net: netlink: catch attempts to send empty messages

syzbot can figure out a way to redirect a netlink message to a tap. Sending empty skbs to devices is not valid and we end up hitting a skb_assert_len() in __dev_queue_xmit(). Make catching these mistakes easier, assert the skb size directly in netlink core. Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20241218024400.824355-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Jakub Kicinski <kuba@kernel.org> 2024-12-17 18:44:00 -0800
committer: Jakub Kicinski <kuba@kernel.org> 2024-12-19 18:06:28 -0800
commit: 75e2c86c7b180fd1068ad271178c2820a199e7eb (patch)
tree: a7d1f65161d241c0eae2a98916581c03ce60b5ee /net/netlink
parent: 3fc87cb94f5f3224a9ea168ee935286d915d2a6a (diff)
download: net-75e2c86c7b180fd1068ad271178c2820a199e7eb.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index f4e7b5e4bb59fd..85311226183a25 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1287,6 +1287,7 @@ static struct sk_buff *netlink_trim(struct sk_buff *skb, gfp_t allocation)
 {
 	int delta;
 
+	skb_assert_len(skb);
 	WARN_ON(skb->sk != NULL);
 	delta = skb->end - skb->tail;
 	if (is_vmalloc_addr(skb->head) || delta * 2 < skb->truesize)
author	Jakub Kicinski <kuba@kernel.org>	2024-12-17 18:44:00 -0800
committer	Jakub Kicinski <kuba@kernel.org>	2024-12-19 18:06:28 -0800
commit	75e2c86c7b180fd1068ad271178c2820a199e7eb (patch)
tree	a7d1f65161d241c0eae2a98916581c03ce60b5ee /net/netlink
parent	3fc87cb94f5f3224a9ea168ee935286d915d2a6a (diff)
download	net-75e2c86c7b180fd1068ad271178c2820a199e7eb.tar.gz