When refactoring the SCM_RIGHTS code, I accidentally mis-merged my native/compat diffs, which entirely broke using SCM_RIGHTS in compat mode. Use the correct helper.
Reported-by: Christian Zigotzky <chzigot...@xenosoft.de> Link: https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-August/216156.html Reported-by: "Alex Xu (Hello71)" <alex_y...@yahoo.ca> Link: https://lore.kernel.org/lkml/1596812929.lz7fuo8r2w.none@localhost/ Suggested-by: Thadeu Lima de Souza Cascardo <casca...@canonical.com> Fixes: c0029de50982 ("net/scm: Regularize compat handling of scm_detach_fds()") Signed-off-by: Kees Cook <keesc...@chromium.org> --- net/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/compat.c b/net/compat.c index 703acb51c698..95ce707a30a3 100644 --- a/net/compat.c +++ b/net/compat.c @@ -294,7 +294,7 @@ void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm) (struct compat_cmsghdr __user *)msg->msg_control; unsigned int o_flags = (msg->msg_flags & MSG_CMSG_CLOEXEC) ? O_CLOEXEC : 0; int fdmax = min_t(int, scm_max_fds_compat(msg), scm->fp->count); - int __user *cmsg_data = CMSG_USER_DATA(cm); + int __user *cmsg_data = CMSG_COMPAT_DATA(cm); int err = 0, i; for (i = 0; i < fdmax; i++) { -- 2.25.1 -- Kees Cook
