From: Christoph Hellwig <hch@lst.de>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Christoph Hellwig <hch@lst.de>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/3] net: cleanly handle kernel vs user buffers for ->msg_control
Date: Wed, 13 May 2020 18:58:50 +0200 [thread overview]
Message-ID: <20200513165850.GA26121@lst.de> (raw)
In-Reply-To: <b9728e02-e317-2aa6-9ed4-723ee3abfb78@gmail.com>
On Wed, May 13, 2020 at 09:18:36AM -0700, Eric Dumazet wrote:
> Please try the following syzbot repro, since it crashes after your patch.
Doesn't crash here, but I could totally see why it could depending
in the stack initialization. Please try the patch below - these
msghdr intance were something I missed because they weren't using
any highlevel recvmsg interfaces. I'll do another round of audits
to see if there is anything else.
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 18d05403d3b52..a0e50cc57e545 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -1075,6 +1075,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
msg.msg_control = optval;
msg.msg_controllen = len;
msg.msg_flags = flags;
+ msg.msg_control_is_user = true;
lock_sock(sk);
skb = np->pktoptions;
next prev parent reply other threads:[~2020-05-13 16:58 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-11 11:59 improve msg_control kernel vs user pointer handling Christoph Hellwig
2020-05-11 11:59 ` [PATCH 1/3] net: add a CMSG_USER_DATA macro Christoph Hellwig
2020-05-12 8:28 ` Sergei Shtylyov
2020-05-13 6:03 ` Christoph Hellwig
2020-05-11 11:59 ` [PATCH 2/3] net/scm: cleanup scm_detach_fds Christoph Hellwig
2020-05-13 9:29 ` Ido Schimmel
2020-05-13 9:49 ` Christoph Hellwig
2020-05-13 9:58 ` Ido Schimmel
2020-05-13 10:10 ` Christoph Hellwig
2020-05-13 10:17 ` Christoph Hellwig
2020-05-13 10:31 ` Ido Schimmel
2020-05-11 11:59 ` [PATCH 3/3] net: cleanly handle kernel vs user buffers for ->msg_control Christoph Hellwig
2020-05-13 15:41 ` Eric Dumazet
2020-05-13 16:09 ` Christoph Hellwig
2020-05-13 16:18 ` Eric Dumazet
2020-05-13 16:58 ` Christoph Hellwig [this message]
2020-05-12 0:00 ` improve msg_control kernel vs user pointer handling David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200513165850.GA26121@lst.de \
--to=hch@lst.de \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).