Skip to content

net/socket: Fix sendmsg/recvmsg user buffers for BUILD_KERNEL (fixes CAN corruption)#18712

Open
arjav1528 wants to merge 2 commits intoapache:masterfrom
arjav1528:dev-issue-17321
Open

net/socket: Fix sendmsg/recvmsg user buffers for BUILD_KERNEL (fixes CAN corruption)#18712
arjav1528 wants to merge 2 commits intoapache:masterfrom
arjav1528:dev-issue-17321

Conversation

@arjav1528
Copy link
Copy Markdown
Contributor

@arjav1528 arjav1528 commented Apr 10, 2026
edited
Loading

Summary

Bounce sendmsg() and recvmsg() through kernel heap buffers when CONFIG_BUILD_KERNEL is set, matching sendto() / recvfrom(). The network stack must not memcpy from user iovec bases while running in kernel context.

Related

Testing

  • Host: ./tools/checkpatch.sh -f net/socket/sendmsg.c net/socket/recvmsg.c passes.
  • Target (recommended): MPFS or other kernel build, cansend can0 123#deadbeef repeatedly; confirm CAN ID/DLC stay correct.

arjav1528 and others added 2 commits April 11, 2026 02:45
@arjav1528
net/socket: Copy sendmsg iov into kernel heap for BUILD_KERNEL.
8181439 
When CONFIG_BUILD_KERNEL is enabled, user-space iovec bases and ancillary
pointers must not be dereferenced from the network stack. Mirror the
existing sendto() bounce-buffer approach: copy the msghdr fields, iovec
array, and payload into kernel memory before calling psock_sendmsg().

This fixes corrupted CAN frames (and similar protocols) where data was
copied via memcpy from user VAs during devif_send/iob_trycopyin.

Signed-off-by: Arjav Patel <arjav1528@gmail.com>
@arjav1528
net/socket: Bounce recvmsg through kernel buffers for BUILD_KERNEL.
be7f4b3 
When CONFIG_BUILD_KERNEL is enabled, copy the msghdr iovec snapshot, receive
into kernel heap buffers via psock_recvmsg(), then copy payload, sockaddr,
and ancillary data back to the user msghdr. This matches recvfrom() and
keeps the network stack from writing to user virtual addresses from kernel
context.

Signed-off-by: Arjav Patel <arjav1528@gmail.com>
@github-actions github-actions bot added Area: Networking Effects networking subsystem Size: M The size of the change in this PR is medium labels Apr 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xiaoxiang781216 xiaoxiang781216 Awaiting requested review from xiaoxiang781216 xiaoxiang781216 is a code owner

@jerpelea jerpelea Awaiting requested review from jerpelea jerpelea is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

Area: Networking Effects networking subsystem Size: M The size of the change in this PR is medium

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] Corrupted CAN frame from network upperhalf / network stack

1 participant

@arjav1528