Commit cbbdf843 authored Jan 10, 2018 by David Ahern Committed by David S. Miller Jan 15, 2018

netlink: extack needs to be reset each time through loop

syzbot triggered the WARN_ON in netlink_ack testing the bad_attr value.
The problem is that netlink_rcv_skb loops over the skb repeatedly invoking
the callback and without resetting the extack leaving potentially stale
data. Initializing each time through avoids the WARN_ON.

Fixes: 2d4bc933 ("netlink: extended ACK reporting")
Reported-by: <syzbot+315fa6766d0f7c359327@syzkaller.appspotmail.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 59b36613

net/netlink/af_netlink.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -2384,7 +2384,7 @@ int netlink_rcv_skb(struct sk_buff skb, int (cb)(struct sk_buff *,
		struct nlmsghdr *,
		struct netlink_ext_ack *))
		{
		struct netlink_ext_ack extack = {};
		struct netlink_ext_ack extack;
		struct nlmsghdr *nlh;
		int err;

		@@ -2405,6 +2405,7 @@ int netlink_rcv_skb(struct sk_buff skb, int (cb)(struct sk_buff *,
		if (nlh->nlmsg_type < NLMSG_MIN_TYPE)
		goto ack;

		memset(&extack, 0, sizeof(extack));
		err = cb(skb, nlh, &extack);
		if (err == -EINTR)
		goto skip;