Message ID | tencent_7A77E9664E3C953694964A37444AF474AF09@qq.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | net/socket: the length value of the input socket option parameter is too small | expand |
Context | Check | Description |
---|---|---|
tedd_an/pre-ci_am | success | Success |
tedd_an/CheckPatch | warning | WARNING: Prefer a maximum 75 chars per line (possible unwrapped commit description?) #90: CPU: 0 PID: 5064 Comm: syz-executor632 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 WARNING: Possible repeated word: 'Google' #91: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 WARNING: Reported-by: should be immediately followed by Closes: with a URL to the report #149: Reported-by: syzbot+d4ecae01a53fd9b42e7d@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis@qq.com> total: 0 errors, 3 warnings, 0 checks, 9 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. /github/workspace/src/src/13618859.patch has style problems, please review. NOTE: Ignored message types: UNKNOWN_COMMIT_ID NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. |
tedd_an/GitLint | fail | WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 4: B1 Line exceeds max length (94>80): "BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]" 5: B1 Line exceeds max length (87>80): "BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]" 6: B1 Line exceeds max length (101>80): "BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old net/bluetooth/rfcomm/sock.c:632 [inline]" 7: B1 Line exceeds max length (100>80): "BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt+0x893/0xa70 net/bluetooth/rfcomm/sock.c:673" 10: B1 Line exceeds max length (89>80): "CPU: 0 PID: 5064 Comm: syz-executor632 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0" 11: B1 Line exceeds max length (89>80): "Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024" 31: B1 Line exceeds max length (199>80): "Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48" 66: B2 Line has trailing whitespace: "Here, optlen is determined uniformly in the entry function __sys_setsockopt(). " |
tedd_an/SubjectPrefix | fail | "Bluetooth: " prefix is not specified in the subject |
tedd_an/BuildKernel | success | BuildKernel PASS |
tedd_an/CheckAllWarning | success | CheckAllWarning PASS |
tedd_an/CheckSparse | success | CheckSparse PASS |
tedd_an/CheckSmatch | fail | CheckSparse: FAIL: Segmentation fault (core dumped) make[4]: *** [scripts/Makefile.build:244: net/bluetooth/hci_core.o] Error 139 make[4]: *** Deleting file 'net/bluetooth/hci_core.o' make[3]: *** [scripts/Makefile.build:485: net/bluetooth] Error 2 make[2]: *** [scripts/Makefile.build:485: net] Error 2 make[2]: *** Waiting for unfinished jobs.... Segmentation fault (core dumped) make[4]: *** [scripts/Makefile.build:244: drivers/bluetooth/bcm203x.o] Error 139 make[4]: *** Deleting file 'drivers/bluetooth/bcm203x.o' make[4]: *** Waiting for unfinished jobs.... make[3]: *** [scripts/Makefile.build:485: drivers/bluetooth] Error 2 make[2]: *** [scripts/Makefile.build:485: drivers] Error 2 make[1]: *** [/github/workspace/src/src/Makefile:1919: .] Error 2 make: *** [Makefile:240: __sub-make] Error 2 |
tedd_an/BuildKernel32 | success | BuildKernel32 PASS |
tedd_an/TestRunnerSetup | success | TestRunnerSetup PASS |
tedd_an/TestRunner_l2cap-tester | fail | TestRunner_l2cap-tester: Total: 55, Passed: 40 (72.7%), Failed: 15, Not Run: 0 |
tedd_an/TestRunner_iso-tester | success | TestRunner PASS |
tedd_an/TestRunner_bnep-tester | success | TestRunner PASS |
tedd_an/TestRunner_mgmt-tester | success | TestRunner PASS |
tedd_an/TestRunner_rfcomm-tester | success | TestRunner PASS |
tedd_an/TestRunner_sco-tester | fail | TestRunner_sco-tester: Total: 15, Passed: 12 (80.0%), Failed: 3, Not Run: 0 |
tedd_an/TestRunner_ioctl-tester | success | TestRunner PASS |
tedd_an/TestRunner_mesh-tester | success | TestRunner PASS |
tedd_an/TestRunner_smp-tester | success | TestRunner PASS |
tedd_an/TestRunner_userchan-tester | success | TestRunner PASS |
tedd_an/IncrementalBuild | success | Incremental Build PASS |
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=841753
---Test result---
Test Summary:
CheckPatch FAIL 0.98 seconds
GitLint FAIL 0.48 seconds
SubjectPrefix FAIL 0.30 seconds
BuildKernel PASS 31.06 seconds
CheckAllWarning PASS 33.45 seconds
CheckSparse PASS 38.95 seconds
CheckSmatch FAIL 35.51 seconds
BuildKernel32 PASS 29.83 seconds
TestRunnerSetup PASS 535.04 seconds
TestRunner_l2cap-tester FAIL 16.87 seconds
TestRunner_iso-tester PASS 33.25 seconds
TestRunner_bnep-tester PASS 4.76 seconds
TestRunner_mgmt-tester PASS 110.11 seconds
TestRunner_rfcomm-tester PASS 7.36 seconds
TestRunner_sco-tester FAIL 15.43 seconds
TestRunner_ioctl-tester PASS 7.78 seconds
TestRunner_mesh-tester PASS 5.85 seconds
TestRunner_smp-tester PASS 6.81 seconds
TestRunner_userchan-tester PASS 5.03 seconds
IncrementalBuild PASS 28.99 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
net/socket: the length value of the input socket option parameter is too small
WARNING: Prefer a maximum 75 chars per line (possible unwrapped commit description?)
