From: Eric Dumazet <eduma...@google.com> We need to store cmlen instead of len in cm->cmsg_len.
Fixes: 38ebcf5096a8 ("scm: optimize put_cmsg()") Signed-off-by: Eric Dumazet <eduma...@google.com> Reported-by: Jakub Kicinski <k...@kernel.org> --- net/core/scm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/scm.c b/net/core/scm.c index bd96c922041d22a2f3b7ee73e4b3183316f9b616..ae3085d9aae8adb81d3bb42c8a915a205476a0ee 100644 --- a/net/core/scm.c +++ b/net/core/scm.c @@ -232,7 +232,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) if (!user_write_access_begin(cm, cmlen)) goto efault; - unsafe_put_user(len, &cm->cmsg_len, efault_end); + unsafe_put_user(cmlen, &cm->cmsg_len, efault_end); unsafe_put_user(level, &cm->cmsg_level, efault_end); unsafe_put_user(type, &cm->cmsg_type, efault_end); unsafe_copy_to_user(CMSG_USER_DATA(cm), data, -- 2.31.1.368.gbe11c130af-goog