Re: [RFC PATCH v2] ipv6: make ipv6_renew_options() interrupt/kernel safe

From: David Miller <davem@davemloft.net>
Date: 2018-07-04 05:28:56
Also in: linux-security-module, selinux

From: Paul Moore <redacted>
Date: Mon, 02 Jul 2018 14:20:52 -0400

-static int ipv6_renew_option(void *ohdr,
-			     struct ipv6_opt_hdr __user *newopt, int newoptlen,
-			     int inherit,
-			     struct ipv6_opt_hdr **hdr,
-			     char **p)
+static void ipv6_renew_option(int renewtype,
+			      struct ipv6_opt_hdr **dest,
+			      struct ipv6_opt_hdr *old,
+			      struct ipv6_opt_hdr *new,
+			      int newtype, char **p)
 {

...

+	p += CMSG_ALIGN(ipv6_optlen(*dest));

I don't think this actually advances the pointer in the caller,
you need something like:

	*p += CMSG_ALIGN(ipv6_optlen(*dest));

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help