#90:
CPU: 0 PID: 5064 Comm: syz-executor632 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
WARNING: Possible repeated word: 'Google'
#91:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
WARNING: Reported-by: should be immediately followed by Closes: with a URL to the report
#149:
Reported-by: syzbot+d4ecae01a53fd9b42e7d@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
total: 0 errors, 3 warnings, 0 checks, 9 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13618859.patch has style problems, please review.
NOTE: Ignored message types: UNKNOWN_COMMIT_ID
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
net/socket: the length value of the input socket option parameter is too small
WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
4: B1 Line exceeds max length (94>80): "BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]"
5: B1 Line exceeds max length (87>80): "BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]"
6: B1 Line exceeds max length (101>80): "BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old net/bluetooth/rfcomm/sock.c:632 [inline]"
7: B1 Line exceeds max length (100>80): "BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt+0x893/0xa70 net/bluetooth/rfcomm/sock.c:673"
10: B1 Line exceeds max length (89>80): "CPU: 0 PID: 5064 Comm: syz-executor632 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0"
11: B1 Line exceeds max length (89>80): "Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024"
31: B1 Line exceeds max length (199>80): "Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48"
66: B2 Line has trailing whitespace: "Here, optlen is determined uniformly in the entry function __sys_setsockopt(). "
##############################
Test: SubjectPrefix - FAIL
Desc: Check subject contains "Bluetooth" prefix
Output:
"Bluetooth: " prefix is not specified in the subject
##############################
Test: CheckSmatch - FAIL
Desc: Run smatch tool with source
Output:
Segmentation fault (core dumped)
make[4]: *** [scripts/Makefile.build:244: net/bluetooth/hci_core.o] Error 139
make[4]: *** Deleting file 'net/bluetooth/hci_core.o'
make[3]: *** [scripts/Makefile.build:485: net/bluetooth] Error 2
make[2]: *** [scripts/Makefile.build:485: net] Error 2
make[2]: *** Waiting for unfinished jobs....
Segmentation fault (core dumped)
make[4]: *** [scripts/Makefile.build:244: drivers/bluetooth/bcm203x.o] Error 139
make[4]: *** Deleting file 'drivers/bluetooth/bcm203x.o'
make[4]: *** Waiting for unfinished jobs....
