um: Fix FD copy size in os_rcv_fd_msg()

[ Upstream commit df447a3b4a4b961c9979b4b3ffb74317394b9b40 ]

When copying FDs, the copy size should not include the control
message header (cmsghdr). Fix it.

Fixes: 5cde6096a4dd ("um: generalize os_rcv_fd")
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/arch/um/os-Linux/file.c b/arch/um/os-Linux/file.c
index f1d03cf3957fe820961f2e5b75130c1af2595fdc..62c176a2c1ac4807a21e0934fc9aafdacaafdd6c 100644 (file)
--- a/arch/um/os-Linux/file.c
+++ b/arch/um/os-Linux/file.c
@@ -556,7 +556,7 @@ ssize_t os_rcv_fd_msg(int fd, int *fds, unsigned int n_fds,
            cmsg->cmsg_type != SCM_RIGHTS)
                return n;
 
-       memcpy(fds, CMSG_DATA(cmsg), cmsg->cmsg_len);
+       memcpy(fds, CMSG_DATA(cmsg), cmsg->cmsg_len - CMSG_LEN(0));
        return n;
 }