net/socket: Fix sendmsg/recvmsg user buffers for BUILD_KERNEL (fixes CAN corruption)#18712
Open
arjav1528 wants to merge 2 commits intoapache:masterfrom
Open
net/socket: Fix sendmsg/recvmsg user buffers for BUILD_KERNEL (fixes CAN corruption)#18712arjav1528 wants to merge 2 commits intoapache:masterfrom
arjav1528 wants to merge 2 commits intoapache:masterfrom
Conversation
When CONFIG_BUILD_KERNEL is enabled, user-space iovec bases and ancillary pointers must not be dereferenced from the network stack. Mirror the existing sendto() bounce-buffer approach: copy the msghdr fields, iovec array, and payload into kernel memory before calling psock_sendmsg(). This fixes corrupted CAN frames (and similar protocols) where data was copied via memcpy from user VAs during devif_send/iob_trycopyin. Signed-off-by: Arjav Patel <arjav1528@gmail.com>
When CONFIG_BUILD_KERNEL is enabled, copy the msghdr iovec snapshot, receive into kernel heap buffers via psock_recvmsg(), then copy payload, sockaddr, and ancillary data back to the user msghdr. This matches recvfrom() and keeps the network stack from writing to user virtual addresses from kernel context. Signed-off-by: Arjav Patel <arjav1528@gmail.com>
github-actions
bot
added
Area: Networking
Contributor
Author
|
@xiaoxiang781216 @jerpelea coul you please review it |
jerpelea
approved these changes
Apr 14, 2026
simbit18
requested review from
GUIDINGLI,
acassis,
anchao,
linguini1,
michallenc,
raiden00pl,
rcsim,
wangchdo and
yamt
michallenc
requested changes
Apr 16, 2026
Contributor
michallenc
left a comment
michallenc
left a comment
There was a problem hiding this comment.
I don't like this much specific code for CONFIG_BUILD_KERNEL. Maybe better approach would be to implement something like copy_to_user and copy_from_user, similar to what Linux uses?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bounce
sendmsg()andrecvmsg()through kernel heap buffers whenCONFIG_BUILD_KERNELis set, matchingsendto()/recvfrom(). The network stack must notmemcpyfrom user iovec bases while running in kernel context.Related
Testing
./tools/checkpatch.sh -f net/socket/sendmsg.c net/socket/recvmsg.cpasses.cansend can0 123#deadbeefrepeatedly; confirm CAN ID/DLC stay correct.