On Mon, Mar 18, 2019 at 2:14 PM Andrey Konovalov [off-list ref] wrote:

On Fri, Mar 15, 2019 at 9:03 PM Eric Dumazet [off-list ref] wrote:

quoted

On 03/15/2019 12:51 PM, Andrey Konovalov wrote:

quoted

This patch is a part of a series that extends arm64 kernel ABI to allow to
pass tagged user pointers (with the top byte set to something else other
than 0x00) as syscall arguments.

tcp_zerocopy_receive() uses provided user pointers for vma lookups, which
can only by done with untagged pointers.

Untag user pointers in this function.

Signed-off-by: Andrey Konovalov <redacted>
---
 net/ipv4/tcp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 6baa6dc1b13b..89db3b4fc753 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c

@@ -1758,6 +1758,8 @@ static int tcp_zerocopy_receive(struct sock *sk,
      int inq;
      int ret;

+     address = untagged_addr(address);
+
      if (address & (PAGE_SIZE - 1) || address != zc->address)

The second test will fail, if the top bits are changed in address but not in zc->address

Will fix in v12, thanks Eric!

Looking at the code, what's the point of this address != zc->address
check? Should I just remove it?

quoted

quoted

              return -EINVAL;