On Fri, Aug 07, 2020 at 11:20:05AM -0700, Kees Cook wrote: > When refactoring the SCM_RIGHTS code, I accidentally mis-merged my > native/compat diffs, which entirely broke using SCM_RIGHTS in compat > mode. Use the correct helper. > > Reported-by: Christian Zigotzky <chzigot...@xenosoft.de> > Link: https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-August/216156.html > Reported-by: "Alex Xu (Hello71)" <alex_y...@yahoo.ca> > Link: https://lore.kernel.org/lkml/1596812929.lz7fuo8r2w.none@localhost/ > Suggested-by: Thadeu Lima de Souza Cascardo <casca...@canonical.com> > Fixes: c0029de50982 ("net/scm: Regularize compat handling of > scm_detach_fds()") > Signed-off-by: Kees Cook <keesc...@chromium.org> > ---
Oh fun, Acked-by: Christian Brauner <christian.brau...@ubuntu.com> Thanks for fixing this quickly, Kees! I already built stuff on top of the notifier fd injection work we did this cycle so it's great that we don't have to revert this! > net/compat.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/compat.c b/net/compat.c > index 703acb51c698..95ce707a30a3 100644 > --- a/net/compat.c > +++ b/net/compat.c > @@ -294,7 +294,7 @@ void scm_detach_fds_compat(struct msghdr *msg, struct > scm_cookie *scm) > (struct compat_cmsghdr __user *)msg->msg_control; > unsigned int o_flags = (msg->msg_flags & MSG_CMSG_CLOEXEC) ? O_CLOEXEC > : 0; > int fdmax = min_t(int, scm_max_fds_compat(msg), scm->fp->count); > - int __user *cmsg_data = CMSG_USER_DATA(cm); > + int __user *cmsg_data = CMSG_COMPAT_DATA(cm); > int err = 0, i; > > for (i = 0; i < fdmax; i++) { > -- > 2.25.1 > > > -- > Kees Cook