When refactoring the SCM_RIGHTS code, I accidentally mis-merged my
native/compat diffs, which entirely broke using SCM_RIGHTS in compat
mode. Use the correct helper.
Reported-by: Christian Zigotzky <[email protected]>
Link: https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-August/216156.html
Reported-by: "Alex Xu (Hello71)" <[email protected]>
Link: https://lore.kernel.org/lkml/1596812929.lz7fuo8r2w.none@localhost/
Suggested-by: Thadeu Lima de Souza Cascardo <[email protected]>
Fixes: c0029de50982 ("net/scm: Regularize compat handling of scm_detach_fds()")
Signed-off-by: Kees Cook <[email protected]>
---
net/compat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/compat.c b/net/compat.c
index 703acb51c698..95ce707a30a3 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -294,7 +294,7 @@ void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm)
(struct compat_cmsghdr __user *)msg->msg_control;
unsigned int o_flags = (msg->msg_flags & MSG_CMSG_CLOEXEC) ? O_CLOEXEC : 0;
int fdmax = min_t(int, scm_max_fds_compat(msg), scm->fp->count);
- int __user *cmsg_data = CMSG_USER_DATA(cm);
+ int __user *cmsg_data = CMSG_COMPAT_DATA(cm);
int err = 0, i;
for (i = 0; i < fdmax; i++) {
--
2.25.1
--
Kees Cook
On Fri, Aug 07, 2020 at 11:20:05AM -0700, Kees Cook wrote:
> When refactoring the SCM_RIGHTS code, I accidentally mis-merged my
> native/compat diffs, which entirely broke using SCM_RIGHTS in compat
> mode. Use the correct helper.
>
> Reported-by: Christian Zigotzky <[email protected]>
> Link: https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-August/216156.html
> Reported-by: "Alex Xu (Hello71)" <[email protected]>
> Link: https://lore.kernel.org/lkml/1596812929.lz7fuo8r2w.none@localhost/
> Suggested-by: Thadeu Lima de Souza Cascardo <[email protected]>
> Fixes: c0029de50982 ("net/scm: Regularize compat handling of scm_detach_fds()")
> Signed-off-by: Kees Cook <[email protected]>
Hi, Kees.
You might want to add the Teste-by line that Alex Xu sent. And if my ack adds
any value on top of Suggested-by, here it goes:
Acked-by: Thadeu Lima de Souza Cascardo <[email protected]>
Thanks.
Cascardo.
> ---
> net/compat.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/compat.c b/net/compat.c
> index 703acb51c698..95ce707a30a3 100644
> --- a/net/compat.c
> +++ b/net/compat.c
> @@ -294,7 +294,7 @@ void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm)
> (struct compat_cmsghdr __user *)msg->msg_control;
> unsigned int o_flags = (msg->msg_flags & MSG_CMSG_CLOEXEC) ? O_CLOEXEC : 0;
> int fdmax = min_t(int, scm_max_fds_compat(msg), scm->fp->count);
> - int __user *cmsg_data = CMSG_USER_DATA(cm);
> + int __user *cmsg_data = CMSG_COMPAT_DATA(cm);
> int err = 0, i;
>
> for (i = 0; i < fdmax; i++) {
> --
> 2.25.1
>
>
> --
> Kees Cook
On Fri, Aug 07, 2020 at 11:20:05AM -0700, Kees Cook wrote:
> When refactoring the SCM_RIGHTS code, I accidentally mis-merged my
> native/compat diffs, which entirely broke using SCM_RIGHTS in compat
> mode. Use the correct helper.
>
> Reported-by: Christian Zigotzky <[email protected]>
> Link: https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-August/216156.html
> Reported-by: "Alex Xu (Hello71)" <[email protected]>
> Link: https://lore.kernel.org/lkml/1596812929.lz7fuo8r2w.none@localhost/
> Suggested-by: Thadeu Lima de Souza Cascardo <[email protected]>
> Fixes: c0029de50982 ("net/scm: Regularize compat handling of scm_detach_fds()")
> Signed-off-by: Kees Cook <[email protected]>
> ---
Oh fun,
Acked-by: Christian Brauner <[email protected]>
Thanks for fixing this quickly, Kees! I already built stuff on top of
the notifier fd injection work we did this cycle so it's great that we
don't have to revert this!
> net/compat.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/compat.c b/net/compat.c
> index 703acb51c698..95ce707a30a3 100644
> --- a/net/compat.c
> +++ b/net/compat.c
> @@ -294,7 +294,7 @@ void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm)
> (struct compat_cmsghdr __user *)msg->msg_control;
> unsigned int o_flags = (msg->msg_flags & MSG_CMSG_CLOEXEC) ? O_CLOEXEC : 0;
> int fdmax = min_t(int, scm_max_fds_compat(msg), scm->fp->count);
> - int __user *cmsg_data = CMSG_USER_DATA(cm);
> + int __user *cmsg_data = CMSG_COMPAT_DATA(cm);
> int err = 0, i;
>
> for (i = 0; i < fdmax; i++) {
> --
> 2.25.1
>
>
> --
> Kees Cook