On Tue, Feb 14, 2017 at 09:41:35AM +0100, Dmitry Vyukov wrote:

On Tue, Feb 14, 2017 at 8:08 AM, Steffen Klassert
[off-list ref] wrote:

quoted

On Mon, Feb 13, 2017 at 03:46:56PM +0100, Dmitry Vyukov wrote:

quoted

On commit 7089db84e356562f8ba737c29e472cc42d530dbc.


struct flowi4 fl4_stack allocated on stack in udp_sendmsg is being
casted to larger struct flowi and then accessed.

Looks like the problem is when using IPv4-mapped IPv6 addresses.

Does the patch below help?

Steffen, can you please run the reproducer I provided?
I specifically spent time to supply you with a simple, reliable
reproducer. I am not even saying about adding a test case for the bug.
Kernel development practices seem to encourage developers to not
bother with tests. But at least testing a patch that you are sending
looks like a reasonable thing to do.

I tested this with my socket policy testcases of course.
I dont have a IPv4-mapped IPv6 addresses testcase and
changing userspace in my test setup means to rebuild
the system iso image.

Asking for a test is not so uncommon. You have the
testcase, why not running it again?