On Thu, Aug 06, 2020 at 03:21:25PM -0700, Eric Dumazet wrote: > converting get_user(...) to copy_from_sockptr(...) really assumed the > optlen > has been validated to be >= sizeof(int) earlier. > > Which is not always the case, for example here.
Yes. And besides the bpfilter mess the main reason I even had to add the sockptr vs just copying optlen in the high-level socket code. Please take a look at the patch in the other thread to just revert to the "dumb" version everywhere.
