net/bpfilter: Initialize pos in __bpfilter_process_sockopt

__bpfilter_process_sockopt never initialized the pos variable passed
to the pipe write. This has been mostly harmless in the past as pipes
ignore the offset, but the switch to kernel_write now verified the
position, which can lead to a failure depending on the exact stack
initialization pattern. Initialize the variable to zero to make
rw_verify_area happy.

Fixes: 6955a76fbcd5 ("bpfilter: switch to kernel_write")
Reported-by: Christian Brauner <[email protected]>
Reported-by: Rodrigo Madera <[email protected]>
Signed-off-by: Christoph Hellwig <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Tested-by: Rodrigo Madera <[email protected]>
Tested-by: Christian Brauner <[email protected]>
Reviewed-by: Christian Brauner <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]

diff --git a/net/bpfilter/bpfilter_kern.c b/net/bpfilter/bpfilter_kern.c
index c0f0990f30b60415fa6b929415f5ac67bba4ed01..cfb27166bfd7b696a13685358d0e4d2af50149a2 100644 (file)
--- a/net/bpfilter/bpfilter_kern.c
+++ b/net/bpfilter/bpfilter_kern.c
@@ -39,7 +39,7 @@ static int __bpfilter_process_sockopt(struct sock *sk, int optname,
 {
        struct mbox_request req;
        struct mbox_reply reply;
-       loff_t pos;
+       loff_t pos = 0;
        ssize_t n;
        int ret = -EFAULT;