From: Andrew Lunn <andrew@lunn.ch>
To: Matthew Maurer <mmaurer@google.com>
Cc: "Alice Ryhl" <aliceryhl@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun@kernel.org>, "Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Donald Hunter" <donald.hunter@gmail.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
"Eric Dumazet" <edumazet@google.com>,
"Paolo Abeni" <pabeni@redhat.com>,
"Simon Horman" <horms@kernel.org>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Arve Hjønnevåg" <arve@android.com>,
"Todd Kjos" <tkjos@android.com>,
"Christian Brauner" <brauner@kernel.org>,
"Carlos Llamas" <cmllamas@google.com>,
linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org,
netdev@vger.kernel.org
Subject: Re: [PATCH v3 1/4] rust: netlink: add raw netlink abstraction
Date: Thu, 16 Apr 2026 23:19:39 +0200 [thread overview]
Message-ID: <845b36ba-7b3a-41f2-acb2-b284f253e2ca@lunn.ch> (raw)
In-Reply-To: <CAGSQo03b4tTQW=bXiRrmjvF8NympD_dcJX=2jwPdMmguXLfifQ@mail.gmail.com>
On Thu, Apr 16, 2026 at 01:06:42PM -0700, Matthew Maurer wrote:
> > + /// Sends the generic netlink message as a multicast message.
> > + #[inline]
> > + pub fn multicast(
> > + self,
> > + family: &'static Family,
> > + portid: u32,
> > + group: u32,
> > + flags: alloc::Flags,
> > + ) -> Result {
> > + let me = ManuallyDrop::new(self);
> > + // SAFETY: The `skb` and `family` pointers are valid. We pass ownership of the `skb` to
> > + // `genlmsg_multicast` by not dropping `self`.
Hi Matthew
Please trim when replying, to just the needed context.
> I think if genlmsg_multicast returns an error code we may need to drop
> to avoid leaking. Specifically, there is at least this path:
> 1. Set group to a large number (that's an unconstrained public parameter)
> 2. We suppress drop
> 3. We call genlmsg_multicast
> 4. We call genlmsg_multicast_netns
> 4. We call genlmsg_multicast_netns_filtered, which does an inbounds
> check for the `group`. If it is too large, it returns EINVAL without
> consuming the SKB - include/net/genetlink.h:493
> 5. We leak the skb
>
> However, at the same time, if we pass that check and descend into
> `netlink_broadcast_filtered`, it will unconditionally consume the SKB,
> and possibly return an error code in other situations.
A quick grep of the code suggests very few callers of
genlmsg_multicast look at the return code.
drivers/scsi/pmcraid.c prints an error message, but does nothing with
the skb.
drivers/regulator/event.c returns the error code to its caller, which
discards is, and the skb is leaked.
net/ieee802154/netlink.c returns the error code up the call stack but
leaks the skb.
net/nfc/netlink.c returns the error code up the call stack but leaks
the skb.
So i would agree with you, freeing it on error somewhere within
genlmsg_multicast() would make sense.
Andrew
next prev parent reply other threads:[~2026-04-16 21:19 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-15 9:37 [PATCH v3 0/4] Rust netlink support + use in Rust Binder Alice Ryhl
2026-04-15 9:37 ` [PATCH v3 1/4] rust: netlink: add raw netlink abstraction Alice Ryhl
2026-04-16 0:42 ` Andrew Lunn
2026-04-16 20:06 ` Matthew Maurer
2026-04-16 21:19 ` Andrew Lunn [this message]
2026-04-16 21:54 ` Matthew Maurer
2026-04-15 9:37 ` [PATCH v3 2/4] ynl_gen: generate Rust files from yaml files Alice Ryhl
2026-04-17 10:54 ` Donald Hunter
2026-04-17 11:32 ` Alice Ryhl
2026-04-15 9:37 ` [PATCH v3 3/4] rust_binder: add generated netlink.rs file Alice Ryhl
2026-04-15 9:37 ` [PATCH v3 4/4] rust_binder: report netlink transactions Alice Ryhl
2026-04-16 0:46 ` Andrew Lunn
2026-04-16 7:00 ` Alice Ryhl
2026-04-16 16:11 ` [PATCH v3 0/4] Rust netlink support + use in Rust Binder Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=845b36ba-7b3a-41f2-acb2-b284f253e2ca@lunn.ch \
--to=andrew@lunn.ch \
--cc=a.hindborg@kernel.org \
--cc=aliceryhl@google.com \
--cc=arve@android.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun@kernel.org \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=dakr@kernel.org \
--cc=davem@davemloft.net \
--cc=donald.hunter@gmail.com \
--cc=edumazet@google.com \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=mmaurer@google.com \
--cc=netdev@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=pabeni@redhat.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=tkjos@android.com \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox