Re: [PATCH net] xfrm_user: fix info leak in build_mapping()

Next message: Andrew Morton: "Re: [PATCH v3 0/2] mm/mprotect: micro-optimization work"
Previous message: Bjorn Helgaas: "Re: [PATCH] PCI/NPEM: Set LED_HW_PLUGGABLE for hotplug-capable ports"
In reply to: Greg Kroah-Hartman: "Re: [PATCH net] xfrm_user: fix info leak in build_mapping()"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH net] xfrm_user: fix info leak in build_mapping()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jakub Kicinski

Date: Mon Apr 06 2026 - 13:39:19 EST

On Mon, 6 Apr 2026 18:08:27 +0200 Greg Kroah-Hartman wrote:
> On Mon, Apr 06, 2026 at 08:58:59AM -0700, Jakub Kicinski wrote:
> > On Mon, 6 Apr 2026 08:54:49 -0700 Jakub Kicinski wrote:
> > > You're right, skb owner is responsible for clearing after put.
> > > Tho, Netlink is not as perf critical as real networking, I wish
> > > we at least had a helper which reserves the space and clears it :/
> > > This is not the first or the second time we hit this sort of a bug.
> >
> > We could make nlmsg_append() do that. Mostly because I don't have
> > a better idea for a name and nlmsg_append is only used once ;)
>
> As shown in my other patch:
> https://lore.kernel.org/r/2026040621-poison-gristle-aaa3@gregkh
> we need this in at least 2 places, don't know if it's worth doing it for
> all messages?

I was thinking -- add the helper so that we can use it in places we're
touching anyway. No need to mess with correct existing code.

> I guess nlmsg_append() would work? It tries to do some zeroing out for
> alignment for some reason...
>
> Want me to do that? I don't have a way to test any of this, I just
> found it using some static code analysis tools that looked at holes in
> structures.

Do you have any more Netlink leaks in the queue? If you do let's do it,
if you don't we can wait until the next victi^w patch to arrive.