I have to admit I didn't spot the difference between the good and the bad output even after trying hard.. But can you try the patch below? -- sockptr_advance never properly worked. Replace it with _o
Depending on the other checks you may also be able to cross from user addresses to kernel ones. At the minimum sockptr_advance() has to fail if the boundary would be crossed. The 'is this a kernel or
Can you send a reproducer? We could do that, although I wouldn't add it to the existing functions to avoid the churns and instead add copy_to_sockptr_offset or something like that.
Christoph, I see a regression with IPv6 flowlabel that I bisected to this patch. When passing '-F 0' to 'ping' the flow label should be random, yet it's the same every time after this patch. It seems
Pass a sockptr_t to prepare for set_fs-less handling of the kernel pointer from bpf-cgroup. Note that the get case is pretty weird in that it actually copies data back to userspace from setsockopt. S