* [PATCH 6.18.y] net: mctp: ensure our nlmsg responses are initialised
@ 2026-06-02 7:34 Li hongliang
2026-06-02 18:21 ` Sasha Levin
0 siblings, 1 reply; 2+ messages in thread
From: Li hongliang @ 2026-06-02 7:34 UTC (permalink / raw)
To: gregkh, stable, jk
Cc: patches, linux-kernel, matt, davem, edumazet, kuba, pabeni, horms,
netdev
From: Jeremy Kerr <jk@codeconstruct.com.au>
[ Upstream commit a6a9bc544b675d8b5180f2718ec985ad267b5cbf ]
Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from
DEVCORE Research Team working with Trend Micro Zero Day Initiative
report that a RTM_GETNEIGH will return uninitalised data in the pad
bytes of the ndmsg data.
Ensure we're initialising the netlink data to zero, in the link, addr
and neigh response messages.
Fixes: 831119f88781 ("mctp: Add neighbour netlink interface")
Fixes: 06d2f4c583a7 ("mctp: Add netlink route management")
Fixes: 583be982d934 ("mctp: Add device handling and netlink interface")
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20260209-dev-mctp-nlmsg-v1-1-f1e30c346a43@codeconstruct.com.au
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Li hongliang <1468888505@139.com>
---
net/mctp/device.c | 1 +
net/mctp/neigh.c | 1 +
net/mctp/route.c | 1 +
3 files changed, 3 insertions(+)
diff --git a/net/mctp/device.c b/net/mctp/device.c
index 4d404edd7446..04c5570bacff 100644
--- a/net/mctp/device.c
+++ b/net/mctp/device.c
@@ -70,6 +70,7 @@ static int mctp_fill_addrinfo(struct sk_buff *skb,
return -EMSGSIZE;
hdr = nlmsg_data(nlh);
+ memset(hdr, 0, sizeof(*hdr));
hdr->ifa_family = AF_MCTP;
hdr->ifa_prefixlen = 0;
hdr->ifa_flags = 0;
diff --git a/net/mctp/neigh.c b/net/mctp/neigh.c
index 05b899f22d90..fc85f0e69301 100644
--- a/net/mctp/neigh.c
+++ b/net/mctp/neigh.c
@@ -218,6 +218,7 @@ static int mctp_fill_neigh(struct sk_buff *skb, u32 portid, u32 seq, int event,
return -EMSGSIZE;
hdr = nlmsg_data(nlh);
+ memset(hdr, 0, sizeof(*hdr));
hdr->ndm_family = AF_MCTP;
hdr->ndm_ifindex = dev->ifindex;
hdr->ndm_state = 0; // TODO other state bits?
diff --git a/net/mctp/route.c b/net/mctp/route.c
index d4fdaac8037a..eb817f1eb5c8 100644
--- a/net/mctp/route.c
+++ b/net/mctp/route.c
@@ -1650,6 +1650,7 @@ static int mctp_fill_rtinfo(struct sk_buff *skb, struct mctp_route *rt,
return -EMSGSIZE;
hdr = nlmsg_data(nlh);
+ memset(hdr, 0, sizeof(*hdr));
hdr->rtm_family = AF_MCTP;
/* we use the _len fields as a number of EIDs, rather than
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 6.18.y] net: mctp: ensure our nlmsg responses are initialised
2026-06-02 7:34 [PATCH 6.18.y] net: mctp: ensure our nlmsg responses are initialised Li hongliang
@ 2026-06-02 18:21 ` Sasha Levin
0 siblings, 0 replies; 2+ messages in thread
From: Sasha Levin @ 2026-06-02 18:21 UTC (permalink / raw)
To: Li hongliang, gregkh, stable, jk
Cc: Sasha Levin, patches, linux-kernel, matt, davem, edumazet, kuba,
pabeni, horms, netdev
On Tue, Jun 02, 2026 at 03:34:28PM +0800, Li hongliang wrote:
> [PATCH 6.18.y] net: mctp: ensure our nlmsg responses are initialised
Thanks. All five per-branch submissions (backports of upstream
a6a9bc544b67) are now queued.
--
Thanks,
Sasha
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-06-02 18:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-02 7:34 [PATCH 6.18.y] net: mctp: ensure our nlmsg responses are initialised Li hongliang
2026-06-02 18:21 ` Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox