From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH v4] af_netlink: ensure that NLMSG_DONE never fails in dumps Date: Sat, 11 Nov 2017 23:21:01 +0900 (KST) Message-ID: <20171111.232101.352298023245450121.davem@davemloft.net> References: <20171109040444.1728-1-Jason@zx2c4.com> <20171111.230924.412544731735070222.davem@davemloft.net> <1510409721.12037.3.camel@sipsolutions.net> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Jason@zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org To: johannes@sipsolutions.net Return-path: In-Reply-To: <1510409721.12037.3.camel@sipsolutions.net> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org From: Johannes Berg Date: Sat, 11 Nov 2017 15:15:21 +0100 > On Sat, 2017-11-11 at 23:09 +0900, David Miller wrote: >> From: "Jason A. Donenfeld" >> Date: Thu, 9 Nov 2017 13:04:44 +0900 >> >> > @@ -2195,13 +2197,15 @@ static int netlink_dump(struct sock *sk) >> > return 0; >> > } >> > >> > - nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, sizeof(len), NLM_F_MULTI); >> > - if (!nlh) >> > + nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, >> > + sizeof(nlk->dump_done_errno), NLM_F_MULTI); >> > + if (WARN_ON(!nlh)) >> > goto errout_skb; >> >> If you're handling this by forcing another read() to procude the >> NLMSG_DONE, then you have no reason to WARN_ON() here. >> >> In fact you are adding a WARN_ON() which is trivially triggerable by >> any user. > > I added this in my suggestion for how this could work, but I don't > think you're right, since we previously check if there's enough space. > The patch is missing the full context, but this is: ... > So unless the nlmsg_total_size() vs. nlmsg_put_answer() suddenly gets a > different idea of how much space is needed, nlh shouldn't ever be NULL > once we get here. Aha, that's what I missed. Indeed, it cannot happen. My bad.