This is a note to let you know that I've just added the patch titled
netlink: remove the flex array from struct nlmsghdr
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
netlink-remove-the-flex-array-from-struct-nlmsghdr.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From c73a72f4cbb47672c8cc7f7d7aba52f1cb15baca Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <kuba@xxxxxxxxxx>
Date: Thu, 17 Nov 2022 19:39:03 -0800
Subject: netlink: remove the flex array from struct nlmsghdr
From: Jakub Kicinski <kuba@xxxxxxxxxx>
commit c73a72f4cbb47672c8cc7f7d7aba52f1cb15baca upstream.
I've added a flex array to struct nlmsghdr in
commit 738136a0e375 ("netlink: split up copies in the ack construction")
to allow accessing the data easily. It leads to warnings with clang,
if user space wraps this structure into another struct and the flex
array is not at the end of the container.
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
Reviewed-by: David Ahern <dsahern@xxxxxxxxxx>
Link: https://lore.kernel.org/all/20221114023927.GA685@u2004-local/
Link: https://lore.kernel.org/r/20221118033903.1651026-1-kuba@xxxxxxxxxx
Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
include/uapi/linux/netlink.h | 2 --
net/netlink/af_netlink.c | 2 +-
2 files changed, 1 insertion(+), 3 deletions(-)
--- a/include/uapi/linux/netlink.h
+++ b/include/uapi/linux/netlink.h
@@ -48,7 +48,6 @@ struct sockaddr_nl {
* @nlmsg_flags: Additional flags
* @nlmsg_seq: Sequence number
* @nlmsg_pid: Sending process port ID
- * @nlmsg_data: Message payload
*/
struct nlmsghdr {
__u32 nlmsg_len;
@@ -56,7 +55,6 @@ struct nlmsghdr {
__u16 nlmsg_flags;
__u32 nlmsg_seq;
__u32 nlmsg_pid;
- __u8 nlmsg_data[];
};
/* Flags values */
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2458,7 +2458,7 @@ void netlink_ack(struct sk_buff *in_skb,
if (!nlmsg_append(skb, nlmsg_len(nlh)))
goto err_bad_put;
- memcpy(errmsg->msg.nlmsg_data, nlh->nlmsg_data,
+ memcpy(nlmsg_data(&errmsg->msg), nlmsg_data(nlh),
nlmsg_len(nlh));
}
Patches currently in stable-queue which might be from kuba@xxxxxxxxxx are
queue-6.1/neighbour-annotate-lockless-accesses-to-n-nud_state.patch
queue-6.1/mptcp-userspace-pm-allow-creating-id-0-subflow.patch
queue-6.1/tcp-fix-delayed-acks-for-mss-boundary-condition.patch
queue-6.1/tipc-fix-a-potential-deadlock-on-tx-lock.patch
queue-6.1/netlink-split-up-copies-in-the-ack-construction.patch
queue-6.1/netlink-fix-potential-skb-memleak-in-netlink_ack.patch
queue-6.1/net-change-accept_ra_min_rtr_lft-to-affect-all-ra-lifetimes.patch
queue-6.1/net-stmmac-dwmac-stm32-fix-resume-on-stm32-mcu.patch
queue-6.1/netlink-annotate-data-races-around-sk-sk_err.patch
queue-6.1/ipv4-ipv6-fix-handling-of-transhdrlen-in-__ip-6-_app.patch
queue-6.1/net-nfc-llcp-add-lock-when-modifying-device-list.patch
queue-6.1/tcp-fix-quick-ack-counting-to-count-actual-acks-of-n.patch
queue-6.1/ipv6-remove-nexthop_fib6_nh_bh.patch
queue-6.1/netlink-remove-the-flex-array-from-struct-nlmsghdr.patch
queue-6.1/ipv4-set-offload_failed-flag-in-fibmatch-results.patch
queue-6.1/sctp-update-hb-timer-immediately-after-users-change-.patch
queue-6.1/neighbour-switch-to-standard-rcu-instead-of-rcu_bh.patch
queue-6.1/sctp-update-transport-state-when-processing-a-dupcoo.patch
