diff options
author | Arjun Roy <arjunroy@google.com> | 2021-05-06 15:35:30 -0700 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2021-05-06 18:05:35 -0700 |
commit | a6f8ee58a8e35f7e4380a5efce312e2a5bc27497 (patch) | |
tree | aec7b0174d722130592496eba7eace14321c633f | |
parent | cbaf3f6af9c268caf558c8e7ec52bcb35c5455dd (diff) | |
download | linux-stable-a6f8ee58a8e35f7e4380a5efce312e2a5bc27497.tar.gz linux-stable-a6f8ee58a8e35f7e4380a5efce312e2a5bc27497.tar.bz2 linux-stable-a6f8ee58a8e35f7e4380a5efce312e2a5bc27497.zip |
tcp: Specify cmsgbuf is user pointer for receive zerocopy.
A prior change (1f466e1f15cf) introduces separate handling for
->msg_control depending on whether the pointer is a kernel or user
pointer. However, while tcp receive zerocopy is using this field, it
is not properly annotating that the buffer in this case is a user
pointer. This can cause faults when the improper mechanism is used
within put_cmsg().
This patch simply annotates tcp receive zerocopy's use as explicitly
being a user pointer.
Fixes: 7eeba1706eba ("tcp: Add receive timestamp support for receive zerocopy.")
Signed-off-by: Arjun Roy <arjunroy@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20210506223530.2266456-1-arjunroy.kdev@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-rw-r--r-- | net/ipv4/tcp.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index e14fd0c50c10..f1c1f9e3de72 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -2039,6 +2039,7 @@ static void tcp_zc_finalize_rx_tstamp(struct sock *sk, (__kernel_size_t)zc->msg_controllen; cmsg_dummy.msg_flags = in_compat_syscall() ? MSG_CMSG_COMPAT : 0; + cmsg_dummy.msg_control_is_user = true; zc->msg_flags = 0; if (zc->msg_control == msg_control_addr && zc->msg_controllen == cmsg_dummy.msg_controllen) { |