This is a note to let you know that I've just added the patch titled RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: rdma-nldev-add-checks-for-nla_nest_start-in-fill_sta.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit ffaf8865219f09db22c3dcb22fbc27ae06fc05c4 Author: Yuan Can <yuancan@xxxxxxxxxx> Date: Sat Nov 26 04:34:10 2022 +0000 RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() [ Upstream commit ea5ef136e215fdef35f14010bc51fcd6686e6922 ] As the nla_nest_start() may fail with NULL returned, the return value needs to be checked. Fixes: c4ffee7c9bdb ("RDMA/netlink: Implement counter dumpit calback") Signed-off-by: Yuan Can <yuancan@xxxxxxxxxx> Link: https://lore.kernel.org/r/20221126043410.85632-1-yuancan@xxxxxxxxxx Signed-off-by: Leon Romanovsky <leon@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/infiniband/core/nldev.c b/drivers/infiniband/core/nldev.c index 6f3799698634..cefe12964f3e 100644 --- a/drivers/infiniband/core/nldev.c +++ b/drivers/infiniband/core/nldev.c @@ -892,6 +892,8 @@ static int fill_stat_counter_qps(struct sk_buff *msg, int ret = 0; table_attr = nla_nest_start(msg, RDMA_NLDEV_ATTR_RES_QP); + if (!table_attr) + return -EMSGSIZE; rt = &counter->device->res[RDMA_RESTRACK_QP]; xa_lock(&rt->xa);