superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/net
History
Jakub Kicinski 0f9a857e34 net: shaper: fix undersized reply skb allocation in GROUP command 
net_shaper_group_send_reply() writes both the NET_SHAPER_A_IFINDEX
attribute (via net_shaper_fill_binding()) and the nested
NET_SHAPER_A_HANDLE attribute (via net_shaper_fill_handle()), but
the reply skb at the call site in net_shaper_nl_group_doit() is
allocated using net_shaper_handle_size(), which only accounts for
the nested handle.

The allocation is therefore short by nla_total_size(sizeof(u32))
(8 bytes) for the IFINDEX attribute.  In practice the slab allocator
rounds up the small allocation so the bug is latent, but the size
accounting is wrong and could bite if the reply grew further.

Introduce net_shaper_group_reply_size() that accounts for the full
reply payload and use it both at the genlmsg_new() call site and in
the defensive WARN_ONCE message.

Fixes: 5d5d4700e7 ("net-shapers: implement NL group operation")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Link: https://patch.msgid.link/20260510192904.3987113-7-kuba@kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
 		2026-05-12 16:14:59 +02:00
..
6lowpan
9p 9p/trans_xen: replace simple_strto* with kstrtouint 2026-04-16 02:57:01 +00:00
802
8021q 8021q: delete cleared egress QoS mappings 2026-04-23 12:13:57 +02:00
appletalk
atm net: remove unused ATM protocols and legacy ATM device drivers 2026-04-23 12:21:14 -07:00
batman-adv batman-adv: bla: put backbone reference on failed claim hash insert 2026-05-08 14:29:02 +02:00
bluetooth Bluetooth: HIDP: serialise l2cap_unregister_user via hidp_session_sem 2026-05-06 16:27:53 -04:00
bpf bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb 2026-04-12 15:42:57 -07:00
bridge netfilter: bridge: eb_tables: close module init race 2026-05-08 01:30:17 +02:00
can Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
ceph libceph: Fix slab-out-of-bounds access in auth message processing 2026-04-22 01:40:23 +02:00
core net: napi: Avoid gro timer misfiring at end of busypoll 2026-05-08 15:02:32 -07:00
dcb
devlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
dns_resolver
dsa net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops 2026-04-16 19:10:48 -07:00
ethernet bonding: prevent potential infinite loop in bond_header_parse() 2026-03-16 19:29:45 -07:00
ethtool net: ethtool: fix NULL pointer dereference in phy_reply_size 2026-05-08 15:30:10 -07:00
handshake
hsr net: hsr: fix NULL pointer dereference in hsr_get_node_data() 2026-05-12 12:28:34 +02:00
ieee802154
ife
ipv4 tcp: Fix out-of-bounds access for twsk in tcp_ao_established_key(). 2026-05-11 17:50:15 -07:00
ipv6 netfilter pull request 26-05-08 2026-05-08 18:28:27 -07:00
iucv net/iucv: Add missing kernel-doc return value descriptions 2026-03-31 20:14:56 -07:00
kcm
key vfs-7.1-rc1.kino 2026-04-13 12:19:01 -07:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
l3mdev
lapb
llc llc: Return -EINPROGRESS from llc_ui_connect() 2026-04-23 11:40:39 -07:00
mac80211 wifi: mac80211: remove station if connection prep fails 2026-05-06 11:02:57 +02:00
mac802154 bonding: prevent potential infinite loop in bond_header_parse() 2026-03-16 19:29:45 -07:00
mctp net: mctp: test: Use dev_direct_xmit for TX to our test device 2026-04-30 13:36:47 -07:00
mpls Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-02 11:03:13 -07:00
mptcp mptcp: pm: prio: skip closed subflows 2026-05-06 18:16:45 -07:00
ncsi
netfilter netfilter: nft_ct: fix missing expect put in obj eval 2026-05-08 01:30:17 +02:00
netlabel
netlink genetlink: free the skb on 'group >= family->n_mcgrps' 2026-05-08 15:43:29 -07:00
nfc NFC: digital: Bounds check NFC-A cascade depth in SDD response handler 2026-04-12 11:40:45 -07:00
nsh
openvswitch openvswitch: vport: fix self-deadlock on release of tunnel ports 2026-05-05 15:19:37 +02:00
packet net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() 2026-04-22 20:16:34 -07:00
phonet net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind 2026-04-27 18:45:17 -07:00
psample
psp psp: strip variable-length PSP header in psp_dev_rcv() 2026-05-04 19:25:14 -07:00
qrtr Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-14 12:04:00 -07:00
rds net/rds: reset op_nents when zerocopy page pin fails 2026-05-11 17:20:02 -07:00
rfkill net: rfkill: prevent unlimited numbers of rfkill events from being created 2026-04-07 12:35:04 +02:00
rxrpc rxrpc: Fix error handling in rxgk_extract_token() 2026-04-23 14:29:16 -07:00
sched net/sched: dualpi2: initialize timer earlier in dualpi2_init() 2026-05-11 18:03:16 -07:00
sctp sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL 2026-05-08 18:21:09 -07:00
shaper net: shaper: fix undersized reply skb allocation in GROUP command 2026-05-12 16:14:59 +02:00
smc net/smc: fix missing sk_err when TCP handshake fails 2026-05-07 08:36:34 -07:00
strparser net: strparser: fix skb_head leak in strp_abort_strp() 2026-04-14 12:37:00 +02:00
sunrpc NFS client updates for Linux 7.1 2026-04-24 14:20:03 -07:00
switchdev bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign 2026-03-19 13:14:00 +01:00
tipc Including fixes from Netfilter. 2026-04-23 16:50:42 -07:00
tls net: tls: fix silent data drop under pipe back-pressure 2026-05-02 18:27:14 -07:00
unix af_unix: Reject SIOCATMARK on non-stream sockets 2026-05-07 08:36:02 -07:00
vmw_vsock vsock/virtio: fix empty payload in tap skb for non-linear buffers 2026-05-12 12:52:15 +02:00
wireless wifi: nl80211: re-check wiphy netns in nl80211_prepare_wdev_dump() continuation 2026-05-06 11:08:41 +02:00
x25 vfs-7.1-rc1.kino 2026-04-13 12:19:01 -07:00
xdp xsk: fix u64 descriptor address truncation on 32-bit architectures 2026-05-05 19:27:51 -07:00
xfrm xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete 2026-04-29 11:27:34 +02:00
Kconfig net: remove ax25 and amateur radio (hamradio) subsystem 2026-04-23 10:24:02 -07:00
Kconfig.debug
Makefile net: remove ax25 and amateur radio (hamradio) subsystem 2026-04-23 10:24:02 -07:00
compat.c
devres.c
socket.c Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
sysctl_net.c