaLyejEzC7BiUAppB+rItiin48cBdNav6YIeD5P
         zLfwiZKOYC7aBThN3igokIMLq9yq1y7J2tIdpLWLHCbnPFN9BJ1QKIQT5fJhA1Jv73qg
         mQq6YDyKzE4ME0FvsiHC9e6x1hf+CWnr/j1j12UnoTgs0ATAdT3PvWpDGz1S3u3QdTYJ
         WKaUOgdyYCVD+gAj1JesFpeIq0VZuXfR2n8BVK/P/ysQwNveE0F0UeoBTJFd2Hfoo93e
         IrSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774929427; x=1775534227;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=XqQrrFc2/Gtic83J7TRLhKhXWW3jOenRMDXaQ79Hua4=;
        b=Gk/Z0bxgK99ofCvam2jcVLiQ5sfNVBPkDMrMKhMukrj/k+FadRDweQjbiHL9ShoLAy
         O3xi9WEzE0dx7WgLtiz4TseAtshaQ6K9UlLoUgNWCBayAQN38NOTUnwf0hQiP+a6s4N9
         nygYwfmRiBac+4bJ+s9YUMdJmy3npiBrGrG0ZXhYM8RFLzOXhJfB5Y2//doieVobnLW/
         mAP/U7yIpdN67ifkJDUMLM1Bmx07q+FV1ZrWLT6HAeV9aujVFifsIa1Khp9T71RswPbe
         ewn4fZiG3NAEAFxxaZE7I7r6LFhmAEnrCtE0xPPD559cGrDGpCseU2Ql91zgNPP9WPtL
         y7DQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCVWYU4RUdmsEr8Lt5eAwMilCQlA+xGYkH/AJ++Ksbb/sGLT2oPCRpHPM6eJqf9Q81AAKjm7ulZRQRwsgVc=@vger.kernel.org
X-Gm-Message-State: AOJu0YwYL5hySSX9i7ELsYIHVGc6N4UYKfSBJJ+MPuzdq4KGbiqOKIbg
	U6IXuA03Aqdc9Qclj+57L56+V49fXGrjfirBQg8x+xktIIZkBk95AdoQSpq82uTY84wDWw==
X-Gm-Gg: ATEYQzwNtL1ta+3NGEkSMxkaHQ3ICrKy9w2QJulZvcr/mfPDDx3nyLedkJNvH6icJZv
	JJDQsyQN0jkWACO1pAV6yt1hWWUJ/MgtlLnJtvSE3+PBGFV164zDIG3Wwqlvh4LIrjbcSYBtFoi
	/83WwhH1f3On9o7ZzsPU+m5fldAVg8FB3LdX2bn9S4H5NDlvh8ef9SfVm3Z/T41LEYcHNyJhgaA
	1f6MKKcg7+eViydEprrkLBsKnSRqusEnGrZ3088LIbcxDZPU0wegPFj4h3NOTv06KrglCe0L3RE
	5fayoNK2OQHIggRU5+41MXDopeQsPiEc61JV2gFC9bQId2cOHcaMrKXLOwGHDVtXXSgUVYNGgPv
	DlNxYg7y3L+2kbLhaT11AaUXr/ZcOIqGn8j+uL4S/JALWE+fpxkLZzRMpn5Hj/qckYZcsD5etdF
	uy85ACl9YPr7jfmOXHJUTw+IeO7KSlwOptGVjL+wcsh/sGQdngWCug7Jua+uRxsOWOapuz4NrPP
	ffNEIoX9/vv7zn5Jxwe1wevGXxxKKDjJoIEuGKrNHWCjDbYG/U=
X-Received: by 2002:a17:902:e54f:b0:2b0:65b8:b5b4 with SMTP id
 d9443c01a7336-2b0cdd830d7mr150042965ad.39.1774929426743;
        Mon, 30 Mar 2026 20:57:06 -0700 (PDT)
Received: from
 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
 ([240e:34c:5765:500:c92f:4f4e:9953:45b7])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2b24266e487sm94680625ad.24.2026.03.30.20.56.58
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 30 Mar 2026 20:57:06 -0700 (PDT)
From: Hangbin Liu <liuhangbin@gmail.com>
Date: Tue, 31 Mar 2026 11:56:14 +0800
Subject: [PATCH net-next 4/4] netlink: warn on nla_len overflow in
 nla_nest_end()
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20260331-b4-ynl_ethtool-v1-4-dda2a9b55df8@gmail.com>
References: <20260331-b4-ynl_ethtool-v1-0-dda2a9b55df8@gmail.com>
In-Reply-To: <20260331-b4-ynl_ethtool-v1-0-dda2a9b55df8@gmail.com>
To: Donald Hunter <donald.hunter@gmail.com>,
 Jakub Kicinski <kuba@kernel.org>, "David S. Miller" <davem@davemloft.net>,
 Eric Dumazet <edumazet@google.com>, Paolo Abeni <pabeni@redhat.com>,
 Simon Horman <horms@kernel.org>, Andrew Lunn <andrew@lunn.ch>
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
 Hangbin Liu <liuhangbin@gmail.com>
X-Mailer: b4 0.14.3

The nla_len field in struct nlattr is a __u16, which can only hold
values up to 65535. If a nested attribute grows beyond this limit,
nla_nest_end() silently truncates the length, producing a corrupted
netlink message with no indication of the problem.

Since this is unlikely to happen, to avoid unnecessary checking every
time on the production system, add a DEBUG_NET_WARN_ON_ONCE() before
the assignment to make this overflow visible in the debug kernel log.

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
 include/net/netlink.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/net/netlink.h b/include/net/netlink.h
index 1a8356ca4b78..00ea52dc08c4 100644
--- a/include/net/netlink.h
+++ b/include/net/netlink.h
@@ -2260,6 +2260,7 @@ static inline struct nlattr *nla_nest_start(struct sk=
_buff *skb, int attrtype)
  */
 static inline int nla_nest_end(struct sk_buff *skb, struct nlattr *start)
 {
+	DEBUG_NET_WARN_ON_ONCE(skb_tail_pointer(skb) - (unsigned char *)start > U=
16_MAX);
 	start->nla_len =3D skb_tail_pointer(skb) - (unsigned char *)start;
 	return skb->len;
 }

--=20
Git-155)