From 60daf8d40b80ccbd593930235aea9ee82ea8dbc2 Mon Sep 17 00:00:00 2001 From: Kevin Brodsky Date: Thu, 13 Apr 2023 12:47:04 +0100 Subject: [PATCH] net/compat: Update msg_control_is_user when setting a kernel pointer cmsghdr_from_user_compat_to_kern() is an unusual case w.r.t. how the kmsg->msg_control* fields are used. The input struct msghdr holds a pointer to a user buffer, i.e. ksmg->msg_control_user is active. However, upon success, a kernel pointer is stored in kmsg->msg_control. kmsg->msg_control_is_user should therefore be updated accordingly. Cc: Christoph Hellwig Cc: Eric Dumazet Cc: "David S. Miller" Cc: Jakub Kicinski Signed-off-by: Kevin Brodsky Reviewed-by: Christoph Hellwig Signed-off-by: David S. Miller --- net/compat.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/compat.c b/net/compat.c index 000a2e054d4c..6564720f32b7 100644 --- a/net/compat.c +++ b/net/compat.c @@ -211,6 +211,7 @@ int cmsghdr_from_user_compat_to_kern(struct msghdr *kmsg, struct sock *sk, goto Einval; /* Ok, looks like we made it. Hook it up and return success. */ + kmsg->msg_control_is_user = false; kmsg->msg_control = kcmsg_base; kmsg->msg_controllen = kcmlen; return 0;