diff options
| author | Maher Sanalla <msanalla@nvidia.com> | 2026-04-27 14:02:34 +0300 |
|---|---|---|
| committer | Jason Gunthorpe <jgg@nvidia.com> | 2026-04-29 22:37:12 +0300 |
| commit | 610771c62e2ac5bca851fc5a6f8af1cdd83f189a (patch) | |
| tree | d024b1ed87d0e3dc79d006648713b695cf07ddbd /include/linux | |
| parent | 9bee81cc5e8811c8bbe67fbf5214a7998457324b (diff) | |
| download | linux-610771c62e2ac5bca851fc5a6f8af1cdd83f189a.tar.xz | |
IB/core: Fix IPv6 netlink message size in ib_nl_ip_send_msg()
When resolving an RDMA-CM IPv6 address, ib_nl_ip_send_msg() sends a
netlink request to the userspace daemon to perform IP-to-GID
resolution in certain cases. The function allocates the netlink message
buffer using nla_total_size(sizeof(size)), which passes 8 bytes (the
size of size_t) instead of 16 bytes (the size of an IPv6 address).
This results in an 8-byte under-allocation.
This is currently masked by nlmsg_new() over-allocation of the skb
in its internal logic. However, the code remains incorrect.
Fix the issue by supplying the proper IPv6 address length to
nla_total_size().
Fixes: ae43f8286730 ("IB/core: Add IP to GID netlink offload")
Link: https://patch.msgid.link/r/20260427-security-bug-fixes-v3-3-4621fa52de0e@nvidia.com
Signed-off-by: Maher Sanalla <msanalla@nvidia.com>
Reviewed-by: Patrisious Haddad <phaddad@nvidia.com>
Signed-off-by: Edward Srouji <edwards@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Diffstat (limited to 'include/linux')
0 files changed, 0 insertions, 0 deletions