Re: [PATCH v5 01/11] net: qrtr: ns: validate msglen before ctrl_pkt use

[Jakub Kicinski]

On Tue, 12 Aug 2025 03:35:27 +0200 Mihai Moldovan wrote:
> The qrtr_ctrl_pkt structure is currently accessed without checking
> if the received payload is large enough to hold the structure's fields.
> Add a check to ensure the payload length is sufficient.
> 
> Signed-off-by: Denis Kenzior <denkenz@xxxxxxxxx>
> Reviewed-by: Marcel Holtmann <marcel@xxxxxxxxxxxx>
> Reviewed-by: Andy Gross <agross@xxxxxxxxxx>
> Signed-off-by: Mihai Moldovan <ionic@xxxxxxxx>
> Fixes: 0c2204a4ad71 ("net: qrtr: Migrate nameservice to kernel from userspace")

If this is a fix it has to go to net, then once it reaches Linus's tree
the dependent patches should be reposted for net-next.

> diff --git a/net/qrtr/ns.c b/net/qrtr/ns.c
> index 3de9350cbf30..2bcfe539dc3e 100644
> --- a/net/qrtr/ns.c
> +++ b/net/qrtr/ns.c
> @@ -619,6 +619,9 @@ static void qrtr_ns_worker(struct work_struct *work)
>  			break;
>  		}
>  
> +		if ((size_t)msglen < sizeof(*pkt))
> +			break;

why not continue?