git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Jakub Kicinski <kuba@kernel.org>
	Fri, 11 Jul 2025 00:11:21 +0000 (17:11 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 17 Jul 2025 16:27:58 +0000 (18:27 +0200)
commit	5db2f768a8f8374607e1b10ecc8937668b7729aa
tree	1c7efa2e9e2f4b5e79f134080b690a812740d0c1	tree
parent	a363f5719d7198212369a286d0da6437554887e0	commit \| diff

netlink: make sure we allow at least one dump skb

commit a215b5723922f8099078478122f02100e489cb80 upstream.

Commit under Fixes tightened up the memory accounting for Netlink
sockets. Looks like the accounting is too strict for some existing
use cases, Marek reported issues with nl80211 / WiFi iw CLI.

To reduce number of iterations Netlink dumps try to allocate
messages based on the size of the buffer passed to previous
recvmsg() calls. If user space uses a larger buffer in recvmsg()
than sk_rcvbuf we will allocate an skb we won't be able to queue.

Make sure we always allow at least one skb to be queued.
Same workaround is already present in netlink_attachskb().
Alternative would be to cap the allocation size to
rcvbuf - rmem_alloc
but as I said, the workaround is already present in other places.

Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: https://lore.kernel.org/9794af18-4905-46c6-b12c-365ea2f05858@samsung.com
Fixes: ae8f160e7eb2 ("netlink: Fix wraparounds of sk->sk_rmem_alloc.")
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20250711001121.3649033-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>