From: Alexei Starovoitov
Date: Mon, 1 May 2017 21:46:07 -0700
> I'll send a patch first thing tomorrow unless Daniel beats me to it.
> We have kattr there as well which has the whole bpf_attr copied into
> kernel memory already. Should have taken data_out from there and
> passed into bpf_test_fin
On 5/1/17 8:56 PM, David Miller wrote:
It dereferences a user pointer:
static int bpf_test_finish(union bpf_attr __user *uattr, const void *data,
u32 size, u32 retval, u32 duration)
{
void __user *data_out = u64_to_user_ptr(uattr->test.data_out);
