netlink: Return unsigned value for nla_len()

kees · kuba-moo · commit 172db56d90d2 · 2023-12-08T11:03:32.000-08:00
The return value from nla_len() is never expected to be negative, and can never be more than struct nlattr::nla_len (a u16). Adjust the prototype on the function. This will let GCC's value range optimization passes know that the return can never be negative, and can never be larger than u16. As recently discussed[1], this silences the following warning in GCC 12+: net/wireless/nl80211.c: In function 'nl80211_set_cqm_rssi.isra': net/wireless/nl80211.c:12892:17: warning: 'memcpy' specified bound 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=] 12892 | memcpy(cqm_config->rssi_thresholds, thresholds, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 12893 | flex_array_size(cqm_config, rssi_thresholds, | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 12894 | n_thresholds)); | ~~~~~~~~~~~~~~ A future change would be to clamp the subtraction to make sure it never wraps around if nla_len is somehow less than NLA_HDRLEN, which would have the additional benefit of being defensive in the face of nlattr corruption or logic errors. Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202311090752.hWcJWAHL-lkp@intel.com/ [1] Cc: Johannes Berg <johannes@sipsolutions.net> Cc: Jeff Johnson <quic_jjohnson@quicinc.com> Cc: Michael Walle <mwalle@kernel.org> Cc: Max Schulze <max.schulze@online.de> Link: https://lore.kernel.org/r/20231202202539.it.704-kees@kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20231206205904.make.018-kees@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
diff --git a/include/net/netlink.h b/include/net/netlink.h
@@ -1214,7 +1214,7 @@ static inline void *nla_data(const struct nlattr *nla)
  * nla_len - length of payload
  * @nla: netlink attribute
  */
-static inline int nla_len(const struct nlattr *nla)
+static inline u16 nla_len(const struct nlattr *nla)
 {
 	return nla->nla_len - NLA_HDRLEN;
 }

Original file line number	Diff line number	Diff line change
`@@ -1214,7 +1214,7 @@ static inline void nla_data(const struct nlattr nla)`
`1214`	`1214`	`* nla_len - length of payload`
`1215`	`1215`	`* @nla: netlink attribute`
`1216`	`1216`	`*/`
`1217`		`-static inline int nla_len(const struct nlattr *nla)`
	`1217`	`+static inline u16 nla_len(const struct nlattr *nla)`
`1218`	`1218`	`{`
`1219`	`1219`	`return nla->nla_len - NLA_HDRLEN;`
`1220`	`1220`	`}`