Netdev Archive on
help / color / mirror / Atom feed
From: Johannes Berg <>
	Johannes Berg <>,
Subject: [PATCH] netlink: policy: correct validation type check
Date: Mon, 31 Aug 2020 20:28:05 +0200	[thread overview]
Message-ID: <20200831202805.8ca5a2fe1ffb.I46f0d5bee0a774517aeec539620895a473dd2299@changeid> (raw)
In-Reply-To: <>

From: Johannes Berg <>

In the policy export for binary attributes I erroneously used
a != NLA_VALIDATE_NONE comparison instead of checking for the
two possible values, which meant that if a validation function
pointer ended up aliasing the min/max as negatives, we'd hit
a warning in nla_get_range_unsigned().

Fix this to correctly check for only the two types that should
be handled here, i.e. range with or without warn-too-long.

Fixes: 8aa26c575fb3 ("netlink: make NLA_BINARY validation more flexible")
Signed-off-by: Johannes Berg <>
 net/netlink/policy.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/netlink/policy.c b/net/netlink/policy.c
index 7b1f50531cd3..5c9e7530865f 100644
--- a/net/netlink/policy.c
+++ b/net/netlink/policy.c
@@ -264,7 +264,8 @@ int netlink_policy_dump_write(struct sk_buff *skb, unsigned long _state)
-		if (pt->validation_type != NLA_VALIDATE_NONE) {
+		if (pt->validation_type == NLA_VALIDATE_RANGE ||
+		    pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG) {
 			struct netlink_range_validation range;
 			nla_get_range_unsigned(pt, &range);

  reply	other threads:[~2020-08-31 18:28 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-31 16:47 WARNING in nla_get_range_unsigned syzbot
2020-08-31 18:28 ` Johannes Berg [this message]
2020-08-31 19:02   ` [PATCH] netlink: policy: correct validation type check David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200831202805.8ca5a2fe1ffb.I46f0d5bee0a774517aeec539620895a473dd2299@changeid \ \ \ \ \ \ \ \ \
    --subject='Re: [PATCH] netlink: policy: correct validation type check' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).