Commit c73a72f4 authored Nov 17, 2022 by Jakub Kicinski

netlink: remove the flex array from struct nlmsghdr



I've added a flex array to struct nlmsghdr in
commit 738136a0 ("netlink: split up copies in the ack construction")
to allow accessing the data easily. It leads to warnings with clang,
if user space wraps this structure into another struct and the flex
array is not at the end of the container.

Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/all/20221114023927.GA685@u2004-local/
Link: https://lore.kernel.org/r/20221118033903.1651026-1-kuba@kernel.org


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent ab037780

include/uapi/linux/netlink.h

+0 −2

Original line number	Diff line number	Diff line
		@@ -48,7 +48,6 @@ struct sockaddr_nl {
		* @nlmsg_flags: Additional flags
		* @nlmsg_seq: Sequence number
		* @nlmsg_pid: Sending process port ID
		* @nlmsg_data: Message payload
		*/
		struct nlmsghdr {
		__u32 nlmsg_len;
		@@ -56,7 +55,6 @@ struct nlmsghdr {
		__u16 nlmsg_flags;
		__u32 nlmsg_seq;
		__u32 nlmsg_pid;
		__u8 nlmsg_data[];
		};

		/* Flags values */

net/netlink/af_netlink.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2514,7 +2514,7 @@ void netlink_ack(struct sk_buff in_skb, struct nlmsghdr nlh, int err,
		if (!nlmsg_append(skb, nlmsg_len(nlh)))
		goto err_bad_put;

		memcpy(errmsg->msg.nlmsg_data, nlh->nlmsg_data,
		memcpy(nlmsg_data(&errmsg->msg), nlmsg_data(nlh),
		nlmsg_len(nlh));
		}