{"id":2228168,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2228168/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260425155140.50186-4-deller@kernel.org/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.1/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260425155140.50186-4-deller@kernel.org>","date":"2026-04-25T15:51:29","name":"[PULL,03/14] linux-user: fix off-by-one in host_to_target_for_each_rtattr()","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"70072080fdd4c7e4d4957443f33b232572602c24","submitter":{"id":87076,"url":"http://patchwork.ozlabs.org/api/1.1/people/87076/?format=json","name":"Helge Deller","email":"deller@kernel.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260425155140.50186-4-deller@kernel.org/mbox/","series":[{"id":501448,"url":"http://patchwork.ozlabs.org/api/1.1/series/501448/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=501448","date":"2026-04-25T15:51:29","name":"[PULL,01/14] MAINTAINERS: Add myself as maintainer for linux-user","version":1,"mbox":"http://patchwork.ozlabs.org/series/501448/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2228168/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2228168/checks/","tags":{},"headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=H4NIPMSB;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g2vV36wHZz1yHv\n\tfor <incoming@patchwork.ozlabs.org>; Sun, 26 Apr 2026 01:52:27 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1wGfIk-00085A-8w; Sat, 25 Apr 2026 11:52:15 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <deller@kernel.org>) id 1wGfIV-00080e-Gy\n for qemu-devel@nongnu.org; Sat, 25 Apr 2026 11:52:00 -0400","from sea.source.kernel.org ([172.234.252.31])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <deller@kernel.org>) id 1wGfIS-00012E-De\n for qemu-devel@nongnu.org; Sat, 25 Apr 2026 11:51:59 -0400","from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])\n by sea.source.kernel.org (Postfix) with ESMTP id DBEBA41870;\n Sat, 25 Apr 2026 15:51:49 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id 55078C2BCB0;\n Sat, 25 Apr 2026 15:51:48 +0000 (UTC)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n s=k20201202; t=1777132309;\n bh=qF/E4NTHGEzqRslmvhkeGAs4imRoAsHDEXNz7p4ViJw=;\n h=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n b=H4NIPMSBbUr009kNoUD+po6B9WSBkj6XtlRPF77vlB+o4upnfeHJilSnycAVHGxwm\n kPZr1bFr+qs7yC+aaIKJVdY2cCbF6gv5qWMGbiGQpGBWGlnEp76u86hFCF776PK507\n LMkPfJK/nSlHTg4vNSZxhkT8HuEshQjG9+zIGO8jAai3XSMw1K7Mx1PpGufW/pd6ER\n Lhz8GL1J5NsIhOThqrNal3iUs6b1K/Y7bpza0eIlSrsn5VB13Ycxsa+1vT1vbW4Ilj\n bI6oCRiUsII7e+drYJTOmaAwEva6jCyIrpG4KVGx7BsHTQXR+QX63cf1hbsBb9BdTY\n C+d/LhRhfECRA==","From":"Helge Deller <deller@kernel.org>","To":"qemu-devel@nongnu.org","Cc":"Helge Deller <deller@gmx.de>, Jiaxun Yang <jiaxun.yang@flygoat.com>,\n Laurent Vivier <laurent@vivier.eu>,\n Pierrick Bouvier <pierrick.bouvier@linaro.org>, =?utf-8?q?Philippe_Mathieu-?=\n\t=?utf-8?q?Daud=C3=A9?= <philmd@linaro.org>","Subject":"[PULL 03/14] linux-user: fix off-by-one in\n host_to_target_for_each_rtattr()","Date":"Sat, 25 Apr 2026 17:51:29 +0200","Message-ID":"<20260425155140.50186-4-deller@kernel.org>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260425155140.50186-1-deller@kernel.org>","References":"<20260425155140.50186-1-deller@kernel.org>","MIME-Version":"1.0","Content-Type":"text/plain; charset=UTF-8","Content-Transfer-Encoding":"8bit","Received-SPF":"pass client-ip=172.234.252.31; envelope-from=deller@kernel.org;\n helo=sea.source.kernel.org","X-Spam_score_int":"-20","X-Spam_score":"-2.1","X-Spam_bar":"--","X-Spam_report":"(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development <qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<https://lists.nongnu.org/archive/html/qemu-devel>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"From: Yixin Wei <easonwei1998@gmail.com>\n\nhost_to_target_for_each_rtattr() uses \"len > sizeof(struct rtattr)\"\nas its loop condition. When the last rtattr in a netlink message has\nexactly sizeof(struct rtattr) (4) bytes remaining, the loop exits\nwithout byte-swapping its rta_len and rta_type. A big-endian guest\nthen reads rta_len in the wrong byte order and fails validation.\n\nThe companion function target_to_host_for_each_rtattr() correctly\nuses \">=\" (added in commit fa2229dbf8). The kernel's RTA_OK macro\nalso uses \">=\". Fix the host_to_target direction to match.\n\nResolves: https://gitlab.com/qemu-project/qemu/-/issues/2485\nSigned-off-by: Yixin Wei <yixinwei@meta.com>\nFixes: 6c5b5645ae0 (\"linux-user: add rtnetlink(7) support\")\nReviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>\nSigned-off-by: Helge Deller <deller@gmx.de>\nCc: qemu-stable@nongnu.org\n---\n linux-user/fd-trans.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)","diff":"diff --git a/linux-user/fd-trans.c b/linux-user/fd-trans.c\nindex 64dd0745d2..7f55a0690b 100644\n--- a/linux-user/fd-trans.c\n+++ b/linux-user/fd-trans.c\n@@ -480,7 +480,7 @@ static abi_long host_to_target_for_each_rtattr(struct rtattr *rtattr,\n     unsigned short aligned_rta_len;\n     abi_long ret;\n \n-    while (len > sizeof(struct rtattr)) {\n+    while (len >= sizeof(struct rtattr)) {\n         rta_len = rtattr->rta_len;\n         if (rta_len < sizeof(struct rtattr) ||\n             rta_len > len) {\n","prefixes":["PULL","03/14"]}