Linaro Git Browser
Code Review Sign In
review.linaro.org / kernel / linux-linaro-stable.git / 149118d89355fb0e1a898f47977f8ae9be8e14e7^! / .
commit149118d89355fb0e1a898f47977f8ae9be8e14e7[log] [tgz]
authorThomas Graf <tgraf@suug.ch>Tue Jan 06 01:04:21 2015 +0100
committerDavid S. Miller <davem@davemloft.net>Mon Jan 05 22:38:22 2015 -0500
treece3d14e96bbebea22427f2d0d61ee52d840d007e
parenta515abd7771c991dee302d1e22e695d2a32daa3e [diff]
netlink: Warn on unordered or illegal nla_nest_cancel() or nlmsg_cancel()

Calling nla_nest_cancel() in a different order as the nesting was
built up can lead to negative offsets being calculated which
results in skb_trim() being called with an underflowed unsigned
int. Warn if mark < skb->data as it's definitely a bug.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/netlink.h b/include/net/netlink.h
index 6415835..d5869b9 100644
--- a/include/net/netlink.h
+++ b/include/net/netlink.h

@@ -520,8 +520,10 @@
  */
 static inline void nlmsg_trim(struct sk_buff *skb, const void *mark)
 {
-	if (mark)
+	if (mark) {
+		WARN_ON((unsigned char *) mark < skb->data);
 		skb_trim(skb, (unsigned char *) mark - skb->data);
+	}
 }
 
 /**