netlink: add one debug check in nla_nest_end()

Add a DEBUG_NET_WARN_ON_ONCE(diff > U16_MAX) to warn if the kernel sends corrupted nested attribute to user space. Offenders can be converted to nla_nest_end_safe(). Signed-off-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20260512155244.4137851-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Eric Dumazet <edumazet@google.com> 2026-05-12 15:52:44 +0000
committer: Jakub Kicinski <kuba@kernel.org> 2026-05-14 16:49:26 -0700
commit: ff205bf8c55451f95300bceed9779b647205a850 (patch)
tree: 466266c1be1485c962f572b081764203a73f373b /include
parent: 878492af7d503f4b093ea903173500be00e9cbe7 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/include/net/netlink.h b/include/net/netlink.h
index 546d10586576..b5048dd1d511 100644
--- a/include/net/netlink.h
+++ b/include/net/netlink.h
@@ -2260,7 +2260,10 @@ static inline struct nlattr *nla_nest_start(struct sk_buff *skb, int attrtype)
  */
 static inline int nla_nest_end(struct sk_buff *skb, struct nlattr *start)
 {
-	start->nla_len = skb_tail_pointer(skb) - (unsigned char *)start;
+	unsigned long diff = skb_tail_pointer(skb) - (unsigned char *)start;
+
+	DEBUG_NET_WARN_ON_ONCE(diff > U16_MAX);
+	start->nla_len = diff;
 	return skb->len;
 }
author	Eric Dumazet <edumazet@google.com>	2026-05-12 15:52:44 +0000
committer	Jakub Kicinski <kuba@kernel.org>	2026-05-14 16:49:26 -0700
commit	ff205bf8c55451f95300bceed9779b647205a850 (patch)
tree	466266c1be1485c962f572b081764203a73f373b /include
parent	878492af7d503f4b093ea903173500be00e9cbe7 (diff)