um: remove variable stack array in os_rcv_fd_msg()

When generalizing this, I was in the mindset of this being
"userspace" code, but even there we should not use variable
arrays as the kernel is moving away from allowing that.

Simply reserve (but not use) enough space for the maximum
two descriptors we might need now, and return an error if
attempting to receive more than that.

Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202407041459.3SYg4TEi-lkp@intel.com/
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Richard Weinberger <richard@nod.at>

diff --git a/arch/um/os-Linux/file.c b/arch/um/os-Linux/file.c
index 5adf8f630049ec147c3e6dec19f47517681d3a52..f1d03cf3957fe820961f2e5b75130c1af2595fdc 100644 (file)
--- a/arch/um/os-Linux/file.c
+++ b/arch/um/os-Linux/file.c
@@ -528,7 +528,8 @@ int os_shutdown_socket(int fd, int r, int w)
 ssize_t os_rcv_fd_msg(int fd, int *fds, unsigned int n_fds,
                      void *data, size_t data_len)
 {
-       char buf[CMSG_SPACE(sizeof(*fds) * n_fds)];
+#define MAX_RCV_FDS    2
+       char buf[CMSG_SPACE(sizeof(*fds) * MAX_RCV_FDS)];
        struct cmsghdr *cmsg;
        struct iovec iov = {
                .iov_base = data,
@@ -538,10 +539,13 @@ ssize_t os_rcv_fd_msg(int fd, int *fds, unsigned int n_fds,
                .msg_iov = &iov,
                .msg_iovlen = 1,
                .msg_control = buf,
-               .msg_controllen = sizeof(buf),
+               .msg_controllen = CMSG_SPACE(sizeof(*fds) * n_fds),
        };
        int n;
 
+       if (n_fds > MAX_RCV_FDS)
+               return -EINVAL;
+
        n = recvmsg(fd, &msg, 0);
        if (n < 0)
                return -errno;