From: JingYi Hou <houjingyi...@gmail.com> Date: Thu, 13 Jun 2019 18:44:57 +0800
> In sock_getsockopt(), 'optlen' is fetched the first time from userspace. > 'len < 0' is then checked. Then in condition 'SO_MEMINFO', 'optlen' is > fetched the second time from userspace without check. > > if a malicious user can change it between two fetches may cause security > problems or unexpected behaivor. > > To fix this, we need to recheck it in the second fetch. > > Signed-off-by: JingYi Hou <houjingyi...@gmail.com> THere is no reason to fetch len a second time, so please just remove the get_user() call here instead. Also, please format your Subject line properly with appropriate subsystem prefixes etc.
