Commit cbbdf843 authored by David Ahern's avatar David Ahern Committed by David S. Miller

netlink: extack needs to be reset each time through loop

syzbot triggered the WARN_ON in netlink_ack testing the bad_attr value.
The problem is that netlink_rcv_skb loops over the skb repeatedly invoking
the callback and without resetting the extack leaving potentially stale
data. Initializing each time through avoids the WARN_ON.

Fixes: 2d4bc933 ("netlink: extended ACK reporting")
Reported-by: syzbot+315fa6766d0f7c359327@syzkaller.appspotmail.com
Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 59b36613
...@@ -2384,7 +2384,7 @@ int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *, ...@@ -2384,7 +2384,7 @@ int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *,
struct nlmsghdr *, struct nlmsghdr *,
struct netlink_ext_ack *)) struct netlink_ext_ack *))
{ {
struct netlink_ext_ack extack = {}; struct netlink_ext_ack extack;
struct nlmsghdr *nlh; struct nlmsghdr *nlh;
int err; int err;
...@@ -2405,6 +2405,7 @@ int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *, ...@@ -2405,6 +2405,7 @@ int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *,
if (nlh->nlmsg_type < NLMSG_MIN_TYPE) if (nlh->nlmsg_type < NLMSG_MIN_TYPE)
goto ack; goto ack;
memset(&extack, 0, sizeof(extack));
err = cb(skb, nlh, &extack); err = cb(skb, nlh, &extack);
if (err == -EINTR) if (err == -EINTR)
goto skip; goto skip;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment