From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 581C3295DAC for ; Tue, 31 Mar 2026 03:56:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.178 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774929393; cv=none; b=d64ssgx+tgK7IX9WmTALNIGm80F6LWEAy8XRmzsYBczKgFxnhmNkT27ggcDAf38r97fTi2Y9FBzNeeJ6bzuyVHpyV8onDkE6DkQWgufnSoB++Yr4t5/4PYLwvQUKaQcQLgW1+nYpCRUpKJLanxrs2rjLGxUkuxyXHFijw74DszQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774929393; c=relaxed/simple; bh=/1d/SQB0lDkfk6gQGl066QQ60SbR0X67jpMKif4tqy8=; h=From:Subject:Date:Message-Id:MIME-Version:Content-Type:To:Cc; b=SCUQnY+rVXvAebJFzXQeVt25MZBSa4Yo9yEae4A4BSYob2T01csvBz5CkcYDDsLPFEBT2CMwahEufEZj40CAXGuSaLvGqXaUiGdKnhN3omtfGXHOxRscbEzSrw/84rd6uPGkVQX2k7nYxNzJJXTZsDH90n2Nxfqu5Fz6Gul1eDQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=hLyvP+X9; arc=none smtp.client-ip=209.85.214.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hLyvP+X9" Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-2b24ddb2428so11257935ad.0 for ; Mon, 30 Mar 2026 20:56:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1774929392; x=1775534192; darn=vger.kernel.org; h=cc:to:content-transfer-encoding:mime-version:message-id:date :subject:from:from:to:cc:subject:date:message-id:reply-to; bh=Ll3YM4do8VUXTzcFrksYghcaSP2fNs5r3be4UVdcfFo=; b=hLyvP+X96WTV/3rUwX8jafFUtLelHgKKQB1B1NpnztwRrmPae6hfXy9YnLbfSjSTIO OQG7VPd0d9pVzv2vXT+F4fB3bXk3zj6YXHi8k/dFzAn4ClL4Uu4R81ydF4xLd+ACZW3P povzWBjOmNfjnXYcGOdK5B8Z5HK/cekBPJbgonY9PuvhzNrXkFntAGTKiRzQHVLtrBIn Gwt3+OUChSccEvKW5CJgAWjmtjRqE9DrVlonUYV6B3mN8htWc4dDearsr+e2ITO1Ys1n 7IQVwczLPBDth6Gp43+72xK4xau+4LuVTT/o0SKNqNU2BmrNmFfQmj6Q2crsQoBIH1Yf v/vA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774929392; x=1775534192; h=cc:to:content-transfer-encoding:mime-version:message-id:date :subject:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Ll3YM4do8VUXTzcFrksYghcaSP2fNs5r3be4UVdcfFo=; b=g/EpMZSAgJfLiykoNW9ATLoaBqTeGvi6xu4MkJxbnbtWaB2/sVkY5cPY624imn2PzM UI25OXg7ukhS77SvWB4rJ5QLA+fFAdbimfUT/ihcuAAqxHWQIUOrAr9yF+CvInWlS17m iNHcD/PlMm2ndU/3diEzKpYfDiwg9C1mnkdHDKKKP8/UxRK7NInglwOrP64IISVaEhv9 ysCZl6CPzsUFwyH9tBIodyeNNOcdcHojFZ8rnHR6BCaQB94+IfEUy4VtSGDpEEebDRaD cYYnfFGaPHGeTo1Cf8ewI69k3iWEr6DXW6axxvUB8MYTH/T2JTBMA2xWnNoxkBwyGPcd 48pg== X-Forwarded-Encrypted: i=1; AJvYcCVv3QQF2c7BfrE8OJAopiD0wLvA0pBehuklrHzxrtrO7r+Ro7nwzvbxyWEKWJvth5oI62I3bMXXlk2zIVM=@vger.kernel.org X-Gm-Message-State: AOJu0YwmRXO+E7WP7EbYxfLnSHjhVlOnFn0Xrbwjh6PPW2Sp9H088H+y kYpR+8/Po05nwkUQtUN6efyTHECWx9E60/jx94bzakYqGlqy8xCKK5zrDtkWiSAH9sTQkA== X-Gm-Gg: ATEYQzz3b3Wj+W24faDOSRMxQAlxOx/WkS3kuvAE18vbPoTFdLg2ZDbWSIev/m0BNCr fBfBGt2emtdd8HFDYxfAvPEsJst/xUVlwDWDw10mgx3ftYF1chqJaO661ln4AdQ7whmodHEhlGx aLkGhcZ0xnI65EFRQ0b6OUCeL+um3Rm0wIBu0pPtfGJHfgDRWmOVABD9DallF3u79FIEvftF7Eu mqQxR+OPy+xUzRIH27AJ+6aHT0sIIgoNc5wF6wPnc57pletjVGRt2rYEJeegrMGuqDZvFbW7t7h /rEszy8Rbx64RJ2tAdmrm4tl6Ock3gPhEw+wcj/Q9YSfya2tYf86lHDFYMkabQ6E0cQVlc289Nu ve5pHX8q/OFTf8Fqx4j15qg3PWtN3sd/vbOrpWESo4fkFfyyBvHuubYwKrt8edYOrxibP/brsyF 9EhTZipkHjMTk956mvaH64PsAy7tBsASJ2JCdLOdlUFohVCRUnbn7v2c0vab04hYgN+GReRQtSD 2vYveYoByXAndlKm+U2et9aJ9Jo9JUfYKdH2gAF8zNXJYSRtCU= X-Received: by 2002:a17:902:f54d:b0:2b0:673a:7c90 with SMTP id d9443c01a7336-2b0cdcb7203mr145646665ad.28.1774929391550; Mon, 30 Mar 2026 20:56:31 -0700 (PDT) Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa ([240e:34c:5765:500:c92f:4f4e:9953:45b7]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b24266e487sm94680625ad.24.2026.03.30.20.56.