mirror of https://github.com/torvalds/linux.git
b2fb1a3363
The netlink attribute length field nla_len is a __u16, which can only represent values up to 65535 bytes. NICs with a large number of statistics strings (e.g. mlx5_core with thousands of ETH_SS_STATS entries) can produce a ETHTOOL_A_STRINGSET_STRINGS nest that exceeds this limit. When nla_nest_end() writes the actual nest size back to nla_len, the value is silently truncated. This results in a corrupted netlink message being sent to userspace: the parser reads a wrong (truncated) attribute length and misaligns all subsequent attribute boundaries, causing decode errors. Fix this by using the new helper nla_nest_end_safe and error out if the size exceeds U16_MAX. Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Link: https://patch.msgid.link/20260408-b4-ynl_ethtool-v2-5-7623a5e8f70b@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
|---|---|---|
| .. | ||
| Makefile | ||
| bitset.c | ||
| bitset.h | ||
| cabletest.c | ||
| channels.c | ||
| cmis.h | ||
| cmis_cdb.c | ||
| cmis_fw_update.c | ||
| coalesce.c | ||
| common.c | ||
| common.h | ||
| debug.c | ||
| eee.c | ||
| eeprom.c | ||
| features.c | ||
| fec.c | ||
| ioctl.c | ||
| linkinfo.c | ||
| linkmodes.c | ||
| linkstate.c | ||
| mm.c | ||
| module.c | ||
| module_fw.h | ||
| mse.c | ||
| netlink.c | ||
| netlink.h | ||
| pause.c | ||
| phc_vclocks.c | ||
| phy.c | ||
| plca.c | ||
| privflags.c | ||
| pse-pd.c | ||
| rings.c | ||
| rss.c | ||
| stats.c | ||
| strset.c | ||
| ts.h | ||
| tsconfig.c | ||
| tsinfo.c | ||
| tunnels.c | ||
| wol.c | ||