Commit 75e2c86c authored Dec 17, 2024 by Jakub Kicinski

net: netlink: catch attempts to send empty messages



syzbot can figure out a way to redirect a netlink message to a tap.
Sending empty skbs to devices is not valid and we end up hitting
a skb_assert_len() in __dev_queue_xmit().

Make catching these mistakes easier, assert the skb size directly
in netlink core.

Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241218024400.824355-1-kuba@kernel.org


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent 3fc87cb9

net/netlink/af_netlink.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -1287,6 +1287,7 @@ static struct sk_buff netlink_trim(struct sk_buff skb, gfp_t allocation)
		{
		int delta;

		skb_assert_len(skb);
		WARN_ON(skb->sk != NULL);
		delta = skb->end - skb->tail;
		if (is_vmalloc_addr(skb->head) \|\| delta * 2 < skb->truesize)