Hi Paolo, On Tue, Nov 26, 2024 at 4:00 AM Paolo Abeni <pabeni@xxxxxxxxxx> wrote: > > On 11/19/24 14:31, Michal Luczaj wrote: > > Some callers misinterpret copy_from_sockptr()'s return value. The function > > follows copy_from_user(), i.e. returns 0 for success, or the number of > > bytes not copied on error. Simply returning the result in a non-zero case > > isn't usually what was intended. > > > > Compile tested with CONFIG_LLC, CONFIG_AF_RXRPC, CONFIG_BT enabled. > > > > Last patch probably belongs more to net-next, if any. Here as an RFC. > > > > Suggested-by: Jakub Kicinski <kuba@xxxxxxxxxx> > > Signed-off-by: Michal Luczaj <mhal@xxxxxxx> > > --- > > Changes in v3: > > - rxrpc/llc: Drop the non-essential changes > > - rxrpc/llc: Replace the deprecated copy_from_sockptr() with > > copy_safe_from_sockptr() [David Wei] > > - Collect Reviewed-by [David Wei] > > - Link to v2: https://lore.kernel.org/r/20241115-sockptr-copy-fixes-v2-0-9b1254c18b7a@xxxxxxx > > > > Changes in v2: > > - Fix the fix of llc_ui_setsockopt() > > - Switch "bluetooth:" to "Bluetooth:" [bluez.test.bot] > > - Collect Reviewed-by [Luiz Augusto von Dentz] > > - Link to v1: https://lore.kernel.org/r/20241115-sockptr-copy-fixes-v1-0-d183c87fcbd5@xxxxxxx > > > > --- > > Michal Luczaj (4): > > Bluetooth: Improve setsockopt() handling of malformed user input > > llc: Improve setsockopt() handling of malformed user input > > rxrpc: Improve setsockopt() handling of malformed user input > > net: Comment copy_from_sockptr() explaining its behaviour > > I guess we can apply directly patch 2-4, but patch 1 should go via the > BT tree. @Luiz, @David, are you ok with that? Sure, I can apply that one if there is no dependency on the others. > Thanks, > > Paolo > -- Luiz Augusto von Dentz
