[NET]: Fix compat layer setsockopt overzealous conversions.
compat_sys_setsockopt() is a little overzealous about converting 32-bit
stuff into 64-bit. It should match on level _and_ optname, not just
optname. Currently it eats the IPV6_V6ONLY sockopt because its value
(26) happens to match SO_ATTACH_FILTER.
This makes it at least check 'level' for everything but
IPT_SO_SET_REPLACE == IPT6_SO_SET_REPLACE, because that does seem to be
the same in different levels. But do_netfilter_replace() is another can
of worms entirely -- it doesn't actually work either, because some
netfilter modules (like ipt_limit) include kernel-only bits which change
size in the structure they share with userspace.
Signed-off-by: David S. Miller <davem@davemloft.net>
Showing
Please register or sign in to comment