[PATCH] um: Fix FD copy size in os_rcv_fd_msg()

Tiwei Bie Sun, 31 Aug 2025 17:28:44 -0700

From: Tiwei Bie <[email protected]>

When copying FDs, the copy size should not include the control
message header (cmsghdr). Fix it.


Fixes: 5cde6096a4dd ("um: generalize os_rcv_fd")
Signed-off-by: Tiwei Bie <[email protected]>
---
 arch/um/os-Linux/file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/um/os-Linux/file.c b/arch/um/os-Linux/file.c
index 617886d1fb1e..21f0e50fb1df 100644
--- a/arch/um/os-Linux/file.c
+++ b/arch/um/os-Linux/file.c
@@ -535,7 +535,7 @@ ssize_t os_rcv_fd_msg(int fd, int *fds, unsigned int n_fds,
            cmsg->cmsg_type != SCM_RIGHTS)
                return n;
 
-       memcpy(fds, CMSG_DATA(cmsg), cmsg->cmsg_len);
+       memcpy(fds, CMSG_DATA(cmsg), cmsg->cmsg_len - CMSG_LEN(0));
        return n;
 }
 
-- 
2.34.1

[PATCH] um: Fix FD copy size in os_rcv_fd_msg()

Reply via email to