commit 28033ae4e0f ("net: netlink: Update attr validation to require exact 
length for some types") breaks the netlink ABI.

When I give the command:
~$ tipc node set addr 1.1.2

I get the following response:

error: Numerical result out of range
Unable to get TIPC nl family id (module loaded?)
error, message initialisation failed

The module is definitely loaded:

~$ lsmod 
tipc 172032 0 - Live 0xffffffffa0062000
ip6_udp_tunnel 16384 1 tipc, Live 0xffffffffa0034000
udp_tunnel 16384 1 tipc, Live 0xffffffffa0039000

Bisecting reveals that the culprit is the commit referred to above, or more 
exactly the lines:

     if (nla_attr_len[pt->type]) {
                if (attrlen != nla_attr_len[pt->type])
                        return -ERANGE;
                return 0;
        }

This test compares the following values:
attrlen == 4 , 
nla_attr_len[pt->type] == 2

The corresponding code in the tipc tool is:

static int get_family(void)
{
        int err;
        int nl_family;
        struct nlmsghdr *nlh;
        struct genlmsghdr *genl;
        char buf[MNL_SOCKET_BUFFER_SIZE];

        nlh = mnl_nlmsg_put_header(buf);
        nlh->nlmsg_type = GENL_ID_CTRL;
        nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;

        genl = mnl_nlmsg_put_extra_header(nlh, sizeof(struct genlmsghdr));
        genl->cmd = CTRL_CMD_GETFAMILY;
        genl->version = 1;

        mnl_attr_put_u32(nlh, CTRL_ATTR_FAMILY_ID, GENL_ID_CTRL);
        mnl_attr_put_strz(nlh, CTRL_ATTR_FAMILY_NAME, TIPC_GENL_V2_NAME);

        if ((err = msg_query(nlh, family_id_cb, &nl_family)))
                return err;

        return nl_family;
}

I didn't dig further into this, but you will notice that tipc, in contrast to 
most other iproute2 tools, uses libmnl to build messages. Maybe the reason can 
be found there?

BR
Jon Maloy

Reply via email to