Re: [PATCH v3] af_netlink: ensure that NLMSG_DONE never fails in dumps

From: Johannes Berg
Date: Wed Nov 08 2017 - 21:02:53 EST


On Thu, 2017-11-09 at 10:42 +0900, Jason A. Donenfeld wrote:
> +++ b/net/netlink/af_netlink.c
> @@ -2136,7 +2136,7 @@ static int netlink_dump(struct sock *sk)
> struct sk_buff *skb = NULL;
> struct nlmsghdr *nlh;
> struct module *module;
> - int len, err = -ENOBUFS;
> + int err = -ENOBUFS;
> int alloc_min_size;
> int alloc_size;
>
> @@ -2183,9 +2183,10 @@ static int netlink_dump(struct sock *sk)
> skb_reserve(skb, skb_tailroom(skb) - alloc_size);
> netlink_skb_set_owner_r(skb, sk);
>
> - len = cb->dump(skb, cb);
> + if (nlk->dump_done_errno > 0)
> + nlk->dump_done_errno = cb->dump(skb, cb);
>
> - if (len > 0) {
> + if (nlk->dump_done_errno > 0 || skb_tailroom(skb) < nlmsg_total_size(sizeof(nlk->dump_done_errno))) {
> mutex_unlock(nlk->cb_mutex);

nit: I think your line got a little long here :)

> - memcpy(nlmsg_data(nlh), &len, sizeof(len));
> + memcpy(nlmsg_data(nlh), &nlk->dump_done_errno, sizeof(nlk->dump_done_errno));

and here

> + nlk->dump_done_errno = INT_MAX;

I guess positive values aren't really returned from dump?

johannes