summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArjun Roy <arjunroy@google.com>2021-05-06 15:35:30 -0700
committerJakub Kicinski <kuba@kernel.org>2021-05-06 18:05:35 -0700
commita6f8ee58a8e35f7e4380a5efce312e2a5bc27497 (patch)
treeaec7b0174d722130592496eba7eace14321c633f
parentcbaf3f6af9c268caf558c8e7ec52bcb35c5455dd (diff)
downloadlinux-stable-a6f8ee58a8e35f7e4380a5efce312e2a5bc27497.tar.gz
linux-stable-a6f8ee58a8e35f7e4380a5efce312e2a5bc27497.tar.bz2
linux-stable-a6f8ee58a8e35f7e4380a5efce312e2a5bc27497.zip
tcp: Specify cmsgbuf is user pointer for receive zerocopy.
A prior change (1f466e1f15cf) introduces separate handling for ->msg_control depending on whether the pointer is a kernel or user pointer. However, while tcp receive zerocopy is using this field, it is not properly annotating that the buffer in this case is a user pointer. This can cause faults when the improper mechanism is used within put_cmsg(). This patch simply annotates tcp receive zerocopy's use as explicitly being a user pointer. Fixes: 7eeba1706eba ("tcp: Add receive timestamp support for receive zerocopy.") Signed-off-by: Arjun Roy <arjunroy@google.com> Acked-by: Soheil Hassas Yeganeh <soheil@google.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20210506223530.2266456-1-arjunroy.kdev@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-rw-r--r--net/ipv4/tcp.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index e14fd0c50c10..f1c1f9e3de72 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2039,6 +2039,7 @@ static void tcp_zc_finalize_rx_tstamp(struct sock *sk,
(__kernel_size_t)zc->msg_controllen;
cmsg_dummy.msg_flags = in_compat_syscall()
? MSG_CMSG_COMPAT : 0;
+ cmsg_dummy.msg_control_is_user = true;
zc->msg_flags = 0;
if (zc->msg_control == msg_control_addr &&
zc->msg_controllen == cmsg_dummy.msg_controllen) {