make[3]: *** [scripts/Makefile.build:485: drivers/bluetooth] Error 2
make[2]: *** [scripts/Makefile.build:485: drivers] Error 2
make[1]: *** [/github/workspace/src/src/Makefile:1919: .] Error 2
make: *** [Makefile:240: __sub-make] Error 2
##############################
Test: TestRunner_l2cap-tester - FAIL
Desc: Run l2cap-tester with test-runner
Output:
Total: 55, Passed: 40 (72.7%), Failed: 15, Not Run: 0
Failed Test Cases
L2CAP BR/EDR Client SSP - Success 2 Failed 0.063 seconds
L2CAP BR/EDR Client PIN Code - Success Failed 0.058 seconds
L2CAP LE Client SMP - Success Failed 0.065 seconds
L2CAP Ext-Flowctl Client - Success Failed 0.057 seconds
L2CAP Ext-Flowctl Client - Close Failed 0.063 seconds
L2CAP Ext-Flowctl Client - Timeout Failed 0.054 seconds
L2CAP Ext-Flowctl Client, Direct Advertising - Success Failed 0.067 seconds
L2CAP Ext-Flowctl Client SMP - Success Failed 0.065 seconds
L2CAP Ext-Flowctl Client - Command Reject Failed 0.055 seconds
L2CAP Ext-Flowctl Client - Open two sockets Failed 0.058 seconds
L2CAP Ext-Flowctl Client - Open two sockets close one Failed 0.060 seconds
L2CAP LE ATT Client - Success Failed 0.063 seconds
L2CAP LE EATT Client - Success Failed 0.061 seconds
L2CAP LE EATT Server - Success Failed 0.055 seconds
L2CAP LE EATT Server - Reject Failed 0.057 seconds
##############################
Test: TestRunner_sco-tester - FAIL
Desc: Run sco-tester with test-runner
Output:
Total: 15, Passed: 12 (80.0%), Failed: 3, Not Run: 0
Failed Test Cases
Basic SCO Set Socket Option - Success Failed 0.081 seconds
eSCO mSBC - Success Failed 0.079 seconds
SCO mSBC 1.1 - Failure Failed 0.081 seconds
---
Regards,
Linux Bluetooth
Dear Edward, Thank you very much for looking into this and sending a patch. Should you resent, I’d make the summary about the change and not the issue. Maybe: net/socket: Ensure length of input socket option param >= sizeof(int) Kind regards, Paul
On 4/5/24 12:16, Edward Adam Davis wrote: > [Syzbot reported] > BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] > BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] > BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old net/bluetooth/rfcomm/sock.c:632 [inline] > BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt+0x893/0xa70 net/bluetooth/rfcomm/sock.c:673 > Read of size 4 at addr ffff8880209a8bc3 by task syz-executor632/5064 > > CPU: 0 PID: 5064 Comm: syz-executor632 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 > Call Trace: > <TASK> > __dump_stack lib/dump_stack.c:88 [inline] > dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 > print_address_description mm/kasan/report.c:377 [inline] > print_report+0x169/0x550 mm/kasan/report.c:488 > kasan_report+0x143/0x180 mm/kasan/report.c:601 > copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] > copy_from_sockptr include/linux/sockptr.h:55 [inline] > rfcomm_sock_setsockopt_old net/bluetooth/rfcomm/sock.c:632 [inline] > rfcomm_sock_setsockopt+0x893/0xa70 net/bluetooth/rfcomm/sock.c:673 > do_sock_setsockopt+0x3af/0x720 net/socket.c:2311 > __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 > __do_sys_setsockopt net/socket.c:2343 [inline] > __se_sys_setsockopt net/socket.c:2340 [inline] > __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 > do_syscall_64+0xfb/0x240 > entry_SYSCALL_64_after_hwframe+0x6d/0x75 > RIP: 0033:0x7f36ff898dc9 > Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 > RSP: 002b:00007ffe010c2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 > RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f36ff898dc9 > RDX: 0000000000000003 RSI: 0000000000000012 RDI: 0000000000000006 > RBP: 0000000000000006 R08: 0000000000000002 R09: 0000000000000000 > R10: 00000000200000c0 R11: 0000000000000246 R12: 0000555567399338 > R13: 000000000000000e R14: 0000000000000000 R15: 0000000000000000 > </TASK> > > Allocated by task 5064: > kasan_save_stack mm/kasan/common.c:47 [inline] > kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 > poison_kmalloc_redzone mm/kasan/common.c:370 [inline] > __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387 > kasan_kmalloc include/linux/kasan.h:211 [inline] > __do_kmalloc_node mm/slub.c:3966 [inline] > __kmalloc+0x233/0x4a0 mm/slub.c:3979 > kmalloc include/linux/slab.h:632 [inline] > __cgroup_bpf_run_filter_setsockopt+0xd2f/0x1040 kernel/bpf/cgroup.c:1869 > do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293 > __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 > __do_sys_setsockopt net/socket.c:2343 [inline] > __se_sys_setsockopt net/socket.c:2340 [inline] > __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 > do_syscall_64+0xfb/0x240 > entry_SYSCALL_64_after_hwframe+0x6d/0x75 > > The buggy address belongs to the object at ffff8880209a8bc0 > which belongs to the cache kmalloc-8 of size 8 > The buggy address is located 1 bytes to the right of > allocated 2-byte region [ffff8880209a8bc0, ffff8880209a8bc2) > [Fix] > The optlen value passed by syzbot to _sys_setsockopt() is 2, which results in > only 2 bytes being allocated when allocating memory to kernel_optval, and the > optval size passed when calling the function copy_from_sockptr() is 4 bytes. > Here, optlen is determined uniformly in the entry function __sys_setsockopt(). > If its value is less than 4, the parameter is considered invalid. > > Reported-by: syzbot+d4ecae01a53fd9b42e7d@syzkaller.appspotmail.com > Signed-off-by: Edward Adam Davis <eadavis@qq.com> > --- > net/socket.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/socket.c b/net/socket.c > index e5f3af49a8b6..ac8fd4f6ebfe 100644 > --- a/net/socket.c > +++ b/net/socket.c > @@ -2327,6 +2327,9 @@ int __sys_setsockopt(int fd, int level, int optname, char __user *user_optval, > int err, fput_needed; > struct socket *sock; > > + if (optlen < sizeof(int)) > + return -EINVAL; > + Please cc netdev@ for core networking patches. This patch is not good, please fix net/bluetooth/rfcomm/sock.c instead I think I did this yesterday already : https://lore.kernel.org/netdev/20240404124723.2429464-1-edumazet@google.com/T/ > sock = sockfd_lookup_light(fd, &err, &fput_needed); > if (!sock) > return err;
diff --git a/net/socket.c b/net/socket.c index e5f3af49a8b6..ac8fd4f6ebfe 100644 --- a/net/socket.c +++ b/net/socket.c @@ -2327,6 +2327,9 @@ int __sys_setsockopt(int fd, int level, int optname, char __user *user_optval, int err, fput_needed; struct socket *sock; + if (optlen < sizeof(int)) + return -EINVAL; + sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) return err;
[Syzbot reported] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old net/bluetooth/rfcomm/sock.c:632 [inline] BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt+0x893/0xa70 net/bluetooth/rfcomm/sock.c:673 Read of size 4 at addr ffff8880209a8bc3 by task syz-executor632/5064 CPU: 0 PID: 5064 Comm: syz-executor632 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] copy_from_sockptr include/linux/sockptr.h:55 [inline] rfcomm_sock_setsockopt_old net/bluetooth/rfcomm/sock.c:632 [inline] rfcomm_sock_setsockopt+0x893/0xa70 net/bluetooth/rfcomm/sock.c:673 do_sock_setsockopt+0x3af/0x720 net/socket.c:2311 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7f36ff898dc9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe010c2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f36ff898dc9 RDX: 0000000000000003 RSI: 0000000000000012 RDI: 0000000000000006 RBP: 0000000000000006 R08: 0000000000000002 R09: 0000000000000000 R10: 00000000200000c0 R11: 0000000000000246 R12: 0000555567399338 R13: 000000000000000e R14: 0000000000000000 R15: 0000000000000000 </TASK> Allocated by task 5064: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:370 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387 kasan_kmalloc include/linux/kasan.h:211 [inline] __do_kmalloc_node mm/slub.c:3966 [inline] __kmalloc+0x233/0x4a0 mm/slub.c:3979 kmalloc include/linux/slab.h:632 [inline] __cgroup_bpf_run_filter_setsockopt+0xd2f/0x1040 kernel/bpf/cgroup.c:1869 do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 The buggy address belongs to the object at ffff8880209a8bc0 which belongs to the cache kmalloc-8 of size 8 The buggy address is located 1 bytes to the right of allocated 2-byte region [ffff8880209a8bc0, ffff8880209a8bc2) [Fix] The optlen value passed by syzbot to _sys_setsockopt() is 2, which results in only 2 bytes being allocated when allocating memory to kernel_optval, and the optval size passed when calling the function copy_from_sockptr() is 4 bytes. Here, optlen is determined uniformly in the entry function __sys_setsockopt(). If its value is less than 4, the parameter is considered invalid. Reported-by: syzbot+d4ecae01a53fd9b42e7d@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis@qq.com> --- net/socket.c | 3 +++ 1 file changed, 3 insertions(+)