Hello, Joan Lledó, le lun. 06 avril 2026 14:00:01 +0200, a ecrit: > From: Joan Lledó <[email protected]> > > There was a code path for when a control block is requested, but AFAIK there > was not path for when it's not requested. > That leaded to the control block being filled with garbage when not requested. > --- > pfinet/linux-src/net/ipv4/ip_sockglue.c | 9 +++++++-- > pfinet/linux-src/net/ipv4/raw.c | 3 +-- > pfinet/linux-src/net/ipv4/udp.c | 3 +-- > pfinet/linux-src/net/ipv6/datagram_ipv6.c | 3 +-- > pfinet/linux-src/net/ipv6/udp_ipv6.c | 3 +-- > 5 files changed, 11 insertions(+), 10 deletions(-) > > diff --git a/pfinet/linux-src/net/ipv4/ip_sockglue.c > b/pfinet/linux-src/net/ipv4/ip_sockglue.c > index 369a6770..5ae4b181 100644 > --- a/pfinet/linux-src/net/ipv4/ip_sockglue.c > +++ b/pfinet/linux-src/net/ipv4/ip_sockglue.c > @@ -119,6 +119,12 @@ void ip_cmsg_recv(struct msghdr *msg, struct sk_buff > *skb) > { > unsigned flags = skb->sk->ip_cmsg_flags; > > + if (flags == 0) { > + msg->msg_control = NULL; > + msg->msg_controllen = 0; > + return; > + } > +
Mmmm, I'm really surprised. When flags is not 0, the ip_cmsg_recv_* calls below end up calling put_cmsg which use msg->msg_control and msg->msg_controllen, without initializing them first, so it's up to callers of ip_cmsg_recv to initialize them? So if you are getting garbage, there is some initialization missing indeed, but it looks wrong to be adding it here. In principle that would be in the earliest caller, i.e. S_io_read, which does initialize the msghdr. So I don't know where it needs to be fixed, but this changes rather looks like hiding a bug than fixing it. Samuel