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 20:56:31 -0700 (PDT) From: Hangbin Liu Subject: [PATCH net-next 0/4] ynl/ethtool/netlink: warn nla_len overflow for large string sets Date: Tue, 31 Mar 2026 11:56:10 +0800 Message-Id: <20260331-b4-ynl_ethtool-v1-0-dda2a9b55df8@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-B4-Tracking: v=1; b=H4sIAAAAAAAC/x3MQQqEMAxA0atI1gacTEcHryIyaE01IKm0RRTx7 pZZvsX/F0QOwhHa4oLAu0TxmvEqC7DLoDOjTNlAFdXVmwyOBk9df5yW5P2K7tvYyZD7NGQhR1t gJ8d/2IFyQuUjQX/fD4hMEptqAAAA X-Change-ID: 20260324-b4-ynl_ethtool-f87cd42f572c To: Donald Hunter , Jakub Kicinski , "David S. Miller" , Eric Dumazet , Paolo Abeni , Simon Horman , Andrew Lunn Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Hangbin Liu X-Mailer: b4 0.14.3 This series addresses a silent data corruption issue triggered when ynl retrieves string sets from NICs with a large number of statistics entries (e.g. mlx5_core with thousands of ETH_SS_STATS strings). The root cause is that struct nlattr.nla_len is a __u16 (max 65535 bytes). When a NIC exports enough statistics strings, the ETHTOOL_A_STRINGSET_STRINGS nest built by strset_fill_set() exceeds this limit. nla_nest_end() silently truncates the length on assignment, producing a corrupted netlink message. In the doit path the corrupted message is delivered to userspace without any error; in the dumpit path an -EMSGSIZE may be returned if the data does not fit in the dump skb. Patch 1 improves the userspace tool: rename the doit/dumpit helpers to do_set/do_get and convert do_get to use ynl.do() with an explicit device header instead of a full dump with client-side filtering. Patch 2 adds a --dbg-small-recv option to the YNL ethtool tool, matching the same option already present in cli.py, to aid debugging of netlink message size issues. Patch 3 is the kernel fix: check whether the strings_attr nest would exceed U16_MAX before calling nla_nest_end() in strset_fill_set(), and return -EMSGSIZE early if so. Patch 4 adds a generic WARN_ON_ONCE() in nla_nest_end() itself, so that any future caller hitting the same overflow is immediately visible in the kernel log rather than silently corrupting data. --- Hangbin Liu (4): tools: ynl: ethtool: use doit instead of dumpit for per-device GET tools: ynl: ethtool: add --dbg-small-recv option ethtool: strset: check nla_len overflow before nla_nest_end netlink: warn on nla_len overflow in nla_nest_end() include/net/netlink.h | 1 + net/ethtool/strset.c | 4 +++ tools/net/ynl/pyynl/ethtool.py | 77 ++++++++++++++++++++++-------------------- 3 files changed, 46 insertions(+), 36 deletions(-) --- base-commit: dc9e9d61e301c087bcd990dbf2fa18ad3e2e1429 change-id: 20260324-b4-ynl_ethtool-f87cd42f572c Best regards, -- Hangbin Liu