On 14/02/2023 18:03, Kevin Brodsky wrote:
On 14/02/2023 13:16, Zachary Leaf wrote:
Looking for additional places this might need updating, possibly worth looking at the following:
- net/socket.c:____sys_recvmsg
- a lot going on here, but I *think* it's fine? some weird pointer math
I did notice this one too, but indeed it's fine as it's only subtracting addresses to calculate some size.
Right, looks fine to me this morning on a second look.
unsigned long cmsg_ptr = (unsigned long)msg_sys->msg_control; [...] sock_recvmsg(msg_sys) [...] __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr, &msg_compat->msg_controllen);
sock_recvmsg() must update the ptr to msg_control by the size of the message, which makes sense in a socket/network context of filling up a buffer with multiple recv's, but otherwise seemed strange yesterday.
- net/ipv6/ipv6_sockglue.c:do_ipv6_setsockopt
- it's been updated for do_ipv6_getsockopt but not do_ipv6_setsockopt?
- sockptr_t optval.is_kernel contains user/kernel status, looks like
something similar to getsockopt is required
Agreed there's something fishy here, I didn't look at it closely enough. It does look like we need at least to initialise msg_control_is_user. Will give it some more thoughts.
Thanks for looking at all of the uses of msg_control again, I thought I had gone through them all but clearly not!
No problem - I didn't find anything else while going through.
Had a scan over the other patches as well so +1 on the series.
Thanks, Zach
Kevin