From: Marcel W. Wysocki Date: Sun, 15 Feb 2026 14:28:02 +0000 (+0800) Subject: um: fix address-of CMSG_DATA() rvalue in stub X-Git-Tag: v7.1-rc1~67^2~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4076f7329832074196e050def49d22265fce2021;p=thirdparty%2Fkernel%2Fstable.git um: fix address-of CMSG_DATA() rvalue in stub The UML stub takes the address of CMSG_DATA(fd_msg): fd_map = (void *)&CMSG_DATA(fd_msg); CMSG_DATA() is specified by POSIX to return unsigned char *. Taking its address is semantically wrong -- the intent is to get a pointer to the control message data, which is exactly what CMSG_DATA() already returns. This happens to compile with glibc because glibc's primary CMSG_DATA definition accesses a flexible array member: #define CMSG_DATA(cmsg) ((cmsg)->__cmsg_data) An array lvalue can have its address taken, and &array yields the same address as array. However, glibc also has an alternative definition that uses pointer arithmetic (returning an rvalue), and musl's definition always uses pointer arithmetic: /* musl */ #define CMSG_DATA(cmsg) \ ((unsigned char *)(((struct cmsghdr *)(cmsg)) + 1)) Taking the address of an rvalue is a hard error in C, so the current code fails to compile with musl libc. Remove the erroneous & operator. The resulting code is correct regardless of the CMSG_DATA implementation -- it simply assigns the data pointer, which is what the subsequent code (fd_map[--num_fds]) expects. No functional change with glibc; fixes the build with musl. Signed-off-by: Marcel W. Wysocki Link: https://patch.msgid.link/20260215142803.1455757-1-maci.stgn@gmail.com Signed-off-by: Johannes Berg --- diff --git a/arch/um/kernel/skas/stub.c b/arch/um/kernel/skas/stub.c index 67cab46a602cf..e09216a20cb57 100644 --- a/arch/um/kernel/skas/stub.c +++ b/arch/um/kernel/skas/stub.c @@ -146,7 +146,7 @@ restart_wait: /* Receive the FDs */ num_fds = 0; fd_msg = msghdr.msg_control; - fd_map = (void *)&CMSG_DATA(fd_msg); + fd_map = (void *)CMSG_DATA(fd_msg); if (res == iov.iov_len && msghdr.msg_controllen > sizeof(struct cmsghdr)) num_fds = (fd_msg->cmsg_len - CMSG_LEN(0)) / sizeof(int);