git.monstr.eu Git - linux-2.6-microblaze.git/commit

author	Lukas Bulwahn <lukas.bulwahn@gmail.com>
	Fri, 27 Nov 2020 09:34:21 +0000 (10:34 +0100)
committer	Jakub Kicinski <kuba@kernel.org>
	Tue, 1 Dec 2020 19:42:33 +0000 (11:42 -0800)
commit	9e39394faef6d436f0c9900d2a5c690c13bc1cac
tree	d86dc86097fa00fba6fbb71a4fc375f61959551c	tree \| snapshot
parent	fa69ee5aa48b5b52e8028c2eb486906e9998d081	commit \| diff

net/ipv6: propagate user pointer annotation

For IPV6_2292PKTOPTIONS, do_ipv6_getsockopt() stores the user pointer
optval in the msg_control field of the msghdr.

Hence, sparse rightfully warns at ./net/ipv6/ipv6_sockglue.c:1151:33:

  warning: incorrect type in assignment (different address spaces)
      expected void *msg_control
      got char [noderef] __user *optval

Since commit 1f466e1f15cf ("net: cleanly handle kernel vs user buffers for
->msg_control"), user pointers shall be stored in the msg_control_user
field, and kernel pointers in the msg_control field. This allows to
propagate __user annotations nicely through this struct.

Store optval in msg_control_user to properly record and propagate the
memory space annotation of this pointer.

Note that msg_control_is_user is set to true, so the key invariant, i.e.,
use msg_control_user if and only if msg_control_is_user is true, holds.

The msghdr is further used in the six alternative put_cmsg() calls, with
msg_control_is_user being true, put_cmsg() picks msg_control_user
preserving the __user annotation and passes that properly to
copy_to_user().

No functional change. No change in object code.

Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20201127093421.21673-1-lukas.bulwahn@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>