summaryrefslogtreecommitdiff
path: root/net/sunrpc/auth_null.c
diff options
context:
space:
mode:
authorAl Viro <viro@ZenIV.linux.org.uk>2017-08-14 21:31:38 +0200
committerDavid S. Miller <davem@davemloft.net>2017-08-14 22:26:51 -0700
commit42b7305905be52e467bbc346b0f2f95ad44eb1a0 (patch)
treedc523c0b1f3b8b02f1ae3cfb43f216a79b781178 /net/sunrpc/auth_null.c
parente5645f51ba99738b0e5d708edf9c6454f33b9310 (diff)
udp: fix linear skb reception with PEEK_OFF
copy_linear_skb() is broken; both of its callers actually expect 'len' to be the amount we are trying to copy, not the offset of the end. Fix it keeping the meanings of arguments in sync with what the callers (both of them) expect. Also restore a saner behavior on EFAULT (i.e. preserving the iov_iter position in case of failure): The commit fd851ba9caa9 ("udp: harden copy_linear_skb()") avoids the more destructive effect of the buggy copy_linear_skb(), e.g. no more invalid memory access, but said function still behaves incorrectly: when peeking with offset it can fail with EINVAL instead of copying the appropriate amount of memory. Reported-by: Sasha Levin <alexander.levin@verizon.com> Fixes: b65ac44674dd ("udp: try to avoid 2 cache miss on dequeue") Fixes: fd851ba9caa9 ("udp: harden copy_linear_skb()") Signed-off-by: Al Viro <viro@ZenIV.linux.org.uk> Acked-by: Paolo Abeni <pabeni@redhat.com> Tested-by: Sasha Levin <alexander.levin@verizon.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sunrpc/auth_null.c')
0 files changed, 0 insertions, 0 deletions