netlink: add one debug check in nla_nest_end()

Add a DEBUG_NET_WARN_ON_ONCE(diff > U16_MAX)
to warn if the kernel sends corrupted nested attribute
to user space.

Offenders can be converted to nla_nest_end_safe().

Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20260512155244.4137851-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/include/net/netlink.h b/include/net/netlink.h
index 546d10586576e7b1c44348ac48762667ebb00f61..b5048dd1d5115dc94e9ea18b3b6d1822c878a75d 100644 (file)
--- a/include/net/netlink.h
+++ b/include/net/netlink.h
@@ -2260,7 +2260,10 @@ static inline struct nlattr *nla_nest_start(struct sk_buff *skb, int attrtype)
  */
 static inline int nla_nest_end(struct sk_buff *skb, struct nlattr *start)
 {
-       start->nla_len = skb_tail_pointer(skb) - (unsigned char *)start;
+       unsigned long diff = skb_tail_pointer(skb) - (unsigned char *)start;
+
+       DEBUG_NET_WARN_ON_ONCE(diff > U16_MAX);
+       start->nla_len = diff;
        return skb->len;
 }