On 11/19/24 14:31, Michal Luczaj wrote: > Some callers misinterpret copy_from_sockptr()'s return value. The function > follows copy_from_user(), i.e. returns 0 for success, or the number of > bytes not copied on error. Simply returning the result in a non-zero case > isn't usually what was intended. > > Compile tested with CONFIG_LLC, CONFIG_AF_RXRPC, CONFIG_BT enabled. > > Last patch probably belongs more to net-next, if any. Here as an RFC. > > Suggested-by: Jakub Kicinski <kuba@xxxxxxxxxx> > Signed-off-by: Michal Luczaj <mhal@xxxxxxx> > --- > Changes in v3: > - rxrpc/llc: Drop the non-essential changes > - rxrpc/llc: Replace the deprecated copy_from_sockptr() with > copy_safe_from_sockptr() [David Wei] > - Collect Reviewed-by [David Wei] > - Link to v2: https://lore.kernel.org/r/20241115-sockptr-copy-fixes-v2-0-9b1254c18b7a@xxxxxxx > > Changes in v2: > - Fix the fix of llc_ui_setsockopt() > - Switch "bluetooth:" to "Bluetooth:" [bluez.test.bot] > - Collect Reviewed-by [Luiz Augusto von Dentz] > - Link to v1: https://lore.kernel.org/r/20241115-sockptr-copy-fixes-v1-0-d183c87fcbd5@xxxxxxx > > --- > Michal Luczaj (4): > Bluetooth: Improve setsockopt() handling of malformed user input > llc: Improve setsockopt() handling of malformed user input > rxrpc: Improve setsockopt() handling of malformed user input > net: Comment copy_from_sockptr() explaining its behaviour I guess we can apply directly patch 2-4, but patch 1 should go via the BT tree. @Luiz, @David, are you ok with that? Thanks, Paolo
