On Thu, 1 Sep 2022 00:13:36 -0700 Kees Cook wrote: > rep = __nlmsg_put(skb, NETLINK_CB(in_skb).portid, nlh->nlmsg_seq, > NLMSG_ERROR, payload, flags); All we should need here is __nlmsg_put() -> nlmsg_put(), that's idiomatic for netlink. > errmsg = nlmsg_data(rep); > errmsg->error = err; > - memcpy(&errmsg->msg, nlh, payload > sizeof(*errmsg) ? nlh->nlmsg_len : sizeof(*nlh)); > + unsafe_memcpy(&errmsg->msg, nlh, payload > sizeof(*errmsg) > + ? nlh->nlmsg_len : sizeof(*nlh), > + /* "payload" was bounds checked against nlh->nlmsg_len, > + * and overflow-checked as tlvlen was constructed. > + */);
