From: "Jason A. Donenfeld" <ja...@zx2c4.com> Date: Thu, 9 Nov 2017 13:04:44 +0900
> @@ -2195,13 +2197,15 @@ static int netlink_dump(struct sock *sk) > return 0; > } > > - nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, sizeof(len), NLM_F_MULTI); > - if (!nlh) > + nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, > + sizeof(nlk->dump_done_errno), NLM_F_MULTI); > + if (WARN_ON(!nlh)) > goto errout_skb; If you're handling this by forcing another read() to procude the NLMSG_DONE, then you have no reason to WARN_ON() here. In fact you are adding a WARN_ON() which is trivially triggerable by any user.
