um: Fix FD copy size in os_rcv_fd_msg()

[ Upstream commit df447a3b4a4b961c9979b4b3ffb74317394b9b40 ]

When copying FDs, the copy size should not include the control
message header (cmsghdr). Fix it.

Fixes: 5cde6096a4dd ("um: generalize os_rcv_fd")
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/arch/um/os-Linux/file.c b/arch/um/os-Linux/file.c
index 617886d1fb1e91ce01583916b75a3f77e7931639..21f0e50fb1df95967944ccb7fb0af0ceb375981d 100644 (file)
--- a/arch/um/os-Linux/file.c
+++ b/arch/um/os-Linux/file.c
@@ -535,7 +535,7 @@ ssize_t os_rcv_fd_msg(int fd, int *fds, unsigned int n_fds,
            cmsg->cmsg_type != SCM_RIGHTS)
                return n;
 
-       memcpy(fds, CMSG_DATA(cmsg), cmsg->cmsg_len);
+       memcpy(fds, CMSG_DATA(cmsg), cmsg->cmsg_len - CMSG_LEN(0));
        return n;
 }