Re: [PATCH net] xfrm_user: fix info leak in build_mapping()

[Greg Kroah-Hartman]

On Mon, Apr 06, 2026 at 08:58:59AM -0700, Jakub Kicinski wrote:
> On Mon, 6 Apr 2026 08:54:49 -0700 Jakub Kicinski wrote:
> > > Note, I think this is correct, as I don't think a new skb has it's
> > > fields pre-zeroed out, or am I totally wrong here?  
> > 
> > You're right, skb owner is responsible for clearing after put.
> > Tho, Netlink is not as perf critical as real networking, I wish
> > we at least had a helper which reserves the space and clears it :/
> > This is not the first or the second time we hit this sort of a bug.
> 
> We could make nlmsg_append() do that. Mostly because I don't have 
> a better idea for a name and nlmsg_append is only used once ;)

As shown in my other patch:
	https://lore.kernel.org/r/2026040621-poison-gristle-aaa3@gregkh
we need this in at least 2 places, don't know if it's worth doing it for
all messages?

I guess nlmsg_append() would work?  It tries to do some zeroing out for
alignment for some reason...

Want me to do that?  I don't have a way to test any of this, I just
found it using some static code analysis tools that looked at holes in
structures.

thanks,

greg k-h