From: Arjun Roy <arjunroy@google.com>
Date: Thu, 6 May 2021 22:35:30 +0000 (-0700)
Subject: tcp: Specify cmsgbuf is user pointer for receive zerocopy.
X-Git-Tag: baikal/mips/sdk5.9~10963^2~5
X-Git-Url: https://git.baikalelectronics.ru/?a=commitdiff_plain;h=5025c70b06f495b95b4d0786f6f3c64950f3a50c;p=kernel.git

tcp: Specify cmsgbuf is user pointer for receive zerocopy.

A prior change (4126eac58915) introduces separate handling for
->msg_control depending on whether the pointer is a kernel or user
pointer. However, while tcp receive zerocopy is using this field, it
is not properly annotating that the buffer in this case is a user
pointer. This can cause faults when the improper mechanism is used
within put_cmsg().

This patch simply annotates tcp receive zerocopy's use as explicitly
being a user pointer.

Fixes: 123d42faa54f ("tcp: Add receive timestamp support for receive zerocopy.")
Signed-off-by: Arjun Roy <arjunroy@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20210506223530.2266456-1-arjunroy.kdev@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index e14fd0c50c102..f1c1f9e3de723 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2039,6 +2039,7 @@ static void tcp_zc_finalize_rx_tstamp(struct sock *sk,
 		(__kernel_size_t)zc->msg_controllen;
 	cmsg_dummy.msg_flags = in_compat_syscall()
 		? MSG_CMSG_COMPAT : 0;
+	cmsg_dummy.msg_control_is_user = true;
 	zc->msg_flags = 0;
 	if (zc->msg_control == msg_control_addr &&
 	    zc->msg_controllen == cmsg_dummy.msg_controllen) {