Re: [PATCH net-next v2 5/5] ethtool: strset: check nla_len overflow

Next message: Brian Masney: "Re: [PATCH v6 5/6] clk: fsl-sai: Extract clock setup into fsl_sai_clk_register()"
Previous message: Jakub Kicinski: "Re: [PATCH net-next v2 1/5] tools: ynl: move ethtool.py to selftest"
In reply to: Stanislav Fomichev: "Re: [PATCH net-next v2 5/5] ethtool: strset: check nla_len overflow"
Next in thread: Stanislav Fomichev: "Re: [PATCH net-next v2 5/5] ethtool: strset: check nla_len overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jakub Kicinski

Date: Wed Apr 08 2026 - 20:40:00 EST

On Wed, 8 Apr 2026 09:43:35 -0700 Stanislav Fomichev wrote:
> On 04/08, Hangbin Liu wrote:
> > The netlink attribute length field nla_len is a __u16, which can only
> > represent values up to 65535 bytes. NICs with a large number of
> > statistics strings (e.g. mlx5_core with thousands of ETH_SS_STATS
> > entries) can produce a ETHTOOL_A_STRINGSET_STRINGS nest that exceeds
> > this limit.
> >
> > When nla_nest_end() writes the actual nest size back to nla_len, the
> > value is silently truncated. This results in a corrupted netlink message
> > being sent to userspace: the parser reads a wrong (truncated) attribute
> > length and misaligns all subsequent attribute boundaries, causing decode
> > errors.
> >
> > Fix this by using the new helper nla_nest_end_safe and error out if
> > the size exceeds U16_MAX.
>
> Not sure that's the user supposed to do? Does it mean there is no way
> to retrieve ETHTOOL_A_STRINGSET_STRINGS for those devices with too
> many strings?

Not via Netlink, they can still read them via the ioctl?
Since the legacy stats themselves can't be fetched over Netlink
I'm not sure we should lose sleep over reading the stats strings
via Netlink.