diff mbox series

[net-next] net: fix uninitialised msghdr->sg_from_iter

Message ID ce8b68b41351488f79fd998b032b3c56e9b1cc6c.1658401817.git.asml.silence@gmail.com (mailing list archive)
State Accepted
Commit 2829a267fca297983b9302fa2cb833757328c857
Delegated to: Netdev Maintainers
Headers show
Series [net-next] net: fix uninitialised msghdr->sg_from_iter | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for net-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 2 this patch: 2
netdev/cc_maintainers warning 4 maintainers not CCed: talalahmad@google.com soheil@google.com edumazet@google.com pabeni@redhat.com
netdev/build_clang success Errors and warnings before: 5 this patch: 5
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 2 this patch: 2
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 8 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Pavel Begunkov July 21, 2022, 2:25 p.m. UTC 
Because of how struct msghdr is usually initialised some fields and
sg_from_iter in particular might be left out not initialised, so we
can't safely use it in __zerocopy_sg_from_iter().

For now use the callback only when there is ->msg_ubuf set relying on
the fact that they're used together and we properly zero ->msg_ubuf.

Fixes: ebe73a284f4de8 ("net: Allow custom iter handler in msghdr")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
---

It's not the best approach long term but let's fix first and later
I'm going to clean up msghdr initialisation.

 net/core/datagram.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

patchwork-bot+netdevbpf@kernel.org July 22, 2022, 10 p.m. UTC | #1 
Hello:

This patch was applied to netdev/net-next.git (master)
by Jakub Kicinski <kuba@kernel.org>:

On Thu, 21 Jul 2022 15:25:46 +0100 you wrote:
> Because of how struct msghdr is usually initialised some fields and
> sg_from_iter in particular might be left out not initialised, so we
> can't safely use it in __zerocopy_sg_from_iter().
> 
> For now use the callback only when there is ->msg_ubuf set relying on
> the fact that they're used together and we properly zero ->msg_ubuf.
> 
> [...]

Here is the summary with links:
  - [net-next] net: fix uninitialised msghdr->sg_from_iter
    https://git.kernel.org/netdev/net-next/c/2829a267fca2

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/core/datagram.c b/net/core/datagram.c
index 28cdb79df74d..ecbc0f471089 100644
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
@@ -619,7 +619,7 @@  int __zerocopy_sg_from_iter(struct msghdr *msg, struct sock *sk,
 {
 	int frag;
 
-	if (msg && msg->sg_from_iter)
+	if (msg && msg->msg_ubuf && msg->sg_from_iter)
 		return msg->sg_from_iter(sk, skb, from, length);
 
 	frag = skb_shinfo(skb)->nr_frags;