commit 0b7f41f68710ccbf7d029c749616e5d26ae8f74d
author Arjun Roy <arjunroy@google.com> Tue Feb 25 12:38:54 2020 -0800
committer David S. Miller <davem@davemloft.net> Wed Feb 26 20:24:22 2020 -0800
tree b9873f953bf4389af332e307fa55efa8d613f11e
parent ebb4a4bf76f164457184a3f43ebc1552416bc823

tcp-zerocopy: Update returned getsockopt() optlen.

TCP receive zerocopy currently does not update the returned optlen for
getsockopt() if the user passed in a larger than expected value.
Thus, userspace cannot properly determine if all the fields are set in
the passed-in struct. This patch sets the optlen for this case before
returning, in keeping with the expected operation of getsockopt().

Fixes: c8856c051454 ("tcp-zerocopy: Return inq along with tcp receive zerocopy.")
Signed-off-by: Arjun Roy <arjunroy@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ipv4/tcp.c

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 1b68548..48aa457 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3669,8 +3669,11 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
 			return -EFAULT;
 		if (len < offsetofend(struct tcp_zerocopy_receive, length))
 			return -EINVAL;
-		if (len > sizeof(zc))
+		if (len > sizeof(zc)) {
 			len = sizeof(zc);
+			if (put_user(len, optlen))
+				return -EFAULT;
+		}
 		if (copy_from_user(&zc, optval, len))
 			return -EFAULT;
 		lock_sock(sk);